Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 1 of 9
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Exhibit 2
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 2 of 9
`ee—”~— STATATT
`
`US008205249B2
`
`a2) United States Patent
`US 8,205,249 B2
`(0) Patent No.:
`Jun. 19, 2012
`(45) Date of Patent:
`Meisteret al.
`
`(54)
`
`METHOD FOR CARRYING OUT A SECURE
`ELECTRONIC TRANSACTION USING A
`PORTABLE DATA SUPPORT
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`(75)
`
`Inventors: Gisela Meister, Miinchen (DE); Nigol
`Martin, Miinchen (DE)
`
`(73)
`
`Assignee:
`
`Giesecke & Devrient GmbH, Munich
`(DE)
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 780 days.
`
`EP
`
`(21)
`
`Appl. No.:
`
`10/531,259
`
`(22)
`
`PCTFiled:
`
`Oct. 23, 2003
`
`(86)
`
`(87)
`
`(65)
`
`(30)
`
`PCT No.:
`
`PCT/EP03/11761
`
`§ 371 (©),
`(2), (4) Date:
`
`Apr. 24, 2006
`
`PCT Pub. No.: WO2004/038665
`
`PCT Pub. Date: May6, 2004
`
`Prior Publication Data
`
`US 2006/0242691 Al
`
`Oct. 26, 2006
`
`Foreign Application Priority Data
`
`Oct. 24, 2002
`
`(DE) wee eect ceeeecrereeeeee 102 49 801
`
`(51)
`
`(52)
`(58)
`
`Int. Cl.
`GO6F 7/04
`(2006.01)
`GO6F 12/00
`(2006.01)
`(2006.01)
`GO6F 12/14
`(2006.01)
`GO6F 21/00
`US. Ch oe 726/9; 726/20; 705/53; 713/166
`Field of Classification Search................ 726/9, 20;
`705/53; 713/166
`See application file for complete search history.
`
`
`....0..0.. 713/186
`
`2/1991 Piosenka et al.
`4,993,068 A *
`7/2001 French
`6,263,447 Bl
`6/2002 Fischer
`6,408,388 Bl
`5/2003 Guthery os 713/168
`6,567,915 BI1*
`6,651,168 B1* 11/2003 Kao etal. ....
`» 713/185
`
`6,779,113 B1*
`8/2004 Guthery oe . 713/172
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`1045346 A
`10/2000
`
`(Continued)
`
`OTHER PUBLICATIONS
`
`Russel Davis, Network Authentication Tokens, Computer Security
`Applications Conference, 1989, 5th annual, Dec. 4, 1989, pp. 234-
`238 (ISBN: 0/8186-2006-4).
`
`Primary Examiner — Nathan Flynn
`Assistant Examiner — Trang Doan
`(74) Attorney, Agent, or Firm — Bacon & Thomas, PLLC
`
`(57)
`
`ABSTRACT
`
`A method for effecting a secure electronic transaction on a
`terminal using a portable data carrier is proposed. According
`to the method a user (30) first authenticates himself vis-a-vis
`the portable data carrier (20). The portabledata carrier (20)at
`the same time produces quality information about how
`authentication was done. The authentication is confirmed to
`
`the terminal (14). Then theportable data carrier (20) performs
`a security-establishing operation within the transaction, for
`example the creation of a digital signature. It attaches the
`quality information to the result of the security-establishing
`operation.
`
`13 Claims, 3 Drawing Sheets
`
`
`
`
`
`
`ooo
`
`
`
`
`
`
`
`
`
`1s
`
`(A)
`
`
`
`
`
`
`
`
`
`
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 3 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 3 of 9
`
`US 8,205,249 B2
`
`Page 2
`
`
`
`U.S. PATENT DOCUMENTS
`6,810,479 BL* 10/2004 Barlow etal. wc. 713/185
`6.915.426 BL*
`7/2005 Carman et al.
`113/168
`7,051,206 BL*
`5/2006 Giest etal.
`......
` TIB/L76
`7,162,058 B2*
`1/2007 Mimuraetal.
`.
`wee 382/124
`7,286,691 B1* 10/2007 Modl et al...
`ve 382/115
`we ASS/AIL
`7,403,765 B2*
`7/2008 Miyashita....
`
`8/2008 Ishibashiet al.
`wee 713/175
`7,409,554 B2*
`7,457,442 B2* 11/2008 Mimuraetal. .
`we 382/124
`2/2002 Wheeler etal.
`.
`we 713/170
`2002/0016913 A1*
`
`.. 713/202
`2002/0087894 Al*
`7/2002 Foley etal.
`..
`
`....
`2002/0095587 Al*
`7/2002 Doyle etal.
`713/186
`
`Es
`9/2002 Parmeleeetal.
`2002/0128969 A1*
`.. 705/42
`9/2002 Parmelee et al... 713/180
`2002/0129256 Al
`2002/0141586 Al* 10/2002 Margalit et al. oo... 380/270
`:
`2002/0150283 Al
`10/2002 Mimuraet al.
`2003/0005310 Al*
`1/2003 Shinzaki we 713/186
`2003/0012382 Al*
`1/2003 Ferchichi et al.
`............. 380/270
`
`1/2003 Wheeler etal. ow... 705/71
`2003/0014372 Al*
`..- 713/186
`3/2003 Leydieretal. ...
`2003/0046554 Al"
`
`v TIB/185
`5/2003 Russo et al...
`2003/0101348 Al*
`
`..
`. 705/51
`6/2003 Brickell etal.
`2003/0115142 Al*
`1/2004 Wheeler etal. ow. 380/28
`2004/0005051 Al*
`4/2007 Mimuraetal. 0... 382/124
`2007/0076925 A1*
`2007/0276754 Al* 11/2007 Parmelee et al... 705/43
`
`FOREIGN PATENT DOCUMENTS
`s00ltLaine ‘ oer
`ib
`2001344213 A
`12/2001
`JP
`0074001 Al
`12/2000
`Wo
`0182190 A
`11/2001
`Wo
`02067091 A
`8/2002
`WO
`02073341 A2
`9/2002
`wo
`:
`:
`* cited by examiner
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 4 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 4 of 9
`
`U.S. Patent
`
`Jun. 19, 2012
`
`Sheet 1 of 3
`
`US 8,205,249 B2
`
`Fig. 1
`
`4
`
`20
`
`22
`
`24
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 5 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 5 of 9
`
`U.S. Patent
`
`Jun. 19, 2012
`
`Sheet 2 of 3
`
`US 8,205,249 B2
`
`Fig. 2
`
`100
`
`Electronic document
`
`102
`
`Start signature application
`
`104
`
`Present card
`
`106
`
`Mutual authentication
`
`108
`
`Negotiate session keys
`
`110
`
`PIN authentication?
`
`3 °o
`
`< oO o
`
`112
`
`Disable biometric method
`
`114|Enter PIN
`
`
`
`116|Verify PIN
`
`117
`
`Confirm PIN verification
`
`118
`
`Perform signature!
`
`120
`
`Sign with secret key
`
`122|Send back signature
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 6 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 6 of 9
`
`U.S. Patent
`
`Jun. 19, 2012
`
`Sheet 3 of 3
`
`US 8,205,249 B2
`
`Fig. 3
`
`o
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 7 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 7 of 9
`
`US 8,205,249 B2
`
`1
`METHOD FOR CARRYING OUT A SECURE
`ELECTRONIC TRANSACTION USING A
`PORTABLE DATA SUPPORT
`
`BACKGROUND
`
`A.Field
`
`This invention relates to secure authentication of a user of
`a portable data carrier communicating with a terminal.
`This invention starts out from a method exemplified, for
`example, by the method according to “Handbuch der Chip-
`karten” (herein-after “Chip card manual’), W. Rankl, W. Eff-
`ing, 3rd edition, 1999, pp. 692 to 703, underthetitle “Digital
`signature”. For performing a legally binding electronic sig-
`nature, a digital signature card containing a secret signature
`key is accordingly to be used. A signature is performed on a
`suitable terminal from which the card receives in electronic
`form a documentto be signed. To be able to perform a signa-
`ture, the user of the card must establish proof of his identity
`through the terminal. This proof is regularly furnished by
`entering a PIN (person identification number) which is com-
`pared with a reference PIN stored in the card. In futureit is
`plannedto perform user authentication by checking a biomet-
`ric feature, e.g. a fingerprint. When an electronic document
`has been signed with the help of a signature card after suc-
`cessful authentication of the user, the document can then be
`passed on in any way. The electronic signature makes it
`possible to effect particularly security-critical transactions,
`e.g. the placing of service orders involving costs, by elec-
`tronic channels.
`The intended introduction of biometric features for user
`authentication obtains a further improvement ofthe trustwor-
`thiness of an electronic signature compared to the hitherto
`usual PIN authentication, because it guarantees that the sig-
`nature card can only be used in the presence of a definite
`person entitled to do so.
`However,
`the thereby realized quality difference with
`regard to user authentication is hitherto not reflected in the
`usability of the particular electronic signature produced.
`It is the problem ofthe invention to specify a method for
`effecting a secure electronic transaction using a portable data
`carrier which takes account of the quality of the user authen-
`tication performed.
`According to the invention, when user authentication is
`being performedthe performing data carrier produces quality
`information about
`the authentication method used. This
`voucher is attached to the result of a security-establishing
`operation subsequently performed by the portable data car-
`rier. The recipient of a thus formed message can therefore
`clearly recognize how a user has authenticated himselfbefore
`effecting the security-establishing operation. This gives the
`recipient the possibility of making the effecting of a secure
`transaction contingent on the quality of user authentication.
`For example, in a purse applicationit can be provided that an
`amount of money below a limiting value can be withdrawn
`from an account after PIN authentication, while amounts of
`money abovethe limiting value can only be withdrawn after
`authentication by means of a biometric feature.
`The inventive methodis used particularly advantageously
`in connection with the electronic signature.
`
`SUMMARY
`
`Ina preferred embodiment, the implementation ofthe vari-
`ous possible user authentication methods is so designed that
`the intermediate execution results of the lower-quality
`method cannot be converted in a simple way into intermediate
`execution results of a higher-quality method. This achieves
`the result that itis impossible to tamper with an authentication
`voucher even when an unauthorized user has access to both a
`
`10
`
`15
`
`20
`
`30
`
`35
`
`40
`
`45
`
`55
`
`60
`
`65
`
`2
`portable data carrier and associated, low-order authentication
`information, i.e. when an unauthorized user has for example
`a portable data carrier together with an associated PIN.
`It is further advantageousif the particular authentication
`methods not used in performing a user authentication are
`disabled for the duration of the authentication.
`
`DESCRIPTION OF THE DRAWINGS
`
`An embodiment of the invention will hereinafter be
`explained in more detail with reference to the drawing.
`Drawing
`FIG. 1 showsthe structure of a system for performing a
`digital signature,
`FIGS. 2, 3 show the process of performinga digital signa-
`ture as a flow chart.
`FIG.1 illustrates the basic structure of a transaction system
`for effecting a secure electronic transaction. Essential ele-
`ments of the structure with regard to the invention are a
`background system 10 connected to a terminal 14 via a data
`network 12, a portable data carrier 20 which is carried by a
`user 30 and set up to perform a security-establishing opera-
`tion within a transaction, and a data record 40 whichis to be
`handled securely within a transaction to be effected.
`The secure electronic transaction will hereinafter be
`assumed to be a transaction requiring the production of a
`digital signature on the part of the user 30. Such a transaction
`can be e.g. the effecting of a banking transaction by which the
`account of the user 30 is debited. However, the described
`solution is not restricted to transactions requiring a digital
`signature but is fundamentally usable in any application in
`which a portable data carrier 20 processes data records 40
`supplied from a terminal 14 and gives back them to the
`terminal 14.
`The background system 10 is representative ofa device that
`effects the actual transaction, e.g. the movement of money
`between two accountsor theinitiation of a delivery of goods
`following an order. The background system 10 can accord-
`ingly be a complex system comprising a plurality of indi-
`vidual components or, in extreme cases, be completely omit-
`ted. Ifthe transaction is an account movementapplication, the
`background system 10 is typically formed by a central bank
`office.
`The data network 12 serves to exchange data between a
`terminal 14 and the background system 10. It can have any
`physical form and berealized for example by the Internet or
`a mobile phone network.
`The terminal 14 constitutes the user-side interface of the
`transaction system andhasfor this purpose display means16,
`typically in the form of a display screen, and input means 18,
`e.g. in the form of a keyboard. The terminal 14 can be a
`publicly accessible terminal, e.g. a device set up in a bank, or
`a device situated in the private area of a user 30, e.g. a PC or
`mobile telephone. The data network 12, thus a background
`system 10, can have connected thereto one or more terminals
`14 which can be of different design. The terminal 14 has an
`interface 19 for communication with a portable data carrier
`20. The interface 19 can be of any physical design, in particu-
`lar of contact-type or non-contact type.
`The terminal 14 further has a sensor device 15, referred to
`hereinafter as the sensor, for detecting a biometric feature of
`a user 30. The sensor 15 can be capable of detecting physi-
`ological features, such as facial features, features ofthe eye or
`fingerprints, or behavior-based features, such as speech or
`writing sequences expressedby the voice or by writing opera-
`tions. FIG. 1 indicates a fingerprint sensor as the sensor 15.
`The sensor 15 can be formed for sensing a plurality of differ-
`ent biometric features. The sensor 15 further contains means
`for pre-evaluating a sensed biometric feature. The sensed
`information is thereby reduced to certain, characteristic pri-
`mary features. The different types and the implementation of
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 8 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 8 of 9
`
`US 8,205,249 B2
`
`3
`biometric authentication methodsare described for example
`in the abovementioned “Chip card manual”, chapter 8.1.2.
`The portable data carrier 20 is for example a chip card as
`likewise describedin detail in the “Chip card manual”. FIG. 1
`indicates for the portable data carrier 20 in particular a con-
`tact-type chip card with a contact pad 22 constituting an
`interface correspondingto the terminal-side interface 19. Via
`the interfaces 22, 19 the communication between chip card 20
`and terminal 14 is effected. Apart from the shape of a chip
`card, the portable data carrier 20 can have any other shapes,
`being realized for example in an article of clothing worn by
`the user 30 or an article of daily use carried by the user 30.
`The portable data carrier 20 has an integrated circuit 24
`which has all elements of a usual computer, in particular a
`microprocessor 25 and storage means 26. The microproces-
`sor 25 is set up to perform a security-establishing operation.
`For example,it is set up to subject a supplied data record 40,
`referred to hereinafter as an electronic document 40, to a
`cryptographic algorithm, wherebyit uses at least one secret
`key stored in the storage means 26. The microprocessor 25 is
`also set up to realize further functionalities according to pro-
`gramsstored in the storage means 26.
`The portable data carrier 20 is further set up to perform at
`least one, but expediently a plurality of different quality user
`authentication methods. It preferably supports at least two
`authentication methods of different order with regard to the
`quality of authentication. It expediently supports at least one
`knowledge-based authentication method, e.g. a PIN check,
`andat least one biometric method, within which a biometric
`feature of the user 30 to be presented at the terminal 14 is
`checked. The biometric method inherently constitutes the
`higher-quality one here, since it presupposes the personal
`presenceofthe user 30; this is not ensured in the knowledge-
`based methodsince the knowledge can have been acquired by
`an unauthorized user. Accordingly the storage means 26 store
`at least one secret to be presented by the user 30, e.g. a
`reference PIN assignedto a user30, and at least one biometric
`reference data record assignedto a user 30. It can expediently
`be provided that the portable data carrier 20 supports more
`than two authentication methods, in particular further bio-
`metric methods. Accordingly the storage means 26 in this
`case store further secrets and/or reference data records and the
`integrated circuit 24 is set up to perform the further authen-
`tication methods.
`Hereinafter the effecting of a secure electronic transaction
`using the structure shown in FIG. 1 will be described with
`reference to FIGS. 2 and 3. The security-establishing opera-
`tion will be the signing of an electronic document40.
`Theuse is initiated by creation of an electronic document
`40 in the background system 10 or in the terminal 14, step
`100. As a rule, said creation is preceded by an initiation dialog
`between a user 30 and the background system 10 via the
`terminal 14. At the latest when an electronic document 40 is
`present in the terminal14, this causesthestart ofthe signature
`application, step 102. This start can be caused automatically
`by the terminal 14 or the background system 10, or initiated
`by the user 30 after the terminal 14 has asked him to do so by
`meansofa suitable display on the display device 16.
`After the signature application has beenstarted, the user 30
`presents a suitable portable datacarrier 20 to the terminal 40,
`step 104. The portable data carrier 20 will hereinafter be taken
`to have the form of a contact-type chip card. Further, it will
`hereinafter be assumed that the chip card 20 supports two
`authentication methods, namely a PIN check as a knowledge-
`based, inherently low-quality method, and a fingerprint check
`as a biometric, inherently higher-quality method.
`Whenthe terminal 14 has recognizedthe presence ofa chip
`card 20, it first performs mutual authentication therewith, step
`106, whereby the chip card 20 first proves its authenticity to
`the terminal 14 and then the terminal 14 to the chip card 20.
`Ifauthentication is successful, terminal 14 and chip card 20
`negotiate dynamic session keys to permit further communi-
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`cation to be conducted securely in the so-called secure mes-
`saging mode, step 108. For details on the concept of secure
`messaging and dynamicsession keys, reference is again made
`to the “Chip card manual”.
`Then, authentication of the user 30 vis-a-vis the chip card
`20 is effected. First the terminal 14 checks how authentication
`is to be effected—knowledge-based, i.e. by input of a PIN, or
`biometrically, i.e. by presentation of a fingerprint, step 110.
`Specification of an authentication method can be effected
`automatically by the terminal 14 on the basis of information
`transmitted with the electronic document40, butit can also be
`presented to the user 30 as a decision request via the display
`device 16. In the latter case the user 30 makes a decision by
`meansof the input means 18.
`If authentication of the user 30 is to be knowledge-based,
`i.e. effected by input of a PIN, the chip card 20 disables the
`further possible authentication methods, i.e. the fingerprint
`check, step 112, and asks the user 30 via the display device 16
`to enter his PIN via the input means 18.
`The user 30 thereupon enters the PIN via the input means
`18 and the terminal 14 passes it on directly or in modified
`form via the interface 19, 22 to the chip card 20, step 114.
`Transmission of the PIN, or the information derived there-
`from, and subsequent communication with the chip card is
`additionally secured using the negotiated session keys. The
`total communication between terminal 14 and chip card 20 is
`expediently effected in the secure messaging mode.
`The card checks the transmitted PIN and confirmscorrect-
`ness to the terminal 14 in the no-error case, or terminates the
`procedure if the PIN was checkedasfalse, step 116.
`Ifthe no-errorcase is given, the terminal 14 causes the chip
`card 20 by corresponding instructions to perform the secu-
`rity-establishing operation, ie.
`the digital signature, and
`transmits the electronic document 40 to be signed to the chip
`card 20, step 118.
`The chip card 20 signs the supplied electronic document 40
`with the secret key stored in the storage means 22, step 120,
`and sendsthe electronic signature 40 back to the terminal 14,
`step 122, which uses it to continue the initiated electronic
`transaction.
`If the check in step 110 showsthat authentication of the
`user 30 is not to be knowledge-based but biometric, the ter-
`minal 14 initiates authentication against presentation of a
`biometric feature and makes a corresponding report to the
`chip card 20, step 130. The chip card 20 thereupon disables
`the further authentication methods not used, i.e. the knowl-
`edge-based PIN check, step 132.
`Subsequently the user 30 presents to the terminal 14 a
`biometric feature according to the authentication method
`used, i.e. a fingerprint, step 134. The request to present the
`fingerprint is preferably effected by a corresponding display
`on the display device 16 of the terminal 14. The fingerprint is
`detected by the sensor 15 provided on the terminal 14.
`The detected biometric feature, i.e. the fingerprint of the
`user 30, is subjected by the terminal 14 to pre-processing in
`whichit extracts certain identifying features from the signal
`obtained on the sensor 15, step 136. If a fingerprint is used,
`primary features of the “Henry classification method” are
`determined, for example, as described in the “Chip card
`manual”.
`The extracted features are transmitted by the terminal 14
`via the interface 19, 22 to the portable data carrier 20, step
`138.
`Whenthe data carrier receives them it performsa verifica-
`tion of the transmitted extracted features, step 140. The inte-
`grated circuit 24 thereby compares the received extracted
`features with the reference features stored in the storage
`means and checks whethera sufficient match is present. Ifthis
`is the case, the portable data carrier 20 confirmsto the termi-
`nal 14 the successfulverification ofthe transmitted biometric
`feature, step 142. Further,
`the portable data carrier 20
`
`

`

`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 9 of 9
`Case 6:21-cv-01101-ADA Document 72-2 Filed 11/09/22 Page 9 of 9
`
`US 8,205,249 B2
`
`6
`authentication method used andattaching said authentication
`quality information to the result of the security-establishing
`operation, wherein the difference in quality of said user
`authentication methods varies between an inherently rela-
`tively lower quality and an inherently relatively higher quality
`from a security perspective.
`2. The methodaccording to claim 1, wherein the security-
`establishing operation performed by the portable data carrier
`comprises creating a digital signature.
`3. The method according to claim 1, wherein the authenti-
`cation ofthe user is performed by presentation of a biometric
`feature.
`4. The method according to claim 3, wherein the authenti-
`cation of the user is performed by presentation of a physi-
`ological or behavior-based feature characteristic of a user.
`5. The method according to claim 1, wherein the authenti-
`cation of the user is performed by proof of knowledge of a
`secret.
`
`10
`
`15
`
`20
`
`30
`
`35
`
`5
`switches itself ready to execute the intended security-estab-
`lishing operation,i.e. perform a digital signature.
`After receiving the confirmation of successful verification
`ofauthentication, the terminal 14 causes the data carrier 20 by
`corresponding instructions to perform the digital signature,
`step 144. Together with the instructions the terminal14 trans-
`mits to the portable data carrier 20 the electronic document 40
`to be signed,or at least parts thereof.
`The integrated circuit 24 of the portable data carrier 20
`thereupon performs the operations required for creating a
`digital signature, step 146. It typically formsa hash value over
`the received part of the electronic document 40 and encrypts
`it with a secret key, stored in the storage means 26, of an
`asymmetrical key pair consisting of a secret key and public
`key.
`Furthermore, the integrated circuit 24 forms quality infor-
`mation, step 148, which acknowledges that authentication of
`the user 30 was done using a biometric feature. Said quality
`6. The method according to claim 1, wherein at least two
`information is thereuponjoined firmly with the created digital
`different authentication methods of different quality are
`signature to form a security message; expediently within the
`offered for authentication of the user.
`secure messaging mechanism usingthe previously negotiated
`7. The method according to claim 6, wherein the particular
`session keys.
`authentication methods not used are disabled.
`The thus formed security message consisting of digital
`8. The method according to claim 6, wherein no quality
`signature and quality information is sent by the portable data
`information is produced for an authentication method.
`carrier 20 back to the terminal 14, step 150. From here the
`
`transmitted security message is passed on withinthe effected 9. The method according to claim 1, whereinauser is asked
`25
`to select an authentication method.
`secure electronic transaction to the recipient involved in the
`transaction, e.g. a background system 10.
`10. A portable data carrier for performing a security-estab-
`In addition to the security-establishing operation per-
`lishing operation within a secure electronic transaction and
`formed by the portable data carrier 20, the recipient of the
`arranged to perform different quality user authentication
`security message at the same timereceives through the qual-
`methods, wherein the difference in quality of said user
`ity information containedtherein a statement onthe quality of
`authentication methods varies between an inherently rela-
`the performed authentication of the user 30.
`tively lower quality and an inherently relatively higher quality
`In the above-described example, quality information was
`from a security perspective, comprising: the portable data
`created only upon use of a biometric authentication method,
`carrier is arranged to perform a user authentication using one
`not upon use of a knowledge-based method. Thus, the lack of
`of said implemented user authentication methods and the
`quality information already signals the use of a lower-quality
`portable datacarrier is arranged to confirm the authentication
`method. However, it can of course be provided that quality
`to aterminal, and wherein the data carrier is arranged to create
`information is always formed, i.e. regardless of whether a
`quality information about said user authentication method
`knowledge-based or biometric method was chosen for
`used andto attach such quality informationto the result ofthe
`authentication.
`security establishing operation.
`While retaining the basic idea of attaching quality infor-
`11. The data carrier according to claim 10, wherein the
`mation about the quality of the previously performed user
`portable data carrier is set up to create a digital signature.
`authentication to the result of a security-establishing opera-
`12. The data carrier according to claim 10, wherein the data
`tion executed by a portable data carrier, the above-described
`carrier supports at least two qualitatively different authenti-
`cation methods.
`concept allows further embodiments and variations. This
`applies to the design of the system used in effecting a trans-
`13. A terminal for use in connection with a portable data
`action, which can comprise more components and compo-
`carrier, said terminal including a device arranged to cause a
`nents of a different type. The described procedure can also
`user to select one of at least two possible different quality
`comprise further steps, e.g. intermediate steps.
`authentication methods, wherein the portable data carrieris
`The invention claimedis:
`arranged to perform a user authentication using one ofthe at
`least two possible different quality authentication methods
`andto confirm the authentication to the terminal, and the data
`carrier is arranged to create quality information about the
`authentication method used andto attach such quality infor-
`mation to the result of a security establishing operation, the
`difference in quality of said authentication methods varies
`between an inherently relatively lower quality and an inher-
`ently relatively higher quality from a security perspective.
`*
`*
`*
`*
`*
`
`40
`
`45
`
`50
`
`55
`
`1.A methodfor effecting a secure electronic transaction on
`a terminal using a portable data carrier arranged to perform
`different quality user authentication methods, wherein the
`portable data carrier performsa user authentication using one
`of said different user authentication methods, the portable
`data carrier confirmsthe proof of authentication to the termi-
`nal, and the portable data carrier then performs a security-
`establishing operation withinthe electronic transaction, com-
`prising the
`steps of creating authentication quality
`information by the portable data carrier about said user
`
`