An authentication method is generally executed between a first and a second IC card, before starting a communication, in order to mutually ensure that the first IC card is authorized to read information stored in the second IC card. Similarly, the second IC card may be authorized to read information stored in the first IC card.
More particularly, an authentication method is used to provide an authentication between a first and a second IC card interconnected and communicating through an interface terminal. The first IC card comprises at least a first memory unit storing a first plurality of data and the second IC card comprises at least a second memory unit storing a second plurality of data.
Generally, at least a portion of the first and the second plurality of data are secret and require protection. This is because they comprise sensitive data or information used in secure transactions of a banking application, for example. In a banking application, as schematically shown in FIG. 1, a POS terminal 3 respectively connects a first SAM IC card 1 and a second user IC card 2 through a first slot 3a and a second slot 3b provided from the POS terminal 3 itself.
The first SAM IC card 1 comprises at least a first memory unit 1a storing a first plurality of data, and the second user IC card 2 comprises at least a second memory unit 2a including a second plurality of data. The authentication between the SAM IC card 1 and the user IC card 2 is generally implemented through an authentication method that is briefly described below.
The first memory unit 1a inside the SAM IC card 1 holds a Master Key 1M and a Function 1F. The Function 1F is used to derive an additional Key relating to a user IC card 2 inserted in the second slot 3b of the POS terminal 3. More particularly, such an additional key, hereinafter indicated as Child Unique Keys 1K, is used to implement the mutual authentication between the SAM IC card 1 and the user IC card 2.
The authentication method provides that an IC card identification number, for example an IC card serial number 2sn generally stored inside the second memory unit 2a of a user IC card 2, is transmitted to the SAM IC card 1. The Function 1F processes through the Master key 1M and the IC card serial number 2sn a Child Unique Key 1K to be used to authenticate a corresponding user IC card 2.
The SAM IC card 1 also generates a random number 1rand, stores it in the first memory unit 1a, and sends it to the user IC card 2. The user IC card 2 reads the random number 1rand through the POS terminal 3, encrypts it and sends it back to the SAM IC card 1 as an encrypted random number 2enc-rand.
The SAM IC card 1 may decrypt the encrypted random number 2enc-rand through the Child Unique Key 1K corresponding to the user IC card 2 inserted in the second slot 3b, and previously stored inside the first memory unit 1a. The result of such a decryption is compared to the random number 1rand stored inside the first memory unit 1a of the SAM IC card 1.
If the result of the decryption is equal to the random number 1rand previously stored, the SAM IC card 1 authenticates the user IC card 2, otherwise the SAM IC card 1 rejects the user IC card 2. More particularly, if the SAM IC card 1 authenticates the user IC card 2, a reverse authentication method, called from the user IC card 2 and intended to authenticate the SAM IC card 1, is performed. The reverse authentication method substantially comprises all the computations described above to authenticate the user IC card 2.
The authentication method typically comprises a large amount of communications between the SAM IC card 1 and the user IC card 2. In particular, each communication is intended to send an initialization message of the authentication method between the two IC card 1, 2; an IC card serial number 2sn from the user IC 2 to the SAM IC card 1; a random number 1rand from the SAM IC card 1 to the user IC card 2; an encrypted Random number 2enc-rand from the user IC card 2 to the SAM IC card 1; and an acknowledge or a non-acknowledge message from the SAM IC card 1 to the user IC card 2, respectively intended to start or to refuse the following communication between the two IC cards.
Moreover, when the authentication from the SAM IC card 1 to the user IC card 2 is completed, a mutual authentication from the user IC card 2 to the SAM IC card 1 needs to be performed. This mutual authentication comprises a corresponding plurality of communications.
When a communication between the SAM 1 and a user IC card 2 is terminated, a new communication between another user IC card 2 and the SAM IC card 1 may start. The Function 1F processes another Child Unique Key 1K through the Master key 1M and through another IC card serial number 2sn stored inside the user IC card 2, and an authentication is processed.
A considerable number of interactions between the SAM 1 and the user IC card 2 makes the authentication method time consuming, thus reducing the throughput of the POS terminal 3 and limiting the number of services rendered to the corresponding user IC card 2.
At the same time, with more communications between the SAM 1 and the user IC card 2, the authentication method becomes more susceptible. Each communication is exposed to a potential external attack intended to intercept data.
The problem is that the authentication method performs a number of communications between a SAM IC card 1 and a user IC card 2 that exposes the secure data stored inside the corresponding memory units to potential risks. This is both due to the time required to complete the mutual authentication and to the number of interchanges required by the authentication method itself. This also reduces the throughput of the terminal that sequentially interconnects a plurality of user IC cards with the same SAM IC card.