Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 1 of 9
`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 1 of 9
`
`
`
`EXHIBIT 2
`EXHIBIT 2
`
`
`
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 2 of 9
`
`AIRE-SAMS-00001855
`
`a2) United States Patent
`Meister et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,205,249 B2
`Jun. 19, 2012
`
`US008205249B2
`
`(54) METHOD FOR CARRYING OUT A SECURE
`ELECTRONIC TRANSACTION USINGA
`PORTABLE DATA SUPPORT
`
`(75)
`
`Inventors: Gisela Meister, Miinchen (DE); Nigol
`Martin, Miinchen (DE)
`
`(73) Assignee: oD & Devrient GmbH, Munich
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`4,993,068 A *
`2/1991 Piosenka et al.
`6,263,447 Bl
`7/2001 French
`6,408,388 Bl
`6/2002 Fischer
`5/2003 Guthery woe 713/168
`6,567,915
`6,651,168 B1* 11/2003 Kao etal.
`713/185
`8/2004 Guthery veeceeceuseuscuseusenses 713/172
`6,779,1 13 Bl ey
`(Continued)
`
`713/186
`
`....
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 780 days.
`10/531,259
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`1045346 A
`(Continued)
`
`OTHER PUBLICATIONS
`Russel Davis, Network Authentication Tokens, Computer Security
`Applications Conference, 1989, 5th annual, Dec. 4, 1989, pp. 234-
`238 (ISBN: 0/8186-2006-4).
`
`Doan
`
`Primary Examiner — Nathan Flynn
`Trang D
`Assistant E.
`Examiner — Trang
`ssistant
`(74) Attorney, Agent, or Firm — Bacon & Thomas, PLLC
`(67)
`ABSTRACT
`A method for effecting a secure electronic transaction on a
`terminal using a portable data carrier is proposed. According
`to the method a user (30) first authenticates himself vis-a-vis
`the portable data carrier (20). The portable data carrier (20) at
`the same time produces quality information about how
`authentication was done. The authentication is confirmed to
`the terminal (14). Then the portable data carrier (20) performs
`a security-establishing operation within the transaction, for
`example the creation of a digital signature. It attaches the
`quality information to the result of the security-establishing
`Oo eration.
`P
`
`13 Claims, 3 Drawing Sheets
`
`(21) Appl. No.:
`(22)
`Filed:
`
`(86) PCT No.:
`§ 371 (c)(1),
`(2), (4) Date:
`
`2003
`Oct.
`PCT/EP03/11761
`Apr. 24, 2006
`(87) PCT Pub. No.: WO2004/038665
`PCT Pub. Date: May 6, 2004
`
`(65)
`
`Prior Publication Data
`
`US 2006/0242691 Al
`
`Oct. 26, 2006
`(30)
`Foreign Application Priority Data
`(DE) on.eeeeeeeeeseneeetensees 102 49 801
`Oct. 24, 2002
`
`51)
`
`Int.cl
`
`ot06F 704
`
`2006.01
`
`ol,
`ene6. oN
`GO6F 12/00
`GOG6F 12/14
`6.
`wow.
`GO6F 21/00
`(52) US.CI
`705/53: 713/166
`Ree
`(58) Field of Classification Search ................ 726/9, 20;
`705/53; 713/166
`See application file for complete search history.
`
`ereee
`
`3
`
`3
`
`3
`
`20
`
`22
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 3 of 9
`
`AIRE-SAMS-00001856
`
`e01s.436
`
`U.S. PATENT DOCUMENTS
`
`soebos Carlow ofa creer
`
`......
`
`tee
`7,051,206 B1*
`713/176
`5/2006 Giest etal.
`7,162,058 B2*
`382/124
`1/2007 Mimura etal.
`382/115
`7,286,691 B1* 10/2007 Modletal.
`7/2008 Miyashita ....
`7,403,765 B2*
`we 455/411
`7,409,554 B2*
`wee TIB/175
`8/2008 Ishibashi et al.
`7,457,442 B2* 11/2008 Mimura etal.
`wee 382/124
`2002/0016913 Al*
`we 713/170
`2/2002 Wheeler etal.
`7/2002 Foleyetal.
`.. 713/202
`2002/0087894
`713/186
`7/2002 Doyleetal.
`2002/0095587 A1l*
`2002/0128969 Al*
`705/42
`9/2002 Parmelee et al.
`713/180
`9/2002 Parmeleeetal.
`2002/0129256 Al*
`2002/0141586 A1* 10/2002 Margalitetal.
`380/270
`10/2002 Mimura et al.
`2002/0150283 Al
`2003/0005310 Al*
`1/2003 Shinzaki
`.........ccccccee 713/186
`380/270
`2003/0012382 Al*
`1/2003 Ferchichi etal.
`
`US 8,205,249 B2
`Page 2
`
`2003/0014372 Al*
`1/2003 Wheeler etal. oc... 705/71
`3/2003 Leydier etal.
`713/186
`2003/0046554
`5/2003 Russo etal.
`TIB/L85
`2003/0101348
`2003/0115142 Al*
`6/2003 Brickell etal.
`705/51
`2004/0005051 Al*
`1/2004 Wheeleretal.
`380/28
`2007/0076925 Al*
`4/2007 Mimuraetal. occ... 382/124
`2007/0276754 Al* 11/2007 Parmelee et al.
`705/43
`
`.....
`
`...
`
`FOREIGN PATENT DOCUMENTS
`
`ib
`
`Laine
`
`3001344213
`wo
`0074001 Al
`0187190 A
`wo
`wo
`02067091 A
`wo
`02073341 A2
`* cited by examiner
`
`oot
`
`12/2000
`11/2001
`8/2002
`9/2002
`
`.
`
`.
`
`..
`
`....
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 4 of 9
`
`AIRE-SAMS-00001857
`
`U.S. Patent
`
`Jun. 19, 2012
`
`Sheet 1 of3
`
`US 8,205,249 B2
`
`Fig. 1
`
`12 >
`
`~
`
`18
`
`16
`
`40
`
`LIA
`Ne”
`
`20
`
`22
`
`*
`
`a
`
`~ \
`
`25
`
`26
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 5 of 9
`
`AIRE-SAMS-00001858
`
`U.S. Patent
`
`Jun. 19, 2012
`
`Sheet2of3
`
`US 8,205,249 B2
`
`Fig. 2
`
`100
`
`Electronic document
`
`102
`
`104
`
`106
`
`y
`Start signature application
`
`Present card
`
`Mutual authentication
`
`108
`
`Negotiate session keys
`
`110
`
`PIN authentication?
`
`yes
`
`112
`
`Disable biometric method
`
`114 | Enter PIN
`
`116| Verify PIN
`
`117
`
`Confirm PIN verification
`
`118
`
`Perform signature!
`
`120
`
`Sign with secret key
`
`122 | Send back signature
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 6 of 9
`
`AIRE-SAMS-00001859
`
`U.S. Patent
`
`Jun. 19, 2012
`
`Sheet 3 of3
`
`US 8,205,249 B2
`
`Fig. 3
`
`130
`
`Biometrics
`
`132
`
`Disable PIN check method
`
`134
`
`Present fingerprint to terminal
`
`136
`
`138
`
`Extract feature
`
`Features to card
`
`140
`
`Verify fingerprint
`
`142
`
`Confirm verification
`
`144
`
`Perform signature!
`
`146
`
`Sign with secret key
`
`148
`
`Form quality inf. on biomet. authent
`
`150
`
`Send back quality inf. + signed doc
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 7 of 9
`
`AIRE-SAMS-00001860
`
`US 8,205,249 B2
`
`1
`METHOD FOR CARRYING OUT A SECURE
`ELECTRONIC TRANSACTION USING A
`PORTABLE DATA SUPPORT
`
`BACKGROUND
`
`A. Field
`
`This invention relates to secure authentication of a user of
`a portable data carrier communicating with a terminal.
`This invention starts out from a method exemplified, for
`example, by the method according to “Handbuch der Chip-
`karten” (herein-after “Chip card manual’), W. Rankl, W. Eff-
`ing, 3rd edition, 1999, pp. 692 to 703, under the title “Digital
`signature”. For performing a legally binding electronic sig-
`nature, a digital signature card containing a secret signature
`key is accordingly to be used. A signature is performed on a
`suitable terminal from which the card receives in electronic
`form a document to be signed. To be able to perform a signa-
`ture, the user of the card must establish proof of his identity
`through the terminal. This proof is regularly furnished by
`entering a PIN (person identification number) which is com-
`pared with a reference PIN stored in the card. In future it is
`planned to perform user authentication by checking a biomet-
`ric feature, e.g. a fingerprint. When an electronic document
`has been signed with the help of a signature card after suc-
`cessful authentication of the user, the document can then be
`passed on in any way. The electronic signature makes it
`possible to effect particularly security-critical transactions,
`e.g. the placing of service orders involving costs, by elec-
`tronic channels.
`The intended introduction of biometric features for user
`authentication obtains a further improvement of the trustwor-
`thiness of an electronic signature compared to the hitherto
`usual PIN authentication, because it guarantees that the sig-
`nature card can only be used in the presence of a definite
`person entitled to do so.
`the thereby realized quality difference with
`However,
`regard to user authentication is hitherto not reflected in the
`usability of the particular electronic signature produced.
`It is the problem of the invention to specify a method for
`effecting a secure electronic transaction using a portable data
`carrier which takes account of the quality of the user authen-
`tication performed.
`According to the invention, when user authentication is
`being performed the performing data carrier produces quality
`information about
`the authentication method used. This
`voucher is attached to the result of a security-establishing
`operation subsequently performed by the portable data car-
`rier. The recipient of a thus formed message can therefore
`clearly recognize how a user has authenticated himselfbefore
`effecting the security-establishing operation. This gives the
`recipient the possibility of making the effecting of a secure
`transaction contingent on the quality of user authentication.
`For example, in a purse application it can be provided that an
`amount of money below a limiting value can be withdrawn
`from an account after PIN authentication, while amounts of
`money above the limiting value can only be withdrawn after
`authentication by means of a biometric feature.
`The inventive method is used particularly advantageously
`in connection with the electronic signature.
`SUMMARY
`
`Ina preferred embodiment, the implementation ofthe vari-
`ous possible user authentication methods is so designed that
`the intermediate execution results of the lower-quality
`method cannot be converted ina simple way into intermediate
`execution results of a higher-quality method. This achieves
`the result that itis impossible to tamper with an authentication
`voucher even when an unauthorized user has access to both a
`
`10
`
`15
`
`20
`
`30
`
`35
`
`40
`
`45
`
`55
`
`60
`
`65
`
`2
`portable data carrier and associated, low-order authentication
`information, i.e. when an unauthorized user has for example
`a portable data carrier together with an associated PIN.
`It is further advantageous if the particular authentication
`methods not used in performing a user authentication are
`disabled for the duration of the authentication.
`
`DESCRIPTION OF THE DRAWINGS
`
`An embodiment of the invention will hereinafter be
`explained in more detail with reference to the drawing.
`Drawing
`FIG. 1 shows the structure of a system for performing a
`digital signature,
`FIGS. 2, 3 show the process ofperforming a digital signa-
`ture as a flow chart.
`FIG.1 illustrates the basic structure of a transaction system
`for effecting a secure electronic transaction. Essential ele-
`ments of the structure with regard to the invention are a
`background system 10 connected to a terminal 14 via a data
`network 12, a portable data carrier 20 which is carried by a
`user 30 and set up to perform a security-establishing opera-
`tion within a transaction, and a data record 40 which is to be
`handled securely within a transaction to be effected.
`The secure electronic transaction will hereinafter be
`assumed to be a transaction requiring the production of a
`digital signature on the part of the user 30. Such a transaction
`can be e.g. the effecting of a banking transaction by which the
`account of the user 30 is debited. However, the described
`solution is not restricted to transactions requiring a digital
`signature but is fundamentally usable in any application in
`which a portable data carrier 20 processes data records 40
`supplied from a terminal 14 and gives back them to the
`terminal 14.
`The background system 10 is representative ofa device that
`effects the actual transaction, e.g. the movement of money
`between two accounts or the initiation of a delivery of goods
`following an order. The background system 10 can accord-
`ingly be a complex system comprising a plurality of indi-
`vidual components or, in extreme cases, be completely omit-
`ted. Ifthe transaction is an account movement application, the
`background system 10 is typically formed by a central bank
`office.
`The data network 12 serves to exchange data between a
`terminal 14 and the background system 10. It can have any
`physical form and be realized for example by the Internet or
`a mobile phone network.
`The terminal 14 constitutes the user-side interface of the
`transaction system and has for this purpose display means 16,
`typically in the form of a display screen, and input means 18,
`in the form of a keyboard. The terminal 14 can be a
`e.g.
`publicly accessible terminal, e.g. a device set up in a bank, or
`a device situated in the private area of a user 30, e.g. a PC or
`mobile telephone. The data network 12, thus a background
`system 10, can have connected thereto one or more terminals
`14 which can be of different design. The terminal 14 has an
`interface 19 for communication with a portable data carrier
`20. The interface 19 can be of any physical design, in particu-
`lar of contact-type or non-contact type.
`The terminal 14 further has a sensor device 15, referred to
`hereinafter as the sensor, for detecting a biometric feature of
`a user 30. The sensor 15 can be capable of detecting physi-
`ological features, such as facial features, features ofthe eye or
`fingerprints, or behavior-based features, such as speech or
`writing sequences expressed by the voice or by writing opera-
`tions. FIG. 1 indicates a fingerprint sensor as the sensor 15.
`The sensor 15 can be formed for sensing a plurality of differ-
`ent biometric features. The sensor 15 further contains means
`for pre-evaluating a sensed biometric feature. The sensed
`information is thereby reduced to certain, characteristic pri-
`mary features. The different types and the implementation of
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 8 of 9
`
`AIRE-SAMS-00001861
`
`US 8,205,249 B2
`
`3
`biometric authentication methods are described for example
`in the abovementioned “Chip card manual”, chapter 8.1.2.
`The portable data carrier 20 is for example a chip card as
`likewise described in detail in the “Chip card manual”. FIG. 1
`indicates for the portable data carrier 20 in particular a con-
`tact-type chip card with a contact pad 22 constituting an
`interface corresponding to the terminal-side interface 19. Via
`the interfaces 22, 19 the communication between chip card 20
`and terminal 14 is effected. Apart from the shape of a chip
`card, the portable data carrier 20 can have any other shapes,
`being realized for example in an article of clothing worn by
`the user 30 or an article of daily use carried by the user 30.
`The portable data carrier 20 has an integrated circuit 24
`which has all elements of a usual computer, in particular a
`microprocessor 25 and storage means 26. The microproces-
`sor 25 is set up to perform a security-establishing operation.
`For example, it is set up to subject a supplied data record 40,
`referred to hereinafter as an electronic document 40, to a
`cryptographic algorithm, whereby it uses at least one secret
`key stored in the storage means 26. The microprocessor 25 is
`also set up to realize further functionalities according to pro-
`grams stored in the storage means 26.
`The portable data carrier 20 is further set up to perform at
`least one, but expediently a plurality of different quality user
`authentication methods. It preferably supports at least two
`authentication methods of different order with regard to the
`quality of authentication. It expediently supports at least one
`knowledge-based authentication method, e.g. a PIN check,
`and at least one biometric method, within which a biometric
`feature of the user 30 to be presented at the terminal 14 is
`checked. The biometric method inherently constitutes the
`higher-quality one here, since it presupposes the personal
`presence of the user 30; this is not ensured in the knowledge-
`based method since the knowledge can have been acquired by
`an unauthorized user. Accordingly the storage means 26 store
`at least one secret to be presented by the user 30, e.g. a
`reference PIN assigned to a user 30, and at least one biometric
`reference data record assigned to a user 30. It can expediently
`be provided that the portable data carrier 20 supports more
`than two authentication methods, in particular further bio-
`metric methods. Accordingly the storage means 26 in this
`case store further secrets and/or reference data records and the
`integrated circuit 24 is set up to perform the further authen-
`tication methods.
`Hereinafter the effecting of a secure electronic transaction
`using the structure shown in FIG. 1 will be described with
`reference to FIGS. 2 and 3. The security-establishing opera-
`tion will be the signing of an electronic document 40.
`The use is initiated by creation of an electronic document
`40 in the background system 10 or in the terminal 14, step
`100. As arule, said creation is preceded by an initiation dialog
`between a user 30 and the background system 10 via the
`terminal 14. At the latest when an electronic document 40 is
`present in the terminal 14, this causes the start ofthe signature
`application, step 102. This start can be caused automatically
`by the terminal 14 or the background system 10, or initiated
`by the user 30 after the terminal 14 has asked him to do so by
`means of a suitable display on the display device 16.
`After the signature application has been started, the user 30
`presents a suitable portable data carrier 20 to the terminal 40,
`step 104. The portable data carrier 20 will hereinafter be taken
`to have the form of a contact-type chip card. Further, it will
`hereinafter be assumed that the chip card 20 supports two
`authentication methods, namely a PIN check as a knowledge-
`based, inherently low-quality method, and a fingerprint check
`as a biometric, inherently higher-quality method.
`When the terminal 14 has recognized the presence ofa chip
`card 20, it first performs mutual authentication therewith, step
`106, whereby the chip card 20 first proves its authenticity to
`the terminal 14 and then the terminal 14 to the chip card 20.
`Ifauthentication is successful, terminal 14 and chip card 20
`negotiate dynamic session keys to permit further communi-
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`cation to be conducted securely in the so-called secure mes-
`saging mode, step 108. For details on the concept of secure
`messaging and dynamic sessionkeys, reference is again made
`to the “Chip card manual”.
`Then, authentication of the user 30 vis-a-vis the chip card
`20 is effected. First the terminal 14 checks how authentication
`is to be effected—knowledge-based, i.e. by input of a PIN, or
`biometrically, i.e. by presentation of a fingerprint, step 110.
`Specification of an authentication method can be effected
`automatically by the terminal 14 on the basis of information
`transmitted with the electronic document 40, but it can also be
`presented to the user 30 as a decision request via the display
`device 16. In the latter case the user 30 makes a decision by
`means of the input means 18.
`If authentication of the user 30 is to be knowledge-based,
`i.e. effected by input of a PIN, the chip card 20 disables the
`further possible authentication methods, i.e. the fingerprint
`check, step 112, and asks the user 30 via the display device 16
`to enter his PIN via the input means 18.
`The user 30 thereupon enters the PIN via the input means
`18 and the terminal 14 passes it on directly or in modified
`form via the interface 19, 22 to the chip card 20, step 114.
`Transmission of the PIN, or the information derived there-
`from, and subsequent communication with the chip card is
`additionally secured using the negotiated session keys. The
`total communication between terminal 14 and chip card 20 is
`expediently effected in the secure messaging mode.
`The card checks the transmitted PIN and confirms correct-
`ness to the terminal 14 in the no-error case, or terminates the
`procedure if the PIN was checked as false, step 116.
`Ifthe no-error case is given, the terminal 14 causes the chip
`card 20 by corresponding instructions to perform the secu-
`rity-establishing operation,
`the digital signature, and
`ie.
`transmits the electronic document 40 to be signed to the chip
`card 20, step 118.
`The chip card 20 signs the supplied electronic document 40
`with the secret key stored in the storage means 22, step 120,
`and sends the electronic signature 40 back to the terminal 14,
`step 122, which uses it to continue the initiated electronic
`transaction.
`If the check in step 110 shows that authentication of the
`user 30 is not to be knowledge-based but biometric, the ter-
`minal 14 initiates authentication against presentation of a
`biometric feature and makes a corresponding report to the
`chip card 20, step 130. The chip card 20 thereupon disables
`the further authentication methods not used, i.e. the knowl-
`edge-based PIN check, step 132.
`Subsequently the user 30 presents to the terminal 14 a
`biometric feature according to the authentication method
`used, i.e. a fingerprint, step 134. The request to present the
`fingerprint is preferably effected by a corresponding display
`on the display device 16 of the terminal 14. The fingerprint is
`detected by the sensor 15 provided on the terminal 14.
`The detected biometric feature, i.e. the fingerprint of the
`user 30, is subjected by the terminal 14 to pre-processing in
`which it extracts certain identifying features from the signal
`obtained on the sensor 15, step 136. If a fingerprint is used,
`primary features of the “Henry classification method” are
`determined, for example, as described in the “Chip card
`manual”.
`The extracted features are transmitted by the terminal 14
`via the interface 19, 22 to the portable data carrier 20, step
`138.
`When the data carrier receives them it performsa verifica-
`tion of the transmitted extracted features, step 140. The inte-
`grated circuit 24 thereby compares the received extracted
`features with the reference features stored in the storage
`means and checks whether a sufficient match is present. Ifthis
`is the case, the portable data carrier 20 confirms to the termi-
`nal 14 the successful verification ofthe transmitted biometric
`the portable data carrier 20
`feature, step 142. Further,
`
`

`

`Case 6:21-cv-01101-ADA Document 31-2 Filed 05/19/22 Page 9 of 9
`
`AIRE-SAMS-00001862
`
`US 8,205,249 B2
`
`5
`switches itself ready to execute the intended security-estab-
`lishing operation, i.e. perform a digital signature.
`After receiving the confirmation of successful verification
`ofauthentication, the terminal 14 causes the data carrier 20 by
`corresponding instructions to perform the digital signature,
`step 144. Together with the instructions the terminal 14 trans-
`mits to the portable data carrier 20 the electronic document 40
`to be signed, or at least parts thereof.
`The integrated circuit 24 of the portable data carrier 20
`thereupon performs the operations required for creating a
`digital signature, step 146. It typically forms a hash value over
`the received part of the electronic document 40 and encrypts
`it with a secret key, stored in the storage means 26, of an
`asymmetrical key pair consisting of a secret key and public
`key.
`Furthermore, the integrated circuit 24 forms quality infor-
`mation, step 148, which acknowledges that authentication of
`the user 30 was done using a biometric feature. Said quality
`information is thereuponjoined firmly with the created digital
`signature to form a security message; expediently within the
`secure messaging mechanism using the previously negotiated
`session keys.
`The thus formed security message consisting of digital
`signature and quality information is sent by the portable data
`carrier 20 back to the terminal 14, step 150. From here the
`transmitted security message is passed on within the effected
`secure electronic transaction to the recipient involved in the
`transaction, e.g. a background system 10.
`In addition to the security-establishing operation per-
`formed by the portable data carrier 20, the recipient of the
`security message at the same time receives through the qual-
`ity information contained therein a statement on the quality of
`the performed authentication of the user 30.
`In the above-described example, quality information was
`created only upon use of a biometric authentication method,
`not upon use of a knowledge-based method. Thus, the lack of
`quality information already signals the use of a lower-quality
`method. However, it can of course be provided that quality
`information is always formed, i.e. regardless of whether a
`knowledge-based or biometric method was chosen for
`authentication.
`While retaining the basic idea of attaching quality infor-
`mation about the quality of the previously performed user
`authentication to the result of a security-establishing opera-
`tion executed by a portable data carrier, the above-described
`concept allows further embodiments and variations. This
`applies to the design of the system used in effecting a trans-
`action, which can comprise more components and compo-
`nents of a different type. The described procedure can also
`comprise further steps, e.g. intermediate steps.
`The invention claimed is:
`1.A method for effecting a secure electronic transaction on
`a terminal using a portable data carrier arranged to perform
`different quality user authentication methods, wherein the
`portable data carrier performs a user authentication using one
`of said different user authentication methods, the portable
`data carrier confirms the proof of authentication to the termi-
`nal, and the portable data carrier then performs a security-
`establishing operation within the electronic transaction, com-
`prising the
`steps of creating authentication quality
`information by the portable data carrier about said user
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`6
`authentication method used and attaching said authentication
`quality information to the result of the security-establishing
`operation, wherein the difference in quality of said user
`authentication methods varies between an inherently rela-
`tively lower quality and an inherently relatively higher quality
`from a security perspective.
`2. The method according to claim 1, wherein the security-
`establishing operation performed by the portable data carrier
`comprises creating a digital signature.
`3. The method according to claim 1, wherein the authenti-
`cation of the user is performed by presentation of a biometric
`feature.
`4. The method according to claim 3, wherein the authenti-
`cation of the user is performed by presentation of a physi-
`ological or behavior-based feature characteristic of a user.
`5. The method according to claim 1, wherein the authenti-
`cation of the user is performed by proof of knowledge of a
`secret.
`6. The method according to claim 1, wherein at least two
`different authentication methods of different quality are
`offered for authentication of the user.
`7. The method according to claim 6, wherein the particular
`authentication methods not used are disabled.
`8. The method according to claim 6, wherein no quality
`information is produced for an authentication method.
`9. The method according to claim 1, whereina user is asked
`to select an authentication method.
`portable data carrier for performing a security-estab-
`lishing operation within a secure electronic transaction and
`arranged to perform different quality user authentication
`methods, wherein the difference in quality of said user
`authentication methods varies between an inherently rela-
`tively lower quality and an inherently relatively higher quality
`from a security perspective, comprising: the portable data
`carrier is arranged to perform a user authentication using one
`of said implemented user authentication methods and the
`portable data carrier is arranged to confirm the authentication
`to aterminal, and wherein the data carrier is arranged to create
`quality information about said user authentication method
`used and to attach such quality information to the result ofthe
`security establishing operation.
`11. The data carrier according to claim 10, wherein the
`portable data carrier is set up to create a digital signature.
`12. The data carrier according to claim 10, wherein the data
`carrier supports at least two qualitatively different authenti-
`cation methods.
`13. A terminal for use in connection with a portable data
`carrier, said terminal including a device arranged to cause a
`user to select one of at least two possible different quality
`authentication methods, wherein the portable data carrier is
`arranged to perform a user authentication using one of the at
`least two possible different quality authentication methods
`and to confirm the authentication to the terminal, and the data
`carrier is arranged to create quality information about the
`authentication method used and to attach such quality infor-
`mation to the result of a security establishing operation, the
`difference in quality of said authentication methods varies
`between an inherently relatively lower quality and an inher-
`ently relatively higher quality from a security perspective.
`
`*
`
`*
`
`*
`
`*
`
`*
`
`