EP2048631A1 - Authentication method, corresponding portable object and computer program - Google Patents

Authentication method, corresponding portable object and computer program Download PDF

Info

Publication number
EP2048631A1
EP2048631A1 EP20080166402 EP08166402A EP2048631A1 EP 2048631 A1 EP2048631 A1 EP 2048631A1 EP 20080166402 EP20080166402 EP 20080166402 EP 08166402 A EP08166402 A EP 08166402A EP 2048631 A1 EP2048631 A1 EP 2048631A1
Authority
EP
European Patent Office
Prior art keywords
authentication
portable object
value indicating
signature
delay
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP20080166402
Other languages
German (de)
French (fr)
Inventor
David Naccache
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Worldline MS France
Original Assignee
Compagnie Industrielle et Financiere dIngenierie Ingenico SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=39401016&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP2048631(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Compagnie Industrielle et Financiere dIngenierie Ingenico SA filed Critical Compagnie Industrielle et Financiere dIngenierie Ingenico SA
Publication of EP2048631A1 publication Critical patent/EP2048631A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1058PIN is checked locally
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1058PIN is checked locally
    • G07F7/1066PIN data being compared to data on card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1083Counting of PIN attempts

Definitions

  • the field of the invention is that of secure portable objects, such as microprocessor cards, or smart cards. More specifically, the invention relates to the authentication of carriers, or users, of such portable objects, and the fight against fraud attempts, by malicious people attempting to use a secure portable object which they do not hold.
  • smart cards as payment cards.
  • Other applications such as access to a site or service, are of course also known, and treated in the same way.
  • the concept of "smart card” can be generalized to other types of portable objects equipped with a secure microprocessor.
  • Smart cards are known and are currently widely used.
  • the authorized user (the holder) of the smart card can use it, for example to pay purchases at a merchant or to withdraw a ticket at a vending machine of tickets.
  • This PIN is also known as the Cardholder's Personal Identification Number (PIN), also known as PIN (Personal Identification Number) or PIN.
  • PIN Cardholder's Personal Identification Number
  • PIN Personal Identification Number
  • PIN associated with a payment chip card is generally composed of a sequence of at least four digits.
  • Secret information is also stored (stored) in a memory of the smart card.
  • a verification is performed in the smart card, taking into account (at least) this secret information and the confidential code.
  • the code entered on the keyboard signature
  • the card delivers a positive authentication result and allows, for example, secure electronic transactions.
  • a problem is that a smart card is vulnerable to attack by a malicious third party (a fraudster) who could, for example after stealing the smart card, try to type in a large number of successive combinations of code to find the PIN code of the card.
  • a malicious third party a fraudster
  • a disadvantage with this solution is that a fraudster can interrupt the power supply of the smart card to cause a reset of the counter and feed the smart card again to make new attempts to find the PIN, And so on.
  • a complementary or alternative solution to the previous one consists in imposing a predetermined delay time between two attempts to enter a code, when the first attempt is incorrect, in order to slow down the fraudster in his search for the confidential code by successive trials and therefore reduce the likelihood that the PIN will be discovered by a fraudster. It is conceivable, however, that the fraudster accelerates the external clock that drives the smart card to reduce the waiting time between two successive attempts to enter a code.
  • the fraudster may also temporarily interrupt the power supply of the smart card after the first attempt and thus reduce the waiting time between two successive attempts to enter a code.
  • the invention particularly aims to overcome these disadvantages of the prior art.
  • an object of the invention is to provide a technique for combating attempts to fraudulently use a smart card, or a similar portable object.
  • Another object of the invention is to reduce the probability that a possible fraudster discovers the PIN of the smart card by successive tests in a relatively short period of time, regardless of the technical means implemented.
  • the invention also aims to provide such a technique that is relatively inexpensive, reliable and simple to implement.
  • the invention proposes a new solution that does not have all of these disadvantages of the prior art, in the form of a method for authenticating a carrier of a portable object according to claim 1.
  • the invention makes it possible to slow down the attempts of a possible fraudster who intends to successively enter a series of signatures, in order to find the correct signature, making it possible to authenticate a carrier. Indeed, even if the fraudster cut off the power supply of the portable object, the latter has memorized the existence of a possible fraud attempt, and systematically impose a delay, or delay, before allowing a new attempt.
  • the delay may be a function of context information, such as the date and time and / or an identifier of the terminal used, which are stored in the portable object.
  • the invention makes it possible to delay the authentication of a carrier of a portable object when the signature previously issued does not correspond to the secret information associated with the portable object, and thus reduces the probability that a possible fraudster will discover, by successive trials, the secret information stored in the portable object, by increasing the time between two tests, without possibility to circumvent or avoid this delay.
  • the method comprises, after said step of generating a delay or after said step of issuing, a step of writing, in said erroneous signature indicator, said value indicating a normal situation.
  • the invention makes it possible to deter fraudsters, without introducing too much discomfort for the authorized user, who would have simply made an entry error.
  • said erroneous signature flag is a binary element.
  • said erroneous signature flag is a counter, reset in the presence of a positive authentication decision and incremented in the presence of a negative authentication decision.
  • the erroneous signature flag that is allocated in a non-volatile memory of the portable object can be either a binary element or a counter, which allows a simple, relatively inexpensive and reliable implementation of the invention. .
  • said delay may be proportional to the value of said counter.
  • the delay applied by the portable object can be increased gradually, so as to increase the difficulty for the fraudster.
  • the invention also relates to a computer program product stored on a portable object and / or executable by a microprocessor, comprising program code instructions for performing the steps of the authentication method described above.
  • the invention relates to a secure portable object adapted to the setting of the process described above according to claim 7
  • said non-volatile memory of the portable object is an EEPROM or Flash type memory.
  • the general principle of the invention is based on the use of an erroneous signature indicator stored in a non-volatile memory of a portable object, which can not be modified by a power interruption.
  • the value of the control indicator according to the invention the duration of the authentication method of a carrier of the portable object, by imposing a delay, or a delay, systematic if the previous authentication attempt had delivered a wrong result .
  • the portable object is a smart card 7, which is a payment card issued by a bank, communicating with a payment terminal 2 (smart card reader terminal).
  • the holder of the smart card 7 which can be either the authorized user of the smart card 7 or a fraudster, wishes to access a banking service that requires it to be authenticated beforehand through the payment terminal 2.
  • this service may be the payment of a product or service by the holder to a merchant by means of the smart card 7 via the payment terminal 2.
  • the payment terminal 2 can be connected to a remote server 1, which is for example located in a bank, via a communication network 9 which therefore allows the exchange of information between the payment terminal 2 and the server 1.
  • Bank-owned remote server 1 allows secure electronic transactions and can be connected to multiple payment terminals.
  • the payment terminal 2 is electrically powered by an electrical distribution network and / or by one or more batteries or batteries integrated in the payment terminal 2.
  • the payment terminal 2 generally comprises a display screen 5, a numeric or alphanumeric keypad 3, a card reader 4, a central processing unit (CPU) and a printer (not shown).
  • the smart card 7 comprises a plastic-type support 6 and at least one integrated circuit (chip) 8 which is generally located in the body of the card 7.
  • the integrated circuit 8 of the smart card 7 comprises an interface 12, which is generally in the form of copper electrical contacts, allowing a power supply of the payment terminal 2 and the exchange of information, in the form of electrical signals, when the card is inserted in the card reader 4 of the payment terminal 2.
  • the holder of the smart card 7 can obtain authorization by the bank issuing the smart card 7 to make a payment, it is him necessary to authenticate as being the holder of the smart card 7 or the authorized user.
  • the carrier inserts the smart card 7 in the card reader 4 of the payment terminal 2 provided by the merchant and enters his confidential code (signature) through the keyboard 3 of the payment terminal 2.
  • the microprocessor of the smart card 7 performs a comparison processing, or authentication, according to a control algorithm known to those skilled in the art, taking into account the code issued by the carrier through the keyboard 3 and the secret information derived from the confidential code contained in a ROM memory of the smart card 7, and where appropriate random data provided by the payment terminal 2.
  • the microprocessor of the smart card 7 then issues the payment terminal 2 an authentication decision information, depending on whether the delivered signature is correct or erroneous.
  • the secure electronic transactions are authorized, under the control of the terminal 2 and / or the remote server 1.
  • the smart card conventionally comprises a microprocessor and various RAM and ROM memories. It also comprises, according to the invention, a non-volatile modifiable memory, for example an EEPROM 14.
  • the invention therefore proposes to use an erroneous signature indicator (I), which may be a binary element, such as a memory bit.
  • the bit is stored in the EEPROM 14 of the smart card 7.
  • the bit can also be stored in a Flash type memory or any other type of non-volatile memory.
  • the authentication method according to the invention starts with a new step, which does not exist in the techniques of the prior art, namely the reading (21) of the erroneous signature flag, hereinafter called I, in the location of the EEPROM memory 14 allocated to it.
  • the smart card 7 decides itself (that is to say without the intervention or control of the payment terminal 2) to apply or not a delay, or delay, before performing the standard authentication processing.
  • a suitable interface for example a keyboard
  • the output "No" (222) of the test (22) leads to the generation of a delay (24) which may for example be between 10 and 60 seconds.
  • a delay (24) which may for example be between 10 and 60 seconds.
  • the value of the indicator I is repositioned to 0 (step 25), then the conventional authentication processing (23) is resumed.
  • This authentication process (23) delivers information representative of the result of the authentication.
  • the transaction (27) can be performed in a conventional manner.
  • This transaction can be a payment, authorization to access data or a site, ...
  • the payment terminal 2 implements a suitable processing (28) which is not the subject of the present invention. It can for example count the number of authentication errors, and prevent to achieve, for example, more than three attempts.
  • this treatment being carried out by the payment terminal 2, it can easily be hijacked or canceled by a fraudster who has adapted his terminal to enter, without limitation, a very high number of signatures, for example randomly, hoping to find the right one in a reasonable time.
  • the delay, or delay, applied is chosen so that it is long enough to deter fraudsters, without introducing too much discomfort for the authorized user, who would have simply made a typing error.
  • the indicator I is not a simple binary element, indicating whether the previous signature was erroneous or valid, but a counter, accounting for the number of successive erroneous signatures. This can gradually increase the delay applied by the smart card 7, so as to limit the nuisance for the authorized user, and increase the difficulty for the fraudster.
  • This counter may also allow, if necessary, when it has reached a threshold, to cause a definitive blocking of the smart card 7 (again, managed by itself, and not by the terminals).
  • the method starts, in the same manner as in the first embodiment, by the reading (21) of the indicator I.
  • a test (31) is performed on the value of the latter. If it is 0, the authentication process (23) is performed in the same way as in the first embodiment. If the result of the test (31) indicates (312) that the value I is different from 0, the smart card 7 generates a delay (32), during which it will not do any processing. This delay is no longer fixed, but depends on the value of I. For example, a linear function, a step function, or an exponential function can be provided.
  • the writing (29, 33) in the indicator I of the smart card 7 may also include a storage operation in a non-volatile memory (the EEPROM 14 by example) of the smart card 7 of at least one information relating to the context, such as the date and time and / or an identifier of the payment terminal used.
  • the reading step 21 of the indicator I may comprise a step of reading the information relating to the context that may be stored in the smart card 7 and the delay (24, 32) may be a function of this information.
  • the portable object may be a USB key and the electronic terminal may be a laptop or a personal computer for example.
  • the signature can be entered by means other than a keyboard (touch screen, voice command, ).
  • connection between the terminal and the portable object can be made by contact or remotely (RFID for example).
  • the present invention can also be applied to any situation requiring a restriction of access to a protected place or premises, to a vehicle belonging to one or more persons, a website or a database, for example.

Abstract

The method involves processing an authentication of a signature of a carrier by considering secret information, and delivering information of positive or negative authentication decision. A value indicating an abnormal situation is written in an incorrect signature indicator e.g. counter, after delivering the information if the decision is negative. A delay is generated before authentication if the indicator contains the value. The value is written by storing context relative information e.g. date and time, and/or identifier of a payment terminal i.e. chip card reader terminal. Independent claims are also included for the following: (1) a computer program product comprising instructions to perform a method for authenticating a portable object carrier (2) a secured portable object comprising authentication units.

Description

1. Domaine de l'invention1. Field of the invention

Le domaine de l'invention est celui des objets portatifs sécurisés, tels que des cartes à microprocesseur, ou cartes à puce. Plus précisément, l'invention concerne l'authentification des porteurs, ou utilisateurs, de tels objets portatifs, et la lutte contre les tentatives de fraude, par des personnes mal intentionnées tentant d'utiliser un objet portatif sécurisé dont elles ne sont pas titulaires.The field of the invention is that of secure portable objects, such as microprocessor cards, or smart cards. More specifically, the invention relates to the authentication of carriers, or users, of such portable objects, and the fight against fraud attempts, by malicious people attempting to use a secure portable object which they do not hold.

2. Art antérieur2. Prior Art

Par la suite, on décrit l'utilisation de cartes à puce comme cartes de paiement. D'autres applications, telles que l'accès à un site ou à un service, sont bien sûr également connues, et traitées de la même façon. De même, on comprend que la notion de « carte à puce » peut être généralisée à d'autres types d'objets portatifs équipés d'un microprocesseur sécurisé.Subsequently, the use of smart cards as payment cards is described. Other applications, such as access to a site or service, are of course also known, and treated in the same way. Similarly, it is understood that the concept of "smart card" can be generalized to other types of portable objects equipped with a secure microprocessor.

Les cartes à puce sont connues et sont actuellement utilisées largement. Lorsqu'une carte à puce est utilisée comme carte de paiement, l'utilisateur autorisé (le titulaire) de la carte à puce peut l'utiliser par exemple pour régler des achats chez un commerçant ou pour effectuer un retrait de billets à un distributeur automatique de billets.Smart cards are known and are currently widely used. When a smart card is used as a payment card, the authorized user (the holder) of the smart card can use it, for example to pay purchases at a merchant or to withdraw a ticket at a vending machine of tickets.

Lorsque la carte à puce est utilisée pour effectuer une telle opération, il est généralement nécessaire que l'utilisateur autorisé glisse sa carte à puce dans un terminal de paiement et entre son code confidentiel à l'aide d'un clavier du terminal de paiement.When the smart card is used to perform such an operation, it is generally necessary for the authorized user to slip his smart card into a payment terminal and enter his PIN using a payment terminal keypad.

Ce code confidentiel est également appelé signature, numéro d'identification personnel (NIP) du titulaire de la carte, que l'on appelle aussi PIN (en anglais Personal Identification Number) ou code secret. Le code confidentiel associé à une carte à puce de paiement est généralement composé d'une suite d'au moins quatre chiffres.This PIN is also known as the Cardholder's Personal Identification Number (PIN), also known as PIN (Personal Identification Number) or PIN. The PIN associated with a payment chip card is generally composed of a sequence of at least four digits.

Une information secrète est par ailleurs stockée (mémorisée) dans une mémoire de la carte à puce. Une vérification (traitement mathématique) est réalisée dans la carte à puce, tenant compte (au moins) de cette information secrète et du code confidentiel. Ainsi, quand le code saisi au clavier (signature) concorde avec l'information secrète mémorisée dans la carte à puce, la carte délivre un résultat d'authentification positif et autorise, par exemple, des transactions électroniques sécurisées.Secret information is also stored (stored) in a memory of the smart card. A verification (mathematical treatment) is performed in the smart card, taking into account (at least) this secret information and the confidential code. Thus, when the code entered on the keyboard (signature) matches the secret information stored in the smart card, the card delivers a positive authentication result and allows, for example, secure electronic transactions.

Un problème est qu'une carte à puce est vulnérable aux attaques d'un tiers malintentionné (un fraudeur) qui pourrait, par exemple après avoir volé la carte à puce, tenter de saisir au clavier un grand nombre de combinaisons successives de code pour retrouver le code confidentiel de la carte.A problem is that a smart card is vulnerable to attack by a malicious third party (a fraudster) who could, for example after stealing the smart card, try to type in a large number of successive combinations of code to find the PIN code of the card.

Différentes solutions à ce problème ont été proposées. La plus connue est sans doute celle qui utilise un compteur contenu dans une mémoire de la carte à puce qui mémorise le nombre de tentatives incorrectes d'entrée du code confidentiel pendant un laps de temps prédéterminé. Ainsi, l'utilisation de la carte à puce est bloquée lorsque le nombre de tentatives incorrectes successives pendant ce laps de temps prédéterminé atteint une valeur seuil prédéterminée.Different solutions to this problem have been proposed. The best known is probably the one that uses a counter contained in a memory of the smart card that stores the number of incorrect attempts to enter the PIN for a predetermined period of time. Thus, the use of the smart card is blocked when the number of successive incorrect attempts during this predetermined period of time reaches a predetermined threshold value.

Un inconvénient avec cette solution est qu'un fraudeur peut interrompre l'alimentation de la carte à puce afin de provoquer une remise à zéro du compteur et alimenter de nouveau la carte à puce afin d'effectuer de nouvelles tentatives pour retrouver le code confidentiel, et ainsi de suite.A disadvantage with this solution is that a fraudster can interrupt the power supply of the smart card to cause a reset of the counter and feed the smart card again to make new attempts to find the PIN, And so on.

Une solution complémentaire ou alternative à la précédente consiste à imposer un délai de temporisation prédéterminé entre deux tentatives de saisie d'un code, lorsque la première tentative est incorrecte, afin de ralentir le fraudeur dans sa recherche du code confidentiel par essais successifs et donc de diminuer la probabilité que le code confidentiel ne soit découvert par un fraudeur. Il est envisageable cependant que le fraudeur accélère l'horloge externe qui pilote la carte à puce afin de réduire le temps d'attente entre deux tentatives successives de saisie d'un code.A complementary or alternative solution to the previous one consists in imposing a predetermined delay time between two attempts to enter a code, when the first attempt is incorrect, in order to slow down the fraudster in his search for the confidential code by successive trials and therefore reduce the likelihood that the PIN will be discovered by a fraudster. It is conceivable, however, that the fraudster accelerates the external clock that drives the smart card to reduce the waiting time between two successive attempts to enter a code.

Dans le cas où le temps de mise sous tension de la carte à puce est inférieur au délai de temporisation entre deux tentatives successives de saisie d'un code (lorsque la première tentative est incorrecte), le fraudeur peut également interrompre temporairement l'alimentation de la carte à puce suite à la première tentative et ainsi réduire le temps d'attente entre deux tentatives successives de saisie d'un code.In the case where the power-up time of the smart card is less than the delay time between two successive attempts to enter a code (when the first attempt is incorrect), the fraudster may also temporarily interrupt the power supply of the smart card after the first attempt and thus reduce the waiting time between two successive attempts to enter a code.

3. Objectifs de l'invention3. Objectives of the invention

L'invention a notamment pour objectif de pallier ces inconvénients de l'art antérieur.The invention particularly aims to overcome these disadvantages of the prior art.

Plus précisément, un objectif de l'invention est de fournir une technique de lutte contre les tentatives d'usage frauduleux d'une carte à puce, ou d'un objet portatif similaire.More specifically, an object of the invention is to provide a technique for combating attempts to fraudulently use a smart card, or a similar portable object.

Un autre objectif de l'invention est de diminuer la probabilité qu'un éventuel fraudeur découvre le code confidentiel de la carte à puce par essais successifs dans un laps de temps relativement court, quels que soient les moyens techniques mis en oeuvre.Another object of the invention is to reduce the probability that a possible fraudster discovers the PIN of the smart card by successive tests in a relatively short period of time, regardless of the technical means implemented.

L'invention a également pour objectif de fournir une telle technique qui soit relativement peu coûteuse, fiable et simple à mettre en oeuvre.The invention also aims to provide such a technique that is relatively inexpensive, reliable and simple to implement.

4. Exposé de l'invention4. Presentation of the invention

L'invention propose une solution nouvelle qui ne présente pas l'ensemble de ces inconvénients de l'art antérieur, sous la forme d'un procédé d'authentification d'un porteur d'un objet portatif selon la revendication 1.The invention proposes a new solution that does not have all of these disadvantages of the prior art, in the form of a method for authenticating a carrier of a portable object according to claim 1.

Ainsi, l'invention permet de ralentir les tentatives d'un éventuel fraudeur qui aurait l'intention d'entrer successivement une série de signatures, afin de trouver la signature correcte, permettant d'authentifier un porteur. En effet, même si le fraudeur coupe l'alimentation de l'objet portatif, ce dernier a mémorisé l'existence d'une tentative possible de fraude, et imposera systématiquement un délai, ou retard, avant de permettre une nouvelle tentative.Thus, the invention makes it possible to slow down the attempts of a possible fraudster who intends to successively enter a series of signatures, in order to find the correct signature, making it possible to authenticate a carrier. Indeed, even if the fraudster cut off the power supply of the portable object, the latter has memorized the existence of a possible fraud attempt, and systematically impose a delay, or delay, before allowing a new attempt.

Le délai peut être fonction d'informations relatives au contexte, tels que la date et l'heure et/ou un identifiant du terminal utilisé, qui sont mémorisés dans l'objet portatif.The delay may be a function of context information, such as the date and time and / or an identifier of the terminal used, which are stored in the portable object.

En d'autres termes, l'invention permet de retarder l'authentification d'un porteur d'un objet portatif quand la signature délivrée précédemment ne correspond pas à l'information secrète associée à l'objet portatif, et diminue ainsi la probabilité qu'un éventuel fraudeur découvre, par essais successifs, l'information secrète stockée dans l'objet portatif, en augmentant le temps entre deux essais, sans possibilité de contourner ou éviter ce délai.In other words, the invention makes it possible to delay the authentication of a carrier of a portable object when the signature previously issued does not correspond to the secret information associated with the portable object, and thus reduces the probability that a possible fraudster will discover, by successive trials, the secret information stored in the portable object, by increasing the time between two tests, without possibility to circumvent or avoid this delay.

Selon un aspect particulier de la présente invention, le procédé comprend, après ladite étape de génération d'un retard ou après ladite étape de délivrance, une étape d'écriture, dans ledit indicateur de signature erronée, de ladite valeur indiquant une situation normale.According to a particular aspect of the present invention, the method comprises, after said step of generating a delay or after said step of issuing, a step of writing, in said erroneous signature indicator, said value indicating a normal situation.

Ainsi, l'invention permet de dissuader les fraudeurs, sans introduire une gêne trop importante pour l'utilisateur autorisé, qui aurait simplement fait une erreur de saisie.Thus, the invention makes it possible to deter fraudsters, without introducing too much discomfort for the authorized user, who would have simply made an entry error.

Selon un mode de réalisation particulier de l'invention, ledit indicateur de signature erronée est un élément binaire.According to a particular embodiment of the invention, said erroneous signature flag is a binary element.

Selon un autre mode de réalisation particulier de l'invention, ledit indicateur de signature erronée est un compteur, remis à zéro en présence d'une décision d'authentification positive et incrémenté en présence d'une décision d'authentification négative.According to another particular embodiment of the invention, said erroneous signature flag is a counter, reset in the presence of a positive authentication decision and incremented in the presence of a negative authentication decision.

Ainsi, l'indicateur de signature erronée qui est alloué dans une mémoire non volatile de l'objet portatif peut être soit un élément binaire, soit un compteur, ce qui permet une mise en oeuvre simple, relativement peu coûteuse et fiable de l'invention.Thus, the erroneous signature flag that is allocated in a non-volatile memory of the portable object can be either a binary element or a counter, which allows a simple, relatively inexpensive and reliable implementation of the invention. .

En particulier, ledit retard peut être proportionnel à la valeur dudit compteur.In particular, said delay may be proportional to the value of said counter.

Ainsi, le délai appliqué par l'objet portatif peut être augmenté progressivement, de façon à augmenter la difficulté pour le fraudeur.Thus, the delay applied by the portable object can be increased gradually, so as to increase the difficulty for the fraudster.

L'invention concerne également un produit programme d'ordinateur stocké sur un objet portatif et/ou exécutable par un microprocesseur, comprenant des instructions de code de programme pour l'exécution des étapes du procédé d'authentification décrit précédemment.The invention also relates to a computer program product stored on a portable object and / or executable by a microprocessor, comprising program code instructions for performing the steps of the authentication method described above.

Finalement, l'invention concerne un objet portatif sécurisé adapté à la mise en oeuvre du procédé décrit ci-dessus selon la revendication 7Finally, the invention relates to a secure portable object adapted to the setting of the process described above according to claim 7

Selon un aspect particulier de l'invention, ledit objet portatif comprend :

  • des moyens d'écriture, dans ledit indicateur de signature erronée, d'une valeur indiquant une situation anormale, si ladite décision d'authentification est négative ; et
  • des moyens de génération d'un retard, si ledit indicateur de signature erronée contient une valeur indiquant une situation anormale.
According to one particular aspect of the invention, said portable object comprises:
  • means for writing, in said erroneous signature flag, a value indicating an abnormal situation, if said authentication decision is negative; and
  • means for generating a delay, if said erroneous signature flag contains a value indicating an abnormal situation.

Selon encore un autre aspect particulier de l'invention, ladite mémoire non volatile de l'objet portatif est une mémoire de type EEPROM ou Flash.According to yet another particular aspect of the invention, said non-volatile memory of the portable object is an EEPROM or Flash type memory.

5. Liste des figures5. List of figures

D'autres caractéristiques et avantages de l'invention apparaîtront plus clairement à la lecture de la description suivante de deux modes de réalisation particuliers, donnés à titre de simples exemples illustratifs et non limitatifs, et des dessins annexés, parmi lesquels :

  • la figure 1 illustre un exemple de système mettant en oeuvre l'invention selon un mode de réalisation particulier de l'invention ;
  • la figure 2 présente les étapes principales du procédé d'authentification selon un premier mode de réalisation ;
  • la figure 3 présente les étapes principales du procédé d'authentification selon un second mode de réalisation.
Other features and advantages of the invention will emerge more clearly on reading the following description of two particular embodiments, given as simple illustrative and non-limiting examples, and the appended drawings, among which:
  • the figure 1 illustrates an exemplary system embodying the invention according to a particular embodiment of the invention;
  • the figure 2 presents the main steps of the authentication method according to a first embodiment;
  • the figure 3 presents the main steps of the authentication method according to a second embodiment.

6. Description de modes de réalisation de l'invention6. Description of embodiments of the invention 6.1 Principe général6.1 General principle

Le principe général de l'invention repose sur l'utilisation d'un indicateur de signature erronée mémorisé dans une mémoire non volatile d'un objet portatif, qui ne peut donc pas être modifiée par une interruption d'alimentation. La valeur de l'indicateur commande selon l'invention la durée du procédé d'authentification d'un porteur de l'objet portatif, en imposant un délai, ou un retard, systématique si la précédente tentative d'authentification avait délivré un résultat erroné.The general principle of the invention is based on the use of an erroneous signature indicator stored in a non-volatile memory of a portable object, which can not be modified by a power interruption. The value of the control indicator according to the invention the duration of the authentication method of a carrier of the portable object, by imposing a delay, or a delay, systematic if the previous authentication attempt had delivered a wrong result .

6.2 Exemple de système mettant en oeuvre l'invention6.2 Example of a system implementing the invention

On se place dans la suite dans le cadre d'un mode de réalisation particulier de l'invention, en relation avec la figure 1, selon lequel l'objet portatif est une carte à puce 7, qui est une carte de paiement émise par une banque, communiquant avec un terminal de paiement 2 (terminal lecteur de cartes à puce).The following is a part of a particular embodiment of the invention, in connection with the figure 1 , according to which the portable object is a smart card 7, which is a payment card issued by a bank, communicating with a payment terminal 2 (smart card reader terminal).

Le porteur de la carte à puce 7, qui peut être soit l'utilisateur autorisé de la carte à puce 7 soit un fraudeur, souhaite accéder à un service bancaire nécessitant qu'il s'authentifie au préalable par l'intermédiaire du terminal de paiement 2. Par exemple, ce service peut être le paiement d'un produit ou d'un service par le porteur à un commerçant au moyen de la carte à puce 7 par l'intermédiaire du terminal de paiement 2.The holder of the smart card 7, which can be either the authorized user of the smart card 7 or a fraudster, wishes to access a banking service that requires it to be authenticated beforehand through the payment terminal 2. For example, this service may be the payment of a product or service by the holder to a merchant by means of the smart card 7 via the payment terminal 2.

Le terminal de paiement 2 peut être connecté à un serveur 1 distant, qui est par exemple situé dans une banque, via un réseau de communication 9 qui permet donc l'échange d'informations entre le terminal de paiement 2 et le serveur 1. Le serveur 1 distant appartenant à la banque autorise des transactions électroniques sécurisées et peut être connecté à plusieurs terminaux de paiement.The payment terminal 2 can be connected to a remote server 1, which is for example located in a bank, via a communication network 9 which therefore allows the exchange of information between the payment terminal 2 and the server 1. Bank-owned remote server 1 allows secure electronic transactions and can be connected to multiple payment terminals.

De façon classique, le terminal de paiement 2 est alimenté électriquement par un réseau de distribution électrique et/ou par une ou plusieurs piles ou batteries intégrées au terminal de paiement 2. Le terminal de paiement 2 comprend généralement un écran d'affichage 5, un clavier numérique ou alphanumérique 3, un lecteur de carte 4, une unité centrale de traitement (CPU) et une imprimante (non représentés).Conventionally, the payment terminal 2 is electrically powered by an electrical distribution network and / or by one or more batteries or batteries integrated in the payment terminal 2. The payment terminal 2 generally comprises a display screen 5, a numeric or alphanumeric keypad 3, a card reader 4, a central processing unit (CPU) and a printer (not shown).

La carte à puce 7 comprend un support de type plastique 6 et au moins un circuit intégré (puce) 8 qui est généralement situé dans le corps de la carte 7. Le circuit intégré 8 de la carte à puce 7 comprend une interface 12, qui se présente généralement sous la forme de contacts électriques en cuivre, permettant une alimentation électrique du terminal de paiement 2 et l'échange d'informations, sous forme de signaux électriques, lorsque la carte est insérée dans le lecteur de carte 4 du terminal de paiement 2.The smart card 7 comprises a plastic-type support 6 and at least one integrated circuit (chip) 8 which is generally located in the body of the card 7. The integrated circuit 8 of the smart card 7 comprises an interface 12, which is generally in the form of copper electrical contacts, allowing a power supply of the payment terminal 2 and the exchange of information, in the form of electrical signals, when the card is inserted in the card reader 4 of the payment terminal 2.

Pour que le porteur de la carte à puce 7 puisse obtenir une autorisation par la banque émettrice de la carte à puce 7 pour effectuer un paiement, il lui est nécessaire de s'authentifier comme étant le titulaire de la carte à puce 7 ou l'utilisateur autorisé.For the holder of the smart card 7 can obtain authorization by the bank issuing the smart card 7 to make a payment, it is him necessary to authenticate as being the holder of the smart card 7 or the authorized user.

Pour ce faire, le porteur insère la carte à puce 7 dans le lecteur de carte 4 du terminal de paiement 2 fourni par le commerçant et saisit son code confidentiel (signature) par le biais du clavier 3 du terminal de paiement 2.To do this, the carrier inserts the smart card 7 in the card reader 4 of the payment terminal 2 provided by the merchant and enters his confidential code (signature) through the keyboard 3 of the payment terminal 2.

Le microprocesseur de la carte à puce 7 exécute un traitement de comparaison, ou d'authentification, selon un algorithme de contrôle connu de l'homme du métier, tenant compte du code délivré par le porteur par le biais du clavier 3 et de l'information secrète dérivée du code confidentiel contenu dans une mémoire ROM de la carte à puce 7, et le cas échéant d'une donnée aléatoire fournie par le terminal de paiement 2. Le microprocesseur de la carte à puce 7 délivre ensuite au terminal de paiement 2 une information de décision d'authentification, selon que la signature délivrée est correcte ou erronée.The microprocessor of the smart card 7 performs a comparison processing, or authentication, according to a control algorithm known to those skilled in the art, taking into account the code issued by the carrier through the keyboard 3 and the secret information derived from the confidential code contained in a ROM memory of the smart card 7, and where appropriate random data provided by the payment terminal 2. The microprocessor of the smart card 7 then issues the payment terminal 2 an authentication decision information, depending on whether the delivered signature is correct or erroneous.

Quand l'information secrète mémorisée dans la carte à puce 7 concorde avec la signature délivrée par le porteur, les transactions électroniques sécurisées (ou tout autre opération) sont autorisées, sous le contrôle du terminal 2 et/ou du serveur 1 distant.When the secret information stored in the smart card 7 matches the signature issued by the carrier, the secure electronic transactions (or any other operation) are authorized, under the control of the terminal 2 and / or the remote server 1.

La carte à puce comprend classiquement un microprocesseur et différentes mémoires RAM et ROM. Elle comprend également, selon l'invention, une mémoire modifiable non volatile, par exemple une EEPROM 14.The smart card conventionally comprises a microprocessor and various RAM and ROM memories. It also comprises, according to the invention, a non-volatile modifiable memory, for example an EEPROM 14.

L'invention propose donc d'utiliser un indicateur de signature erronée (I), qui peut être un élément binaire, tel qu'un bit de mémoire. L'élément binaire est mémorisé dans la mémoire EEPROM 14 de la carte à puce 7. L'élément binaire peut également être stocké dans une mémoire de type Flash ou tout autre type de mémoire non volatile.The invention therefore proposes to use an erroneous signature indicator (I), which may be a binary element, such as a memory bit. The bit is stored in the EEPROM 14 of the smart card 7. The bit can also be stored in a Flash type memory or any other type of non-volatile memory.

6.3 Premier exemple de mise en oeuvre6.3 First example of implementation

On présente ci-dessous, en relation avec la figure 2, les étapes principales d'un procédé d'authentification d'un porteur d'un objet portatif selon un premier mode de réalisation particulier de l'invention. On se place donc dans la suite dans une configuration où la carte à puce 7 est insérée dans le lecteur de carte 4 du terminal de paiement 2.We present below, in relation to the figure 2 , the main steps of a method of authenticating a carrier of a portable object according to a first particular embodiment of the invention. We therefore place ourselves in the following in a configuration where the smart card 7 is inserted in the card reader 4 of the payment terminal 2.

Comme illustré en figure 2, le procédé d'authentification selon l'invention débute par une étape nouvelle, n'existant pas dans les techniques de l'art antérieur, à savoir la lecture (21) de l'indicateur de signature erronée, appelée par la suite I, dans l'emplacement de la mémoire EEPROM 14 qui lui est alloué. En fonction de la valeur de cet indicateur I (test 22), la carte à puce 7 décide d'elle-même (c'est-à-dire sans l'intervention ni le contrôle du terminal de paiement 2) d'appliquer ou non un délai, ou retard, avant d'effectuer le traitement classique d'authentification.As illustrated in figure 2 the authentication method according to the invention starts with a new step, which does not exist in the techniques of the prior art, namely the reading (21) of the erroneous signature flag, hereinafter called I, in the location of the EEPROM memory 14 allocated to it. Depending on the value of this indicator I (test 22), the smart card 7 decides itself (that is to say without the intervention or control of the payment terminal 2) to apply or not a delay, or delay, before performing the standard authentication processing.

Ainsi, dans l'hypothèse où une valeur 0 de l'indicateur I signale une situation correcte, et la valeur 1 une situation anormale, la sortie "oui" (221) du test « I = 0 » (22) permet un passage direct, sans délai, à l'étape d'authentification classique (23), qui va comparer la signature S délivrée par l'utilisateur à l'aide d'une interface adaptée (par exemple un clavier) aux données présentes dans la carte à puce 7. Ce traitement, connu en soi et appliqué dans toutes les cartes à puce, n'est pas décrit plus en détail ici. L'homme du métier saura, selon les circonstances, mettre en oeuvre l'algorithme d'authentification adapté.Thus, in the case where a value 0 of the indicator I signals a correct situation, and the value 1 an abnormal situation, the output "yes" (221) of the test "I = 0" (22) allows a direct passage without delay, in the conventional authentication step (23), which will compare the signature S issued by the user using a suitable interface (for example a keyboard) to the data present in the smart card. 7. This treatment, known per se and applied in all smart cards, is not described in more detail here. The skilled person will know, depending on the circumstances, implement the appropriate authentication algorithm.

En revanche, dans le cas où l'indicateur I vaut 1, la sortie « Non » (222) du test (22) conduit à la génération d'un délai (24) qui peut par exemple être compris entre 10 et 60 secondes. À l'issue de ce délai (24), la valeur de l'indicateur I est repositionnée à 0 (étape 25), puis l'on reprend le traitement d'authentification classique (23).On the other hand, in the case where the indicator I is equal to 1, the output "No" (222) of the test (22) leads to the generation of a delay (24) which may for example be between 10 and 60 seconds. At the end of this delay (24), the value of the indicator I is repositioned to 0 (step 25), then the conventional authentication processing (23) is resumed.

Ce traitement d'authentification (23) délivre une information représentative du résultat de l'authentification. Si l'authentification est validée (test 26), la transaction (27) peut s'effectuer, de façon classique. Cette transaction peut être un paiement, une autorisation d'accès à des données ou à un site, ... Si l'authentification n'est pas correcte (261), le terminal de paiement 2 met en oeuvre un traitement adapté (28), qui n'est pas l'objet de la présente invention. Il peut par exemple compter le nombre d'erreurs d'authentification, et empêcher de réaliser, par exemple, plus de trois tentatives. Cependant, ce traitement étant effectué par le terminal de paiement 2, il peut aisément être détourné ou annulé par un fraudeur qui aurait adapté son terminal pour pouvoir entrer, sans limitation, un nombre très élevé de signatures, par exemple de façon aléatoire, dans l'espoir de trouver la bonne dans un laps de temps raisonnable.This authentication process (23) delivers information representative of the result of the authentication. If the authentication is validated (test 26), the transaction (27) can be performed in a conventional manner. This transaction can be a payment, authorization to access data or a site, ... If the authentication is not correct (261), the payment terminal 2 implements a suitable processing (28) which is not the subject of the present invention. It can for example count the number of authentication errors, and prevent to achieve, for example, more than three attempts. However, this treatment being carried out by the payment terminal 2, it can easily be hijacked or canceled by a fraudster who has adapted his terminal to enter, without limitation, a very high number of signatures, for example randomly, hoping to find the right one in a reasonable time.

C'est pour cette raison que, selon l'invention, on effectue préalablement à ce traitement (28) l'écriture (29) de la valeur 1 dans l'indicateur I de la carte à puce 7.For this reason, according to the invention, prior to this processing (28) the writing (29) of the value 1 in the indicator I of the smart card 7 is carried out.

Ainsi, même dans le cas où le fraudeur a adapté son terminal de paiement 2, ou dans le cas où il dispose de plusieurs terminaux qu'il prévoit d'utiliser successivement, il sera confronté à un délai d'attente, généré par la carte à puce 7 elle-même, empêchant la réalisation d'une série automatisée d'essais de signatures dans un temps raisonnable.Thus, even in the case where the fraudster has adapted his payment terminal 2, or in the case where he has several terminals that he plans to use successively, he will be confronted with a waiting period, generated by the card chip 7 itself, preventing the realization of an automated series of signature tests in a reasonable time.

Le délai, ou retard, appliqué est choisi de façon qu'il soit suffisamment long pour dissuader les fraudeurs, sans introduire une gêne trop importante pour l'utilisateur autorisé, qui aurait simplement fait une erreur de saisie.The delay, or delay, applied is chosen so that it is long enough to deter fraudsters, without introducing too much discomfort for the authorized user, who would have simply made a typing error.

6.4 Deuxième exemple d'implémentation6.4 Second implementation example

Selon une variante du procédé décrit ci-dessus, on peut prévoir que l'indicateur I n'est pas un simple élément binaire, indiquant si la précédente signature était erronée ou valide, mais un compteur, comptabilisant le nombre de signatures erronées successives. Ceci peut permettre d'augmenter progressivement le délai appliqué par la carte à puce 7, de façon à limiter la nuisance pour l'utilisateur autorisé, et augmenter la difficulté pour le fraudeur. Ce compteur peut également permettre, le cas échéant, lorsqu'il a atteint un seuil, d'entraîner un blocage définitif de la carte à puce 7 (à nouveau, gérée par elle-même, et non pas par les terminaux).According to a variant of the method described above, it can be provided that the indicator I is not a simple binary element, indicating whether the previous signature was erroneous or valid, but a counter, accounting for the number of successive erroneous signatures. This can gradually increase the delay applied by the smart card 7, so as to limit the nuisance for the authorized user, and increase the difficulty for the fraudster. This counter may also allow, if necessary, when it has reached a threshold, to cause a definitive blocking of the smart card 7 (again, managed by itself, and not by the terminals).

Cette approche est illustrée par la figure 3. Le procédé débute, de la même manière que dans le premier mode de réalisation, par la lecture (21) de l'indicateur I. Un test (31) est effectué sur la valeur de ce dernier. Si celle-ci vaut 0, on effectue le traitement d'authentification (23), de la même façon que dans le premier mode de réalisation. Si le résultat du test (31) indique (312) que la valeur de I est différente de 0, la carte à puce 7 génère un délai (32), pendant lequel elle ne fera aucun traitement. Ce délai n'est plus fixe, mais fonction de la valeur de I. On peut prévoir par exemple, une fonction linéaire, une fonction par paliers, ou une fonction exponentielle.This approach is illustrated by the figure 3 . The method starts, in the same manner as in the first embodiment, by the reading (21) of the indicator I. A test (31) is performed on the value of the latter. If it is 0, the authentication process (23) is performed in the same way as in the first embodiment. If the result of the test (31) indicates (312) that the value I is different from 0, the smart card 7 generates a delay (32), during which it will not do any processing. This delay is no longer fixed, but depends on the value of I. For example, a linear function, a step function, or an exponential function can be provided.

Une fois le délai (32) écoulé, on passe à l'étape d'authentification (23), puis l'on fait le test (26) sur le résultat de l'authentification. Si le résultat de ce test (26) est correct, c'est-à-dire que la signature fournie est authentifiée, on repositionne (34) la valeur de l'indicateur à 0, puis on effectue la transaction (27).Once the delay (32) has elapsed, we go to the authentication step (23), then we test (26) on the result of the authentication. If the result of this test (26) is correct, that is to say that the provided signature is authenticated, the value of the indicator is repositioned (34) to 0, then the transaction (27) is carried out.

En revanche, si le résultat de l'authentification (26) est négatif (261), on incrémente (33) la valeur de I, avant de réaliser le traitement de signature erronée (28) dans le terminal.On the other hand, if the result of the authentication (26) is negative (261), the value of I is incremented (33) before performing the erroneous signature processing (28) in the terminal.

6.5 Variantes6.5 Variants

Si l'authentification n'est pas correcte (261), l'écriture (29, 33) dans l'indicateur I de la carte à puce 7 peut également comprendre une opération de mémorisation dans une mémoire non volatile (l'EEPROM 14 par exemple) de la carte à puce 7 d'au moins une information relative au contexte, tels que la date et l'heure et/ou un identifiant du terminal de paiement utilisé. L'étape 21 de lecture de l'indicateur I peut comprendre une étape de lecture des informations relatives au contexte qui sont éventuellement mémorisées dans la carte à puce 7 et le délai (24, 32) peut être fonction de ces informations.If the authentication is not correct (261), the writing (29, 33) in the indicator I of the smart card 7 may also include a storage operation in a non-volatile memory (the EEPROM 14 by example) of the smart card 7 of at least one information relating to the context, such as the date and time and / or an identifier of the payment terminal used. The reading step 21 of the indicator I may comprise a step of reading the information relating to the context that may be stored in the smart card 7 and the delay (24, 32) may be a function of this information.

Dans d'autres modes de réalisation, l'objet portatif peut être une clé USB et le terminal électronique peut être un ordinateur portable ou un ordinateur personnel par exemple.In other embodiments, the portable object may be a USB key and the electronic terminal may be a laptop or a personal computer for example.

La saisie de la signature peut être effectuée par d'autres moyens qu'un clavier (écran tactile, commande vocale,...).The signature can be entered by means other than a keyboard (touch screen, voice command, ...).

La liaison entre le terminal et l'objet portatif peut être effectuée par contact ou à distance (RFID par exemple).The connection between the terminal and the portable object can be made by contact or remotely (RFID for example).

La présente invention peut s'appliquer également à toute situation nécessitant une restriction de l'accès à un lieu ou un local protégé, à un véhicule appartenant à une ou plusieurs personnes, un site internet ou une base de données, par exemple.The present invention can also be applied to any situation requiring a restriction of access to a protected place or premises, to a vehicle belonging to one or more persons, a website or a database, for example.

Claims (9)

Procédé d'authentification d'un porteur d'un objet portatif comprenant des moyens de mémorisation d'au moins une information secrète, comprenant les étapes suivantes : - traitement d'authentification d'une signature délivrée par ledit porteur, tenant compte de ladite information secrète ; - délivrance d'une information de décision d'authentification, positive ou négative, le procédé mettant en oeuvre met en oeuvre, dans une mémoire non volatile dudit objet portatif, un indicateur de signature erronée pouvant prendre une valeur indiquant une situation normale et au moins une valeur indiquant une situation anormale, et comprenant : - après ladite étape de délivrance, une étape d'écriture, dans ledit indicateur de signature erronée, d'une valeur indiquant une situation anormale, si ladite décision d'authentification est négative ; et - avant ladite étape d'authentification, et si ledit indicateur de signature erronée contient une valeur indiquant une situation anormale, une étape de génération d'un retard, caractérisé en ce que ladite étape d'écriture comprend également une opération de mémorisation d'au moins une information relative au contexte, tels que la date et l'heure et/ou un identifiant du terminal utilisé.A method of authenticating a carrier of a portable object comprising means for storing at least one secret information, comprising the following steps: authentication processing of a signature issued by said bearer, taking into account said secret information; - issuing an authentication decision information, positive or negative, the method implementing implements, in a non-volatile memory of said portable object, an erroneous signature indicator that can take a value indicating a normal situation and at least one value indicating an abnormal situation, and comprising: after said delivery step, a step of writing, in said erroneous signature flag, a value indicating an abnormal situation, if said authentication decision is negative; and before said authentication step, and if said erroneous signature flag contains a value indicating an abnormal situation, a step of generating a delay, characterized in that said writing step also comprises an operation for storing at least one information relating to the context, such as the date and time and / or an identifier of the terminal used. Procédé d'authentification selon la revendication 1, caractérisé en ce qu'il comprend, après ladite étape de génération d'un retard ou après ladite étape de délivrance : - une étape d'écriture, dans ledit indicateur de signature erronée, de ladite valeur indiquant une situation normale Authentication method according to claim 1, characterized in that it comprises, after said step of generating a delay or after said step of issuing: a step of writing, in said erroneous signature flag, said value indicating a normal situation Procédé d'authentification selon l'une quelconque des revendications 1 et 2 caractérisé en ce que ledit indicateur de signature erronée est un élément binaire.Authentication method according to any one of claims 1 and 2 characterized in that said erroneous signature indicator is a binary element. Procédé d'authentification selon l'une quelconque des revendications 1 et 2
caractérisé en ce que ledit indicateur de signature erronée est un compteur, remis à zéro en présence d'une décision d'authentification positive et incrémenté en présence d'une décision d'authentification négative.Authentication method according to any one of claims 1 and 2
characterized in that said erroneous signature flag is a counter, reset in the presence of a positive authentication decision and incremented in the presence of a negative authentication decision. Procédé d'authentification selon la revendication 4, caractérisé en ce que ledit retard est proportionnel à la valeur dudit compteur.Authentication method according to claim 4, characterized in that said delay is proportional to the value of said counter. Produit programme d'ordinateur stocké sur un objet portatif et/ou exécutable par un microprocesseur, caractérisé en ce qu'il comprend des instructions de code de programme pour l'exécution des étapes du procédé d'authentification selon l'une quelconque des revendications 1 à 5.Computer program product stored on a portable object and / or executable by a microprocessor, characterized in that it comprises program code instructions for performing the steps of the authentication method according to any one of claims 1 at 5. Objet portatif sécurisé comprenant : - des moyens de mémorisation d'au moins une information secrète ; - des moyens d'authentification d'une signature délivrée par ledit porteur, tenant compte de ladite information secrète ; - des moyens de délivrance d'une information de décision d'authentification, positive ou négative, - des moyens de mémorisation non volatile d'un indicateur de signature erronée pouvant prendre une valeur indiquant une situation normale et au moins une valeur indiquant une situation anormale, caractérisé en qu'il comprend des moyens de mémorisation d'au moins une information relative au contexte, tels que la date et l'heure et/ou un identifiant du terminal utilisé.Secure portable object comprising: means for memorizing at least one secret information; means for authenticating a signature delivered by said bearer, taking into account said secret information; means for issuing an authentication decision information, positive or negative, means for non-volatile storage of an erroneous signature indicator that can take a value indicating a normal situation and at least one value indicating an abnormal situation, characterized in that it comprises means for storing at least one piece of information relating to the context, such as the date and time and / or an identifier of the terminal used. Objet portatif selon la revendication 7, caractérisé en ce qu'il comprend : - des moyens d'écriture, dans ledit indicateur de signature erronée, d'une valeur indiquant une situation anormale, si ladite décision d'authentification est négative ; et - des moyens de génération d'un retard, si ledit indicateur de signature erronée contient une valeur indiquant une situation anormale. Portable object according to claim 7, characterized in that it comprises: means for writing, in said erroneous signature flag, a value indicating an abnormal situation, if said authentication decision is negative; and means for generating a delay, if said erroneous signature flag contains a value indicating an abnormal situation. Objet portatif selon l'une quelconque des revendications 7 et 8, caractérisé en ce que ladite mémoire non volatile est une mémoire de type EEPROM ou Flash.Portable object according to any one of claims 7 and 8, characterized in that said non-volatile memory is an EEPROM type memory or Flash.
EP20080166402 2007-10-12 2008-10-10 Authentication method, corresponding portable object and computer program Withdrawn EP2048631A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FR0758292A FR2922394B1 (en) 2007-10-12 2007-10-12 AUTHENTICATION METHOD, PORTABLE OBJECT AND CORRESPONDING COMPUTER PROGRAM

Publications (1)

Publication Number Publication Date
EP2048631A1 true EP2048631A1 (en) 2009-04-15

Family

ID=39401016

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20080166402 Withdrawn EP2048631A1 (en) 2007-10-12 2008-10-10 Authentication method, corresponding portable object and computer program

Country Status (5)

Country Link
US (1) US20090100240A1 (en)
EP (1) EP2048631A1 (en)
BR (1) BRPI0804240A2 (en)
CA (1) CA2640916A1 (en)
FR (1) FR2922394B1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4092524A (en) * 1975-05-13 1978-05-30 Societe Internationale Pour L'innovation Systems for storing and transferring data
FR2493564A1 (en) * 1980-10-31 1982-05-07 Gao Ges Automation Org INFORMATION SUPPORT IDENTIFICATION ELEMENT
US5594227A (en) * 1995-03-28 1997-01-14 Microsoft Corporation System and method for protecting unauthorized access to data contents
EP1413980A1 (en) * 2002-10-24 2004-04-28 SCHLUMBERGER Systèmes Protection of a portable object against denial of service type attacks

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6332658A (en) * 1986-07-28 1988-02-12 Casio Comput Co Ltd Ic card system
WO1993006695A1 (en) * 1991-09-23 1993-04-01 Z-Microsystems Enhanced security system for computing devices
JP3083187B2 (en) * 1991-09-30 2000-09-04 富士通株式会社 Key management method of electronic wallet system
AU3777593A (en) * 1992-02-26 1993-09-13 Paul C. Clark System for protecting computers via intelligent tokens or smart cards
US5591949A (en) * 1995-01-06 1997-01-07 Bernstein; Robert J. Automatic portable account controller for remotely arranging for payment of debt to a vendor
US6567915B1 (en) * 1998-10-23 2003-05-20 Microsoft Corporation Integrated circuit card with identity authentication table and authorization tables defining access rights based on Boolean expressions of authenticated identities
US6257486B1 (en) * 1998-11-23 2001-07-10 Cardis Research & Development Ltd. Smart card pin system, card, and reader
US6802007B1 (en) * 2000-04-24 2004-10-05 International Business Machines Corporation Privacy and security for smartcards in a method, system and program
US7036730B2 (en) * 2000-11-03 2006-05-02 Amerasia International Technology, Inc. Electronic voting apparatus, system and method
JP4201570B2 (en) * 2002-05-20 2008-12-24 淳一 棚橋 Monitoring device and monitoring system
JP4236641B2 (en) * 2003-01-20 2009-03-11 富士通株式会社 Authentication information processing method
US20060130154A1 (en) * 2004-11-30 2006-06-15 Wai Lam Method and system for protecting and verifying stored data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4092524A (en) * 1975-05-13 1978-05-30 Societe Internationale Pour L'innovation Systems for storing and transferring data
FR2493564A1 (en) * 1980-10-31 1982-05-07 Gao Ges Automation Org INFORMATION SUPPORT IDENTIFICATION ELEMENT
US5594227A (en) * 1995-03-28 1997-01-14 Microsoft Corporation System and method for protecting unauthorized access to data contents
EP1413980A1 (en) * 2002-10-24 2004-04-28 SCHLUMBERGER Systèmes Protection of a portable object against denial of service type attacks

Also Published As

Publication number Publication date
FR2922394B1 (en) 2011-04-08
FR2922394A1 (en) 2009-04-17
CA2640916A1 (en) 2009-04-12
US20090100240A1 (en) 2009-04-16
BRPI0804240A2 (en) 2009-12-01

Similar Documents

Publication Publication Date Title
EP2463833B1 (en) Method and device for operational control of internal functions and protected applications embedded in chip cards for mobile terminals
EP3794538B1 (en) Method and system of autonomous enrolment for biometric device holder
FR2574963A1 (en) IDENTIFICATION DEVICE
EP2053554A1 (en) Portable electronic device for exchanging values and method of implementing such a device
FR2901079A1 (en) METHOD FOR SECURING A CHIP CARD TRANSACTION, WRITE TERMINAL FOR SECURING SUCH TRANSACTION, AND SECURED CHIP CARD
EP2447880A1 (en) Method and system for controlling the performance of a function protected by user authentication, in particular for accessing a resource
EP2070234B1 (en) Securing of code for personal entity
EP1258004B1 (en) Secure real time writing for non volatile storage
EP3384449A1 (en) Payment method and device using said method
EP2048631A1 (en) Authentication method, corresponding portable object and computer program
FR3052895B1 (en) METHOD FOR SENDING SECURITY INFORMATION
FR3080934A1 (en) METHOD AND SYSTEM FOR PERFORMING SECURE DATA EXCHANGE
FR2832829A1 (en) Authentication of data sent or received by a user, uses mobile terminal and smart card carried by user to connect to authentication server
EP1399896A1 (en) Cryptographic method of protecting an electronic chip against fraud
EP2795830B1 (en) Method of encrypted data exchange between a terminal and a machine
FR2922670A1 (en) METHOD AND DEVICE FOR EXCHANGING VALUES BETWEEN PERSONAL PORTABLE ELECTRONIC ENTITIES
FR2730076A1 (en) Authentication by server of holder of object incorporating microprocessor
CN107657533B (en) Self-service transaction reminding method and device and terminal equipment
EP1983480A1 (en) Payment terminal, associated method and program
WO2003056524A1 (en) Self-locking smart card and device for ensuring the security thereof
EP0910839B1 (en) Method for safely storing credit units in a smart card and monetary transaction system using same
EP3032450B1 (en) Method for checking the authenticity of a payment terminal and terminal thus secured
EP3690685A1 (en) Method for authenticating a user and associated device
WO2019234346A1 (en) Chip card personalisable in a secure manner and method for secure personalisation
EP3564914A1 (en) Method and system for performing a secure data exchange

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

17P Request for examination filed

Effective date: 20090421

17Q First examination report despatched

Effective date: 20090710

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20150507

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: INGENICO GROUP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20170627