United States Patent (19)
`Audebert
`
`54 SYSTEM AND METHOD FOR USER
`AUTHENTICATION HAVING CLOCK
`SYNCHRONIZATION
`75 Inventor: Yves Audebert, Foster City, Calif
`s
`s
`73 Assignee: Activcard, Sursesnes Cedex, France
`
`Appl. No.: 944,071
`21
`22 Filed:
`Oct. 2, 1997
`
`Related U.S. Application Data
`63 Continuation-in-part of Ser. No. 620,162, Mar. 22, 1996,
`Pat. No. 5,737,421.
`51) Int. Cl. ............................... Hoak 100. Hoal 900
`GO6K 5/OO
`52 U.S. Cl. .............................. 380/23: 235/382; 380/25,
`380/48; 380/49
`58 Field of Search .................................. 380/23, 25, 48,
`380/49; 235/382
`
`56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`1/1989 Vaughan.
`4,800,590
`4.885,778 12/1989 Weiss ........................................ 380/48
`4,998.279 3/1991 Weiss ........................................ 380/23
`
`53.3 E. Wies- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 380/21
`aw- - -a-2
`
`FOREIGN PATENT DOCUMENTS
`0234954 A2 9/1987 European Pat. Off..
`Primary Examiner Stephen C. Buczinski
`Attorney, Agent, or Firm-Stevens, Davis, Miller & Mosher,
`L.L.P.
`
`USOO588.7065A
`Patent Number:
`11
`(45) Date of Patent:
`
`5,887,065
`Mar 23, 1999
`
`57
`
`ABSTRACT
`
`The System includes a first unit adapted to communicate
`with a Second unit. The Second unit grants conditional acceSS
`to a function or Service in accordance with an authentication
`operation. Both units are capable of running Software for
`generating passwords by means of encryption of Several
`dynamic variables as for example a time dependent variable
`and/or a variable representing the number of formulated
`authentication requests. The encryption may be performed
`using a dynamic key. In order to Synchronize the values of
`the variables generated in concert but independently in the
`units, only Some of the least significant digits of the Vari
`ables are transferred from the card-like unit to the other unit,
`with the transfer being performed by adding the digits to the
`password. This Synchronization information is combined
`with corresponding variables in the Second unit and used to
`calculate therein a value which has to match with the
`password calculated in the Second unit in order to gain
`access to the function or Service. In a “virtual token'
`implementation, the first unit can be a Smart card, which
`Stores the dynamic key and the variable representing the
`number of formulated authentication requests and executes
`an encryption algorithm, a Smart card reader and a personal
`computer. Either the Smart card reader or the personal
`
`computer can generate the time dependent variable. In a
`“software token” implementation, the functions of the first
`unit are performed by a computer Such as a personal
`computer, thus eliminating the need for a Smart card or a
`Smart card reader.
`
`50 Claims, 9 Drawing Sheets
`
`- Mm Mmm SM M
`
`M
`
`u. -- - - - --
`
`t
`
`FROM
`Egg 50
`USER
`
`Pass. RD
`51
`
`A
`
`12
`int ERFACE
`5
`ls (N.
`
`PGE
`usek luring
`USER ID scaRD
`knot, Na 1.
`AR 2
`Kna (2)
`No (2)
`53 CARD x
`Knax
`No (x)
`LSBT
`
`4.
`ss of Nassino
`
`sus TE
`
`55
`5
`
`N
`
`Hss OF Nia
`
`ss (N)
`
`N
`> OR
`
`NO
`
`Yes
`
`57
`
`NN
`
`58
`
`KEY DERIWAQ
`DES
`
`53
`
`FUNCTION
`
`87
`
`ae
`
`88
`
`
`
`KEY DERWON
`Ka
`
`NCREMENT
`HSS OF NEY
`
`SO
`
`st)
`
`64
`
`-15
`---------
`N.
`Hse OF N.1 s6 (N)-6
`S3
`Yes
`
`NO
`
`O
`
`t
`
`PETITIONERS' EXHIBIT 1029
`
`Page 1 of 25
`
`

`

`U.S. Patent
`U.S. Patent
`
`Mar. 23, 1999
`Mar 23, 1999
`
`Sheet 1 of 9
`Sheet 1 of 9
`
`5,887,065
`5,887,065
`
`FG: 1
`
`6
`6
`
`8 9
`
`
`8 9 s /ZZ
`|x/
`> (au
`
`
`
`
`
`
`
`
`
`7
`
`o-7
`
`VM
`/21 N
`
`PIN
`USER — ID
`
`
`
`
`
`Page 2 of 25
`
`Page 2 of 25
`
`

`

`U.S. Patent
`
`Mar. 23, 1999
`
`Sheet 2 of 9
`
`5,887,065
`
`
`NOISSIWSNVYL(ry)(¥)(9S)|
`
`tv|&syd
`PEproeswests]__farear01wnaV{W197OHVLIa"x
`o:IdJsasngauOuvo
`—-—ee
`vle82
`WIO-LN3AZLia’Zs||}I0-GuVOLig-ze"19«-aSva
`
`P=Uy|isn=N|NOILVAINSOAZ
`0971V|92
`-(Ny)
`
`621OVELXANOILNIOS3Y-L
`OVdAa»ozs}_oven|
`122
`[was]iKes
`
`ishrav
`
`
`
`Ov
`
`ON
`
`Page 3 of 25
`
`Page 3 of 25
`
`
`
`
`

`

`U.S. Patent
`
`Mar 23, 1999
`
`Sheet 3 of 9
`
`5,887,065
`
`
`
`70
`
`7
`
`LSB (T)
`
`
`
`
`
`
`
`
`
`
`
`
`
`VALIDFTY RANGE
`DEFINION
`-5 STss + 4
`
`78
`
`HSB OF SERVER
`CLK -
`
`LSB (T)
`
`FIG:3B
`
`
`
`FIG.3A
`
`FIG.3B
`
`Page 4 of 25
`
`

`

`U.S. Patent
`
`Mar 23, 1999
`
`Sheet 4 of 9
`
`5,887,065
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FROM
`CARD 50
`USER
`D
`s
`PASSWORD
`
`12
`INTERFACE
`
`
`
`
`
`DATA BASE
`USER ID
`
`USER ID
`
`
`
`53
`
`56
`
`Nc
`
`HSB OF No
`
`LSB (No)
`
`SP (T)
`
`CS)
`
`NO
`
`D-N-No
`
`KEY DERVATION
`D
`IMES
`
`FUNCTION
`
`
`
`KEY DERVATION
`Ko
`
`
`
`FIG. : 3A
`
`NCREMENT
`
`60
`
`-15
`
`N
`HSB OF N. 1 LSB (N)-61
`6 4
`N-65 Aóces
`<5s DE NED
`NO
`
`62
`
`BO
`
`8 6T
`
`PASSWORD
`gFU
`Aa
`EE FIG.2
`
`t
`
`YES
`
`NO
`i
`8 5
`
`33a
`3 6 a
`
`ACCES
`DENED
`
`-
`
`Page 5 of 25
`
`

`

`U.S. Patent
`
`Mar 23, 1999
`
`Sheet 5 of 9
`
`5,887,065
`
`70-syster cut
`
`-
`
`FG: 4
`
`oate F-9
`
`91
`
`94
`
`90
`
`92
`
`-3S Tss +2
`
`NO
`
`YES
`
`-5 STsS - 4
`
`VALIDITY RANGE
`
`DATA BASE 18
`
`USER ID
`
`
`
`70
`
`SYSTEM CLK
`
`Page 6 of 25
`
`

`

`U.S. Patent
`
`Mar. 23, 1999
`
`Sheet 6 of 9
`
`5,887,065
`
`Zu
`
`SilGli
`
`¢/
`
`oL
`
`isnravZl4190Y3AN3S
`
`419Y3AYNSS
`HOLVNLV
`
`AIVWONYV
`
`NOILO3L490
`
`clOet
`
`ON
`
`SHA
`
`£:°9ls
`
`rllcockcol ytasve_vivg
`19W3ILSAS13S34301MIN
`
`(74)(L74)
`
`tone|qi¥asn
`
`Lauvd
`
`Page 7 of 25
`
`Page 7 of 25
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Mar 23, 1999
`
`Sheet 7 of 9
`
`5,887,065
`
`smm has aws areas amawa us -/*---------------
`
`-
`
`
`
`FIRST UNIT
`
`PERSONAL COMPUTER
`
`KEYBOARD
`
`
`
`SMART CARD
`READER
`
`Page 8 of 25
`
`

`

`U.S. Patent
`
`Mar 23, 1999
`
`Sheet 8 of 9
`
`5,887,065
`
`SMART
`CARD
`READER
`141
`
`
`
`SMART CARD140
`
`24
`
`FGO
`
`PERSONAL COMPUTER
`142
`
`228
`
`
`
`PRODUCE
`CHALENGE
`(64 bits)
`
`Kn + 1 se
`f(Kn, N n + 1)
`
`FIG.:12
`
`PERSONAL COMPUTER
`
`KEYBOARD
`
`
`
`
`
`428
`
`
`
`
`
`SECOND UNIT
`
`405
`
`402 (442.)
`406
`4.08
`445
`424
`426
`
`Page 9 of 25
`
`

`

`U.S. Patent
`
`Mar 23, 1999
`
`Sheet 9 of 9
`
`5,887,065
`
`pc142
`
`
`
`
`
`
`
`'"
`READER
`141
`
`
`
`FG:13
`SMART
`CARD
`40
`
`22A
`
`
`
`240
`
`144
`-- a-----
`FoRMAT
`: Disay
`
`sm ampus 4
`
`-
`
`PC 142
`
`
`
`
`
`SMART
`CARO
`READER
`141
`
`FIG: 14
`SMART
`
`3'
`
`FORMAT
`8.
`DISPLAY
`--------
`
`Page 10 of 25
`
`

`

`1
`SYSTEMAND METHOD FOR USER
`AUTHENTICATION HAVING CLOCK
`SYNCHRONIZATION
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`This is a continuation-in-part of U.S. application Ser. No.
`08/620,162, filed Mar. 22, 1996, now U.S. Pat. No. 5,737,
`421, the disclosure of which is hereby incorporated by
`reference.
`Cross-reference is hereby made to copending U.S. appli
`cation Ser. No. 08/942,904, filed on the same date and by the
`Same inventor as the present application and entitled “SyS
`tem and Method for User Authentication Employing
`Dynamic Encryption Variables” and incorporated by refer
`ence herein. That co-pending application is a continuation
`in-part of U.S. application Ser. No. 08/620,240, filed Mar.
`22, 1996.
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`The present invention relates to an electronic System for
`authentication of individuals and/or messages, in particular
`for controlling access to a function, enabling a user condi
`tionally to obtain a Service or Some other provision to be
`delivered by a specialized Service unit associated with the
`System in question.
`More particularly, the invention relates to a System for
`control of access to, or authentication of messages handled
`in, a computer or, more generally, a computerized network,
`use of which is reserved for perSons having been duly
`legitimately entitled. Such networks may serve, for example,
`to provide all kinds of Services entailing a transaction,
`usually with a monetary consideration, Such as television
`Shopping, pay television, home banking, interactive tele
`vised games, or also confidential faxes etc.
`2. Description of the Related Art
`The known Systems of this kind generally include at least
`one electronic device or token, preferably portable (referred
`to as a “card” for convenience in the remainder of the
`present description) and at least one central electronic veri
`fication device (referred to as a “server” in the remainder of
`the description) which is intended conditionally to deliver
`authorizations for access to the function or Service.
`Such authorization is delivered only in the event of
`agreement or matching between a password produced in the
`card and a password produced in the Server. These pass
`words are obtained by encrypting a variable with the aid of
`an encryption algorithm, which operations take place Simul
`taneously in the card and in the Server.
`Usually, the encryption process employs a time
`parameter, often involving the use of clockS both in the cards
`and in the Servers. In the ideal case, these clockS should be
`Synchronized with one another, Synchronization is difficult
`to achieve in practice, especially if, for obvious cost reasons,
`it is Sought to install in the cards clockS which do not have
`very high accuracy.
`A System exhibiting the general characteristics Stated
`above is described in U.S. Pat. No. 4,800,590. In this system,
`each card includes a processor intended iteratively to cal
`culate a password with the aid of an encryption algorithm.
`This latter periodically encrypts a parameter (referred to as
`the “seed”) which is itself dependent on the parameter used
`for the previous calculation.
`In Such a System, the clocks of the card and of the Server
`must in principle be Synchronous So as to avoid unjustified
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`5,887,065
`
`2
`denials of access (which are not from fraudulent or errone
`ous requests on the part of the user of the card).
`However, whereas the clock of the server may be highly
`accurate, the Same is not the case for the cards. Indeed, Since
`a modest cost in respect of the cards is a paramount design
`constraint, it is not possible to incorporate in the cards
`expensive high-quality clocks which would be free of drift.
`A high level of synchronization between the clocks of the
`cards and of the Server cannot therefore be envisioned in
`practice.
`In U.S. Pat. No. 4,885,778, passwords are also periodi
`cally calculated during given Successive time spans. A time
`dependent validity range is established in the Server with a
`length much greater than the time span. When an access
`request is formulated, the Server computes as many pass
`words as there are time spans contained in the time depen
`dent validity range. If a password of the card matches with
`one of the passwords thus calculated in the Server, access is
`granted. This System also requires a significant amount of
`calculating work in the Server.
`U.S. Pat. No. 5,361,062 discloses an authentication sys
`tem which involves transferring to the Server, at the moment
`at which an access request is input, a part of the time value
`available in the card on the basis of its clock. The example
`given in the patent is the minutes value of the clock at the
`moment of access. When the password is transferred, this
`value will be used in the server which examines whether the
`Seconds value of its clock is less than or greater than 30
`Seconds. If this value is less, the Server takes the chosen
`minutes value. In the contrary case, the minutes value in the
`Server is increased by one unit. This process can operate
`correctly only if the clock of the card is either Synchronous
`with the clock of the server with a predefined tolerance or
`lags behind the latter. If, on the other hand, the clock of the
`card leads that of the server, the latter will be unable to find
`the password calculated in the card during the access request
`in progress, Since the Server will not perform iterations until
`reaching that of the current minute of its own clock. In this
`case, no access request, even formulated legitimately, will be
`able to Succeed. However, in incorporating low-quality
`clocks into the cards, which, as described above, is neces
`Sary for cost reasons, it is not possible to determine during
`manufacture in which direction the clock of a card will drift
`with respect to the clock of the Server, particularly Since the
`drift may be caused by wholly unpredictable phenomena
`Such as temperature variations to which the card may be
`Subjected.
`Another drawback of the system according to U.S. Pat.
`No. 5,361,062 is that the elemental time unit clocking the
`password calculation iterations cannot be chosen to be very
`Small, Since the Smaller the time unit, the greater the
`calculational burden both for the server and for the cards.
`Therefore, in practice, this time unit has been fixed at
`between 1 and 10 minutes. This implies that each password
`generated in the card remains valid throughout the duration
`of Such a time unit. This impairs the Security of the System,
`in particular when it includes Several Servers. A hacker can
`in fact obtain a password by intercepting it on the link
`between the card and the server and could then enter it into
`another Server and obtain authorization of access, Since he
`has the right password.
`EP Patent Application No. 0324954 discloses an access
`control system which involves transmission to the server by
`the user of a Synchronization data item which pertains to the
`number of access requests made previously. More precisely,
`if after calculating the password in the card and in the Server
`
`Page 11 of 25
`
`

`

`3
`there is non-agreement, the Server displays a data item
`relating to the acceSS requests which it has made in respect
`of this card. This data item must be entered into the card by
`the user in order to ensure that the same number of acceSS
`requests is recorded in the card and in the Server. This prior
`System has the drawback of involving the user in the
`Synchronization procedure and of disclosing to any hacker
`the number of acceSS requests made, although this value
`serves in the calculation of the password. It would therefore
`be preferable to keep it Secret.
`SUMMARY OF THE INVENTION
`The object of the present invention is to provide an
`authorization system which is free of the drawbacks of the
`prior art discussed above.
`In particular, an object of the invention is to provide an
`authentication System wherein each electronic device can
`transmit Synchronization information to the Server So that
`the latter is able to Synchronize on the clock provided in each
`electronic device, provided relative drifts of the clocks in
`both the respective electronic devices and the Server remain
`within predetermined limits.
`Accordingly, there is provided a System for authentication
`of individuals and/or messages, including at least one first
`unit personalized for an individual and at least one Second
`Verification unit capable of delivering an authentication
`function authenticating the individual and/or the messages.
`The first unit comprises:
`first generating means for generating at least a first
`variable;
`first calculating means for producing a first password with
`the aid of at least a first encryption algorithm for
`encrypting at least the first variable; and
`transmission means for transmitting the first password to
`the Second unit;
`The Second unit comprises:
`Second generating means for, in response to an authenti
`cation request made by way of a Specified one of the
`first units, generating at least a Second variable
`assigned to this first unit;
`Second calculating means for producing a Second pass
`word with the aid of at least one Second encryption
`algorithm for encrypting at least the Second variable,
`the first and Second variables being produced in
`concert, but independently in the first and Second units,
`means for comparing the first and Second passwords, and
`delivering means for, in the event of a predetermined
`consistency of the passwords, delivering the authenti
`cation function.
`The transmission means is configured So as to transmit
`with the first password in digits having the least significant
`weight of the first variable from the first unit to the second
`unit.
`The Second unit further comprises:
`(a) Substituting means for, based on the current value of
`the Second variable, generate a Substituted variable
`wherein n digits having the least Significant weight are
`replaced by the n digits having the least Significant
`weight of the first variable, the substituted variable
`thereby comprising a replaced first group of n least
`Significant digits and a Second group of m highest
`Significant digits, and
`(b) third calculating means for
`(1) retaining as Second variable for the calculation of
`the second password the Substituted variable, if the
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`5,887,065
`
`4
`Substituted variable and the current value of the
`Second variable are consistent with at least a first
`predetermined condition,
`(2) if the first predetermined condition is not satisfied,
`adjusting in the Substituted value the Second group of
`m highest Significant digits, the adjusting being
`dependent from a Second predetermined condition,
`the adjusting generating a Substituted and adjusted
`variable, and
`(3) retaining as Second variable for the calculation of
`the Second password the Substituted and adjusted
`variable.
`From these characteristics, it follows that the variables
`Subjected to encryption in the first unit or token and in the
`Server or Second unit can be matched to one another in order
`to produce passwords which are identical to each other or
`have a predetermined relationship with one another and to
`do So during each access request despite the drifting which
`these variables may exhibit. Similarly to an embodiment in
`the aforesaid copending U.S. application incorporated by
`reference herein, the calculating means of the Second unit
`can have a different algorithm from that of the calculating
`means of the first unit, e.g. the algorithm in the Second unit
`can be a decryption algorithm applied to the first password
`to derive the first variable, generated in the first unit, which
`is compared in the Server with the Second variable generated
`in the second unit. If the variable is time-based, this match
`ing may require no further iteration in the Server. If the
`variable is the number of authentication requests formulated
`by the first unit, the number of iterations, which could
`possibly be necessary, would still be limited to a very small
`value.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`Other characteristics and advantages of the invention will
`emerge in the course of the description which follows, given
`merely by way of example and referring to the appended
`drawings in which:
`FIG. 1 is a general diagram of an authentication System
`according to a first embodiment of the invention;
`FIG. 2 is a simplified flowchart illustrating the principle
`of the running of the operations in a first unit or card
`belonging to the System according to the invention, when an
`access request is processed;
`FIGS. 3, 3A and 3B show a simplified flowchart illus
`trating the principle of the running of the operations in a
`central unit or Server belonging to the System according to
`the invention when an access request is processed;
`FIG. 4 is a partial flowchart illustrating a detail of the
`operation of the Server relating to the variation as a function
`of the duration of use of a card, of a validity range imposed
`on a Synchronization value of the clocks,
`FIG. 5 is the flowchart of a first variant of a detail of the
`operation of the Server via which a matching of the System
`according to the invention to the drifting of the clocks of the
`cards in the course of their use may be implemented;
`FIG. 6 shows a second variant of a matching to the
`drifting of the clockS in the cards,
`FIG. 7 is a flowchart of a detail of the operation of the
`Server pertaining to a routine for monitoring the magnitude
`of the drift of the clocks over a predetermined time period;
`FIG. 8 shows a flowchart of the mode of calculating a key
`derived from encryption and used for calculating the pass
`word;
`FIG. 9 shows a block diagram of a second embodiment of
`the invention;
`
`Page 12 of 25
`
`

`

`5,887,065
`
`S
`FIG. 10 shows a flow chart of operations involved in
`calculating a password according to the Second embodiment;
`FIG. 11 shows a block diagram of a third embodiment of
`the invention;
`FIG. 12 shows a block diagram of a fourth embodiment
`of the invention; and
`FIGS. 13 and 14 show variations of the operations shown
`in FIG. 10.
`
`15
`
`25
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`Represented in FIG. 1 is a very simplified diagram of an
`access control System according to the invention.
`The System is assumed to grant conditional access to a
`function which in FIG. 1 is symbolized with the rectangle 1.
`The term “function” should be taken in a very broad sense.
`It designates any authentication function, in particular an
`authentication to which access is conditioned by authenti
`cation involving authentification entailing Verification of the
`card with the aid of which the request is formulated, and
`preferably also identification of the perSon requesting acceSS
`to the function So as to ascertain whether his request is
`legitimate.
`The function may be of any nature, for example a function
`for access to premises, to a computerized network or to a
`computer, to a transaction of a pecuniary nature (television
`Shopping, home banking, interactive televised game, pay
`television) etc. The function may also involve the authenti
`cation of messages.
`This So, it may be seen in FIG. 1 that the System according
`to the invention can, according to a particular embodiment,
`include at least one first unit 2 referred to here as the “card”
`and at least one Second unit 3. It will be noted that the acceSS
`control System according to the invention can include a large
`number of first units and one or more Second units, but in
`any event generally a considerably Smaller number of Sec
`ond units than first units. The numbers of units 2 and 3
`therefore in no way limit the invention.
`The first unit or card 2 is preferably portable and person
`alized So as to be assigned personally to a given user. It takes
`for example the form of a pocket calculator, and it bears a
`public identification number (user ID) 5 indicated diagram
`matically in FIG. 1. This number can be registered therein
`unenciphered and be assigned thereto at the time of its
`initialization. It can also be formed by the name of the user
`or any other information specific to him. The personal
`identification number (PIN) is secret and is usually memo
`rized by the authorized user of the card. In the preferred
`50
`embodiment, to use the card, the PIN is entered into the card
`by the user via keypad 6; the card compares the entered PIN
`with a stored value. If the entered PIN and the stored value
`match, the user is granted access to the card; if not, the card
`will not function to generate a password. The user commu
`55
`nicates the user ID to server 15 in a manner as described
`below. The user ID identifies the particular card 2 from
`among the plurality of Such cards in the overall acceSS
`control System.
`The card 2 includes a keypad 6 intended to allow the entry
`of information, Such as for example the personal identifica
`tion number (PIN) already mentioned, as well as various
`function buttons 7. It also includes a display screen 8 and is
`furnished with an integrated circuit 9 which includes in
`particular a duly programmed microcontroller as well as the
`customary ROM and RAM memories. Card 2 can have its
`own Source of electrical power, Such as battery 9A.
`
`6
`The card 2 also includes a communication device 10
`making it possible to communicate with the Second unit 3
`either directly or via a more or less long-distance transmis
`Sion link. This device can take numerous forms, for example
`a DTMF telephone link, a device for transmitting data by
`infrared rays, a So-called “connected mode” device in which
`the card is inserted into an appropriate reader or any other
`transmission device well known in the art.
`The Second unit 3 encompasses firstly interface means
`which allow for the provision of communication with the
`card 2. In the embodiment represented in FIGS. 1 and 2,
`these interface means are symbolized with a rectangle 12,
`they may take numerous forms. They may for example be a
`Specially dedicated reader, but they may also take the form
`of a computer terminal, a personal computer inserted for
`example into a network etc. Their particular feature is that
`they can communicate in an appropriate form with the card
`or cards associated there with.
`The interface means 12 can comprise a keypad 13 and a
`display Screen 14 to enable the user to enter information to
`be communicated to a part 15 of the Second unit 3, Such as
`for example passwords or data to be authenticated and
`relating to the function 1. However, this information and/or
`these data can be entered in other ways, in particular
`automatically without manual intervention by the user, for
`example simply by entering the card into the interface 12 or
`else via an infrared ray link with which the card 2 and the
`interface 12 are endowed.
`The interface 12 communicates with the other part 15
`(hereafter referred to as the server) of the second unit 3. This
`communication Symbolized by the connection 16 can be
`done at Short-range or long-range by any appropriate means.
`The information flowing over this connection is in particular
`the password to be subject to control in the server 15 and
`possibly data or messages to be authenticated and operated
`O.
`The server 15 comprises in particular a processor 17 and
`a memory or database 18. The processor is capable of
`conditionally freeing the functions 1, addressed by the
`acceSS requests formulated by the various cards, it being
`possible for these functions to be carried out inside the
`server (as symbolized in FIG. 1) or outside. It should be
`noted that the Server 15 generally cooperates with a large
`number of cards by way of interfaces Such as the interface
`12.
`FIG. 2 represents a simplified flowchart of the various
`operations which unfurl when a request for access to a
`function is formulated by the user of Such a card.
`To initiate the procedure, the public identification number
`(user ID) 5 must firstly be communicated to the server 15.
`This operation can be carried out in various ways. For
`example, it may be communicated directly to the Server 15
`as Soon as the card is inserted into the interface 12. It can be
`punched directly into the keypad 13 of the interface by the
`user himself, or else into the keypad 6 of the card 2 and be
`transferred by the link 10. Communication can also be
`effected via a remote link, Such as a telephone line or by
`Hertzian link.
`The user must also input his entitlement by punching, at
`20, his personal identification code or PIN code into the
`keypad 6 of the card 2. The code punched in is compared at
`21 with the PIN code stored in memory in the card. In the
`event of non-agreement, the card 2 refuses to be used by the
`user at 22, the user possibly being allotted Several consecu
`tive attempts before being faced with final refusal, if they are
`all abortive.
`
`35
`
`40
`
`45
`
`60
`
`65
`
`Page 13 of 25
`
`

`

`7
`If on the other hand the PIN code entered and the PIN
`code in memory agree, the program triggers the operation
`for calculating the password.
`This calculation consists in an encryption with the aid of
`an encryption algorithm which may be Secret or public. The
`algorithm itself may use a public key or a Secret key. For
`example, it may be an algorithm referred to as DES (Data
`Encryption Standard) by experts in this art, such DES being
`a public algorithm using a Secret key.
`According to the concept described in the copending U.S.
`patent application Ser. No. 08/942,504 entitled “System for
`Controlling Access to a Function, Using a Plurality of
`Dynamic Encryption Variables” by the instant inventor and,
`filed on the same date as the present application and incor
`porated by reference herein, the algorithm in question uses
`input parameters dependent on dynamic variables which, in
`one embodiment, are three in number. Two of them are a
`variable N stored in a register or counter 24 and which is a
`function of the number of access requests made by the card,
`and a time variable T, Stored in a register or counter 25.
`These variables are each input as 32 bits. They may repre
`Sent the actual value of the number of access requests or of
`the time or possibly a value resulting from the application of
`any mathematical function of these variables. The third
`dynamic variable is a Secret encryption key Kn used by the
`algorithm to encrypt the two variables just mentioned. Other
`ways of describing the algorithm in question include that the
`algorithm generates an output as a function of the current
`values of Kn, N and T or that Kn is encrypted in accordance
`with a key comprising a value which is a function of N and
`T. The encryption key Kn is Stored in memory in a register
`26 and is updated with each acceSS request as explained
`below in regard to FIG. 8.
`The variable to be encrypted T emanates from a time
`counter 27 which is driven by a base clock 28 of the card
`whose output is divided in such a way that the counter 27 is
`incremented with a predetermined temporal resolution, for
`example every 0.5 seconds. The number contained in the
`counter 27 is subjected to an extraction operation at 29
`through which a predetermined number (8 in the example)
`of lowest order digits or bits (or more generically the digits
`in any numeration System including the binary numeration
`System, the hexadecimal system and So on) are separated
`therefrom. These bits or digits are discarded and are no
`longer used for calculating the password. The place value of
`the digit orbit of immediately higher order as compared with
`the discarded digits or bits determines a temporal resolution
`whose corresponding time unit will be referred to as X in
`what follows, and with which the password can be calcu
`lated.
`According to one of the aspects of the present invention,
`there is a provision for making the number of discarded
`digits adjustable in order to make it possible to choose this
`resolution which can thus be determined by programming
`(symbolized by the block 30 in FIG. 2), for example on
`initializing the card as a function of the degree of Security
`which it is wished to assign thereto or possibly in the course
`of the use of the card. Indeed, the higher the resolution the
`shorter will be the duration of validity of a password
`calculated at a given instant. Since a hacker will thus have
`less time available to grab and possibly use the password in
`place of the card's legitimate user, Security is Strengthened
`as the resolution is greater.
`The number of remaining digits (24 bits in this instance)
`Symbolized at 31 is Subjected to a 32-digit complementation
`operation at 32, through which the corresponding number
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`5,887,065
`
`8
`receives a given number of digits (8 Zero value digits in the
`example) in these higher order place values. The actual
`number of digits received will of course correspond to the
`number of digits extracted in extract unit 29. The resulting
`number T is the second variable which will be subjected to
`encryption. It is stored in the register 25. It will be noted that
`the least Significant digit or a group of lowest order digits
`constitutes a time unit which determines the resolution
`involved. If the system works with binary notation and if the
`step of the counter 27 is 0.5" as indicated above by way of
`example, the time unit may have values of 0.5", 1", 2", 4",
`8" etc.
`The content of the register 24 representing the number of
`authentication requests (sometimes referred to as the number
`of events by experts) made is placed in a register 24'.
`The two variables T and N thus produced are subjected to
`encryption according to a password calculation process
`shown diagrammatically in the chain-dotted rectangle 33.
`This calculation entails a concatenation or any other
`mathematical combination operation at 34 of the two vari
`ables N and T from the registers 24' and 25, and then
`encryption by the algorithm at 35, the latter possibly being
`a public algorithm (DES) or a Secret algorithm. The calcu
`lation produces a result A at 36 from which at 37 can be
`deleted a group of lowest order digits or highest order digits,
`the number of digits of which is determined through a
`predetermined value “A-length” or Y (which is chosen at 56
`in the example). This operation produces the value Ac.
`At 38, this