In most IC card applications a user IC card is connected to a master IC card through a terminal. The user and the master IC card, hereinafter referred to as a user card and a master card, authenticate each other before starting a communication. More particularly, it is a standard practice to use a central unit to read the master card. The central unit is connected to a plurality of terminals intended to communicate with the user cards.
The terminals are interconnected through a network to the central unit so that the master card may communicate with the user cards, but two different user cards cannot communicate together. More particularly, a data processing system makes it possible to carry out secure transactions between the user cards and the master cards and, at the same time, it does not permit a mutual secure transaction between two user cards.
More particularly, the data processing system requires that, during the establishment of a common session key between two cards, each of the cards has a personal secret key identical to the secret key of the other card for establishing a common session key.
In general, a secret key is obtained by the diversification of a master key that is a secret key stored in the master card. Each secret key obtained in this way is consequently the result of a calculation involving the master card and a parameter specific to the user card with which the master card wishes to communicate.
The master and user cards are able to authenticate one another by verifying signatures through an identity-based key algorithm. Such a key algorithm may also permit the establishment of a session key between the two cards for implementing arithmetic operations like multiplications, powers, and divisions on numbers of several hundred bits. This calculation complexity makes it necessary for producing such cards to have top of the line components, which are at present very expensive.
The use of a diversification algorithm will now be schematically described during a mutual authentication between the user and the master card. Such a mutual authentication is intended to mutually ensure that the user card is authorized to read information stored in the master card, and/or vice versa.
The master card comprises at least a first memory unit storing a first plurality of data, and the user card comprises at least a second memory unit storing a second plurality of data. Generally, at least a portion of the first and the second plurality of data are secret and require protection. For example, protection may be required because they comprise sensitive data or information used in secure transactions in a banking application.
As schematically shown in FIG. 1, a POS terminal 3 connects a master SAM card 1 and a user card 2. The connection is schematically represented through a first slot 3a and a second slot 3b provided from the POS terminal 3 itself. The master SAM card 1 comprises at least a first memory unit 1a storing a first plurality of data, and the user card 2 comprises at least a second memory unit 2a including a second plurality of data.
The memory unit 1a inside the master SAM card 1 holds a Master Key 1M and a Function 1F. The Function 1F is used to derive an additional Key relating to the user card 2 inserted in the second slot 3b of the POS terminal 3. More particularly, such an additional key, hereinafter indicated as a Child Unique Key 1K, is used to implement the mutual authentication between the master SAM card 1 and the user card 2.
The authentication provides that a card identification number, for example a card serial number 2sn generally stored in the second memory unit 2a of a user card 2, is transmitted to the master SAM card 1. The Function 1F processes through the Master key 1M and the card serial number 2sn a Child Unique Key 1K to be used to authenticate a corresponding user card 2.
The function 1F processing the Master Key 1M and the user card serial number 2sn to obtain a Child Unique Key 1K is also known as a key diversification algorithm. Each Child Unique Key 1K corresponding to a user card 2 is diversified by each other Child Unique Key 1K corresponding to other user cards 2.
Once the master SAM card 1 has generated the Child Unique Key 1K, it also generates a Random number 1rand, stores it in the first memory unit 1a and sends it to the user card 2. The user card 2 reads the Random number 1rand through the POS terminal 3, encrypts it and sends it back to the master SAM card 1 as an encrypted random number 2enc-rand. 
The master SAM card 1 may decrypt the encrypted Random number 2enc-rand through the Child Unique Key 1K corresponding to the user card 2 inserted inside the second slot 3b, and previously stored in the first memory unit 1a. The result of such a decryption is compared to the Random number 1rand stored in the first memory unit 1a of the master SAM card 1. If the result of the decryption is equal to the Random number 1rand previously stored, the master SAM card 1 authenticates the user card 2. Otherwise, the master SAM card 1 rejects the user card 2.
More particularly, if the master SAM card 1 authenticates the user card 2, a reverse authentication method called from the user card 2 and intended to authenticate the master SAM card 1 is performed. The reverse authentication substantially comprises all the computations described above to authenticate the user card 2.
The processing of a diversification key through a key diversification algorithm is a time consuming operation that has an impact not only when a secret key is loaded in an IC card, but also when a mutual authentication algorithm needs to be processed to authenticate a master card by a user card, and vice versa. The processing of a diversification key through the diversification algorithm is in fact a step of the mutual authentication algorithm.
Especially in critical applications, the security and the execution speed of the operations between the user card and the terminal may be damaged by the complexity of the key diversification algorithm. Actually, a method is not known for implementing a key diversification algorithm on an IC card with security and in an acceptable time, especially when such an IC card is not provided with special hardware able to support time consuming and computational expensive processing.
Moreover, a method implementing the key diversification comprising a plurality of operations also influencing the mutual authentication between a master and a user card limits the number of communications sessions between the master card and user cards.