The invention concerns memory chip cards and the terminals to which they are capable of being connected from time to time and, more particularly, a method which enables the memory chip card and the terminal to authenticate one another.
Memory chip cards, on account of their not having a microprocessor, cannot use an authentication algorithm which involves calculations. However, certain memory chip cards use an algorithm in hard-wired form which allows the so-called “active” authentication of the card by the terminal but not the reverse authentication of the terminal by the card. Owing to their low cost, memory chip cards are used a great deal in many applications such as loyalty cards, access control, charge card payments, etc. However, owing to the lack of authentication, their security in use is vulnerable so that microprocessor cards are sometimes preferred to them for certain applications. But these microprocessor cards have a distinctly higher cost, which becomes increasingly higher as the authentication algorithm becomes more developed, which leads to them being ruled out for inexpensive applications. Also, the aim of the present invention is to obtain security in use of memory chip cards.
This aim is achieved by using an authentication method in which all the algorithmic calculations are performed by the terminal to which the memory chip card is connected.
Furthermore, the operations relating to authentication are performed before the start of a transaction proper and after the end of this transaction with a view to the authentication at the start of the following transaction.