Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent
6718314
Chaum , ; et al.
April 6, 2004
Title
Multi-purpose transaction card system
Abstract
Disclosed is a multi-purpose transaction card system comprising an issuer, one or more cards, one or more terminals, and optionally one or more acquires, communicating using a variety of cryptographic confidentiality and authentication methods. Cards authenticate messages using public key based cryptographic without themselves performing the extensive computations usually associated with such cryptography. Integrity of complex transaction sequences and plural card storage updates are maintained even under intentionally generated interruptions and/or modifications of data transmitted between card and terminal. Cards do not reveal any information to the terminal which is not directly necessary for the transaction or any information to which the terminal should not have access, though externally measurable aspects of its behavior. Transaction types supported include those suitable for off-line credit cards, in which the "open to buy" is maintained on the card.
Inventors:
Chaum; David
(Sherman Oaks,
CA
)
, Ferguson; Niels
(Amsterdam,
NL
)
, Van Der Hoek; Jelte
(Amsterdam,
NL
)
Assignee:
Infospace, Inc.
(Bellevue,
WA
)
Appl. No.:
217614
Filed:
August 12, 2002
Current U.S. Class:
705/64
705/65
Field of Search:
380/30,45-47 705/64-69 713/169-172
U.S. Patent Documents
5748739
May 1998
Press
5987134
November 1999
Shin et al.
6434238
August 2002
Chaum et al.
Primary Examiner:
Cangialosi; Salvatore
Parent Case Text
CROSS-REFERENCE TO RELATED APPLICATION
This application is a continuation of Ser. No. 08/909,480 filed Aug. 11, 1997 is now U.S. Pat. No. 6,434,238, issuing Aug. 13, 2002, which is a continuation of PCT/US95/01765, filed Feb. 13, 1995, designating the U.S., which is a continuation-in-part of U.S. Ser. No. 08/179,962, filed Jan. 11, 1994, now U.S. Pat. No. 5,434,919.
Claims
What is claimed is:
1. A method for financial transactions, comprising the steps of: maintaining a challenge seed by a terminal for use with respect to at least one subsequent transaction; issuing a challenge seed modifier by an on-line server to said terminal; modifying said challenge seed by said terminal at least responsive to said modifier; developing a challenge value for use in a subsequent transaction, where said challenge value depends on at least substantially on said challenge seed; and accomplishing the foregoing so as to make said challenge unpredictable even to someone privy to the secrets of said terminal.
2. Apparatus for financial transactions, comprising: means for maintaining a challenge seed by a terminal for use with respect to at least one subsequent transaction; means for issuing a challenge seed modifier by an on-line server to said terminal; means for modifying said challenge seed by said terminal at least responsive to said modifier; means for developing a challenge value for use in a subsequent transaction, where said challenge value depends on at least substantially on said challenge seed; and means for accomplishing the foregoing so as to make said challenge unpredictable even to someone privy to the secrets of said terminal.
Description
FIELD OF THE INVENTION
This invention relates to transaction systems, and more specifically to secure transaction systems involving tamper-resistant devices.
DESCRIPTION OF PRIOR ART
Reference is hereby made to P.C.T. publication WO 89/08957 E.P.O. filing 89906593.7, and U.S. Pat. No. 4,987,593 filed Mar. 16, 1988, titled "One-Show Blind Signature Systems" by Chaum, which are incorporated herein by reference. Reference is also hereby made to E.P.O. filing 90200207.0 and U.S. Pat. No. 5,131,039 filed Jan. 29, 1990, titled "Optionally moderated transaction systems" by Chaum, which are incorporated herein by reference. Reference is also hereby made to U.S. Pat. No.
4,914,698 filed Jul. 24, 1989, titled "One-show blind signature systems" by Chaum and to U.S. Pat. No. 5,276,736 filed Jul. 13, 1992, titled "Optionally moderated transaction systems" by Chaum, which are incorporated herein by reference.
A basic technique for "endorsing" a public key digital signature was disclosed in the first above included reference and a related paper presented at Crypto '88. This technique was used in the second above included reference and also, in other subsequent publications, such as, for example, U.S. Pat. No. 5,016,274 by Micali et al. related to a paper presented at Crypto '89 and CWI technical Report CS-R9035.
Endorsement schemes are simply one-time signature schemes where the authentication of the public key that is always needed in one time signature schemes is done using the very well know technique of public key certificate.
Three efficiency improvements for the endorsement function, compared to that first disclosed in the first above included reference, are known in the prior art. The first two pertain to one-time signature schemes and the third improves the true public key digital signatures.
The first two improvements were made in the context of the well-know original one-time signatures called "Lamport" signatures that are disclosed and attributed to Lamport in "New directions in cryptography" IEEE Transaction on Information Theory, pp. 644, 654, 1976, and are also subsequently described by Lamport in SRI technical report CSL 98. Lamport signatures simply authenticate, as a public key, the output of a public one-way function on a list of secret values; later release of a subset of the secret values allows anyone to confirm both that they correspond to the authenticated list and the message signed by being encoded in the choice of subset.
The first improvement is believed disclosed at least in IBM Technical Disclosure Bulletin, vol. 28, no. 2, July 1985, pp. 603-604, titled "Matrix digital signature for use with the data encryption algorithm" and in the Proceedings of Crypto '87
by Merkle in the context of Lamport signatures and was subsequently incorporated in the second above included reference by Chaum. This first improvement reduces the size of the original list of secret inputs to the one-way function. Instead of simply basing the signature on single independent applications of one-way functions, the functions are composed or "chained" so that the output of the previous function application in the chain serves as the input of the next function application. Each chain can be thought of as representing one digit of the numeric message signed by the one-time scheme. The radix is one plus the length of the chain, with the original Lamport signatures having radix 2. This first improvement results in economy of storage and transmission, at the expense of an increase in computation.
The second efficiency improvement was also disclosed by, Merkle, as cited above. It applies techniques, believed known in the coding art, that reduce the number of "control" digits needed. These digits prevent a signature from being changed into a signature on a different message. The previous disclosures cited used one control digit per message digit, with the control digit representing the additive inverse of the message digit. The improvement works essentially by having only a few control digits that represent the additive inverse of the sum of the message digits. Accordingly, the number of control digits is reduced from being linear in the number of message digits to being only logarithmic.
The third improvement applies to certain public key digital signature schemes. It was disclosed first in U.S. Pat. No. 4,949,380, in a paper presented at Crypto '89, PCT publication US89/04662 and EPO application 89912051.3, all substantially the same and all by Chaum. This improvement allows plural public key signatures to be "intermingled" in the space taken by one, so long as they are made with coprime public exponents. They can be signed in the intermingled form, stored in that form, and later separated for showing. This technique also gives economy of storage (and communication), although potentially at the expense of extra computation.
One commercially interesting use of endorsement schemes appears to be in the area of "prepaid cards."
A prepaid smart card contains stored value which the person holding it can spend at retail points of payment. After accepting stored value from cards, retailers are periodically reimbursed with actual money by system providers. A system provider receives money in advance from people and stores corresponding value onto their cards. During each of these three kinds of transactions, secured data representing value is exchanged for actual money or for goods and services. Telephone cards used in France and elsewhere are probably the best known prepaid smart cards (though some phone cards use optical or magnetic techniques). National prepaid systems today typically aim to combine public telephones, merchants, vending, and public transportation. Automatic collection of road tolls may also be included soon.
Growth in the prepaid smart card market appears to be rapid. For instance, at the time of this application it is believed that national prepaid chipcard schemes are rolling Denmark, under construction in Portugal and planned in Belgium, Spain, and France. The MAC network, believed the largest ATM network in the United States, has announced its entry, and systems are apparently already operational in South Africa and Switzerland.
In schemes based solely on conventional cryptography used by cards, secured modules (sometimes called SAM's) are needed at every point of payment. The reason is that transactions are consummated without communication with external sites, to keep transaction costs commensurate with the low-value of payments, and that conventional cryptographic authentication requires the communicants to share a common secret. Each secure module is believed to require the ability to develop secret keys of all cards, which gives some problems. If the cards of multiple system providers are to be accepted at the same point of payment, all the points of payment must have secured modules containing keys of every provider. This is believed to mean either a mutually trusted module containing the keys of multiple providers, which might be hard to achieve, or one module per provider, which becomes impractical as the number of providers grows. Furthermore, in any such system, if a module is penetrated, not only may significant retailer fraud be facilitated, but the entire card base may be compromised.
Endorsement schemes avoid these problems since they do not require such secured modules. Equipment at points of payment needs no secret keys, only public ones, in order to authenticate the endorsements, which act like guaranteed checks filled in with all relevant details. These same endorsements can later be verified by the system provider for reimbursement. (While these systems allow full end-to-end verification, tamper-resistant aggregators can always be used for truncation.) They also allow the cards of any number of issuers to be accepted at all retailers; retailers cannot cheat issuers, and issuers cannot cheat each other.
The size of the chip in the card is of substantial practical importance in such systems. With a given technology, the more storage the more the chips cost to produce and the bigger they are. It is believed that in the industry larger chips are also thought to mean higher card production costs, and less reliable and durable cards. Cards announced so far for such national prepaid systems use only conventional cryptographic authentication and have only about one kilobyte of nonvolatile storage. For endorsement techniques to be competitive, it is believed important that they can be fit into the same chips. Prior art techniques do not allow enough endorsements to be stored in such chips.
Furthermore, it is believed that ordinary credit card and/or debit card transactions consummated using a smart card would benefit from the additional security of an off-line public key endorsement of their transaction details.
Transaction systems using a tamper-resistant device are well known. Usually the tamper-resistant device has the form of a smart card. Most smart card transaction systems are targeted to financial transactions, but many other transaction such as aqccess control are in use. In most smart card systems the smart card has one or more secret keys specific to that smart card, while each terminal has one or more `master keys` in a tamper-resistant device which allow the terminal to derive the secret keys of the smart cards. Once both parties in the transaction have a secret key in common, the security and authenticity of the transaction can be ensured using traditional cryptographic methods. The `master keys` in the terminal are a weak point in these systems, as any attack which succeeds in getting these keys out of a terminal leads to a catastrophic breakdown of the security. Methods of solving this problem usually involve the application of some kind of public key cryptography. Using smart cards with a public key cryptographic capability is one solution, but such smart cards are more expensive than simple ones.
During a transaction a smart card will typically update one or more locations in non-volatile memory, which could for example consist of EEPROM. Present smart cards are sometimes vulnerable to interruptions during the update which leads to security and reliability problems. Any faults in the non-volatile memory often lead to wrongful transaction processing. Another weakness of smart cards using EEPROM memory is an attack in which the smart card is irradiated using ultraviolet (UV) light. It is known that this influences the data stored in the EEPROM, and might thus be used to attack the security of the system. Some types of transactions require several items in non-volatile memory to be modified simultaneously, a requirement which is not supported in current smart cards.
The different actions which make up a transaction are mostly not bound together by cryptographic means, making it harder to provide adequate security for complex transactions and often necessitating the use of specialized actions. Financial transaction system smart cards which are used for payment purposes typically subtract the amount of the payment from the internally held balance before giving out the cryptographic proof to the terminal that the payment has been made. Any interruption in the time between this update and the sending of the proof can lead to a loss of money, unless special recovery procedures are used.
Most smart cards willingly reveal a lot of information, often including a unique card identity number, directory structure etc. Although this information is usually not directly relevant to the security of the application, it can provide additional information to the terminal which might be used to invade the privacy of the owner of the smart card.
The tamper resistance of smart cards is typically used to allow the smart card to execute processes using some secret information (e.g. secret cryptographic keys), and care is taken in the design of transaction systems that the smart card does not reveal any of the secret information to the terminal. However, a terminal might perform many mor measurements then just looking at the data that is sent by the card; it is our belief that many existing systems are vulnerable to an attack which uses these additional measurements.
The recently published specifications for the EMV system "Integrated Circuit Card Specifications for Payment Systems: Part 1, Electromechanical Characteristics, Logical Interface, and Transmission Protocols, version 1.1; Part 2, Data Elements and Commands, version 1.1; and Part 3, Transaction Processing, version 1.0" all dated Oct. 31, 1994 by Europay International S.A., MasterCard International Incorporated, and Visa International Service Association define a system designed for credit card applications. They allow off-line processing of some credit card transactions. The specifications seem to envision a setting where the terminal does not have access to any secret keys, the specified off-line transactions do not include any means for the terminal to verify the authenticity of the card and the transaction data in this setting. Furthermore, the specifications are envisioned to be used for several types of financial transactions, including credit card payments, direct debiting of the user's account, pre-paid payments where the money resides in the card etc. The specifications do not address the underlying similarity in structure for all of these applications.
For some types of transactions, and specifically for financial ones, there is also a clearing process. In this process the terminals send information regarding the money they collected to the acquirer and/or issuer. Current systems rely on either having the terminal forward full transaction information to the acquirer, or having a tamper-resistant device (often called SAM) in the terminal to do the truncation: the SAM accepts the transaction data, verifies them, and keeps track of the necessary totals. This allows some or all of the transaction data to be discarded, the necessary clearing information is forwarded by the SAM to the acquirer and/or issuer and authenticated using some cryptographic scheme. Forwarding all transaction information can be expensive and cumbersome, while having SAMs in terminals can be expensive. When a single terminal has to deal with many different issuers/acquirers, the terminal either needs separate SAMs for each of the issuers/acquirers, which is expensive, or a single SAM which is trusted by all the issuers/acquirers, which leads to organizational difficulties.
OBJECTS OF THE INVENTION
Accordingly, it is an object of the present invention to: provide a secure, flexible, efficient and reliable multi-purpose transaction system; provide a secure and efficient authentication capability for smart cards, which does not rely on a capability of the smart card to performing public key cryptographic computations in an adequate fashion; provide a secure atomic update of the non-volatile memory in smart cards for one or more modifications to the data in the memory, even under arbitrary interruptions and some physical attacks; provide proper cryptographic proofs and verifications that the different actions that make up a transaction are kept together and executed in order; prevent the smart card from revealing any information to terminals that do not have access to the appropriate keys; prevent the smart card from revealing any information in addition to the information communicated as part of the transaction, through any external behaviour; provide clearing methods and systems that do not communicate all the transaction data, without the use of one or more tamper-resistant devices in the terminal; protect the terminals interest in off-line EMV transactions by adding a public key based digital authentication to the transaction; provide a general transaction structure that can be used for credit card transactions, pre-paid transactions, direct debit transactions etc.; and allow efficient, economical, and practical apparatus and methods fulfilling the other objects of the invention.
Other objects, features, and advantages of the present invention will be appreciated when the present description and appended claims are read in conjunction with the drawing figures.
BRIEF DESCRIPTION OF THE DRAWING FIGURES
It will be appreciated that the FIGS. 39, 42, 43, 44, 45 and 46 are part of the description of a first preferred embodiment and that all other figures are part of the description of a second preferred embodiment.
FIG. 1 shows a combination block and functional diagram of a preferred embodiment of a multi-purpose transaction card system involving four groupings of parties, in accordance with the teachings of the present invention;
FIG. 2 shows a combination block and functional diagram of a one time signature structure called a house, in accordance with the teachings of the present invention;
FIG. 3 shows a combination block and functional diagram of a first preferred compact endorsement signature structure called a town, in accordance with the teachings of the present invention;
FIG. 4 shows a combination block and functional diagram of a second preferred compact endorsement signature structure called a town, in accordance with the teachings of the present invention, which is believed to allow an efficient implementation;
FIG. 5 shows a combination block and functional diagram of a preferred exemplary embodiment of a compact endorsement signature structure called a town, in accordance with the teachings of the present invention;
FIG. 6 is a block diagram showing exemplary data elements and control elements that are signed using a one time signature structure of FIG. 2, in accordance with the teachings of the present invention, in a way which is believed to enhance security;
FIG. 7 shows a combination block and functional diagram of a public key verifying party, in accordance with the teachings of the present invention;
FIG. 8 shows a flowchart of a preferred embodiment of a card cancel process in accordance with the teachings of the present invention, which, together with FIGS. 13, 14, 15, 16, 17, 18, and 19 is believed to implement a secure data storage system of said card, and which, in particular, when executed at the end of a session is believed to rollback all the results on the card non-volatile memory of said session;
FIG. 9 shows a combination block and functional diagram of a preferred exemplary embodiment of a one time signature structure called a house in accordance with the teachings of the present invention;
FIG. 10 shows a combination block and functional diagram of a public key issuing party, in accordance with the teachings of the present invention;
FIG. 11 shows a block and functional diagram of a non-volatile memory model in accordance with the teachings of the present invention, which is believed to describe the write and erase behaviour of most types of non-volatile memory used in the art, in particular the write erase behaviour of EEPROM;
FIG. 12 is a block diagram showing the use of volatile and non-volatile memory in a preferred embodiment of a card in accordance with the teachings of the present invention;
FIG. 13 shows a flowchart of a preferred embodiment of a card start update process, in accordance with the teachings of the present invention, which, together with FIGS. 8, 14, 15, 16, 17, 18, and 19 is believed to implement a secure data storage system of said card;
FIG. 14 shows a flowchart of a preferred embodiment of a card delete frame[i] process in accordance with the teachings of the present invention, which, together with FIGS. 8, 13, 15, 16, 17, 18, and 19 is believed to implement a secure data storage system of said card;
FIG. 15 shows a flowchart of a preferred embodiment of a card write frame[t,access,data] process in accordance with the teachings of the present invention, which, together with FIGS. 8, 13, 14, 16, 17, 18, and 19 is believed to implement a secure data storage system of said card;
FIG. 16 shows a flowchart of a preferred embodiment of a card reset process in accordance with the teachings of the present invention, which, together with FIGS. 8, 13, 14, 15, 17, 18 and 19 is believed to implement a secure data storage system of said card;
FIG. 17 shows a flowchart of a preferred embodiment of a card commit process in accordance with the teachings of the present invention, which, together with FIGS. 8, 13, 14, 15, 16, 18, and 19 is believed to implement a secure data storage system of said card;
FIG. 18 shows a flowchart of a preferred embodiment of a card find frame[t] process in accordance with the teachings of the present invention, which, together with FIGS. 8, 13, 14, 15, 16, 17, and 19 is believed to implement a secure data storage system of said card;
FIG. 19 shows a flowchart of a preferred embodiment of a card read frame[t] process in accordance with the teachings of the present invention, which, together with FIGS. 8, 13, 14, 15, 16, 17, and 18 is believed to implement a secure data storage system of said card;
FIG. 20 is a combination block and functional diagram showing mechanisms of encrypting data with a session-state and chaining data in said session-state chain and decrypting data with said session-state and chaining data in said session-state, in accordance with the teachings of the present invention;
FIG. 21 is a combination block and functional diagram showing the mechanism of `crypting` data with a session-state and chaining data with said session-state and chaining data in said session-state as performed in the preferred embodiment of a terminal, in accordance with the teachings of the present invention, which are believed to implement an encrypt decrypt pair, as shown in FIG. 20;
FIG. 22 is a combination block and functional diagram showing a preferred exemplary implementation of a mechanism of `crypting` data with a session-state and chaining data in said session-state as performed in a preferred embodiment of a card, in accordance with the teachings of the present invention, which, together with the mechanism showed in FIG. 23, are believed to implement the mechanisms as shown in FIG. 21;
FIG. 23 is, a combination block and functional diagram showing a preferred exemplary implementation of the mechanism of `crypting` data with a session-state and chaining data in said session-state as performed in a preferred embodiment of a terminal, in accordance with the teachings of the present invention, which, together with the mechanism showed in FIG. 22, are believed to implement the mechanisms as shown in FIG. 21;
FIG. 24 shows a flowchart of a process called `session` which involves a card and a terminal in a preferred embodiment, in accordance with the teachings of the present invention.
FIG. 25 shows a flowchart of a detail process called `start session and proof keys`, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention, which, together with FIGS. 26 and 27 are believed to implement the process of FIG. 24;
FIG. 26 shows a flowchart of a detail process called `command and exchange data`, involving actions by a terminal, actions by a card and communications between said card and said terminal, in accordance with the teachings of the present invention, which, together with FIGS. 26 and 27 is believed to implement the process of FIG. 24;
FIG. 27 shows a flowchart of a detail process called `commit session and end session`, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention, which, together with FIGS. 26 and 27 is believed to implement the process of FIG. 24;
FIG. 28 shows a flowchart of an EMV transaction process, involving actions by a terminal, actions by a card, actions by an issuer and communication between said card and said terminal and between said terminal and said issuer in a preferred embodiment, in accordance with the teachings of the present invention;
FIG. 29 is a flowchart showing all possible successful executable series of commands, issued by a terminal and performed by a card in a preferred embodiment, in accordance with the teachings of the present invention;
FIG. 30 shows a flowchart of a Commit-Challenge-Response process involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention;
FIG. 31 shows a flowchart of a non single execution path process and a single execution path process, both assigning values to variables depending on a conditional in accordance with the teachings of the present invention, which are believed to have the same result on the assigned variables;
FIG. 32 shows a flowchart of a `Get Proof` process in a preferred embodiment, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention;
FIG. 33 shows a flowchart of a process of performing a `script` in a preferred embodiment, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention;
FIG. 34 shows five detail flowcharts of processes called `start session 1`, `start session 2`, `get frame`, put frame` and `kill frame` in a preferred embodiment, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention in accordance with the teachings of the present invention;
FIG. 35 shows five detail flowcharts of processes called `debit frame`, `redebit frame`, `public debit`, `commit` and `done` in a preferred embodiment, involving actions by terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention in accordance with the teachings of the present invention;
FIG. 36 shows five detail flowcharts of processes called `get proof`, `select file`, `manage application 1`, `manage application 2` and `get data` in a preferred embodiment, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention in accordance with the teachings of the present invention;
FIG. 37 shows five detail flowcharts of processes called `get file`, `generate AC 1`, `generate AC 2`, `external authenticate` and verify` in a preferred embodiment, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention in accordance with the teachings of the present invention;
FIG. 38 shows a detail flowchart of a process called `get last AC` in a preferred embodiment, involving actions by a terminal, actions by a card and communication between said card and said terminal, in accordance with the teachings of the present invention in accordance with the teachings of the present invention;
FIG. 39 shows a combination block and functional diagram of a preferred embodiment of a compact endorsement signature system involving four sets of parties in accordance with the teachings of the present invention;
FIG. 40 shows the non-volatile memory contents in accordance with the teachings of the present invention of the preferred exemplary compact endorsement signature structure of FIG. 5 by means of a tabular arrangement of town values, notations and actions;
FIG. 41 shows the operational steps in accordance with the teachings of the present invention of the preferred exemplary compact endorsement signature structure of FIG. 5 by means of a tabular arrangement of town values, notations and actions;
FIG. 42 shows a combination block and functional diagram of an exemplary embodiment of an endorser party in accordance with the teachings of the present invention;
FIG. 43 shows a flowchart of a general endorsement scheme process in accordance with the teachings of the present invention;
FIG. 44 shows an exemplary one-time signature structure in accordance with the teachings of the present invention;
FIG. 45 shows a preferred exemplary endorsement structure in accordance with the teachings of the present invention, in which FIGS. 45a-45d are exemplary first level cascade structures and FIG. 45e is an exemplary second level cascade structure;
FIG. 46 shows the operational steps in accordance with the teachings of the present invention of the exemplary structures of FIG. 45 by means of a tabular arrangement of registers names and notations;
FIG. 47 shows a combination block and functional diagram of the interaction between a card and the issuer in the preferred embodiment of a system like FIG. 1, with details added to card entity concerning some registers, and details added to the issuer entity concerning maintained databases in accordance with the teachings of the present invention;
FIG. 48 shows a block diagram of a preferred embodiment of a record in a card database of FIG. 47 in accordance with the teachings of the present invention;
FIG. 49 shows a block diagram of a preferred embodiment of a record in a event database of FIG. 47 in accordance with the teachings of the present invention;
FIG. 50 shows a flowchart of a preferred embodiment of a issuer process that mainly synchronizes the issuers known balance with a card balance during an on-line transaction, in accordance with the teachings of the present invention;
FIG. 51 shows a flowchart of a preferred embodiment of a issuer process that mainly synchronizes the issuers known balance with a card balance during the clearing process of off-line transactions, in accordance with the teachings of the present invention;
FIG. 52 shows a flowchart of an exemplary implementation of the process FIG. 50, in accordance with the teaching of the present invention; and
FIG. 53 shows a flowchart of an exemplary implementation of the process FIG. 51, in accordance with the teachings of the present invention;
BRIEF SUMMARY OF THE INVENTION
In accordance with the foregoing and other objects of the present invention, a brief summary of some exemplary embodiments will now be presented. Some simplifications and omissions may be made in this summary, which is intended to highlight and introduce some aspects of the present invention, but not to limit its scope in any way. Detailed descriptions of preferred exemplary embodiments adequate to allow those of ordinary skill in the art to make and use the inventive concept are provided later.
An endorsement scheme that allows preferably hundreds of endorsements to be stored in less than a thousand bytes on a simple microcontroller smart card would be commercially interesting, but cannot be achieved by techniques known in the prior art. The present invention overcomes these limitations of the prior art.
The inventive concept provides hierarchical structuring of multiple one-time signatures-within a single public key signature. The hierarchy is formed from compressing one-way functions, also sometimes known as hash or message digest functions, serving as the internal "nodes" in a special tree structure. The tree's "leaves" are the one-time signatures and its "edges" are values that are inputs and sometimes outputs of the compression functions. Thus the root represents the final compression of all the one-time signatures in the structure, and the output of this compression is signed by the digital signature technique.
Each endorsement involves a subset of the tree including the single one-time signature that is used in, and only in, that endorsement. Also in the subset is the public key signature and a path of edges from the leaf to the root. The values represented by all edges incident on the nodes of the path, apart from those edges on the path, are included.
The endorsements are made in an order that, in cooperation with the structuring, lets the card use a relatively small number of non-volatile registers at each stage. Furthermore, the amount of computation required between each endorsement is also limited to a small amount. Moreover, stepping from the last one-time signature in one digital signature to the first of the next digital signature requires essentially only the same resources as stepping between any two one-time signatures within the same digital signature.
One of the particular preferred embodiments, which is disclosed in detail later, uses a "cascade" of two-argument compressing functions as a building block. The first compressing function in the cascade takes two inputs from outside the cascade. All subsequent compresses in the cascade take one argument from the previous compress and one from outside the cascade. Thus, with only an output of one compress in a cascade along with all subsequent inputs to the cascade, the output of the entire cascade can be verified.
The cascades are structured into a low hierarchy, preferably only two high, although any hierarchy could be used. The cascades at the low level, called "street," take their inputs directly from one-time signatures, called "houses." The cascades at the higher level, called "towns," take their inputs from the outputs of the cascades at the lower level. Thus, a complete ordering is imposed on the houses of a street and the streets of a town.
Roughly stated, in the preferred embodiment, the endorsements may be thought of as proceeding from house to house in order. When a house is visited, its one-time signature is used in an endorsement. In addition to this "actual" traversal for endorsements, there are two "preparatory" traversals conducted in parallel.
The first preparatory traversal moves down the next street visiting almost all the houses. (If there is a next street in the current town ordering, this is traversed; if there are no more streets in the current town, then the first street in the next town is traversed). The purpose of the first preparatory traversal is to obtain and store the leaf edges for a street so that they are ready when the street is entered and the first house is used in an endorsement.
The second preparatory traversal moves through the next town. The purpose of this traversal is to obtain and store the edges coming from all the streets of the next town, except the first street. These will be needed in endorsements when the new town is initially entered by the actual traversal and endorsements are coming from its first street.
Tamper resistant devices often store some information in non-volatile memory. The preferred embodiment is capable of atomic multi-updates allowing several modifications in the non-volatile memory to be done all at once, even under arbitrary interruptions. Secrecy of critical data is maintained under attacks involving UV irradiation of the smart card chip, while at the same time allowing recovery in the case of technical failures.
Sessions are introduced which cryptographically link the actions that make up a transaction, ensuring that the constituent actions are all performed in order and without any other actions in-between. The sessions also provide a single proof system for an entire transaction, eliminating the need for specialized elementary actions for specific transactions. Even under arbitrary interruption the sessions ensure that either the transaction is completed and the cryptographic proofs exchanged properly, or the transaction is not executed at all.
In the preferred embodiment the tamper-resistant device does not reveal any information to the terminal in addition to the information explicitly communicated with the terminal, even if the terminal performs any or all of a general set of additional measurements on the card while it is in operation.
Several clearing methods are described which allow adequate clearing and settlement of financial and other transactions to occur without the need for a tamper-resistant device in the terminal or the need to communicate full transaction data form the terminal to the acquirer/issuer.
The EMV system is extended and generalized. The terminal's interests are properly protected by including a proper off-line authentication of the transaction data. The EMV system is generalized to provide all the functions needed for implementation of a wide variety of payment applications.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
The drawing figures and the detailed descriptions provided later make a number of simplifying assumptions for concreteness and for clarity in exposition. It will be appreciated, however, that these should not be taken to limit the scope of the invention.
Some lines and arrows in the drawing figures represent messages, which may be held initially or delayed on their way, passed through various parties, encoded and decoded cryptographically or otherwise to provide their authenticity and/or security and/or error detection and/or error recovery. Thus the particular means or methods whereby messages are transferred are not essential to the present invention, and it is anticipated that any technique may be employed in this regard.
As will be appreciated, someone of ordinary skill in the art would be familiar with Bruce Schneier 1994 "Applied Cryptography, Protocols, Algorithms, and Source Code in C" and with the references contained therein. As will also be appreciated, someone of ordinary skill in the art would be familiar with Donald E. Knuth 1981, "The art of computer programming" parts 1 "Fundamental algorithms" and 2 "Seminumerical algorithms", and with references contained therein.
Some background on the parameter values that are believed to apply, as will be appreciated, serves as a basis for some of the tradeoffs made in the preferred embodiment.
A typical user transaction should, it is believed, not introduce more than roughly a second of delay if it is to be perceived as acceptably fast. Of course, highway-speed road tolls, and even mass transit situations, may require substantially faster transactions. The endorsement signatures are well suited to such high-speed transaction, as has been illustrated in the second above included reference.
An RSA signature today is minimally 64 bytes. Other digital signatures might be one third the size. The output of a compressing one-way or hash function is typically 16 bytes. A one-way function input or output can typically be 8 bytes. A smart card of one kilobyte non-volatile memory, already mentioned as a currently commercially interesting target for the invention, typically has various competing uses for its non-volatile storage. It is believed that less than the whole amount would be available for storage of signatures and other values needed in endorsement. Examples include identification data related to manufacturing and distribution, cryptographic keys for securing communication with an issuer, registers to hold card balance(s), transaction records, public key certificates of the issuer, key validity data, and so forth.
A blockcipher operation that might typically be used in constructing a one-way function can, it is believed, typically be done by a smart-card microcontroller between 100 and 400 times per second, depending on a variety of factors. At least several applications of such a blockcipher are anticipated to be required to implement a hash or compression function. A reading device can use special circuitry to compute blockciphers, it is believed, about two orders of magnitude faster.
Transmission of data between a smart card and the reading device is believed typically to be at about 1000 bytes per second, but can be sped up by at least a factor of 4 under some standard protocols.
Some general notions regarding cryptographic techniques will now be presented.
Assigning a variable a "random" value performs the function of creating a value that should not be readily determined by at least some party. Many means and methods are known in the art for generating such unpredictable quantities, often called keys. Some are based on physical phenomena, such as noise in semiconductors, or patterns detected in humans pushing buttons, or possibly deterministic cryptographic techniques sometimes called pseudorandom generators. It is well known in the art that these various techniques can often be combined, and that post-processing can often improve the results. Thus particular means or methods whereby random values are derived is not essential to the present invention, and it is anticipated that any technique may be employed in this regard.
A "compression" function, as has already described, is an example of a technique very well known in the art as a hash or message digest function. Such a function takes an input larger than its output. It is believed computationally prohibitive, given the output, to find back any input that would yield it, even if some of the inputs are known.
The term "party" is used herein to indicate an entity with control over at least the secrecy of some information, usually at least one key. It is anticipated that a plurality of people may each know all or in effect part of some key, and they might be thought of collectively as a party. In other cases, a key may be substantially unknown to people, and reside in some physical device, and then the device itself or those who control it from time to time may be regarded as parties.
The method or means whereby information is transferred between parties is not essential to the present invention, and may be accomplished in any suitable way. For instance, output and input means may be brought into physical proximity with each other, or they may communicate remotely by any kind of communication network or technique. The information may be encoded in various forms, some of them cryptographic, and decoded and transformed between coding on its way. Similarly the information may be stored and/or detained in various forms and by various parties along the way.
The choice of party names, forms, and the number of parties are examples of choices made for clarity and convenience. Naturally, the inventive concepts disclosed here should not be interpreted as limited to a particular type, grouping, or multiplicity of parties nor should there be any other implication of naming conventions or the like.
Turning now to FIG. 39, general descriptions of the interconnections and cooperation of the constituent parts of some exemplary embodiments of the inventive concepts will now be presented.
Signature issuer party 3941, referred to for simplicity as the issuer, has at least a private key. A corresponding public key is made known at least to endorse 3943 (as will be more fully described) and to any additional verifiers 3944.
Signature transporter and endorser party 3942, herein referred to simply as endorser, receives the signatures from issuer 3941 as shown by line 3951. Endorsee and verifier 3943, referred to for simplicity as endorsee 3943, receives an endorsement from endorser 3942 as indicated by line 3952. Additional verifier 3944 may also verify the endorsement, shown for simplicity as coming from endorsee over line 3953.
As will be appreciated, but is not shown for clarity, there may be plural instances of each party type. For example, there may be multiple endorsers, each endorsing signatures issued by the same issuer. There may be multiple endorsees, each capable of receiving an endorsement from any one of plural endorsers. There may be multiple additional verifiers, any one of which may be capable of verifying endorsements received from plural endorsees or others. Moreover, there may be plural issuers, some of which are capable of issuing identical signatures as well as other of which that are not.
Each signature is related to a message, the origin of which is not essential to the inventive concepts. Messages could, for example, come from the issuer 3941, the endorser 3942, endorsee 3943, or verifier 3944, random sources, external events, or combinations of these. Any of the aforementioned parties may be aware of the message before they cooperate in an endorsement, or one or the other of them may supply all or parts of the message to the other, which is not being shown for clarity.
Turning now to FIG. 42, general descriptions of the interconnections and cooperation of the constituent parts of some exemplary embodiments of the inventive concepts will now be presented for endorser 3942.
A smart card 4200 or other portable data carrier, as will be appreciated, may perform the role of endorser 3941. It may be considered to be composed of several interconnected parts. The i/o interface 4201 communicates with the outside world, such as issuer 3941 and endorsee 3943 through interface link 4206, which may be galvanic contacts or contactless technology, as are well known in the smart card art. Also there may be special circuits or firmware for computing cryptographic functions
4204. Furthermore, control means 4202 manages the operation and coordination of the other parts. Most important for the present purposes are registers 4203 for storing values. These may be regarded as of two types, nonvolatile and temporary. All these components may cooperate together and/or with the i/o interface 4201, through mutual interconnection means shown for simplicity as bus 4205. An example embodiment would be in the Motorola SC-24 smart card chip, or near equivalents manufactured by Thompson Semiconductors for instance, and these may be embedded in industry standard smart cards.
Turning now to FIG. 43, general descriptions of the function and process steps of some exemplary embodiments of the inventive concepts will now be given.
The first step, as shown by flowchart box 4301, is the issuing of a compact endorsement signature by the issuer 3941 to the endorser 3942. This entails creating in turn all the houses and the edges. Then a digital signature is formed on the root output as already described. Although not shown explicitly for clarity, it will be understood that blind signature techniques could be used in the issuing process. For instance, it will be readily understood by those of skill in the art, an intermediary party not shown for clarity could form the one-time signatures and compression tree, provide it to a signer in a blinded form, and supply an unblended form of the result to the endorser. Related techniques are also disclosed in the second above included reference.
Dashed box 4302 shows the endorse function. One component is box 4321 which forms a one-time signature that corresponds to the message. This is done by developing each digit to the point in the cascade required to encode the part of the message or the control, as is well known in the one-time signature art and as will also be described in more detail with reference to FIG. 44. This signature is given from the endorser to the endorsee 3943 for verification. The transfer of at least the edges needed to verify the signature, as already mentioned, is shown in box 4322. The digital signature is also provided from the endorser to the endorse as shown in box 4323.
Dashed box 4303 represents the verification function performed by the endorsee on the compact endorsement signature provided as a result of the already mentioned dashed box 4302. First the one-time signature is shown as expanded in box 4331, which would for instance be the form with the most applications of the one-way functions(s) applied. The result of this can then be used together with the edges supplied in box 4322, already mentioned, to traverse by application of compression function nodes all the way to the root. This results in the value upon which the digital signature mentioned already with reference to box 4321 is checked, as shown in box 4333. The signature need not be the type known in the art as that allowing "message recovery," since the edges of the compression tree are provided. Of course if the signature verifies, then the endorsee accepts it, otherwise not.
Dashed box 4304 depicts the preparation process. It may involve substantial computation between each endorsement, but it may also involve no computation, as indicated by the straight through return path. One aspect of preparation, indicated by box 4341, entails evaluating houses. These may for instance, and as already mentioned, be in the next street or town. When houses are fully evaluated the results will serve as input edges to compression nodes, as already mentioned. Box 4342 depicts the compression of edges and the saving in registers of the results, which may free up the need to store involved input registers or house outputs. Also as non-volatile storage becomes available to store new values, the old values should be erased or at least written over by the new values as indicated by box 4343.
As would be appreciated by those of ordinary skill in the art, these various preparation steps could be performed at various times and in various orders without departing from the spirit of the present invention. For instance, in some settings the preparation may produce exactly what is needed for the next endorsement; in other cases, some preparation for a number of future endorsements may be made whenever there is time to do so. Although such preparation for future endorsements is not shown explicitly for clarity, it will be understood that employing some extra registers and storing in them the values that would be calculated some steps in advance, allows for such steps to be taken without requiring preparation.
Preparation may be made just before an endorsement or just after an endorsement or during an endorsement or while the endorser is idle. Another possibility, without attempting to be exhaustive, may occur substantially soon after a signature issuing, or at another time when no preparation is needed and the whole preparation-dashed box may be passed through.
With reference to the above mentioned application of credit/debit card transactions and the like, some novel extensions to the operation shown in FIG. 43 just described will now be disclosed that are not shown for clarity but that will be understood by those of skill in the art.
Both on-line and off-line transactions are considered here. In a first type of on-line transaction, there may be at least a challenge issued on-line to an endorser and a response back on-line from the endorser, the concept of such challenge response protocols being well known in the art. The endorser might typically be a smart card.
In a second type of on-line application a transaction may comprise a single message sent on-line from the terminal receiving the endorsing card and a single corresponding response received by the terminal on-line from a server. In this second type of transaction, it will be understood by those of skill in the art that the message endorsed should contain a challenge value and that this challenge value is preferably derived from a "challenge seed" substantially at least influenced by a "modifier" sent in the substantially previous on-line transaction. The seed as will be understood, could for instance be essentially a stored value that is updated in various ways, such as cryptographically, depending on the seed modifier(s) sent. The seed thus allows ther terminal to develop a valid challenge that would be unpredictable even to someone with access to the terminal's inner workings.
In either type of on-line transaction, the response should depend on the challenge and could be the endorsement as described here. Or the response could be a conventional cryptographic authentication, as are well known in the art, and the full endorsement could be stored at the terminal for later forwarding or audit.
In off-line transactions, a challenge value is believed preferable that is similarly unpredictable as with an on-line transaction. A terminal that goes on-line sometimes, it will be understood, can update its challenge seed at those times and advance its challenge values through a sequence at least depending on this challenge seed. The result, it will be understood, is a sequence of challenge values that is unpredictable at least across on-line transactions.
While it is believed that the notation of FIG. 44 and FIG. 45 would be clear to those of ordinary skill in the art, it is first reviewed here for definiteness. Several symbols are used: circles stand for register values; house shaped blocks to be described with reference to FIG. 44 indicate one-time signatures; round-corner rectangles symbolize compression cascades; and diamond boxes are used to represent public key digital signatures. The lines and arrows show the edges that define the flow of outputs to inputs; arrows entering or leaving a diagram of course show the inputs or outputs, respectively, of the diagram.
The notation of FIG. 46 is a tabular arrangement of numbers and special symbols, the meaning of which will be described later with reference to that figure.
Turning now to FIG. 44, a preferred embodiment of a one-time signature structure will now be described in detail.
House shaped box 4401 shows that the one-time signature itself. Its shape is used in FIG. 45, to be described, as an icon for the one-time signature. The particular dimensional parameters, 4 inputs and 3 internal stages, are chosen as illustrations for clarity and definiteness, but such choices are not intended to limit possible values or to imply the need for such a rectangular structure. Some embodiments may use smaller parameter values and others larger parameter values such as, for instance, 8 by 8. There are four input values, 4471 through 4474. Each input is mapped by a one way function, 4411*, to produce an intermediate value 441 through 4414, respectively. The next stage uses these values, 4411-4414, as inputs to the one-way functions 4421*-4424*, respectively, whose outputs define values 4421-4424, respectively. The final stage of one-way functions, 4431*-4434*, takes the values 4421-4424 as inputs and produces values 4431-4434, respectively.
The outputs of the final stage of one-way functions are shown being compressed by a hierarchy of two-input compressors for definiteness, although any suitable compressing structure might be used. Values 4431 and 4432 are compressed by compressor
4451, whose output feeds compressor 4453; values 4433 and 4434 are compressed by compressor 4452, whose output feeds the other input of compressor 4453. The output of compressor 4453 is shown as the final output 4481 of the one-time signature.
Two types of operations are performed on houses. One operation is computing there output by taking the input values 4471-4474 through the chains of one-way functions and through the compression hierarchy just described to produce output value
4481. The other operation is forming the one-time signature, as depicted in box 4321 already mentioned. The message to be signed is taken as a set of digits, as is well known in the art, and the one-way function chain corresponding to each digit is evaluated to a depth corresponding to the value of that digit. The output values corresponding to these one-way functions, one per digit, are the one-time signature.
Turning now to FIG. 45, a preferred embodiment of a compact endorsement signature will now be described in detail. The particular dimensional parameters, 4 streets each of 4 houses, has been chosen for clarity in exposition and definiteness, but such choices are not intended to limit possible parameters or to imply the need for such a rectangular structure. It is believed, however, that a roughly equal number of streets and houses does represent a good tradeoff. Larger parameter values, such as 8 streets of 8 houses, are believed also be a suitable choice in some circumstances.
The two level approach is believed best for the intended use. However, other structures can readily be derived from the inventive concepts disclosed here. Just to give one further exemplary embodiment, although not shown explicitly for clarity, it will be understood by those of skill in the art how a cascade can be split in two by a single compress inserted above it, without changing substantially the computation or register requirements. This would, for instance, allow the number of edges transferred to be reduced substantially.
Round-corner box a1** in FIG. 45A denotes a part of the structure referred to again in FIG. 45c, and may be called a street of 4 houses a11* through a14*, having output values a11 through a14, respectively. Each house stands for a one-time signature, as has already been described with reference to FIG. 44. Compressor b11* takes its inputs from values a11 and a12 and produces output value b11. Compressor b12* takes value b11 and value a13 as inputs and produces output b12. Similarly compressor a1* takes value b12 and a14 as inputs and produces output value to be further described with reference to FIG. 45E.
In like manner, round-corner box a2** in FIG. 45B denotes a part of the structure referred to again in FIG. 45E, and may be called a street of 4 houses a21* through a24*, having output values a21 through a24, respectively. Each house stands for a one-time signature, as has already been described with reference to FIG. 44. Compressor b21* takes its inputs from values a21 through a22 and produces output value b21. Compressor b22* takes value b21 and value a23 as inputs and produces output b22. Similarly compressor a2* takes value b22 and a24 as inputs and produces output value to be further described with reference to FIG. 45E.
Again in the same way, round-corner box a3** in FIG. 45C denotes a part of the structure referred to again in FIG. 45E, and may be called a street of 4 houses a31* through a34*, having output values a31 through a34, respectively. Each house stands for a one-time signature, as has already been described with reference to FIG. 44, compressor b31* takes its inputs from values a31 and a32 and produces output value b31. Compressor b32* takes value b31 and value a33 and a34 as inputs and produces output b32. Similarly compressor a3* takes value b32 and a34 as inputs and produces output value to be further described with reference to FIG. 45E.
For the final similar street, round-corner box a4** in FIG. 45D denotes a part of the structure referred to again in FIG. 45E, and may be called a street of 4 houses a41* through a44*, having output values a41 through a44, respectively. Each house stands for a one-time signature, as has already been described with reference to FIG. 44. Compressor b41* takes its inputs from values a41 and a42 and produces output value b41. Compressor b42* takes value b41 and value a43 as inputs and produces output b42. Similarly compressor a4* takes value b42 and a44 as inputs and produces output value to be further described with reference to FIG. 45E.
In FIG. 45E, the four round-corner boxes a1** through a4**, with their corresponding output values a1 through a4, respectively, are shown as inputs to a compression tree. The first compressor b1* takes its input from values a1 and a2; its output is value b1. Compressor b2* takes this output b1 and combines it with value a3 to produce value b2. In like fashion, compressor b3* transforms this output value b2 and value a4 into output b3*. Finally, this output value b3 serves as message input to public key digital signature producer b4* to produce compact endorsement signature b4.
Turning now to FIG. 46, the exemplary inventive structure already described with reference to FIG. 45 will now be provided with an operation description.
Each row of the table shown in FIG. 46 corresponds to a single endorsement. The rows of the table are numbered outside the table. Each column in the table corresponds to preferably non-volatile register locations used to store values between endorsements. The carrot symbol ">" marks entries whose value has changed from the last row. A dot "." marks the entry whose value is the output of the house used in the endorsement corresponding to that row.
As will be appreciated, the first 4 columns are for clarity and convenience used to store the street edge values always in their street order positions. Only the part of the row from the entry marked by the dot up until and including the fourth column are needed for the current and any subsequent endorsements based on houses from the current street, except for a single output from any previous endorsement of the current street. The entries preceding the one marked by a dot are therefore largely available, are sometimes used to hold intermediate values, and are ultimately prepared with the values that they will need to contain when the next street is entered.
The last four entries in each row are used to hold the town edge values needed for the current endorsement. These values, as will be appreciated, are also always stored in order positions. As the streets are traversed, the early town edge values corresponding to the streets currently and previously traversed no longer need to be stored. The entries that they occupied may be used as temporary cells for developing and ultimately holding the town edge values that will be needed when the next town is entered.
For clarity in exposition, the town shown in the first rows has lower-case letters in its reference numbers, corresponding directly with the notation of FIG. 45. The second town shown appearing in later rows has all letters in the reference numerals shown in upper case.
Row 1 begins by showing the complete set of values for the first endorsement. Since the dot is on a11, the first house on the first street is used in the one-time signature. As will be apparent, the edge value for the first street a1, is not needed since the first street is used; the hyphen symbol "-" indicates the lack of significant value held in this entry.
Row 2 shows that no changes in the register values are needed for this endorsement. All column entries except the second, which corresponds to the one-time signatures used in the endorsement, are explicitly transmitted by the endorser to the endorsee.
Row 3, the third endorsement, entails two changed register values, as indicated by the carrots. The first b11, which is calculated as the compress of a11 and a12. Such compressions, as will occur later as well, may be taken as example of the "advance edges" function/step 4342 already described with reference to FIG. 43. The second, a22, is preparatory for the next street, and is calculated from the second house on the next street, as also shown in FIG. 45B.
Row 4 is the final endorsement for the first street. It requires a compress of b11 and a 13 to obtain b12. Also the value of a23 is computed from the house a23*.
Row 5 is the first endorsement of the second street. The edge value a21 is shown as computed. Since an endorsement of the second street. The edge value a21 is shown as computed. Since an endorsement with house a21 is made, less computation is needed to complete the value of this edge. This extra efficiency is the reason that the first entry is left to be filled in last. The edge value a1 or the first street is needed at this point and it is easily calculated as the compress of b12 and a14. the value of register a 24 is computed from the corresponding house. As endorsement has now moved to the secont street, a2 is no longer needed.
Row 6 indicates evaluation but not nonvolatile storage of two houses, A21 and A22, and compressing the resulting two edge values to form B21 shown as stored.
Row 7 forms b21 as the compress of a21 and a22 and stores the result in the first house column. The second house column gets the edge value computed from the second house on the third street. The value of B22 is computed in preparation for the second town. First the value of the third house in the second street of the second town is computed and then this is used together with the first edge value of the second street of the new town, mentioned in row 6 above, to form by compression the value B22.
Row 8 begins by taking the first column from b21 to b22 by compressing b21 together with a23. Then a23 is computed from its house. Finally the value of edge A2 is developed, first from computing A24 from its house and then compressing this with B22.
Row 9 fills the first register with the edge formed from the first house on the third street. The fourth column gets the value computed from the fourth house on the third street. The edge needed for skipping the first two streets, b1, is formed by first compressing b22 and a24 to obtain a2 and then compressing this with a1. Because endorsement is now in the fourth street, a2 is no longer needed.
Row 10 involves constructing only the value B31 for the next town. This is the compress of A31 and A32 that are each computed from their respective houses.
Row 11 first takes the first column forward from a31 to b31 by compressing the former with a32. Then a42 is computed from its house and replaces the second column value. In preparation for the next town, B31 is move forward to B32 by compressing with the value of A33 computed from its house.
Row 12 begins by taking b31 into b32 in the first column by compressing with a33 already stored. Also a43 is computed from its house and stored. Also A3 is compressed from B32 stored and A34 computed from its house.
Row 13 initially sets the first column to the value of house a41. Also house value a44 is put in place. To move b1 to b2, first a3 is compressed from b 32 and a34, both stored and then this result is compressed with b1. Since endorsement is now in the fourth street, a4 is freed.
Row 14 only entails computing B41 from two values, A41 and A42, that are computed directly from their respective houses.
Row 15 starts out updating a41 into b41 by compressing the former with a42 stored. The second column is given the value of A12 computed directly. To progress B41 into B42, the value of A43 is computed directly from its house and then compressed with B41.
Row 16 also updates its first column by compressing the former value b41 with a43 stored to yield b42. By computing directly from the house, A13 is obtained. To compress B42 into A4, the value of A44 is computed directly from its house.
Row 17 is the first endorsement from the second town. The value of A11 is computed through the endorsement and stored in the first column. And A14 is computed from its house value.
Row 18 requires not register changes. It is identical to row 2, except that it is for the second town. Thus the process between the first and second towns is ready to repeat again between the second and third towns.
OVERVIEW
As overview of a second preferred embodiment is given in FIG. 1. Only a single issuer 101, card 102, terminal 103 and acquirer 104 are shown, but the system can contain a plurality of issuers, cards, terminals and acquirers, which are not shown for clarity.
There are four entities in the system: the issuer 101, the card 102, the terminal 103 and the acquirer 104. The issuer is an organization, or a conglomerate of organizations that issues the cards and guarantees the correct operation of the card to the other participants, for example, but without limitation, a bank. The card is a tamper-resistant computer device that is trusted by the issuer, for example, but without limitation, a smart card. The terminal is a computing device capable of communicating with a card. The acquirer 104 is an organization which helps to collect the data from the terminals. The acquirer, if it is a distinct entity from the issuer, typically works in close cooperation with the issuer.
When a card is first produced, it is typically initialized by, or on behalf of, the issuer. This is called personalization, and is done using a data channel 110, 111. The personalization might for example, but without limitation, involve giving the card a set of cryptographic keys and system configuration parameters. Once personalized, the card can be used to perform transactions.
Before a transaction is made, a data channel 112, 113 is established between the card and the terminal. There are various transactions that can be performed. Many of them do not require that the card or terminal communicate with either the issuer or the acquirer during the transaction. We call those transactions "off-line". Some transactions require the terminal to communicate with the issuer during the transaction. These kinds of transactions are called "on-line". For these transactions a communication channel 118, 119 between the terminal and the issuer is used. Some examples, without limitation, of transactions are: data reading by the terminal, data writing by the terminal, payment from the card to the terminal, reloading of the card with more electronic money, etc.
The acquirer 104 is an entity that collects information from one or more terminals, and optionally handles some or all of the clearing and settlement of the transactions. For this purpose, the acquirer communicates with the terminal through the communication channel 114, 115, and with the issuer through communication channel 116, 117. Some examples, but without limitation, of the functions of the acquirer are: gathering information about the transactions the terminal participated in, collecting the cryptographic proofs of payments from terminals, updating system parameters in the terminals, forwarding information regarding the financial transactions to the issuer, collecting the money for these transactions from the issuer, distributing the money received to the owners of the respective terminals.
Compact Endorsement Signatures
Compact endorsement signatures use disposable cryptographic elements which are called "houses". Each house is used only once to sign or authenticate a message. Several such houses are combined into a "town" for reasons of efficiency.
A House
The basic construction of a `house` in the preferred embodiment is shown in FIG. 2. A house consists of a starting value called the house origin 201, a set of expansion functions 202, a set of iterated oneway functions 203, an iterative cryptographic hash function 204 and a house result value 230.
A house contains a plurality of columns, two of which are shown explicitly in FIG. 2. The first one consists of items 210, 211, 212, 213, 214, 215, 216, and the second one of items 220, 221, 222, 223, 224, 225, 226. The remaining columns are represented by 208 and are not shown in detail for clarity.
Considering the first column, this starts with a cryptographic oneway function 210 that takes house origin 201 as input and yields the first value in the column 211 as output. This is then used as input to a chain of oneway functions. Each chain contains one or more oneway functions. Only two oneway functions of the chain are shown in FIG. 2, the remaining steps of the columns are not shown for clarity, and are represented by 209. The first oneway function 212 takes the first column value 211 as input and yields the second column value 213, which is the input to the next oneway function, etc. The last oneway function in the chain 214 yields the last column value 215.
The iterative cryptographic hash function 204 consists of a publicly known starting value 205 and a sequence of compression functions, one for each column. The starting value 205 is one of the inputs to the compression function of the first column 216 that takes the last column value of the last column 215 as the other input and yields the first intermediate hash value. Each subsequent column ends with a compression function similar to 216 that takes the previous intermediate hash value as one input, the last column value of that column as the other input and yields the next intermediate hash value.
The last column, consisting of 220, 221, 222, 223, 209, 224, 225, 226 is built in a similar way as the first column, these items corresponding to 210, 211, 212, 213, 209, 214, 215, 216 respectively. The compression function 226 of the last column takes the next to last intermediate hash value as one input, the last column value of the last column 225 as the other input and yields the final hash value 230, which is called the house result value.
An exemplary house is shown in FIG. 9. The house origin value 901 corresponds to value 201. The set of expansion functions 902 consists of cryptographic oneway functions 910, 920, 930, 940, 950, 960, 970 all of which use the house origin value
901 as an input, and which yield the first value in the columns 903 (corresponding to 203): 911, 921, 931, 941, 951, 961 and 971 respectively. These values are used as inputs to the first oneway functions in the chains 912, 922, 932, 942, 952, 962, 972
respectively, which yield the second column values 913, 923, 933, 943, 953, 963, 973 respectively. These are then the input values for the second oneway functions in each chain 914, 924, 934, 944, 954, 964, 974 respectively, which yield the third column values 915, 925, 935, 945, 955, 965, 975 respectively. These are then used as input values for the third oneway functions in each column chain 916, 926, 936, 946, 956, 966, 976 respectively which yield the last column values 917, 927, 937, 947, 957,
967, 977 respectively. These last column values form the input to the cryptographic hash function904 (corresponding to 204), which starts with a publicly known starting value 905 which is an input to the first compression function 918 which also takes the value 917 as an input to the first intermediate hash value 919 as a result. The first intermediate hash value 919 and the final column value of the second column 927 are the inputs to the second compression function 928 which yields the second intermediate hash value 929. This chain continues in the same fashion with items 938, 939, 948, 949, 958, 959, 968, 969, 978, 797 respectively. The last value 979 is the house result value which corresponds to item 230.
All the cryptographic oneway functions that start a column (such as 910, 920, 930, 940, 950, 960, 970) are different, so that they yield different result values even though they have the same input value. As will be described more fully later, several houses may all use the same house origin value. Within a set of houses that use the same house origin value, all the cryptographic oneway functions that start a column are typically different. Furthermore, these oneway functions are such that it is believed to be impractical to reconstruct the house origin value given the output values of these oneway functions. Such functions are used in other systems, among others in cryptographically strong pseudo-random generators, well known in the art.
In the preferred embodiment, the oneway functions in the column chains (such as 912, 914, 916, 922 etc. to 976) are all different within a house. Furthermore, within a set of houses that use the same house origin value, all the oneway functions in the column chains are different. Each of the compression functions such as 918, 928, 938 etc. differs within a set of houses that use the same house origin value. As will be obvious to a person ordinarily skilled in the art, these functions can be made different in many ways, for example, but without limitation, they can be made dependent on a counter which is incremented at every function application, or the exact position within a house or set of houses could be used to differentiate the different functions. It is believed that using different functions in different positions improves the security of the system.
The height of the column is the number of column values, which is one more than the number of oneway function in the chain.
The house result 230 depends on the house origin 201. Even though it might involve a large number of intermediate results, the result 230 can still be computed from the house origin using only a fixed amount of memory, irrespective of the number of columns or the height of each column. This is achieved by computing through each of the columns in turn, and applying the compression function to the final value of each column before starting on the next column. The details of this computation will be obvious to someone ordinarily skilled in the art.
A Town
As will be described later, the house output value will be signed using a digital signature scheme and the card will store that signature. To reduce the storage requirements several houses may be combined into a town, as shown in FIG. 3.
A town consists of a plurality of houses, three are shown in FIG. 3 as 321, 322, 323; the remaining houses are not shown for clarity and are represented by 302. Each of the constituent houses of a town has a house origin value (corresponding to
201 in FIG. 2); 311, 312, 313 are the house origin values of 321, 322, 323 respectively. Each of the houses also has a house result value, corresponding to 230 in FIG. 2; 331, 332, 333 are the house result values of 321, 322, 323 respectively. All the house result values are used as inputs to a cryptographic hash function 340 that yields the town result value 341.
In the preferred embodiment, all the houses in a town are of the same architecture: they have the same number of columns, the same height for each column etc. It is believed that this gives the easiest implementation.
The construction of a town in the preferred embodiment may be described recursively, as shown in FIG. 4. A singleton town 403 has a single constituent house 461. The town origin value 460 is used as the house origin value (corresponding to 201
in FIG. 2) of the house 461. The house result value (corresponding to 230 in FIG. 2) is the town result value 462.
A general town 401 has a plurality of constituent towns, three of which are shown as 421, 422, 423; the remaining are not shown for clarity an dare represented by 402. Each of the constituent towns is either a general town or a singleton town. The, town origin value 411 is used as the town origin value for each of the constituent towns. A sequence of compression functions is used to combine the town result values of the constituent towns and yield the town result value of the general town
453.
The town result value of the first constituent town 431 is the first input to a compression function 442 that takes the town result value of the second town 432 as a second input and yields the first intermediate value 452. This intermediate value is then used as the first input to the next compression function, which takes the result value of the next constituent town as a second input and yields the next intermediate value. This chain continues until the last constituent town where compression function 443 takes the previous intermediate value as a first input and the town result value of the last constituent town 433 as a second input and yields the town result value of the general town 453.
The compression functions such as 442 and 443 are chosen in such a way that the result of the chain of compress functions is a cryptographic hash function. Such iterative hash functions are well known in the art.
In the preferred embodiment, the recursion depth used in each of the constituent towns is always the same, and the number of constituent towns in a general town only depends on the recursion depth. It is believed that this results in the most practical implementation. Each recursion level is called a dimension, and a town with n recursion levels is called an n-dimensional town. For example: a general town whose constituent towns are all singleton towns is a one-dimensional town. A general town whose constituent towns are all one-dimensional towns is a two-dimensional town. A general town whose constituent towns are all one-dimensional towns is a two-dimensional town, etc. This also allows an easy characterization of a town configuration. For example, a 7.times.4.times.5 town is a three-dimensional town that contains 7 constituent two-dimensional towns, each of which contains 4 constituent one-dimensional towns, each of which contains 5 constituent singleton towns, each of which is made up of a single house. Thus, the total number of the houses in this town is 7.times.4.times.5=140. The number of constituent towns in a general town at each recursion level is called the size of that dimension. The singleton town is often ignored, and we will say that a one-dimensional town contains a plurality of constituent houses. In the preferred embodiment, the sizes of the dimensions are all the same, or differ by at most one. It is believed that this gives the most efficient implementation.
A preferred exemplary 3.times.4 town is shown in FIG. 5. The two-dimensional general town 501 contains three constituent one-dimensional towns 502, 503, 504, each of which contains four constituent houses. The town origin 505 is used as the house origin of each of the houses in the town 560, 561, 562, 563, 530, 531, 532, 533, 510, 511, 512, 513. These houses each produce a house output value namely 564, 565, 566, 567, 534, 535, 536, 537, 514, 415, 516, 517 respectively. The house result values of the first one-dimensional town 504 are combined by a chain of compress functions 568, 570, 572 that generates the intermediate values 569 and 571 and the town result value 573 of town 504. The house result values of the other one-dimensional towns are combined in a similar way, as shown by 538, 540, 542, 539, 541, 518, 520, 522, 519, 521 which results in the town result values 543, 523 of towns 503, 502 respectively. The town result values 573, 543, 523 of the one-dimensional towns 504,
503, 502 are combined in a similar way by functions 581, 583 and intermediate value 582 which results in the town result value 584 of town 501.
Town Creation
For the description of the processes that involve a town we will use the example as shown in FIG. 5. How these processes extend and generalize to a general town will be obvious to someone ordinarily skilled in the art.
A town is created by choosing a town origin 505 and computing the town result 584 from that. The town result is computed using a straightforward, although extensive, computation involving the origin. As an example, but without limitation, an elegant way of computing the town result 564 is shown in the FIG. 41. The houses are computed in the order shown in the first column. The second column shows which values will be in memory after the house in the first column was computed. The last column shows which values are in memory after applying any compression functions whose input values are both in memory. After applying any compression functions, the next house is computed as shown in the first column of the next row. The generalization to a general town is best described recursively. It is believed that a singleton town like 403 can be computed with a fixed amount of memory, as it basically only involves computing a house. To compute the general town 401, we first recursively compute town 421, store the value 431, recursively compute town 422 with result 432, combine values 432 and 431 using compression function 442 to value 452, compute the next town recursively etc. It is believed that by interleaving the applications of the compression function with the computation of the constituent towns, each recursion level uses a fixed amount of storage independent of the number of constituent towns, so that the storage required to compute an entire town is only proportional to the number of dimensions of a town.
Once the town result 584 has been computed, the issuer signs this result using a public key digital signature scheme. There are several ways in which this can be accomplished. If the issuer is creating the town, then he just computes the digital signature on the town result. This is shown in FIG. 10. The signing process 1002 takes two inputs namely the message to be signed 1001, and the secret key used to create a digital signature 1004. The output value of the signing process 1003 is called the digital signature. By using the town result 584 as the message input value 1001, the issuer can compute the digital signature on the town result, which we call the town signature. The town origin 505 and the town signature are then sent to the card 102 where they are stored in non-volatile memory. It is anticipated that other data can also be included in the message being signed as the town signature.
There are several other ways in which the town might be created. For example, but without limitation, the card could choose a random town origin 505, compute the corresponding town result 584, and send the town result to the issuer together with a cryptographic authentication that convinces the issuer that the town result he receives was computed by a valid card. The issuer then signs the town result to get the town signature, and sends the town signature back to the card. The card stores the town origin 505 and the town signature in non-volatile memory. A blind signature scheme might also be used, where the card first blinds the town result 584 before sending it to the issuer. Using a blind digital signature scheme the issuer can sign the town result without ever learning the actual value of the town result.
Using some or all of these creation techniques, the card can acquire one or more towns, each of which consists of a town origin 505 and a town signature. Reloading a card with more towns would typically be one of the transactions which the terminal might perform with a card.
House Spending
The process of using the houses is called spending. In this process the card uses a house to sign or authenticate a message, for example, but without limitation, the card can use a house to create a message to the terminal which represents a certain amount of money, which the terminal can verify for validity without having access to any secret cryptographic keys.
The basic spending process is described in FIG. 30. This process is an example of a wide class of cryptographic protocols known as commit-challenge-response protocols. These are well known in the art, and have been used in a variety of zero-knowledge protocols, identification protocols, signature schemes, etc. Some examples of such protocols are the Guillou-Quisquater protocol, Feige-Fiat-Shamir protocol etc. A commit-challenge-response protocol starts with one party (the prover) sending a commit message to the other party (verifier). The verifier then chooses a challenge which it sends back to the prover. Finally, the prover sends a response to the verifier. The prover will typically use the commit value, the challenge value and some other (secret) data to compute the response. The verifier will typically be able to verify that the response is correct based on the commit value and the challenge value. It will typically be the case that a cheating prover can provide correct commit and response messages if he can guess the value of the challenge in advance. The number of different possible challenge values is thus an important aspect of these kind of protocols. If the number of different challenge values is small, then a single execution of the protocol process will not convince the verifier very much, and the execution will have to be repeated to fully convince the verifier. This is used on many zero knowledge protocols. If the number of different challenge values is large, then the protocol can be converted to a signature scheme by defining the challenge to be chosen as the cryptographic hash of the message to be signed and the commit value sent by the prover. This eliminates the need for interaction and allows the prover to send all the data in a single message to the verifier. This conversion is again well known in the art, and is for example used in the Fiat-Shamir signature scheme. In several schemes the amount of computational work increases when the number of possible challenge values is increased, making it desirable to keep the number of challenge values to a minimum. The spending process will now be described, which is a specific embodiment of a commit-challenge-response protocol in which the card is the prover and the terminal is the verifier.
The process in FIG. 30 starts step 3000 at the card which sends a commit value to the terminal in message 3001. The purpose of the commit value is to fix the house the card will use in the spending. For example, but without limitation, the commit value could consist of the town signature, the town result value and an identification of the house within the town. When message 3001 is received by the terminal, the terminal starts execution of process step 3002. The terminal stores the commit value, and chooses a random challenge c. As the last action of step 3002 the terminal sends the challenge c to the card in message 3003. The terminal might use various means to generate the random challenge c. For example, but without limitation, this could include a real random number generator, a pseudo-random number generator etc. The challenge chosen could also depend on information sent by the acquirer or issuer to the terminal, thus taking away some freedom from the terminal which is believed to make some attacks harder to perform. When message 3003 is received by the card, it starts execution of process step 3004 in which the card computes the response associated sends the response to the terminal in message 3005. When message
3005 is received by the terminal, it starts execution of process step 3006 in which the terminal verifies that the response matches with the commit value and the challenge.
The commit value must uniquely identify and authenticate the house that will be used by the card in this process. This typically involves identifying the town and the house within the town. The town is authenticated by the town signature. To properly authenticate the house, several intermediate values in the town must also be sent to the terminal, either in the commit message or in the response message. For example, in FIG. 5 if house 532 is used, the following values are sent to the terminal: 536, 539, 537, 573, 523. (Value 536 is not strictly necessary as it can be computed from other response data, but in the preferred implementation it is sent as it is believed that this is easier.) Using these values, the terminal can verify that the house with result value 536 is indeed a constituent house of the town 501. The terminal applies the various compression functions to compute the town result value 584, and then verifies the town signature verification process. The signature verification process is shown in FIG. 7. The verification function 712 takes three inputs: the signature 711, the message 710, and the public key 714, and yields a single bit result 713. The result indicates whether the digital signature was indeed the signature on message 710 with respect to the public key 714.
Having authenticated the house, the house can now be used. We will use the house in FIG. 9 as an example. The response data that the card sends includes exactly one value in each of the columns. In the first column, that is one of the values
911, 913, 915, or 917. In all the other columns, one of the four column values is included in the response data. The terminal receives these column values, in each of the columns 917, 927, 937, 947, 957, 967, 977. The compression function 904 is then applied to these values which yields the house result value 979. The terminal verifies that this matches the house result value to authenticate the house in the town. The choice of which value in each column is sent encodes the challenge c. For ease of reference, each of the column values has an associated digit value. The digit value of the last column value is 0, the digit value of the next to last column value is 1 etc. In FIG. 9 the first column value has a digit value of 3, in the actual preferred embodiment the column height is 8, so that the digit values 0, 1, 2, 3, 4, 5, 6, 7 are used. It is believed that using a power of two for the column height allows easier encoding/decoding of actual data into the column digit values. The challenge c is thus converted into a sequence of digits, which indicate the column values included in the response data. In this way a card can use a house to perform a commit-challenge-response protocol with the terminal. It is believed that this protocol by itself convinces the terminal of the fact that the card is genuine in the sense that it has a valid town, which was originally signed by the issuer, which only gives such valid towns to genuine cards.
FIG. 6 shows a number of digit values (digits) which are used to encode c and any extensions which we will describe fully later. Each square, such as 600, 602, 604, 606, 608, 610, and 612 represents a single digit, with 603, 607 and 611
representing any number of additional digits. The boundaries 601, 605 and 609 separate the digits into different fields which will be discussed fully later. A (sub)sequence of digits usually encodes an integer, using the standard encoding of integers into digits of the appropriate radix, well known in the art. If the columns are of different heights, then the maximum digit value varies over the digit position. In this case a mixed radix encoding of the integers is used, which is also well known in the art.
For each of the column values given to the terminal, the terminal can of course compute the subsequent column values. This corresponds to a lowering of the corresponding digit value. This would allow the terminal to modify the digits unless precautions were taken. The control value is used to protect against this. A subset of the columns (and thus of the digits) are designated as the protected columns (digits). The control value, seen as an integer, encodes some constant minus the sum of all the digit values in the protected columns. The control value itself is also coded into some columns. For example, but without limitation, the control value could be coded into digits 610, 6121, 612 and the protected digits could consist of 600,
602, 603, 604, 606, 607, and 608. The terminal can only apply more oneways to a column chain and thus only lower the value of any one digit. If the terminal tries to lower the value in any of the protected digits, then the control value increases, which means that at least one of the encoding digits of the control value increases. This would require the terminal to invert one of the oneway functions in the column of the increasing control digit, which is presumed to be impractical. In the preferred embodiment the range of control values is fixed at 0-63, which allows for 9 protected columns. (All columns have height 8, so each protected digit has a value of at most 7, so 9 columns lead to a maximum sum of 63. Using 63 as the constant to subtract from gives exactly the range 0 to 63 to the control value, which can be encoded in two digits of radix 8.) It is believed that the most significant control digit is the most attractive digit to try to increase by inverting the appropriate oneway function, as increasing this digit gives a lot of flexibility in changing the protected columns. The most significant digit of the control value is therefore duplicated in two separate columns, for a total of three control columns. It is believed that the double encoding of the most significant digit provides extra security agains an attack which attempts to invert a oneway function with the aim of increasing one of the control digits. It is furthermore believed that the number of control columns increases only logarithmically with the number of protected columns.
The spending protocol implements a commit-challenge-response protocol between the card and the terminal in which the number of different challenge values depends on the number of columns in a house and the height of each column. The challenge value depends on the number of columns in a house and the height of each column. The challenge value is encoded in the protected columns, and the control columns are added as described above. This can now be used to sign messages. For short messages where there are at most as many possible messages as there are challenge values, the message itself can be used instead of the challenge value. However, most applications need to sign larger messages then would be practical here, among others to prevent replay attacks. This method of using a commit-challenge-response protocol is well known in the art.
A more general scheme is the direct conversion of the commit-challenge-response protocol to a signature protocol by choosing the challenge to be the hash of the commit message and the message to be signed. This requires a challenge value of approximately 128 bits or more, which can be achieved using 43 protected columns of height 8 plus 3 control columns for a total of 46 columns. This method of using a commit-challenge response protocol is well known in the art. It is believed that including the commit message in the hash used to compute the challenge is not even necessary for these house based systems.
A commit-challenge-response protocol can also be used to authenticate messages in those cases where the effective contents of the message to be authenticated is small. By effective contents we mean the data in the message except for the data that is used to prevent playback attacks etc. For example, but without limitation, in payment systems the only important piece of the message being signed is the amount of the payment. The challenge can now be chosen in two parts, the first part being the message that is authenticated, and the second part being a value chosen by the verifier in a manner not predictable by the prover. It is believed that this method provides full authentication of the message and at the same time protects the verifier from playback attacks. This use of the commit-challenge-response protocol will be referred to as signing a short message. A typical exemplary application is the case of payments (i.e. payments from the card to the terminal). The challenge c is divided into 4 sequences of digits, as shown by the separators 601, 605 and 609 in FIG. 6. The first digit 600 encodes the currency of the payment. The digits 602, 603, and 604 encode the amount of the payment. The digits 606, 607, 608 are chosen randomly by the terminal, and finally digits 610, 611, and 612 encode the control value. The protected digits are 600, 606, 607, and 608. A typical configuration has 1 currency column, 5 amount columns, 7 random columns and 3 control columns, which accommodates 8
currencies, 15 bits resolution of the amount of the payment and 21 random bits. Using an ordinary digital signature, the 21 random bits would not be enough to protect the terminal from playback attacks. However, it is believed that in a commit-challenge-response protocol, and in this specific instance of a commit-challenge-response protocol in particular, this does protect from such attacks, as the card must commit to the house to be used in the first message, and cannot change that based on the value of the random part of the challenge. The amount digits are not included in the protected digits, which allows the terminal to arbitrarily decrease any of the amount digits. It is believed that this only decreases the amount encoded in the signature, which is not in the interest of the terminal.
Another method allows the use of commit-challenge-response protocols with a small set of possible challenge values to be used to authenticate arbitrarily long messages. This is done by choosing the challenge value as a uniformly distributed function of the cryptographic hash of the message where the message is extended with a number that was generated in a mutually random fashion (also known as a fair coin flip). Such a mutually random number is a number which is constructed in a cooperative process between two parties in such a way that both parties are ensured that the number is in fact random. At the start of the process in FIG. 30, both the card and the terminal know the message m to be signed. In process step 3000 the card generates a random number a, and computes a commit value A on it, for example, but without limitation, A can be formed by hashing a and a large enough random string of bits. In message 3001 the card sends A to the terminal along with the rest of the commit message. The purpose of A is for the card to show the terminal that it has fixed it's choice of a without revealing a to the terminal. Such bit commitment schemes are well known in the art. The terminal then chooses a random number b in process step 3002, and sends b to the card in message 3003. In step 3004 the card computes the mutually random number d can be computed as the exclusive or of a and b, for example, but without limitation, d can be computed as the exclusive or of a and b. The actual challenge value c is then computed by first computing a cryptographic hash of the message m concatenated with d, and then applying a function that maps the hash value uniformly to the set of possible challenge values, for example, but without limitation, the challenge c could be chosen as the least significant bits of the actual hash value. The value c is then coded into the protected digits of a house, the control digits are added and the card sends the response data associated with those digits to the terminal in message 3005. The card also includes the value a plus any information necessary to verify the commit value A in message 3005 which allows the terminal to reconstruct d and thus c, and also allows the terminal to verify that a is indeed the value committed to by the card in message 3001 by checking that the values a and A are consistent with each other. This use of a commit-challenge-response protocol will be referred to as authenticating an arbitrarily long message. The message m does not have to be known by both parties at the start of the process, but can also be included in message 3001 to the terminal. It is anticipated that part of the message might also be chosen by the terminal in step 3002 and communicated to the card in step 3004, in which case the card has the choice of accepting that part of the message or replacing it by a fixed value. It is believed that this authentication method provides authentication of the message to the terminal. It is believed that the probability of successfully cheating the terminal is in the order of one over the number of possible challenge values.
It is believed that compact endorsement signatures provide a high degree of flexibility; using a large house, the card can sign any message, using a more efficient smaller house, the card can sign a small message, or authenticate an arbitrarily long message.
When the house is used to authenticate an arbitrarily large message to the terminal, the card can at the same time send a secret-key authentication on the message for use by the issuer. (As the issuer originally produced the card, we assume that the card and the issuer have a secret key in common.) The secret-key authentication is first appended to the message, and the combination of the two is then authenticated to the terminal using a house. It is believed that this provides the benefit of a public-key signature to the terminal, with the speed and storage advantage of a secret key signature to the issuer. The terminal can namely discard the house and all associated data and only store the message and the secret-key authentication.
Town Precomputation
The card must send several intermediate values of the town to the terminal during the spending process. To save computations these values are precomputed. As an example we will use the town of FIG. 5, the precomputation steps are shown in FIG.
40. The precomputations schedule shown in FIG. 40 are believed to be suboptimal in the sense that they require more storage on the card then the optimal precomputations schedule, but it is also believed that this schedule yields the easiest implementation.
FIG. 40 shows that the values stored in memory at any step. The first column contains the number of the house in the town that is being spent, the second column the set of values that is precomputed in the current town (called A), the third column the set of values that is precomputed in the next town (called B). The next town that will be used after the current town has been exhausted, in the sense that all the constituent houses have been used. For clarity all items referring to the next town are shown in slanted font in FIG. 40.
The fourth column the set of values needed for the authenticating the house indicated in the first column within the town and the last column the number of values stored in memory.
The first row of FIG. 40 shows that when house 560 is being spent, the values 523, 543, 546, 565, 566, 567 are being used in the spending process. (As mentioned before the house result value of the current house is used in the preferred embodiment. Although this is not necessary from a functional point of view, it is believed that this provides for the easiest implementation.) The value 534 is computed (by computing the house result value of house 530) and stored.
The second row of FIG. 40 shows the situation when the next house 561 is spent. The same values as in the previous step are being used, and one more value is precomputed namely 535. When, in the third row, house 562 is being spent, the values
564 and 565 are no longer necessary for the spending process, but are combined using the compression function into value 569. This saves a storage space, which is used to precompute the next value 569 and 566 are combined into value 571 and the free storage space is used to compute value 537. When spending house 530, the values 571 and 567 are combined into 573, the value 543 is no longer necessary and is replaced with the already precomputed values 534, 535, 536 and 537 which are now used in the spending process. The value 514 is precomputed in this step. This is also the point in which we start precomputing the next town. When all houses in the current town (A) have been spent, we obviously need the intermediate values of the next town (B) that are needed for the spending process for the first house in B. At this point we precompute value 534 in town B by computing the house 530 in town B which is the first step in computing 543 of town B. When spending house 531 the same set of values is used for the spending, the value 515 is precomputed, and in town B the house value 535 is precomputed, combined with the already stored value 534 to yield value 539. Only value 539 of town B is stored. This process continues as shown in the table. When spending house 533 the values 523, 541, 537 and 573 are being used, the values 514, 515, 516, and 517 have been precomputed in town A. In town B the value 537 is computed, combined with the value 541 which has already precomputed in town B and the result value 543 stored. When the next house 510 is being spent, the values 573 and 541 and 537 in town A are no longer necessary, they are combined using the appropriate compression functions into value 582. The values 514, 515, 516 and 517 which had already been precomputed in town A are now being used. Two new values are precomputed in town B namely 514 and 564. In the next rows the spending situations for houses 511, 512 and 513 is shown. The original values that were used for the spending 514,
515, 516, and 517 are step by step combined to 521 and 517 for the spending of the last house 513. The precomputations in town B involve precomputing 565, 566 and 567, and the precomputation of value 523 in steps with intermediate values 519 and 521. After the last house 513 has been spent, we switch to the next town. What used to be called town B now becomes town A. The values that were computed in town B during the spending of town A are exactly those necessary for the spending of the first house
560 in town B as shown by the next row of the table. Of course, the remaining values 521, 517 and 582 of the old town A are discarded as they are no longer needed. When all houses in a town have been spent, the town origin and the town signature are also discarded, as they will not be used again.
It is believed that this method of precomputations requires storage space proportional to the sum of the sizes of each of the dimensions of a town. Furthermore, it is believed that the precomputation involves computing at most as many houses as there are dimensions if multiple towns are used, and one less if only a single town is used. In FIG. 40 at most 2 houses are precomputed at any step, and of these at least one is in town B. If town A were to contain enough houses so that a second town is not necessary then no precomputations in the next town need to be done. It is believed that this further reduces the necessary precomputations. It is believed that it is possible to load additional towns into the card. These can either be without any precomputation (e.g. the next town after town B), with (partial) precomputations (e.g. add a town B with the correct precomputations to an already existing town A), or existing towns and precomputations can be discarded and replaced with new town(s) with the right precomputations. These extensions will be obvious to someone ordinarily skilled in the art.
The precomputations mentioned above can of course be done by the card itself. An alternative is for the terminal to do manage the precomputations. The house result values in a town are not secret, so the card can compute those on demand and send the result to the terminal. A refinement is to let the card not compute the house result value, but just the last value in each column, send those column values to the terminal and let the terminal combine them to get the house value. The terminal can now manage the precomputations, reading, writing and deleting the necessary values in the card's memory. For example, but without limitation, when spending house 562 (se FIG. 40, third row) the terminal can ask the card to compute the house result value 536. The card can either store this as a precomputed value by itself, or send it to the terminal which then stores it back in the card as a precomputed value. The terminal furthermore reads the values 564 and 565 which are stored in the card's memory, deletes those values in the card's memory, computes the value 569 form the values 564 and 565 and writes the value 569 in the card as a precomputed value. In a similar manner all other precomputation actions can be managed by the terminal. The terminal might do all these actions itself, or might contain a tamper-resistant device which performs and manages the precomputations. It is believed that this precomputation management system simplifies the implementation of the card. It is believed that any error by the terminal in managing or performing the precomputations does not lead to a security weakness, but can at most lead to a failure to properly authenticate a house in a town, thereby rendering the compact endorsement signature scheme ineffective until a recovery has been performed. It is believed that a terminal that detects an inconsistent precomputation state in a card can recover the card and bring it in to a consistent state with respect to the precomputations.
Secure Data Storage
FIG. 12 shows that basic layout of the non-volatile and volatile memory of the card in the preferred embodiment.
The volatile memory 1240 holds the variable 1241, called VNIU, which is described in detail below. Field 1242 holds the volatile memory variables that are not part of the Secure Data Storage. These are not shown for clarity.
The non-volatile memory 1200 is divided into three areas. Area 1201 is used to store the global non-volatile variables. Area 1203 is set aside for other applications or purposes, as known in the art. Are