The invention relates to an authentication system comprising at least one station and a host; the station comprising: authentication means for, based upon an authentication algorithm, authenticating a message; and communication means for sending the authenticated message to the host; the host comprising: communication means for receiving an authenticated message; and verification means for verifying the authenticity of the received message by checking the received message with an authentication algorithm corresponding to a station which sent the message.
With the increase of electronic communication and electronic financial transactions, identification and authentication has become an essential aspect of many systems. Normally in an authenticated transaction three parties are involved: a host, a station and a user of the station. The host may, for example, be a central computer at a bank, at a retailer, or at a company providing services via Internet, or be a file server. The station may be a personal computer (PC), a Personal Digital Assistant (PDA) or a hand-held PC (HPC), usually connected or connectable via telecommunications to the host computer. The message may be a digital representation of a user generated message, including an instruction to a bank, but may also be computer data or computer code, such as a Java applet. In many applications, the station is split into two parts: a user station and an access station.
An identification, such as a communication address, which uniquely identifies the station is stored in the memory of the station. A message generated in the station, usually at the request of the user, is authenticated using an authentication algorithm. Typically, the message is authenticated by generating an additional digital signature. The authenticated message is sent to the host together with the identification of the station. The host uses the same or a complementary authentication algorithm to verify the authenticity of the message.
For certain applications, like a user instructing a bank to transfer money from a bank account, it may be required that the station performs some form of access control ensuring that only an authorised user can issue the instruction. The access control may, for instance, be based on a PIN-code or password. Also more advanced methods, for instance based on biometrical information, may be used. The access information may be passed on to the host as part of the message. For other applications, like a transfer of a small amount of electronic money, it may not be required or, in view of privacy or safety, even be undesired that additional access control is performed or that the access information is transferred to the host. The access control is not part of the invention.
It should be noted that the Dutch Giro (Postbank) uses the TAN (Transaction Number) system for electronic payments by customers using a PC and a modem. The customers of the Postbank receive via regular mail several transaction numbers printed on a piece of paper. For each transaction the client has to enter a next transaction number until all numbers have been used, at which moment the client receives a new set of numbers. A fraudulent party has, in general, easy access to the transaction numbers at the customer's premises. Furthermore, the distribution of the transaction numbers from the host to the customer makes the system vulnerable for fraudulent parties intercepting the list.
Most authentication algorithms are based on encryption algorithms, such as the symmetrical DES algorithm or the asymmetrical public-key RSA algorithm. Typically, the same algorithm is used for each station and a dedicated key is used to make the algorithm act in a manner specific for the station. The security provided by such algorithms is mainly based in the algorithmic strength of the involved algorithms, which are, as a consequence, complicated and costly to implement, which is a particular drawback for simple consumer electronic products.