1. Field of the Invention
The present invention relates in general to authentication for the use of data carriers such as smart cards and the like, and in particular to an authentication method, a data carrier and an authentication system comprising a data carrier and a terminal.
2. Description of Related Art
To prove that a user is actually entitled or authorized to use a smart card or magnetic stripe card, an individual secret number, for example a so-called PIN (personal identification number) is customarily used. The PIN is stored on the card and, after the card has been introduced into a terminal, compared with the PIN entered in the terminal by the user. If comparison is positive the terminal can e.g. access protected areas of the smart card, for example memory areas.
The use of PINs is problematic because the card can be used by anyone with knowledge of the PIN. The card is thus not bound to the actual card holder but to the PIN holder. Voluntary or involuntary transmission of the PIN thus makes it possible to abuse the card. PINs are also unsafe insofar as they can be forgotten, on the one hand, and spied out, on the other hand.
Even when an authorized user has identified himself by entering his PIN, the system is only partially authorized—that is, the user with respect to the card and to the terminal. There is no authorization of the terminal with respect to the card or to the user. If the terminal is fake there is a danger of the PIN being spied out by the fake terminal. The PIN alone therefore does not constitute sufficient protection because there is no authentication of the terminal with respect to the card or to the user.
U.S. Pat. No. 5,239,166 discloses a system for safe data exchange comprising a card and a terminal. In the known system the card and the terminal check each other. The user of the card is checked by means of biometric features, e.g. a fingerprint.
U.S. Pat. No. 5,208,447 discloses a method for checking terminals with a smart card wherein a password stored in the smart card is transmitted to the terminal in both encrypted and unencrypted form. The encrypted password is decrypted in the terminal and compared with the password transmitted in unencrypted form. If the decrypted password matches the unencrypted password, the terminal is authorized.