The present invention relates to an authentication method suitable for a wired-logic circuit mounted on a portable support and to a terminal for reading the microcircuit.
The present invention relates in particular to the field of smart cards, and more particularly to wired-logic microcircuits which are used in smart cards.
Under the generic term of "chip cards", two principal categories of cards are indeed meant, whose technology is different: on one hand, the microprocessor cards, and, on the other hand, the cards called "smart cards". Unlike microprocessor cards, smart cards are only provided with a wired-logic microcircuit, which offers much fewer possibilities in terms of facility of use, data processing ability, programming, and in particular in terms of security and fraud protection than a microprocessor microcircuit.
In compensation, wired-logic microcircuits have the advantage of a very low cost price, so that smart cards have had an important development last years for applications where a high level of security was not necessary. Thus the use of pre-payment cards like telephone cards has been generalised. New applications such as electronic purses or electronic keys (in particular in the field of cars) are, at present, being considered for use on a large scale.
It is however necessary that wired-logic microcircuits should provide a much greater security level in the future than at present for the development of these numerous future applications and, as regards security in use, that they should be able to compete with microprocessor circuits which are provided with improved software security mechanisms.
Therefore, a general purpose of the present invention is to improve the protection mechanisms of wired-logic microcircuits, keeping in mind that manufacturing costs rise very quickly when sophisticated security functions are to be performed.
As a reminder, FIG. 1 shows the structure and the working of a microcircuit 1 of a conventional smart card. The wired-logic microcircuit 1 mainly comprises a serial memory 2 (i.e. a bit by bit accessible memory), an authentication circuit 3 and a sequential logic circuit 4 which controls the functioning of the various elements by means of a clock signal H which is provided by a terminal 10 into which the card is inserted. The memory 2 contains various data stored in bit form, such as a serial number of the card NI (or identification number of the microcircuit) and transaction data DA representing for example the monetary value of the card or a number of telephone pulses. The authentication circuit 3 has a serial input 3-1 for receiving an input code CE and a serial output 3-2 for producing an authentication code CA. Furthermore, the microcircuit 1 is provided with contact pins for the electrical interface with the terminal 10, i.e. an input-output contact pin I/O for the digital data communication, a contact pin RST for initialising the microcircuit, a contact pin H for the input of the clock signal and two contact pins Vcc and GND for power supply. The output of the memory 2 as well as the input 3-1 and the output 3-2 of the authentication circuit are coupled to the input-output contact pin I/O. The digital data circulate in a serial form, that is bit by bit in synchronism with the clock signal, which allows a simplification of the internal structure of the circuit, as the connections between the various elements are limited to one wire only.
When the card is inserted into the terminal 10, the terminal 10 has to determine, for security reasons, if the card is authentic or fraudulent. The authentication circuit 3 thus takes Fart into a verification procedure as hereunder described for verifying the authenticity of the card. It is first recalled that the terminal 10, which is generally provided with a microprocessor 11 controlled by a programmed memory 12, knows the secrets of the security mechanisms introduced into the card.
Step 1--The terminal 10 generates a random binary code ALEXT and applies it as an input code CE to the authentication circuit 3. The circuit 3 transforms the code ALEXT into an authentication code CA which can be written EQU CA=F.sub.Ks (ALEXT)
F.sub.Ks representing the transform function, or authentication function, performed by the circuit 3 from a secret key Ks which is at its disposal.
Step 2--In parallel with step 1, the terminal 10, which knows the secret key Ks and the authentication function F.sub.Ks (stored as software in the programmed memory 12) for its part calculates a code CA' such as EQU CA'=F.sub.Ks (ALEXT)
Step 3--The terminal 10 compares the code CA produced by the card and the code CA' calculated by itself. If the two codes are different, the card is not authentic and must be refused by the terminal.
In a known alternative of this method, the terminal 10 does not know the secret key Ks, but determines it from the serial number NI and by means of another secret key Kp at its disposal and a transform function F.sub.Kp such as EQU Ks=F.sub.Kp (NI)
In this case, step 1 is preceded by a preliminary step wherein the terminal 10 reads the serial number NI out of the memory 2 and uses it to deduce Ks.
Finally, it appears that the protection mechanism against fraud relies entirely upon the authentication function F.sub.Ks which must not be able to be decoded by a fraudulent person.
A drawback of the authentication method which has just been described is that the card can be "interrogated" at will by a fraudulent person, who can introduce a lot of random codes ALEXT into it, observe the authentication codes CA returned by the authentication circuit 3 and try to decode the authentication function F.sub.Ks or discover its secret Ks by cross-checking.