1. Field of the Invention
The invention relates to a data processing system comprising a main bus, and an electronic circuit having authentification means for authentifying a smart card interfaceable thereto in an internal smart card reader, said authentification means being bidirectionally linked to said main bus and having a microprocessor means linked to said main bus and to said internal smart card reader.
The invention also relates to a procedure for implementing such authentification and to a circuit, packaged in an identifiable package, such as a printed circuit board or integrated circuit package, for interfacing to said main bus and executing said identification. The system may be in particular a stand-alone data processing system of moderate capability, such as a personal computer, personal microcomputer, or work station. For specific data processing capabilities of such system, reference is had to the common general knowledge.
The authentication consists in verifying, after power-up of such personal mircocomputer, PC or PS, during the start-up phase (boot) and in a non-falsifiable way, that the operator, holder of a memory card or smart card, is, by virtue of this card, properly authorized to work on this microcomputer.
2. Description of the Related Art
The securing of computer systems is a contant concern of the users of these systems but for a long time has been confined to restricting access to the computer centre premises and to protecting the computers against physical damage. The widespread use of microcomputers and the like has lent the security problem a new face. Such a personal microcomputer is very sensitive to fraudulent usage, such as, in particular, active attacks consisting in illicit copying, modification or destruction of files or of programs, or the introduction of computer viruses. This technical problem of protecting computing equipment has already existed with mainframes, but is greatly exacerbated by the advent of the PC; their number and their autonomy makes it impossible to supervize them effectively. Systems are known, with which the authentication of a microcomputer by memory card consists, after identification of the card-owner, following the recognition of the carrier code (CC) of the latter, in authenticating this card as authorizing the said owner to use the said microcomputer under certain conditions, by use of a "password" entered by the user and recognition by the microcomputer. This type of procedure, is however not very safe and inconvenient, because the "password" nedds frequent changing and may either have been improperly revealed to the (unauthorized) card-owner or be forgotten by the (authorized) card-owner. The security of computer systems can be greatly improved by the use of cryptographic techniques which allow, in particular, prevention of active attacks. The authentication is the means for an operator to prove that he is indeed he whom he has declared himself to be, as an authorized person, during the identification. In a cryptographic context, this proof implements a crytographic process between an authority, in particular a personal microcomputer, and the memory card representing the operator.
U.S. Pat. No. 4,612,413 describes a system of mutual authentication between a reader and a memory card using a specific nonstandard algorithm. The authentication process, which is complicated to implement, brings a level of security based on the use of four mathematical functions. A pseudo public key system is involved here, since the authentication is effected by means of two keys contained in the card, no key being present in the reader.