The present invention relates to a method of authenticating the personal code of a user of an integrated circuit card such as a bank card, e.g. during payment operations performed using a computer connected to a network.
To perform such operations, it is common practice to use an integrated circuit card reader connected to the serial port of the computer so as to form a simple interface between the computer and the integrated circuit of the card.
Methods presently in use for authenticating a personal code (also known as a personal identification number, or PIN) include the steps of inputting the code via the computer keyboard, converting the inputted personal code into a format that is intelligible for the integrated circuit of the card, then transmitting the formatted personal code together with a command that the code be authenticated to the reader which forwards them, in turn, to the integrated circuit of the card which then authenticates the received personal code using the user""s personal code as pre-stored in the integrated circuit. When the user inputs the personal code, a person with fraudulent intentions, referred to herein as an attacker, might be capable of obtaining the personal code by accessing the computer memory in which the inputted personal code is stored prior to being forwarded to the reader, where such access could be direct or over a network. The attacker could also obtain the personal code by causing an instruction to be sent to the integrated circuit of the card instead of the authentication command to store the personal code in a memory of the integrated circuit to which the attacker can subsequently gain access. The risk of fraud is thus significant with existing authentication methods. This risk is associated with using the keyboard of the computer for inputting the personal code to be authenticated.
An object of the invention is to authenticate the personal code of an integrated circuit card user in a manner that maximizes protection of the personal code and that can be implemented using an integrated circuit card reader having electronic means that are relatively simple.
To achieve this and other objects of the invention, the integrated circuit card is received in a reader that is fitted with a keypad, connected to a computer, and capable of accepting at least one type of card. The type of card inserted in the reader is recognized. Formatting instructions are transmitted from the computer to the reader, with such instructions corresponding to the type of the card, and a command is sent for authenticating the personal code. The authentication command is verified in the reader and, for a qualified authentication command, the reader is put into a secure mode. The personal code is inputted via the keypad of the reader and formatted in accordance with the formatting instructions. The formatted code and the command for authenticating it are transmitted from the reader to the integrated circuit of the card.
Thus, the personal code can be inputted to the reader only after the authentication command for transmission to the integrated circuit of the card has been verified as being qualified and the reader has been put into a secure mode. It is then no longer possible to use the computer or a network to which it is connected to intervene in inputting the personal code.
Preferably, prior to inputting a personal code, the method of the present invention includes a step of informing the user that the reader is in a secure mode.
Preferably, subsequent to putting the reader in the secure mode, the method of the present invention includes a step of authorizing inputting of the personal code.
Advantageously, the secure mode prevents the execution of instructions that enable the computer to access the inputted personal code.
Preferably, simultaneously with the step of inputting and formatting the personal code, the method of the present invention includes a step of ensuring that any instruction coming from the computer during this step is compatible with keeping the reader in the secure mode.
Preferably, subsequent to transmitting the formatted personal code to the integrated circuit, the method of the present invention includes a step performed in the integrated circuit of the card, in which the received personal code is compared with the personal code of the user as pre-stored in the integrated circuit.
Preferably, the method of the present invention includes the step of transmitting the result of the comparison from the integrated circuit to the computer via the reader.