throbber
Stephen A. Sherman
`Richard Skibo
`
`Richard S. Murray
`
`Secure Network Access
`Using Multiple Applications
`of AT&T’s Smart Card
`
`Fraud amounting annually to billions of dollars occurs due to thefailure of
`conventional network access security systems, including data, voice, and
`credit card authorization networks. At the same time, consumers demand
`greater convenience in their daily lives, where a multitude of passwords and
`personalidentification numbers, badges, keys, and other devices have
`become unmanageable. In responseto the obviously conflicting needs,
`AT&T hasdeveloped a credit card sized device, the contactless AT&T
`Smart Card. By meansof an internal microprocessor,the card provides the
`secure partitioning of authentication codes and data files, as well as encryp-
`tion capabilities, using the data encryption standard. This paperprovides a
`basic description of the card technology, and the overall architecture of
`securing access to multiple networks with the AT&T Smart Card.
`
`Introduction
`Thedesign of network security sys-
`tems requires a balance between how secure
`the system can be and howeasyit is for a
`legitimate network userto accessit. This bal-
`ance is increasingly difficult to maintain as
`costs from fraud andtheft escalate, while
`users demand even simpler and more conve-
`nient access. The AT&T Smart Card uses an
`embeddedprocessor that gives both the sys-
`tem designer and the system user a powerful
`authenticationtool, yet it looks and feels like
`an ordinary credit card.
`This card provides secure access to
`multiple applications using a combination of
`security systemsfor access. A single card
`could provide:
`= Physical access, such as opening doorsto
`a building or vehicle, or turning on a com-
`puter or other restricted equipment;
`= Financial access, such as withdrawing cash
`from a bank;
`= Credit access, such asvalidating its use
`as accredit card;
`= Health care information access, such as
`providing information on health care
`records and insurance eligibility; and
`= General data access, such as getting per-
`mission from a security server to access a
`variety of databases.
`
`With the AT&T Smart Card, the user
`no longer has to maintain a personal library
`of personal identification numbers (PINs) and
`passwords.At the sametime, security sys-
`tem designers and administrators are assured
`that their individual network authentication
`schemesare keptprivate and secure. Security
`system design now can focus on a userhav-
`ing only a single card (also called a “token”)
`or twofor a variety of purposes. Such a card
`could be:
`= Astudentidentification (ID) card that pro-
`vides indentification, as well as access to a
`student's dormitory, library, dining hall,
`and gymnasium;
`= An employee ID card that provides not only
`access to companybuildings, but also com-
`pany equipment, such as computers, copy-
`ing machines, the companylibrary, and
`otherservices and facilities;
`= A multi-function smart credit card that pro-
`vides not only identification, but also
`secure credit or debit transactions, such as
`the student ID mentioned abovethat can
`also be used as a chargecardat the school
`bookstore,library copying machines, and
`snack bars; and
`= Stored-value cards, for example, cards that
`can be pre-paid for specific functions, such
`as telephone calls—aparticularly popular
`
`AT&T TECHNICAL JOURNAL « SEPTEMBER/OCTOBER1994
`
`61
`
`Square Exhibit 1027
`Square v. 4361423 CanadaInc. IPR2019-01649
`Page 1 of 12
`
`Square Exhibit 1027
`Square v. 4361423 Canada Inc. IPR2019-01649
`Page 1 of 12
`
`

`

`Panel 1. Acronyms Used In This Paper
`ASIC-Application-specific
`integrated circuit
`to reset, the information returned by a
`An-Answer
`Smart Card when power is applied.
`CBC-Cipher block chaining. One of various modes of
`DES encryption.
`D S D a t a encryption standard
`DF-Dedicated
`files
`ECB-Electronic code book. One of various modes of
`DES encryption.
`EF-Elementary files
`EEPROM-Erasable electronic programmable read-only
`memory
`rc-Integrated circuit
`ID-Identification
`ISO-International Organization for Standardization
`MAC-Message authentication code
`MF-Master
`file
`feedback mode. One of various modes of
`OFM-oUQUt
`DES encryption.
`PIN-Persond
`identification number
`ms-Protocol
`type select
`RAM--Random access memory
`ROM-Read-only memory
`w-Security application module
`sF-Sub-dedicated
`files
`T=O, T=l-Asynchronous, half-duplex transmission pro-
`tocol defined in ISO Standard 78163
`
`use in Europe, or highway tolls. Such a card has the
`capacity to store “electronic money” that can be deb-
`ited as the card user spends it.
`
`Growth of Smart Cards
`Smart cards are a subset of the rapidly growing
`integrated circuit (IC) card industry. More than 200 mil-
`lion IC cards have been deployed, mainly for providing a
`convenient method of storing monetary value. About 10
`percent of these IC cards are “smart” cards, that is, their
`processing capabilities extend beyond just debit/credit
`functions. But the number of smart cards is increasing,
`stimulated by four conditions:
`
`62
`
`AT&TTECHNICAL JOURNAL SEITEMBER/OCMBER 1994
`
`- A continuing decline in the cost of microprocessors;
`- An increase in fraud as conventional security
`
`techniques-based on passwords, PINS, and magnetic
`stripe credit cards-fail;
`= A dramatic trend away from centralized security
`schemes and toward distributed security access sys-
`tems, in which a portable security token, such as the
`AT&T Smart Card, is invaluable; and
`= The confusion and resistance of network users and
`consumers who are overwhelmed by a proliferation of
`various cards, passwords, PINS, and physical keys for
`individual systems.
`By combining the functionality of the various
`authentication tokens, the AT&T Smart Card greatly
`simplifies the daily life of the network user-while pro-
`viding enhanced security.
`
`Overview of Smart Card Technology
`Essentially an &bit computer inside a credit card,
`the contactless AT&T Smart Card contains a proprietary
`operating system and either 3 kilobytes or 8 kilobytes of
`user-accessible, non-volatile memory. The card merges
`innovative concepts in electrical and physical design, as
`well as in materials engineering. A functional diagram of
`the AT&T Smart Card is shown in Figure 1. The main
`components of the card are:
`
`- An %bit microprocessor with on-board read-only mem-
`
`ory (ROM), erasable electronic programmable read-
`only memory (EEPROM), a small amount of random
`access memory (RAM) available from the operating sys-
`tem, and enhanced security functions;
`= Power-conditioning circuitry;
`= Custom application-specific integrated circuit (ASIC),
`for data translation and power conditioning; and
`
`- Patented contactless reader/writer capacitive plates
`
`and inductive power transfer coil.
`why it’s Smart. The AT&T Smart Card’s EEPROM
`supports a minimum of 100,000 read/write cycles. In
`addition to containing a complete computer system, the
`card meets all relevant international and domestic stan-
`dards for magnetic stripe credit cards, including thick-
`ness, life-cycle bending, and the ability to be handled by
`automated credit card machinery.
`The AT&T Smart Card can communicate at up to
`19,200 bits per second with a reader/writer machine, the
`device that reads data from, or writes data into, the card.
`The card supports the International Organization for
`
`Page 2 of 12
`
`

`

`Front label (1)
`
`Structural polyvlnyl chlorlde (2)
`(stlffener for strength)
`
`Fiexlble prlnted clrcult layer (3)
`
`Back label (4)
`
`I
`
`Inductive
`power
`coil
`
`/
`Transmit and
`receive
`capacitor plates
`
`I
`Analog interface chip
`Power conditioning
`Clock recovery
`Signal conditioning
`
`Microprocessor
`&bit
`6 Kbytes read only memory (ROM)
`3 Kbytes electronically erasable
`programmable ROM (EEPROM)
`
`Figure 1. The AT&T
`Smart Card includes an
`&bit microprocessor
`with on-board read-only
`memory (RoM), eras-
`able electronic pro-
`grammable read-only
`memory (EEPROM), ran-
`dom access memory
`(RAM) available from
`the operating system,
`and enhanced security
`functions. It also has
`power-conditioning
`circuitry, custom
`application-specific
`integrated circuit
`(ASIC) for data trans-
`lation and power
`conditloning, and
`patented contact-
`less reader/writer
`capacitive plates and
`inductive power
`transfer coil.
`
`Standardization @SO) specification for answer to reset
`(ATR) (the information returned by a Smart Card when
`power is applied), and protocol type select (ITS), for T=O
`protocols (used to transmit data to and from the
`and ~ = i
`Smart Card in character or block mode, respectively).
`The card’s operating system resides within the single-
`chip microprocessor. All access to it’s memory must be
`through the card’s microprocessor, which arbitrates the
`request based on the permissions that were installed dur-
`ing the creation of the card’s protected file or directory.
`In describing the features of the contactless
`AT&T Smart Card, it is important to distinguish it from
`the contact-type IC cards in use today, most of which:
`= Primarily support a single application,
`= Require physical contact with a reading machine, and
`= Contain only an EEPROM memory device, with limited
`or no security functions.
`In contrast, the AT&T Smart Card:
`= Supports multiple applications of either single or
`multiple vendors,
`= Doesn’t require physical contacts in order to be
`
`- Has a processor-supported operating system with a
`
`read by a machine, and
`
`variety of security techniques and levels of security.
`why It’s Contactless. In addition to the micropro-
`cessor, the most obvious difference between the AT&T
`contactless smart card and a contact IC card is in the
`physical and electrical interface.
`Typical Contact Card. The contact-type interface
`uses an eight-position contact located at one corner of the
`card. The exposed, external interface provides an easy
`point of access for damage from static discharge, and this
`external interface can be physically damaged by abrasion,
`corrosion from perspiration, and various environmental
`chemicals. An inexpensive contact card reader also uses
`delicate contacts, which may be damaged by extensive
`use, abuse, vandalism, or other misuse-all of which can
`result in the user being denied service. To make the
`contact-type reader robust, a motorized transport is
`required, at the insertion slot of the reader machine, to
`take the card away from the user for reading. While
`desirable in certain applications, such as automatic teller
`
`AT&TTECHNICAL JOURNAL SEFTEMBEWOCTOBER 1994
`
`63
`
`Page 3 of 12
`
`

`

`Functional Dlagram of AT&T Smart Card
`
`Figure 2. The AT&T
`Smart Card has an
`operating system
`that implements a
`hierarchical flle sys-
`tem. The physical
`separation of files Is
`possible using dif-
`ferent branches of the
`hierarchy. Access per-
`missions, such as
`read, write, and exe-
`cute, can be assigned
`on a per-flie or per-
`directory basis. The
`hierarchical structure
`permits a card pro-
`vider to offer various
`levels of access and
`functionality, as well
`as permitting multiple
`applications providers
`to offer a variety of
`services-all on a
`single card.
`
`access
`
`access
`
`access
`conditions
`
`access
`conditions
`
`access
`
`access
`
`machines and vending machines, this mechanical com-
`plexity can add significant cost and bulk to a reader
`machine. This motorized transport also is annoying to
`card users when the machine erroneously “eats” the
`card, due to either incorrect data or a mechanical glitch.
`AT&T’S Contactless Interface. In contrast, AT&T’s
`contactless interface uses an inductive coil for power
`
`transfer and capacitive plates for information transfer.
`These components transfer data to a matching set of
`components in the reader/writer machine interface.
`Inductive power transfer and capacitive data transfer pro-
`vide a highly reliable and inexpensive circuitry.
`All card-related components are laminated
`beneath the surface of the card; the corresponding
`
`64
`
`AT&TTECHNICAL JOURNAL SEITEMBEWOCTOBER 1994
`
`Page 4 of 12
`
`

`

`reader components may be encapsulated beneath a plas-
`tic housing, as required. No external contacts are visible
`to the user or to a potential vandal or hacker.
`The components required by a reader machine
`to interface with the contactless AT&T Smart Card
`include a coil, a custom ASIC, several passive compo-
`nents, and approximately four square inches of circuit
`board space to accommodate the capacitive transfer
`plates and the associated circuitry. When produced in
`quantity, the cost of these additional components is quite
`minimal. The actual cost to the end user depends on a
`variety of parameters, including the method by which the
`reader manufacturer incorporates the contactless inter-
`face and the overall system parameters. In general, the
`incorporation of the contactless interface into an existing
`magnetic stripe reader design is significantly less expen-
`sive than a conversion for a contact interface.
`
`Operating System Security
`The AT&T Smart Card was designed with the
`fundamental requirement that information be securely
`accessed and stored on the card. This is possible
`through the card operating system, which implements a
`hierarchical file system as shown in Figure 2. The physi-
`cal separation of files is possible using different branches
`of the hierarchy. Access permissions, such as read,
`write, and execute, can be assigned on a per-file or per-
`directory basis. The hierarchical structure permits a card
`provider, such as a corporation issuing employee ID
`cards, to provide various levels of access and functional-
`ity. In addition, the structure permits multiple application
`providers (vendors) to offer a variety of services-all on
`a single card.
`For historical reasons, directories within the
`smart card are called either dedicated files (DF) or sub-
`dedicated files (SF). Data files are called elementary files
`(EF). The root directory is called the master file (MU.
`Secure Multiple Applications. Each provider or
`application that an AT&T Smart Card supports must be
`guaranteed to have its own high degree of security.
`Therefore, the card features multiple directories, and
`every application is contained in its own dedicated file
`and has its own set of security attributes, thus completely
`isolating it from all other applications. An application may
`use one dedicated file, with multiple subdedicated files
`and elementary files, to protect data from other applica-
`tions. All information is fully partitioned and secured,
`
`therefore, through the hierarchical file system. This
`allows the card to support added services and expanded
`functionality, even after it has been issued, while still
`maintaining complete data integrity and security for all
`applications, whether provided by one or more vendors.
`Restricted ~atabases. As the smart card is essen-
`tially a highly secure, but portable and robust file system,
`there is no intrinsic concept of user ownership. Rather,
`through the use of PINS and keys (binary numbers used to
`encrypt and decrypt information), it is possible for each
`user to access different subsets of files and directories in
`the card’s database. A file present on all cards issued by a
`provider, for example, can become readable only through
`the valid presentation of a PIN or key known to one group
`of users, but not available to another group. This allows
`information to be available on all cards, yet hidden to vari-
`ous users, based upon the card provider’s judicious disclo-
`sure of the appropriate PINS or keys.
`The AT&T Smart Card is generally configured to
`allow access to all applications by use of a single PIN
`known by the cardholder, plus various keys known by
`each application owner. To segment applications, unique
`directories normally are assigned to each application,
`with each application assigned unique security keys.
`Such a card could be the employee ID issued to
`workers in, for example, a munitions plant. An employee
`ID card could grant general access to the plant grounds,
`but restrict access not only to a certain building, but to
`specific areas within that building. In addition, the card
`might restrict access not only to certain computers or
`other facilities within that building, but even to certain
`files and directories within the computer’s database. The
`card also could contain the employee’s medical informa-
`tion, job history, signature, encoded photo, and other
`pertinent data. It even could be used to withdraw sup
`plies from the company stockroom and to charge meals
`at the company cafeteria.
`Once the security required for an application is
`determined, the access conditions of the card associated
`with any created files or directories can never be
`changed for that card. While certainly requiring more
`upfront analysis and design for an application, this mech-
`anism ensures that no security limitations can ever be
`introduced by some later modification of the card. Addi-
`tionally, even though the properties of the data encryp
`tion standard (DES) used by the card make exhaustive
`key searches by a hacker or vandal quite unlikely, and
`
`AT&TTECHNICAL JOURNAL SEPTEMBER/OCTOBER 1994
`
`65
`
`Page 5 of 12
`
`

`

`certainly very expensive, if an access key is discovered
`by an unauthorized user, the access key could be
`changed in the reader machine. Such a change would be
`accomplished by the use of another access key. Four
`such keys can be created in each application directory.
`Of course, these additional access keys would have to be
`reserved only for this function and not be used in other
`operations, where they could be inadvertently disclosed.
`Levels of Security. The AT&T Smart Card pro-
`vides built-in functionality to perform varying levels of
`security. The following describes the basic security func-
`tionality contained on the card:
`
`- Files protected by a personal identification number
`
`are only accessible after the user presents a valid PIN.
`The card compares the user-entered PIN with a previ-
`ously shared value. To protect against “PIN guess-
`ing,” an internal counter tracks the number of suc-
`cessive, unsuccessful attempts. Once the codig-
`urable threshold is reached, no further PIN attempts
`are accepted by the card, and the card is essentially
`disabled. The card can be configured so that it could
`be either permanently disabled or temporarily dis-
`abled until some administrative security procedure
`is performed on it.
`
`- Data transferred to and from files also can be pro-
`
`tected against tampering by appending a message
`authentication code (MAC). This code prevents the
`undetected modification of any data transferred to or
`from the card. The MAC is calculated using the DES
`cipher block chaining (CBC) mode on the data.
`
`- Authentication requires the presentation of a valid DES
`
`encrypted value. To protect against “key guessing,” an
`internal counter tracks the number of successive,
`unsuccessful attempts. Once a fixed threshold is
`reached, no more authentication attempts are possi-
`ble, and the card can be either permanently or tem-
`porarily disabled. The value is calculated using the DES
`electronic code book mode. The key is never directly
`disclosed in un-encrypted form, in order to prevent
`theft. Rather, a value determined either by the card or
`by the network is encrypted with the key and passed
`back to the other for validation.
`
`- Finally, all communications with the card can be per-
`
`formed in encrypted mode. This mode eliminates any
`unauthorized access to information when reading
`from or writing to the card. Further, a MAC, calculated
`using CBC mode, also is appended to the encrypted
`
`66
`
`AT&TTECHNICAL JOURNAL SEPTEMBEWOCTOBER 1994
`
`message. All information is encrypted using the DES
`output feedback mode.
`Table I summarizes the access conditions, from
`least restrictive to most restrictive, which can be
`assigned to the access of every file or directory on the
`AT&T Smart Card. Additionally, several of the access
`conditions can be combined.
`
`Validation Mechanisms
`The AT&T Smart Card provides for two types of
`validation:
`
`- External validation, in which the users authenticate
`- Internal validation, in which the card authenticates
`
`themselves to the card, and the card then validates the
`user, and
`
`itself to the network, and the network then validates
`the card.
`In this paper, we regard authentication to be
`the process of a user claiming to be authentic, i.e., being
`whomever he or she claims to be. Signing a check would
`be such a process. Validation is then similar to the teller
`validating the signature and, thus, the signer’s claim of
`authentication. Another example is an employee claiming
`he or she is an authentic employee by showing a com-
`pany pass to a security guard, who validates the pass
`after inspecting it. In the field of encryption, however,
`the two terms often are used interchangeably.
`External Validation. With external validation,
`users must prove their knowledge of the keys contained
`on the Smart Card without, of course, disclosing the key
`to unauthorized users. As such, keys can never be com-
`municated un-encrypted. Once the external validation
`operation is successfully completed by the user, access
`to those operations requiring external validation is possi-
`ble. The basic process of external validation is as follows:
`1. When the card is inserted in the reader machine, the
`machine’s processor asks the card to generate a ran-
`dom number. The reader machine then informs the
`user what the number is.
`2. Via appropriate buttons or keyboard commands on
`the reader machine, the user DES encrypts the random
`number, using electronic code book (ECB) mode, with
`what should be the appropriate key. The user then
`stores the encrypted random number in the reader
`machine.
`3. The user then instructs the reader machine to send
`the encrypted random number to the card.
`
`Page 6 of 12
`
`

`

`Table I. Access permissions available on the AT&T Smart Card
`
`Access code
`
`Access conditions. Applied to read, update, create,
`delete, and other operations
`
`ALW
`PUIl
`PU12
`PRO
`
`AUT
`ENC
`
`PUII/PRO
`PUIB/PRO
`PUII/AUT
`PUIB/AUT
`PUII/ENC
`PUQ/ENC
`NEV
`
`Always possible
`Valid presentation of PIN, once per session
`Valid presentation of PIN, once per access
`A message authentication code (MAC) is appended to all
`data communications and validated
`External authentication
`All data communications are encrypted, with a MAC also
`appended to message
`Combination of previous items
`Combination of previous items
`Combination of previous items
`Combination of previous items
`Combination of previous items
`Combination of previous items
`Never possible except through operating system primitives
`
`4. The card performs DES encryption on the random
`number, also using ECB mode, with the appropriate
`key stored in its memory, and compares its results
`with the encrypted random number passed to the card
`by the user.
`5. Based upon the comparison, the external validation
`operation will succeed if the user and card used the
`same key. Otherwise, the operation will fail.
`It is important to note that an un-encrypted key
`is never transmitted between the card and user. Further,
`since the random number is generated by the card, it is
`not possible to use a previously successful random num-
`ber to authenticate access. This eliminates the potential
`of a “replay attack.” In order to deter the persistent
`attacker waiting for the same random number, the card
`will not generate a new random number if an external
`validation command has not been issued in the interim.
`In any event, the random number is 64 bits long, so the
`attacker would wait quite some time before the same ran-
`dom number was again presented.
`Internal Validation. The basic process used for
`secure network access follows a similar procedure for
`internal validation. In this case, however, the network
`must determine if the user possesses the appropriate
`key, which is stored in the user’s card. The basic process
`of internal validation is as follows:
`
`1. When the card is inserted in a reader machine to
`access a network, the network generates a random
`number and sends it to the card, via the reader
`machine.
`2. The card DES encrypts the random number, using ECB
`mode, with the appropriate key.
`3. The card sends the encrypted random number to the
`network, via the reader machine.
`4. The network performs DES encryption, also using ECB
`mode, with the same random number and, presum-
`ably, the same key, and compares the card’s encrypted
`random number with its encrypted random number.
`5. Based upon the comparison of the two encrypted ran-
`dom numbers, the network allows or disallows access.
`It should be noted that although these proce-
`dures seem to place a great deal of burden on the reader
`machine, the machine itself does not have to be a compli-
`cated device. It could be attached to a serial port of a pro-
`cessor, which could perform all the above internal and
`external validation tests in software.
`Again, note that the un-encrypted key is never
`transmitted between the network and user. In actual
`operation, all access to the card would also be PIN pro-
`tected to prevent the use of a lost card.
`W L i n e security. Validation also supports a dis-
`tributed “off-line” security environment. For example,
`
`AT&T TECHNICAL JOURNAL SEPTEMBEWOCTOBER 1994
`
`67
`
`Page 7 of 12
`
`

`

`Initial master key
`
`Sub-master identification
`
`User identification
`
`Figure 3. Through the use of innovative key management
`techniques, a key hierarchy can be created for the AT&T
`Smart Card. A master key can be created, and by using a
`word or words, whether it be a user identification, phrase,
`name, etc., as a ‘seed,” a set of lower-level keys can be
`created, resulting in a unique user key.
`
`typical building security systems protected by card
`access require a large network of cables connecting door
`readers, door controllers, and host computers. When a
`card is presented to a door reader, the ID number is
`transmitted via the network to a host computer. After the
`ID number is verified, the host computer sends a signal
`to the door controller to open the door.
`By allowing the card to perform the comparison
`against a stored or internally calculated number, the card
`can essentially decide if it is allowed permission. In this
`simple example, a door reader would issue a door ID
`number to the card, the card would search an internal
`database of accessible door IDS, and then decide locally,
`that is, by itself, whether to open the door. This removes
`the need for a significant network infrastructure within
`the building. PIN verification, or some other more sophis-
`ticated method, also could be implemented to protect
`against lost or stolen cards. Encrypted versions of this
`example can be created for even higher security.
`
`Concerns of Databaseless Key Management
`As stated earlier, the AT&T Smart Card is a natu-
`ral adjunct to a system of off-line authentication. By stor-
`ing the key within the Smart Card, the user does not
`
`68
`
`AT&TTECHNICAL JOURNAL SEPTEMBER/OCTOBER 1994
`
`need to know the key, or keys, so no user can in any
`way compromise the security of the system.
`In the simplest realization of this system, a
`common key is stored both in the user’s AT&T Smart
`Card and in a host security application module (SAM),
`which can also be a host smart card. Using the common
`key, the user’s Smart Card and the host SAM can perform
`the processes of internal and external authentication
`described earlier.
`Unfortunately, this process has serious draw-
`backs. If the common key is compromised in any fash-
`ion, the entire distribution system must be revamped,
`since every user’s AT&T Smart Card, as well as every
`host SAM within the system, uses the common key. In
`addition, this process would preclude the revocation of
`security rights to a particular user, since his or her key
`would be identical to every other user’s key.
`An improvement to this method is to assign each
`user a separate and unique key. The security application
`would require a database of every key, mapped to some
`unique user ID number. In this manner, the SAM would
`be able to perform an authentication on a specific user,
`using the user ID as an index into the table of keys. Once
`the key is retrieved, the same bilateral authentication
`process is performed to validate the user.
`While this system is a significant improvement
`over the common key system, the storage of all the keys
`in the authentication device creates some extreme
`difficulties. For example, assuming 300,000 employee ID
`holders of a large corporation, each of them requiring an
`Sbyte key, each SAM would require a minimum of 2.4
`Mbytes of storage. The expense and complexity of the
`SAM, therefore, becomes very significant.
`In a distributed enterprise, the administration of
`such a key system would be extremely difficult, espe-
`cially when one considers the thousands of SAM devices
`that would be required to accept a particular Smart Card.
`AT&T Databaseless Security System. The patented
`AT&T Databaseless Security System removes these limi-
`tations. This particular system, through the use of inno-
`vative key management techniques, permits the creation
`of a key hierarchy to allow not only the simple and effec-
`tive distribution of keys, but the creation of a manage-
`ment hierarchy. This hierarchy is shown in Figure 3.
`In this innovation, a master key card is created
`in a secure environment. Using any word or words,
`whether it be a user ID, phrase, name, etc., as a “seed,” a
`
`Page 8 of 12
`
`

`

`Table II. Space requirements for various biometric data storage.
`
`Biometric method
`
`Feature extraction
`mechanism
`
`Ultimate data size for
`realistic authentication
`
`Photo image
`Signature
`Voice template
`Fingerprint
`
`Data compression
`Stroke analysis
`Digital signal processing
`Synactic and other processes
`
`1000.1500 bytes
`50@1000 bytes
`1000-2000 bytes
`500.1000 bytes
`
`set of lower-level keys can be created, ultimately result-
`ing in a unique user card. By associating a secret DES key
`physically with a card, it is possible to distribute keys
`throughout the security system as physical cards. This
`could mean that a user or system administrator actually
`has no knowledge of what the key is, but only has posses-
`sion of the appropriate level key card. Keys can then be
`tracked as physical entities that can not be duplicated, sim-
`plifying greatly the security auditing and controls process.
`For example, to validate a user, a security appli-
`cation module would only need to know the “seed,” per-
`haps some user ID. From this, the administrator’s card
`would internally synthesize the user key, and then exe-
`cute the authentication process as required. The synthe-
`sis process, performed by the AT&T Smart Card, basi-
`cally is the conversion of very long keys, generally 10
`times longer than the user key, to a unique user key via
`mathematical operations.
`With the concept of a databaseless key manage-
`ment system, the development of a key management
`hierarchy using the AT&T Smart Card becomes a deter-
`ministic process. This, coupled with the features within
`the card’s operating system, allows remote administra-
`tion of multiple applications on the card over the entire
`useful life of the card.
`
`Biometric Authentication
`A common method of providing additional secu-
`rity when using a Smart Card is the implementation of a
`PIN. This number is stored in a secure fashion on the
`Smart Card. Although this mechanism is a potent secu-
`rity feature, it still can be circumvented by clever espi-
`onage. The most obvious breach of security involves
`users who write their PINS in less than secure locations,
`offering easy opportunities for compromise.
`A higher level of security can be achieved using
`biometric authentication. In this process, some basic
`
`physical characteristic of the user is required to validate
`the user’s authenticity. A simple example of biometric
`authentication is a person’s signature. Upon request, a
`user would be required to sign a document, such as a
`check. The biometric data, in this case the signature, is
`then viewed by a validation mechanism, a bank teller,
`and used to validate the user’s authenticity to allow an
`application to be performed, such as dispensing money.
`More sophisticated methods of biometric
`authentication in use today include retinal scans, finger-
`prints, hand geometry, voice prints, facial scans, signa-
`ture comparison, etc. The AT&T Smart Card provides a
`convenient and portable method for a per

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket