The present invention relates to a method and a device for performing secure transactions between a service provider such as an institution, a bank, financial institute, retail store, database server, file server etc., and a holder of the device, i.e. transaction requester, which can be a customer or a user of a system.
When performing transaction and identification in a general form (credit cards, club members, fund members, broker contacts, access control etc.) a customer or user identifies itself by supplying a unique person identifier, such as a name, customer number, credit card number, social security number etc. The transaction can either be accepted or require further authentication, such as supplying a secret piece of information such as a password or a PIN(Personal Identification Number)-code. If a lookup in the customer/user file identifies the authentication response as correct, the transaction is considered valid. In the case of authentication being used, the problem addressed is the fact that the service provider can by no means verify that the user is the person it turns out to be.
Several problems arise in terms of security, since this type of processing often is done over xe2x80x9copen airxe2x80x9d, i.e. it can be intercepted and recorded. The fraudulent user can then supply the same identity and authentication and to the service provider appear to be the legal user. To supply a credit card number over a phone connection or on a fax-back form is a large discomfort for many users. Further on, fraudulent use of personal codes and credit card numbers is a major problem in today""s automated world.
The growth of Internet trade has risen several concerns about security when customers have to identify themselves to a remote service provider. There is a general understanding that a severe limiting factor for the public to perform trade and utilize services is the rational fear that confidential information is intercepted during transmission of account numbers and credit card numbers having corresponding passwords or PINs.
There are several methods and devices which address these concerns, including encryption of secure information and Transaction Identification (TID) codes. The latter relates to the method of the Service Provider (SP) issuing a single-use code which is transformed in a non-linear fashion, unique to each user, and then transferred back to the SP. The SP then performs the same non-linear transformation and compares the result returned from the remote location. If the results match, the transaction is considered to be valid.
A common way of performing secure transaction relies on the concept of a Certificate, such as X.509, which is defined as an open standard. The certificate relies on the concept of TIDs and is issued by the SP. The certificate is a piece of information, installed into the software package used to perform transactions, such as an Internet browser. The user activates the secret information in the certificate by providing a PIN-code, which is compared with the predefined code in the certificate.
The certificate method has several drawbacks, where the most obvious is the fact that the certificate resides in one computer only. There is no general way of carrying a certificate from computer to computer, or in a more general form, from terminal to terminal. There is also a security drawback involved in the fact that the certificate is stored on a non-removable medium, and can therefore theoretically be opened by someone else using the computer where the certificate is stored.
The fact that scripting languages, such as Java and VBScript, commonly used to perform a more programmatic behavior of Internet pages, actually can perform fraudulent actions, such as intercepting the PIN-code entered when opening a certificate, copying the certificate information and then transferring he information back to an alien service provider.
Some SPs issue transaction terminals, which are small calculator-like devices including a display, a keyboard, and in some cases a slot for inserting an IC-card with user information. This method solves the problem with mobility, but adds up an additional cost for the device. The most severe drawback of this method is the fact that it is all done manually. To enter a TID, and then collate the processed result back is a time-consuming and error-prone process. The number of digits entered and collated back has to be a compromise between security on one hand, and the convenience of having a short code on the other. It can further be assumed that these manual steps are an obstacle for the customer, which may be one reason not to perform a desired action.
The concept of encryption generally relies on the assumption that the time required to xe2x80x9creverse engineerxe2x80x9d, i.e. decrypt, the encrypted information is long enough to make it practically impossible to even try to break the encryption scheme. The fabulous growth of both computer processing power and the discovery of new mathematical algorithms have in many cases proven that this assumption is dangerous. Reverse engineering actions, once considered to take several years on the most powerful machine available, can now be performed in minutes by implementation of new algorithms and massive computing power.
Encryption methods, such as Data Encryption Standard (DES), previously known as hard-to-break schemes are now considered xe2x80x9cweakxe2x80x9d. Prime number methods, such as RSA, try to keep ahead of this leap by making longer and longer keys. 56-bit RSA methods are today known to be considerably safe, but some high-security applications rely on 1024-bit numbers. This race of numbers can be expected to continue.
A problem with high-security encryption schemes is the fact that they usually need heavy numerical processing. By stationary devices, equipped with high-performance microprocessors, such a PC, this is generally not a major problem. But battery operated, low cost mobile devices, such as cellular phones, portable notebooks etc., generally have limited resources for numerical processing.
The conclusion is that it would be advisable to provide a method and device of addressing these issues and be able to practically prove beyond doubt that a transaction is secure. Preferably, the scheme should be simple to explain and not rely on the fact that parts of the method must be kept strictly secret.
An object of the present invention is to provide a method and a device which is capable of performing a secure transaction automatically over a data network as soon as the transaction requester has entered a valid personal identification in the device.
According to one aspect of the invention there is provided a method of identification and authentication of a holder of a mobile electronic transaction device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network, said mobile transaction device comprising transceiver means for transmitting information to and receiving information from said transaction terminal, data input means, data processing means, data storage means having information stored therein including an externally accessible device identity, a non-retrievable reference user identification, and including a non-retrievable secret key to be processed by said processing means and used in communication with the service provider by said transceiver means over said network via the transaction terminal for validating a transaction, and means supplying electric energy to the device, said method comprising:
transmitting the device identity to the transaction terminal;
transmitting a challenge transaction identifier to the device;
said holder entering a user identification input using said input means;
said processing means determining an authenticity of said identification input by comparison with said reference user identification; and
only on said identification input being determined as authentic:
said processing means performing a cryptographic transformation of the transaction identifier using said secret key; and
transmitting a response result of said cryptographic transformation to the service provider via said transaction terminal for validating said transaction.
According to another aspect of the invention there is provided a mobile electronic transaction device for identification and authentication of a holder of the device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network, said mobile transaction device having contained therein:
transceiver means for transmitting information to and receiving information from said transaction terminal, data input means, data processing means, data storage means for storing information including an externally accessible device identity, a non-retrievable reference user identification, and including a non-retrievable secret key to be processed by said processing means and used in communication with the service provider by said transceiver means over said network via the transaction terminal for validating a transaction, and means supplying electric energy to the device; wherein
said transceiver means being adapted for transmitting the device identity to the transaction terminal and receiving a challenge transaction identifier from the service provider via the transaction terminal;
said processing means being adapted for determining an authenticity of a user identification input by comparison with said reference user identification, and for performing a cryptographic transformation of the transaction identifier using said secret key only on said identification input being determined as authentic; and
said transceiver means also being adapted for transmitting a response result of said cryptographic transformation to the service provider via said transaction terminal for validating said transaction.
The transaction device according to the invention has preferably the size of a credit card and is adapted to communicate with a service provider (SP) over a data network, particularly the Internet, via a transaction terminal (TT) having a communication interface such as a card reader (CR).
The SP is a bank, Internet store, retail store etc. The SP keeps a database of all customers authorized to perform transactions. The TT is a stationary device, connected to the SP via a network. The connection can either be continuous or intermittent. The TT can either be specially designed for the purpose or be a standard personal computer. The CR connected to the TT contains a transceiver for bi-directional communication with the device. The card preferably is a low-cost device which is carried by the card holder, i.e. the customer. The card can actively perform data exchange with the TT using the CR. In the preferred embodiment the data exchange is performed by wireless close-proximity capacitive data transmission and power supply for the card.