A chip card is a card that includes a microprocessor and a memory. The microprocessor is capable of operating in accordance with program instructions stored in the memory on the chip card. In comparison with traditional magnetic stripe cards, chip cards provide increased memory for storing data and increased security of stored data. Chip cards can be used for a variety of applications, particularly applications that require manipulation of large numbers, such as applications involving cryptographic processes. Therefore, chip cards are well-suited for applications that require secure digital identity. For example, in one application a chip card can be used to provide secure access to a computing network.
Chip card standards have been developed to provide a common programming standard for use by different chip card manufacturers. The chip card standards are intended to facilitate chip card application portability between chip cards of different manufacturers. The “Global Platform Open Platform Card Specification, Version 2.0.1,” (“Open Platform Specification” for ease of discussion) is a chip card standard that has been extensively adopted throughout the chip card industry. The Open Platform Specification provides a common security and chip card management architecture for protecting the chip card system infrastructure. The Open Platform Specification defines card components, command interfaces, transaction sequences, and common interfaces to enable creation of multi-application chip card systems.
The Open Platform Specification, particularly Version 2.0.1, defines a secure channel protocol to secure commands and data sent from an application process operating on an off-card entity, such as a server computer system, to a selected application operating on the chip card. In accordance with the Open Platform Specification, the secure channel is secured by using a shared secret. More specifically, a diversified master key unique to a particular chip card is used to mutually authenticate the server to the chip card and the chip card to the server. Also, the diversified master key is used to generate a session key that can be used to secure, i.e., encrypt, data being communicated from the off-card entity to the chip card. However, the Open Platform Specification, Version 2.0.1, does not provide for securing data communicated from the chip card to the off-card entity. Thus, a potential exists for man-in-the-middle attacks during data transmission from the chip card to the off-card entity.
In view of the foregoing, a solution is needed to provide for securing data communicated from the chip card to the off-card entity. Furthermore, the solution should be capable of being implemented on chip cards designed to comply with the Open Platform Specification, Version 2.0.1.