1. Technical Field
The present invention relates generally to secure authentication of objects, and more particularly to the use of an electronic circuit for the secure authentication of an object.
2. Description of the Related Art
In a data network, it is desirable to authenticate the identity of objects such as access cards or data terminals in order to prevent electronic theft of money, services, and information, and to prevent tampering with the configuration and operating characteristics of the network. Authentication of the identity of an object is sometimes the only means of electronically identifying the user of the object. For example, for billing purposes, a portable telephone may automatically transmit a user""s authentication code. Unfortunately, it is possible for a thief to intercept the user""s authentication code, and create a xe2x80x9cclonexe2x80x9d of the user""s portable phone. Calls made on the clone phone are then charged to the legitimate user""s account.
For critical applications, such as access to cash from an automatic teller machine, the user is often required to supply a password in addition to presenting an electronically readable object such as a credit or debit card containing an authentication code. The password offers some additional protection, but the password can often be intercepted when the user manually enters the password into a data terminal. Although user passwords can offer a high level of security if they are changed frequently, it is burdensome for a user to change frequently his or her password. What is desired is a mechanism that would ensure the unique identity of an electronic object used for authentication. Therefore, the only burden that need be placed on the user is to be in possession of the electronic object whenever the electronic object is used for authentication.
In accordance with one aspect of the invention, there is provided a method of authenticating an object. The method includes transmitting data to the object; the object electronically encrypting the data using an encryption scheme preassigned to the object to produce encrypted data, and returning the encrypted data; and checking that the encrypted data returned by the object is a correct result of encrypting the transmitted data using the encryption scheme pressigned to the object. The object is authenticated when the encrypted data returned by the object is found to be a correct result of encrypting the transmitted data using the encryption scheme preassigned to the object.
In accordance with another aspect, the invention provides a method of operating an electronic system to authenticate an object. The method includes the electronic system generating data to be transmitted to the object; the electronic system transmitting the data to the object, and the electronic system encrypting the data using an encryption scheme preassigned to the object to produce an encrypted value. The electronic system authenticates the object when the encrypted value is the same as the encrypted data.
In accordance with yet another aspect, the invention provides a method of operating a data processing device in a data network to authenticate a host processor requesting service. The method includes the data processing device receiving a request for service from the host processor, and the data processing device responding by returning a random number to the host processor, and encrypting the random number using an encryption scheme preassigned to the host processor to produce an encrypted value. The data processing device receives encrypted data returned from the host processor, and authenticates the host processor when the encrypted data from the host processor matches the encrypted value.
In accordance with still another aspect, the invention provides an electronic circuit chip including a memory for storing information defining an encryption procedure assigned to the electronic circuit chip; at least one input to the electronic circuit chip for writing, to the memory, the information defining the encryption procedure assigned to the electronic circuit chip, and for receiving data to be encrypted by the encryption procedure assigned to the electronic circuit chip; encryption circuitry for reading from the memory the information defining the encryption procedure assigned to the electronic circuit chip, and for encrypting the data from said at least one input to the integrated circuit chip according to the encryption procedure assigned to the electronic circuit chip, to produce encrypted data; and at least one output from the electronic circuit chip for transmitting the encrypted data produced by the encryption circuitry. The integrated circuit chip is constructed so that the information defining the encryption procedure assigned to the electronic circuit chip cannot be read from the memory from any output of the electronic circuit chip.
In accordance with yet another aspect, the invention provides an electronic circuit chip including a memory containing information defining an encryption procedure assigned to the electronic circuit chip; at least one input to the electronic circuit chip for receiving data to be encrypted by the encryption procedure assigned to the electronic circuit chip; encryption circuitry for reading from the memory the information defining the encryption procedure assigned to the electronic circuit chip, and for encrypting the data from said at least one input to the integrated circuit chip according to the encryption procedure assigned to the electronic circuit chip, to produce encrypted data; and at least one output from the electronic circuit chip for transmitting the encrypted data produced by the encryption circuitry. The integrated circuit chip is constructed so that the information defining the encryption procedure assigned to the electronic circuit chip cannot be read from the memory from any output of the electronic circuit chip.
In accordance with still another aspect, the invention provides an electronic circuit chip including a memory for storing information; a microprocessor coupled to the memory for reading information from the memory; at least one input to the electronic circuit chip for receiving information to be written to the memory, and for receiving data to be processed by the microprocessor; and at least one output from the electronic circuit chip for transmitting data processed by the microprocessor. The electronic circuit chip is constructed so that information can be stored in the memory but not read from any output of the electronic circuit chip, and the microprocessor is programmable for encrypting data in accordance with an encryption procedure defined by information that can be stored in the memory but not read from any output of the electronic circuit chip.
In accordance with still another aspect, the invention provides a data processing device including a data processor and data port for linking the data processing device to at least one host processor. The data processor is programmed to authenticate the host processor by generating data to be transmitted to the host processor; transmitting the data to the host processor and encrypting the data using an encryption procedure preassigned to the host processor; and authenticating the host processor when the encrypted value is the same as the encrypted data.
In accordance with still another aspect, the invention provides a data processing device including a data processor, and a data port for linking the data processor to at least one host processor. The data processor is programmed to respond to a request for service from the host processor by returning a random number to the host processor, encrypting the random number using an encryption procedure preassigned to the host processor to produce an encrypted value, and authenticating the host processor when encrypted data returned by the host processor matches the encrypted value.
In accordance with yet another aspect, the invention provides a machine-readable program storage device containing a program that is executable by a data processing device to perform an authentication procedure for authenticating a host linked to the data processing device in a data network. The program is executable to respond to a request for service from the host processor by returning a random number to the host processor, encrypting the random number using an encryption procedure preassigned to the host processor to produce an encrypted value, and authenticating the host processor when encrypted data returned from the host processor matches the encrypted value.
In accordance with a final aspect, the invention provides a host controller for controlling communication of a host over a data network. The host controller includes a data processor, a data port connected to the data processor for data communication over the network, and a memory for storing information defining an encryption procedure assigned to the host controller. The data processor is coupled to the memory for reading the information defining the encryption procedure assigned to the host controller, and the data processor is programmed for responding to receipt of data in an authentication request from a data processing device in the data network by encrypting the data in accordance with the encryption procedure defined by the information stored in the memory to produce encrypted data, and for returning the encrypted data to the data processing device in the data network.