The invention relates to a chip card having a first user function, a method for selecting an identifier for enabling a chip card having a first user function, and a computer system.
For enabling a chip card function, prior user identification with respect to the chip card may be necessary, as known per se from the prior art. The most common user identification is the entry of a secret identifier, generally referred to as a personal identification number (PIN) or card holder verification (CHV). Such identifiers generally consist of a numeric or alphanumeric character string. For user identification, the identifier is entered by the user on the keyboard of a chip card terminal or a computer connected to a chip card reader, and is then sent to the chip card. The chip card compares the entered identifier to the stored identifier, and then communicates the results to the terminal or the computer by outputting a corresponding signal.
A distinction may be made between static and changeable PINs. A static PIN cannot be changed by the user and must be memorized. If the PIN has become known by outside parties, the card user must destroy the chip card to prevent misuse by unauthorized persons, and must obtain a new chip card having another static PIN. Likewise, the user must obtain a new chip card if he forgets the static PIN.
A changeable PIN may be changed by the user at will. To change the PIN, for security reasons it is always necessary to surrender the currently valid PIN, since otherwise another person could use any existing PIN in place of his own.
The situation is different for “super PINs” or personal unlocking keys (PUKs). These generally have more character spaces than the actual PIN, and are used to reset a PIN incorrect entry counter (also referred to as an incorrect operation counter) which is at its maximum value. Similarly, by use of the PUK a new PIN is transferred to the chip card, since a reset incorrect operation counter is of little use if the PIN has been forgotten. This is usually the case when the incorrect operation counter has reached its maximum value.
There are also applications which use transport PINs. The chip card is personalized with a random PIN which the card user receives in a PIN letter. At the first use, however, the user is prompted by the chip card to replace the personalized PIN with the user's own PIN. In a similar process referred to as the “zero PIN process,” the chip card is preassigned a trivial PIN such as “0000,” and the chip card likewise requires the PIN to be replaced upon first use (also see DE 35 23 237 A1, DE 195 07 043 A1, DE 195 07 044 C2, DE 198 50 307 C2, and EP 0 730 253 B1).
A method is known from DE 198 50 307 C2 for protecting chip cards from misuse. The chip card has a first user function which requires a personal secret number (PIN), freely selectable by the user, upon first use of the data and/or functions of the chip card, whereby entry of the personal secret number sets data and/or functions of the chip card to a “used” status. The personal secret number may subsequently be changed by use of a higher-level blocking code.
Compared to chip cards with a static PIN, chip cards with a changeable PIN have the advantage that the chip card does not necessarily have to replaced with a new one if the user has forgotten the PIN, for example by the fact that the incorrect operation counter is reset by use of the PUK and a new PIN is entered. However, such a procedure is unacceptable for security-critical applications, in particular for provision of digital signatures and in payment transactions, because of the limited protection from tampering. Therefore, re-entry of the PIN by means of the PUK is generally not permitted for applications which require high security. This means that only resetting of the incorrect operation counter is allowed using the PUK. Once again, the disadvantage in this case is that the chip card must be replaced if the PIN is forgotten.