The present invention describes a procedure and a device to the user-controlled authorisation of chip-card functions.
The authorisation and implementation of certain chip-card functions in many cases presupposes the authentication of the communicating parties. For the chip-card, this means, that the chip-card must determine, whether the user of the chip-card or the terminal is an authorised communicating party. This is generally guaranteed by the fact that the communicating parties possess a common secret, that is checked with the aid of an authentication process.
In present-day systems for user authentication, for example, access entitlements to buildings, transaction authentications for banking functions (cash-point, home-banking, telephone banking), mobile phones, etc., a secret, with which the user identifies himself as the authentic user, is given to the user. As a rule, this takes place through the issuance of a PIN or password.
This secret piece of information is verified by the authorising unit (automatic teller, host computer, PC, Internet, etc.). The following problem arises with the checking: the secret shall not be accessible to a stranger, i.e. the secret must be protected as well as possible between input and checking.
All of the components encountered on the transfer route must achieve the same standard of security as individual components. With automatic cash dispensers, for example, the PIN is already coded on the spot in the same physical unit xe2x80x9cEncrypting PIN Padxe2x80x9d, in order to protect it from unwarranted accesses. This should prevent any attempt to access the PIN at the PIN-keyboard and the following communication components. The possession of this secret piece of information opens up the possibility of an unwarranted authentication for an aggressor, since this secret is portable.
Faced with this background, attempts have been made to use biometrics information for the user authentication. Mention may be made of fingerprint, retinal recognition or facial recognition. These systems offer the advantage, that a body-characteristic of the user, which can be assigned to only one user with high probability and is therefore not transferable, is used for the authentication. This non-transferability and definiteness offers the advantage, that the customer does not himself have to remember the secret and the secret cannot be stolen.
An essential disadvantage of the biometric authentication process is that the biometric values for authentication are not readily available. If the PIN in a system (variable secret) is discovered, a new PIN, which invalidates the old PIN, can be allocated. If a biometric value, for example, a fingerprint, has become accessible, an aggressor has the ability to select a new fingerprint, as a result of which the former fingerprint becomes invalid. The biometric authentication process can be repeated in this case ten times at the most before the biometric fingerprint values of a person is exhausted. It is therefore very risky to employ systems with biometric input systems, where these systems do not meet a very high safety standard.
The security systems currently known can be broken down into the following components:
1. Input medium for entering the authentication value
2. Transfer medium for transmitting the authentication value
3. Check-up position for checking the correctness of the authentication value.
The authentication value, for example PIN, is entered by means of a numerical keypad and is relayed over the network to a host computer. In the host computer, the PIN entered is compared with the reference PIN.
Another embodiment may comprise employing a biometric input in place of the input of a PIN. Here, a fingerprint-sensor in particular can be considered, which refers the finger print data over a network to a host computer, where a comparison check finally takes place.
The protection of the transfer pathway can be effected in distributed systems by technical means. There is always the possibility, however, that a component in the overall system is or will be manipulated. Thus, for example, the value could be xe2x80x9coverheardxe2x80x9d between fingerprint-sensor and host system and replayed at a later time for an illegal transaction. It is impossible for a user to monitor all of the components of a system.
It is the task of the present invention, therefore, to provide a device and a process, which guarantees the checking in a simple and effective manner of the authenticity of a user to carry out any chip-card functions independent of the implementation of the relevant authentication process.
The advantages of the present invention reside in the fact that the pocket chip-card reader of the invention for the authorisation of chip-card functions is under the exclusive control of the authorised user. Manipulations of the pocket chip-card reader, particularly the unwarranted authorisation of protected functions, are thereby largely excluded by the authorised party. This applies especially for input of a PIN or with a biometric input. The checking of the correctness of the input PIN takes place in the chip-card over which the authorised user also has exclusive control. The PIN does not leave the control of the authorised user, as a result of which a misuse as well as discovery of the PIN or the biometric value by unauthorised third parties is thereby excluded. The pocket chip-card reader of the invention can be provided with a numerical as well as a biometric input device. The authentication of authorised user leads to the authorisation of the chip-card for certain transactions, that can be limited either by time or by number. This protects the authorised chip-card against permanent misuse third parties.