CH675169A5 - - Google Patents

Description

1

CH 675 169 A5

2nd

description

Technical field

The invention relates to a method for identifying a user of a chip card, in which the chip card is connected to a terminal and the user is identified if an identification code of the user matches an identification code of the chip card.

State of the art

Chip cards are plastic cards that are provided with an integrated semiconductor circuit. They are used, among other things, for electronic payment transactions (cash withdrawals, payment for goods, transfers, etc.) (see, for example, «Security in electronic payment transactions», J. Klinger, H. Otter, E and M, Volume 104, Issue 12). In order to keep the probability of unauthorized successful use small, the identification of the user by means of a secret identification code called PIN (Personal Identification Number) is required when using the card. Naturally, this PIN should not be made accessible to any third party and certainly not to any machine where the card is used. In a large network, the machines cannot all be regarded as safe. Manipulations have even been identified at the bank-operated ATMs, which are considered to be particularly secure. For this reason, there have recently been various demands that the chip cards be provided with a keyboard for entering the PIN (“Plastic cards - how intelligent is safe” from AS Glass and JL Massey, Landis & Gyr Mitteilungen 32 [1985] 2) .

It is also considered necessary to provide the chip card with a display. In this way e.g. can be prevented that the machine shows the user a small amount on his display and debits a large amount after his approval.

It has thus been concluded that both a display and a keyboard are required on the card for the secure use of chip cards. However, a chip card with a keyboard has considerable disadvantages. Since this keyboard must be small, it should not be particularly user-friendly, especially in winter. Furthermore, it is an additional element that can fail, especially if the chip card is bent in the back pocket. If the keyboard is only used to enter the PIN, signs of wear also allow conclusions to be drawn about the PIN. Finally, attaching a keyboard increases the cost of manufacturing such cards.

Presentation of the invention

The object of the invention is therefore to provide a method for identifying a user of a chip card, in which the chip card is connected to a terminal and the user is identified if an identification code of the user matches an identification code of the chip card, which the Identification of the user is allowed without the chip card requiring a keyboard and without the terminal being able to find out the identification code.

According to the invention, the solution is that the chip card generates at least one random number and makes it known to the user by means of a card-specific display, and the user enters a random code via the terminal, which code results from a link between the user's identification code and the at least one random number.

According to a preferred embodiment, the link represents a subtraction or addition.

In another preferred embodiment, the random numbers are random permutations of the digits "0" - "9", and the link corresponds to a redefinition of a keyboard of the terminal according to the permutations.

For linking by subtraction, a method is preferred in which the terminal comprises an impulse key, the chip card reacting to the pressing of the impulse key by increasing or decreasing a certain number of the displayed random number and the user using the impulse key to change the random number in such a way that his identification code appears on the display.

Further preferred embodiments result from the dependent claims.

Brief description of the drawing

The invention will be explained in more detail below on the basis of exemplary embodiments and in connection with the drawing.

Show it:

Figure 1 is a schematic representation of an arrangement for performing a method according to the invention.

2 shows an illustration of a method in which the link is a subtraction;

3 shows an illustration of a method in which the random numbers are permutations of the numbers “0” - “9”; and

Fig. 4 shows a preferred embodiment of a keyboard for entering the secret key.

Ways of Carrying Out the Invention

1 shows a schematic representation of an arrangement for carrying out a method according to the invention. It comprises three parties who exchange information with one another. A first party forms a terminal 1, a second a chip card 3 and a third a user 7.

The terminal has at least one keyboard 2, via which the user can enter a random code. In practice, it will also have a display and a connection to a data network. Such and other elements of Terminal 1 are

5

10th

15

20th

25th

30th

35

40

45

50

55

60

65

2nd

3rd

CH 675169 A5

4th

but of no importance for the method according to the invention. For example, a cash register of a retail store can serve as a terminal.

The chip card 3 comprises a display 4 and an integrated semiconductor circuit, which e.g. has a computing logic 5 and a data memory 6. The display 4 is controlled by the arithmetic logic 5 and is capable of displaying one or more random numbers. The data memory 6 is also controlled by the computing logic 5.

The chip card 3 and the terminal 1 are connected to one another, which is indicated by a data line 9. This data line 9 is used on the one hand when the user is identified, but on the other hand also e.g. used for reading or changing data of the data memory 6.

The user 7 is considered to be identified if his identification code 8a, hereinafter referred to as PIN for short, matches the PIN 8b of the chip card 3. For security reasons, it is good if the user knows his PIN 8a by heart and has not written it down anywhere. The PIN 8b of the chip card 3 is located in the data memory 6 and is secured against unauthorized reading. Under no circumstances should it be possible for Terminal 1 to read out PIN 8b from chip card 3 in any way via data line 9.

The essence of the invention is that the user can only give his PIN 8a to the chip card 3 via terminal 1, but that terminal 1 or an observer has no way of finding the true value of the PIN. This is achieved in that the chip card 3 generates a random number unknown to the terminal 1 and shows it to the user 7 via the display 4. The user 7 in turn links this random number to his PIN 8a in a predetermined manner. A random code K obtained by this link is typed in on the keyboard 2 and passed on from the terminal 1 to the chip card 3. The chip card can check the PIN contained in the random code K, since it knows both the random number and the PIN 8b and the link.

The link itself is not secret, i.e. an unauthorized user may also know that e.g. is given by subtraction.

The random number naturally changes every time the user 7 has to identify himself. As a result, the random code K is also random. Terminal 1 cannot find the PIN 8a itself from a series of random codes K, which are based on the same PIN.

Some preferred embodiments of the invention are described below. They relate to both the type of link and the type of entry of the random code K.

2 shows a method according to the invention, in which the combination corresponds to a subtraction. Such a procedure is called the difference procedure below. A PIN is shown at the top. In this example it has five digits and has the value «31990». Below, a five-digit random number Z with the value «43763» is written as an example. It can be real (generated by a noise diode) or synthetic

(Random generator). It is shown on display 4 to user 7. The user 7 now calculates the difference between the PIN and the random number Z in places in the head. The resulting random code K is entered via the keyboard 2 of the terminal 1.

In the present example, he subtracts the “3” of the random number Z for the last digit of the random code K from the “0” of the PIN and types in the result, a “7”. For the second to last digit of the random code K, he subtracts the «9» from the «6» and types in the result, a «3». In this way, he enters the entire random code K, namely «98237».

When the arithmetic logic 5 has received the random code K (here “98237”), it adds the displayed random number Z (here “43763”) to the random code K and compares the sum thus obtained with the PIN 8b stored in the data memory 6. If the PIN 8a of the user 7 matches the stored PIN 8b of the chip card 3, then the user is considered to be identified and the data exchange of user data (debiting monetary amounts, etc.) can begin.

It is of course also within the meaning of the invention if the chip card 3 forms its own random code parallel to the user 7 and announces this to the terminal. I.e. the comparison of the random code, and thus the PIN, is carried out in terminal 1 instead of in chip card 3. This variant can be considered if it is sufficient if Terminal 1 knows whether the user should be allowed or not. This can e.g. be the case in security systems.

The exemplary embodiment described with reference to FIG. 7 can easily be modified into a so-called sum method, in which addition is made instead of subtracted. It is generally advantageous to add and subtract modulo 10, i.e. in places and without carryovers (the result of adding 9 + 3 is 2 and not 12).

3a shows an alternative to the difference method, a so-called permutation method. For this purpose, the chip card 3 has a ten-digit display 4. The digits of the display 4 are numbered from “0” to “9” (FIG. 3b). The PIN is entered digit by digit. For each digit of the PIN, the chip card 3 randomly generates a permutation of the digits "0" to "9".

The random code K results in the present example as follows (FIG. 3a). The first permutation is «8217940365». This permutation is to be understood as a redefinition of the keyboard 2 of the terminal 1. I.e. in the present case that the user 7 enters an “8” on the keyboard 2 if he actually wants to enter a “0”. Or if he actually wants to enter a “4”, then he has to type a “9” on the keyboard etc. In the permutation process, the user enters his PIN taking into account the redefinition of the keyboard given by the permutation. According to a preferred embodiment of the invention, the chip card randomly generates a new permutation for each location of the PIN.

3a shows an example. The PIN is again

5

10th

15

20th

25th

30th

35

40

45

50

55

60

65

3rd

5

CH675169A5

6

"31990". For the entry of the first digit of the PIN, the «3», a first permutation is generated, e.g. "8217940365". In order to enter the first digit of his PIN, the "3", the user 7 types in the "7" on the keyboard 2. The computing logic 5 immediately generates a second permutation, e.g. "6154320798". The second digit of the PIN, the "1", is also represented by a "1" in this permutation. In this way, the user 7 enters his entire PIN 8a (see FIG. 3a).

Terminal 1 naturally does not know the random permutations and only sees the random code K, here «71251». It is important that a new, random permutation is created for each digit of the PIN.

As a result, the terminal cannot even conclude from the same digits in the random code K that the PIN also has the same digits in the corresponding places. For example, in the PIN of Fig. 3a, the third and fourth digits are identical, i.e. The number “9” each, but in the random code K the third and fourth digits are different, namely a “2” and a “5”. On the other hand, the random code K has the same digit in the second and fifth digits, namely a “ 1 », but not the PIN, namely a« 1 »and a« 0 ».

The keyboard 2 of the terminal 1 does not necessarily have to be a numeric keyboard. Particularly suitable for the difference method (Fig. 2) is e.g. a so-called sliding keyboard.

FIG. 4 shows such a sliding keyboard 13. It comprises five keys, an up key 10, a down key 11, a left key 14, a right key 15 and an OK key 12. Analogously to FIG. 1 1 the terminal and 9 the data line.

The operation of this sliding keyboard 13 will now be explained with reference to the embodiment shown in FIG. 2. The PIN is again the number "31990" and the displayed random number Z "43763". The up button 10 and the down button 11 act as an impulse button, i.e. the chip card reacts to the press e.g. the up button 10 by increasing a given point on the display 4 by «1». Similarly, the down key 11 lowers a specific digit on the display by «1». The user 7 now manipulates the displayed random number Z with the sliding keyboard 13 so that his PIN appears on the display 4. With the help of the left button 14 or the right button 15, he jumps one place to the left or to the right.

In the present example, user 7 sets the last digit of his PIN, the "0", e.g. Pressed the Up button 10 seven times in succession or the Down button 11 three times in a row. Then he jumps to the left with the left button 14 and sets the next digit of his PIN. By pressing the Up button three times, he changes the displayed «6» to a «9». In the meantime, the display 4 shows the number “43790”. In a completely analogous way, the user modifies the front three digits and concludes his entry with the OK key. He has thus given the chip card his PIN.

With this type of input too, Terminal 1 only receives the random code (here «98237»). No information about the PIN can be gained from this.

In terms of simple operation, the up button 10 and down button 11 are completely complementary, i.e. if e.g. If a «9» appears on the display, after tapping the Up button 10 three times you get the same as after tapping the Down button 11 seven times, namely a «2».

In a preferred embodiment, the up button 10 and the down button 11 are replaced by an adjustment wheel. The displayed digit increases or decreases depending on the direction in which the setting wheel is turned.

Setting the random code becomes even more convenient if the setting wheel works with the so-called soft scroll, i.e. When a displayed digit is continuously shifted up or down from the display by turning the setting wheel.

Basically, the difference method comes. the sum method with a single-digit display 4. In practice, however, a multi-digit display 4 should be advantageous, since it is easier for the user 7 to know which position of his PIN he has just entered. (In the example above with the PIN «31990», it can happen that the user no longer knows whether he has just set the first or the second «9»).

In conclusion, it can be said that the method according to the invention allows the user to be identified with a high degree of security, without the chip card having to have a problematic keyboard.

Claims (1)

Claims 1. A method for identifying a user of a chip card, in which a) the chip card is connected to a terminal, and b) the user is identified if an identification code of the user matches an identification code of the chip card, characterized in that c ) the chip card (3) generates at least one random number (Z) and makes this known to the user (7) by means of a card-specific display (4), and d) the user (7) enters a random code (K) via the terminal (1) , which results from a combination of the identification code of the user (7) with the at least one random number (Z). 2. The method according to claim 1, characterized in that the terminal (1) forwards the random code (K) to the chip card (3), which identifies the random code (K). 3. The method according to claim 1, characterized in that the link is a subtraction or addition. 4. The method according to claim 1, characterized in that the random number (Z) are random permutations of the digits "0" to "9", and the link corresponds to a redefinition of a keyboard (2) of the terminal (1) according to the permutations. 5. The method according to claim 4, characterized in that for each location of the identification 5 10th 15 20th 25th 30th 35 40 45 50 55 60 65 4th 7 CH675169A5 codes (PIN) a new random number (Z) is generated. 6. Arrangement for performing the method according to claim 1, comprising a) a terminal, and b) a chip card, characterized in that c) the chip card (3) a card-specific display (4) for displaying a random number, and d) the terminal (1) comprises a keyboard (2) for entering a random code. 7. Arrangement according to claim 6, characterized in that the keyboard (2) comprises an impulse key, the chip card (3) responding to the pressing of the impulse key by increasing or decreasing a certain number of the random number shown on the display (4). 8. Arrangement according to claim 6, characterized in that the keyboard (2) comprises an adjusting wheel, the chip card (3) reacting to the rotation of the adjusting wheel by increasing or decreasing a certain number of the random number shown on the display (4). 9. Arrangement according to claim 6, characterized in that the display (4) has ten digits and the digits of the display (4) are numbered. 10. Arrangement according to claim 7 or 8, characterized in that the keyboard (2) comprises a left key (14) and a right key (15) with which one or more digits to the left or. can be hopped to the right. 5 10th 15 20th 25th 30th 35 40 45 50 55 60 65 5