1. Field of the Invention
The present invention relates to an authentication token using a smart card.
2. Description of the Prior Art
There are a variety of technologies available to authenticate remote users in order to enforce secure access control. These range from simple, single factor authentication (such as use of a password) to multiple factor authentication (such as use of a physical token in conjunction with a Personal Identification Number (PIN)). It is widely accepted that single factor authentication offers limited assurance as it is vulnerable to a wide range of attacks, many of which are neither sophisticated nor expensive to mount (such as ‘shoulder surfing’ or eavesdropping). Most online services, however, still rely on single factor authentication because it appears to be the cheapest to implement—although this is usually because the subsequent cost of dealing with systematic attacks has not been considered.
Dual factor authentication systems are, however, widely used to protect remote access by support staff to these same online services. Many organisations also protect access to their critical corporate systems, both remotely and locally, using such authentication mechanisms. The essence of a dual factor mechanism is that it requires both ‘something you know’, for example, a PIN or passcode, and ‘something you have’, for example a physical token that can be authenticated itself. Increasingly, research is being done to add a third type of factor, ‘something you are’ i.e. biometrics such as retina scan, iris scan or fingerprint, but this is not yet available in a reliable cost-effective way that can be used reliably in a mass-market type environment.
There are a variety of tokens available that can fulfill the role of the second factor (‘something you have’), but many of them rely on an infrastructure of interface devices to be able to authenticate them. Thus, use of a smart card requires a card reader to be available to enable the system to interact with the application resident on the smart card. New form factors have been explored to reduce this reliance, such as Universal Serial Bus (USB) tokens that can plug directly into a USB port on a computer. Many new PCs are being shipped with USB ports instead of the older style serial ports or parallel ports, most notebook computers now only have USB ports and all Apple computers have had easily accessible USB ports since the launch of the iMac in 1998.
To remove the dependence on an external infrastructure and to enable the token to be used in as wide a range of channels as possible, a number of manufacturers have developed stand-alone tokens that do not need to be connected to the remote computer system. They interact with the user via a screen and keypad. The user then interacts with the remote system through whatever channel they are using i.e. web, Wireless Application Protocol (WAP) phone, voice, TV set-top box.
Stand-alone tokens generally offer one or more mechanisms by which they can authenticate themselves to the remote system. One approach is for the system to issue a ‘challenge’ to be entered into the token, for example an apparently meaningless string of numbers. The token applies a cryptographic process, using the challenge and other information that is kept secret inside the token. As a result, it generates a ‘response’, which is displayed to the user to be sent back to the remote system. The remote system can check that the response received is the correct response from that token to the challenge sent and hence ascertain the authenticity or otherwise of the token. This process may use a symmetric cryptographic process with keys that are shared between the token and the remote system. Alternatively, it may use an asymmetric cryptographic process, removing the need for shared secret keys but requiring significantly more processing capability in the token. In most cases, the remote system does not generate the challenge and authenticate the token's response itself but uses a dedicated local authentication server which is especially established for that purpose and can provide the facility to multiple systems within the same organisation.
There is a variant on this approach where the challenge is generated internally to the token, based on a combination of static data, deterministically varying data (such as an event counter), and dynamic data (such as time). The authentication server must be maintained in synchronisation with the token so that it can reproduce the same challenge when it attempts to validate the response.
An alternative approach has been to use a modern version of the old tried and tested method of having a series of passwords each of which can only be used once. This approach was used by the military for many years, supplying a pad of slips of paper, each of which had a one-time password printed on it. As each password was used it was ripped from the pad and discarded. A matching pad was maintained at the other end to enable messages to be validated. The modern approach is to use a cryptographic process to generate a one-time password dynamically when it is needed. The token and the authentication server share secret information that can be combined with dynamic information available to both (for real-time systems this can be the time) enabling the authentication server to be able to generate the same one-time password that the token has generated and thus validate it. This mechanism uses a symmetric cryptographic process, which enables it to be carried out quickly and cost-effectively in the token. It does not require as much processing at the authentication server as no challenge needs to be generated at the outset, hence only a single interaction is needed between the protected system and the authentication server to authenticate the user.
Smart cards are in use worldwide for a variety of purposes. They have long been in use for financial products (credit, debit and loyalty cards), especially in France where they were invented. With the advent of GSM mobile phones, the smart card market has significantly increased with the need for Subscriber Identification Modules (SIMs). The technology used on smart cards lags leading edge semiconductor technology by 2 or 3 years, thus the speed and power of the processors are relatively low and memory is restricted. As more ambitious uses are devised for smart cards, the technology required is becoming more complex and hence the cost of the cards is increasing. Conversely, the increasing size of the market has led to economies of scale in the most widely used technologies (such as those required for GSM SIMs or memory chips as used in digital cameras and MP3 players).
Asymmetric cryptographic functions are heavily processor intensive and hence significantly slower than symmetric functions (of the order of 100 times slower). The limited processing capability of most smart card chips has restricted their practical use to symmetric cryptographic functions. However, smart card chips are now available with cryptographic co-processors that can execute asymmetric cryptographic functions much more quickly enabling such functions to become a practical option. The newest versions of specifications such as EMV (credit/debit card functionality defined jointly by Europay/Mastercard/Visa) take advantage of these improved capabilities to provide better security features.
Most smart cards have in the past been produced with a specific single application hardwired into Read Only Memory (ROM). International standards (specifically ISO 7816) have established common specifications for smart cards, ranging from size and shape and where the contacts should be, through the electrical characteristics, to the basic communications protocol to interact with the card and the underlying filing system structure that should be implemented on it. Some manufacturers have produced simple proprietary operating systems to handle all the standard activities (like the interface protocol) on behalf of the applications. However, the smart card still has to be hardwired at manufacture with the operating system software and the application software in the ROM. The standards allow for the application software on the card to offer multiple separate ‘applications’ (such as a credit card, loyalty card and electronic purse) selectable by the interface device with which the card is used. The required application is selected when the card is powered up and ‘reset’ by the interface device and the appropriate interaction is then conducted with the card. However, these separate applications must all reside together in the smart card's ROM and share the same data areas. Accordingly, they must all trust each other to ensure that the data for one is not read or overwritten by another. Generally, therefore, such cards will only have separate applications that have all been developed by (or for) the same organisation that is issuing the card.
To address these shortcomings, some multi-application smart card operating systems have been developed. These require only the operating system to be hardwired into the smart card's ROM. Applications can be loaded into the card's Electrically Eraseable Programmable Read Only Memory (EEPROM) after manufacture. Indeed, they can be subsequently removed or replaced allowing upgraded applications to be delivered onto the smart cards even after they have been issued to end users. To ensure that the applications can not interfere with each other, the applications themselves are written in an interpreted language (such as Java) and the actual execution is under the control of the card's operating system, thus allowing address range checking and other mechanisms to be used to isolate each application and its data. The initial cost of using such cards has led to a slow take up of the technology, but increasing capability of the card processors and larger memory is increasing their practical applicability. New GSM SIMs will be available on multi-application cards, allowing service operators to offer customisable functionality on the SIM independent of the particular phone in use, including value-added services.
The Applicant offers a remote authentication service under the name QUIZID to enable users of a protected computer system (internal users or external customers) to be securely authenticated before being allowed access to the protected system. The current authentication mechanism relies on a device (which must be ‘personalised’ and securely delivered to the user) that generates one-time passwords; use of the device itself is secured by the use of a colour-coded unique consumer code that must be entered by the user in order to obtain a password. The password and a user ID, entered into the protected system, are sent to QUIZID for validation and if a successful response is received the system can allow access to the user. A more detailed description of this can be found in PCT/GB01/05507. How the QUIZID service is used in relation to other identifying information such as account names or user identification is up to the designers of the protected system. The QUIZID service is designed to be used for protecting access to corporate systems as well as publicly accessible systems such as e-tailers or financial services.