Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberCN101632086 B
Publication typeGrant
Application numberCN 200880005439
PCT numberPCT/GB2008/050100
Publication date19 Dec 2012
Filing date15 Feb 2008
Priority date20 Feb 2007
Also published asCA2678101A1, CA2678101C, CN101632086A, EP2122527A2, EP2122527B1, US7882553, US20080201577, WO2008102169A2, WO2008102169A3
Publication number200880005439.6, CN 101632086 B, CN 101632086B, CN 200880005439, CN-B-101632086, CN101632086 B, CN101632086B, CN200880005439, CN200880005439.6, PCT/2008/50100, PCT/GB/2008/050100, PCT/GB/2008/50100, PCT/GB/8/050100, PCT/GB/8/50100, PCT/GB2008/050100, PCT/GB2008/50100, PCT/GB2008050100, PCT/GB200850100, PCT/GB8/050100, PCT/GB8/50100, PCT/GB8050100, PCT/GB850100
Inventors乔纳森罗山图利安尼
Applicant科里普托马迪克公司
Export CitationBiBTeX, EndNote, RefMan
External Links: SIPO, Espacenet
Authentication device and method
CN 101632086 B
Abstract  translated from Chinese
本发明涉及认证设备和方法,具体涉及用于产生动态口令的设备和方法,并且涉及承载所述设备的卡和实现所述方法的软件。 The present invention relates to an authentication device and method, and particularly to an apparatus and method for generating a dynamic password, and to carrying the equipment of the card and the method of implementing software. 一种用于产生与针对第一密码方案的动态口令相对应中间密文数据的装置,所述中间密文数据适合使用针对不同的第二密码方案而设计的设备来进行显示,所述装置包括:用于与所述设备进行通信的通信接口;以及与存储器耦合的处理器,所述存储器存储处理器控制代码,处理器控制代码用于控制处理器在运行时进行以下操作:根据第一密码方案产生动态口令;并且产生与所述动态口令相对应的中间密文数据,中间密文数据适合向所述设备输出,使得当所述设备根据第二密码方案处理所述中间密文数据时,所述设备产生适合显示所述动态口令的数据。 A method for generating a dynamic password for the password program first intermediate ciphertext corresponding data device, the intermediate ciphertext data suitable for different second cryptographic schemes designed equipment for display, said apparatus comprising : for use with the device communication interface; and a memory coupled to the processor, the memory storing processor control code, processor control code for controlling the processor to operate at run time: according to the first password program generates dynamic password; and generating the dynamic password corresponding intermediate ciphertext data, intermediate ciphertext data for output to the device, such that when the device to process the data according to the second intermediate ciphertext password scheme, The device generates a dynamic password for displaying the data.
Claims(16)  translated from Chinese
1. ー种用于产生与针对第一密码方案的动态ロ令相对应的中间密文数据的装置,所述中间密文数据适合使用针对第二密码方案而设计的芯片认证程序CAP兼容设备来显示,所述第二密码方案用于产生ロ令,所述第二密码方案是CAP方案,所述装置包括:通信接ロ,用干与所述CAP兼容设备进行通信;以及处理器,与存储器耦合,所述存储器存储处理器控制代码,处理器控制代码用于控制处理器,其中,处理器被配置为根据所述第一密码方案产生动态ロ令,以及通过使用与CAP兼容设备采用的十进制换算处理相反的处理,将ロ令转换为ニ进制数据,并按照与CAP兼容设备采用的压缩处理相反的方式,填充ニ进制数据,从而根据所述动态ロ令产生中间密文数据,其中,所述中间密文数据适合向所述设备输出,使得当所述设备根据所述第二密码方案处理所述中间密文数据以产生ロ令时,所述设备输出根据第一密码方案产生的所述动态ロ令。 1. ー kinds of means for generating a first cryptographic schemes dynamic ro make corresponding intermediate ciphertext data, the intermediate ciphertext data is suitable for use for a second password program designed chip authentication program CAP-compatible devices display, said second cryptographic scheme for generating ro make a second password scheme is CAP program, the apparatus comprising: a communication access ro, dry and the CAP-compatible devices to communicate; and a processor, and memory coupling said memory storing processor control code, processor control code for controlling the processor, wherein the processor is configured to generate dynamic ro password scheme based on the first order, and by using the CAP-compatible equipment using decimal Instead of processing in terms of handling, so that the converted ni ro binary data, and is compatible with the equipment used in the compression processing CAP opposite manner, the writing is filled with binary data, thereby generating ciphertext data based on said intermediate dynamic ro order, wherein , the intermediate ciphertext data to the appropriate output device, such that when the device processes the data in accordance with the intermediate ciphertext to generate second cryptographic scheme ro order when the output generated by the device according to the first cipher scheme The dynamic ro order.
2.根据权利要求I所述的装置,其中,所述动态ロ令包括一次性ロ令。 2. I The apparatus according to claim, wherein said dynamic include disposable ro ro make orders.
3.根据权利要求I或2所述的装置,其中,第一密码方案包括开放认证方案。 3. I means or according to claim 2, wherein the first cryptographic schemes including open authentication scheme.
4.根据权利要求I或2所述的装置,其中,第一密码方案包括RSA SecurelD。 4. I means or according to claim 2, wherein the first cryptographic schemes include RSA SecurelD.
5.根据权利要求I或2所述的装置,其中,第一密码方案包括Vasco Digipass0 I apparatus according to claim or 2, wherein the first cryptographic schemes include Vasco Digipass0
6.根据权利要求I所述的装置,其中,填充ニ进制数据包括:根据CAP发行者专有位图来插入比特。 6. The apparatus according to claim I, wherein the filling Ni binary data comprising: the Issuer Proprietary Bitmap CAP to insert bits.
7.根据权利要求I所述的装置,其中,填充ニ进制数据包括:并入与一个或多个校验数位相对应的校验数位数据。 7. I apparatus according to claim, wherein the filler Ni binary data include: incorporated with one or more of the check the number of phases corresponding check digit data.
8.根据权利要求I所述的装置,其中,使用所述设备不能显示第一密码方案中的可能的动态ロ令的一部分,其中,产生动态ロ令包括:重复产生动态ロ令直到找到能够使用所述CAP兼容设备来显示的动态ロ令为止。 8. I The apparatus according to claim, wherein, using the device can not display the password scheme may be part of a first order dynamic ro, wherein generating the dynamic order ro comprising: generating dynamic ro repeated until it finds can be used to make The CAP-compatible device to display dynamic ro so far.
9.根据权利要求8所述的装置,其中,所述可能的动态ロ令的一部分包括:具有前导零的动态ロ令。 9. The apparatus according to claim 8, wherein said ro makes possible dynamic portion comprising: a leading zero order dynamic ro.
10.根据权利要求8所述的装置,其中,产生动态ロ令还包括:对由所述设备产生的校验数位进行确定。 10. The apparatus according to claim 8, wherein generating the dynamic ro make further comprising: a device for generating by said determined check digit.
11.根据权利要求I所述的装置,其中,所述设备被配置为:除了所述中间密文数据,还处理同歩数据;以及,产生中间密文数据还包括:产生用于向所述设备输出的同步数据,使得当所述CAP兼容设备根据所述第二密码方案处理所述同步数据和所述中间密文数据时,所述CAP兼容设备产生适合显示所述动态ロ令的数据。 11. I The apparatus according to claim, wherein the device is configured to: in addition to the intermediate ciphertext data, further data processing with ho; and, generating intermediate ciphertext data further comprises: generating for to the synchronous data output of the device, such that when the CAP-compatible device to process the synchronization data and the intermediate ciphertext data according to the second password scheme, the CAP-compatible device generates data for displaying the dynamic ro order.
12.根据权利要求11所述的装置,其中,所述同步数据包括应用交易计数器ATC。 12. The apparatus according to claim 11, wherein said synchronization data comprises application transaction counter ATC.
13. ー种集成电路,包括权利要求I所述的装置。 13. ー kinds of integrated circuits, including the claims I said apparatus.
14. ー种卡,承载权利要求13所述的集成电路。 14. ー kind card, bearing integrated circuit of claim 13.
15. —种产生与根据第一密码方案的密文相对应的中间密文数据的方法,所述数据适合在针对不兼容的第二密码方案而设计的芯片认证程序CAP兼容设备上显示,所述第二密码方案用于产生ロ令,所述第二密码方案是CAP方案,所述方法包括:根据第一密码方案产生动态ロ令;以及通过使用与CAP兼容设备采用的十进制换算处理相反的处理,将ロ令转换为ニ进制数据,并按照与CAP兼容设备采用的压缩处理相反的方式,填充ニ进制数据,从而根据所述动态ロ令产生中间密文数据,其中,所述中间密文数据适合向所述设备输出,使得当所述设备根据所述第二密码方案处理所述中间密文数据以产生ロ令时,所述设备输出根据第一密码方案产生的所述动态ロ令。 15. - kind of produce and process according to the program's first cryptographic cipher text corresponding intermediate ciphertext data, the data is suitable for a second password for the incompatible program designed chip authentication program CAP-compatible devices on the display, the said second cryptographic schemes for generating ro make a second password scheme is CAP program, the method comprising: generating a dynamic password ro order under the first program; and by using the CAP-compatible equipment using decimal conversion process reverse processing the converted ni ro make binary data, and is compatible with the equipment used in the compression processing CAP opposite manner, the writing is filled with binary data, thereby generating ciphertext data based on said intermediate dynamic ro order, wherein the intermediate the ciphertext data to the appropriate output device, such that when the device processes the data in accordance with the intermediate ciphertext to generate second cryptographic scheme ro order when the output generated by the apparatus according to the first dynamic password scheme ro order.
16.根据权利要求15所述的方法,其中,产生动态ロ令包括产生HMAC-SHA1密文。 16. The method according to claim 15, wherein the generating comprises generating the dynamic ro make HMAC-SHA1 ciphertext.
Description  translated from Chinese

认证设备和方法 Authentication device and method

技术领域 Technical Field

[0001] 本发明涉及一种认证设备和方法,具体涉及用于产生动态ロ令的设备和方法,以及承载该设备的卡和实现该方法的软件。 [0001] The present invention relates to an authentication device and method, and particularly to an apparatus and method for generating a dynamic ro order, as well as carrying the equipment card and the software implementing the method.

背景技术 Background

[0002] 远程用户的认证是很多基于网和网络的应用的基本部分。 [0002] The remote user authentication is a lot of network-based applications and the network of basic parts. 传统的用户名和ロ令提供廉价但差的解决方案。 Traditional user name and ro order to provide cheap but poor solution. 通常通过向用户发放'令牌'(小型且便携式设备)来获得较高的安全性,显然,该'令牌'产生仅对单次使用是有效的随机ロ令:所谓的一次性ロ令(OTP)。 Usually issued by a user 'token' (small and portable devices) to obtain high security, it is clear that the 'token' generates only a single use is valid random ro order: the so-called ro-time orders ( OTP). 通过向系统呈现0ΤΡ,用户证明了对该令牌的所有权,当与传统静态ロ令相结合时,该令牌提供了有力的、双因素认证。 Through the system presents 0ΤΡ, users prove ownership of the token, when the traditional static order ro combine the token to provide a strong, two-factor authentication. [0003] 在市场上存在广泛不同的令牌,主要基于专有的、供应商特定的技木。 [0003] The widely different token presence in the market, mainly based on proprietary, vendor-specific technology of wood. 例如,RSA SecurelD、VASCO Digipass、Secure Computing 和Active Identity。 For example, RSA SecurelD, VASCO Digipass, Secure Computing and Active Identity. 最近正在令牌供应商组织正在进行标准化的努力,称作开放认证的倡议(OATH) [http://www.openauthentication. org]。 Recently token supplier organization is ongoing standardization effort, called the Open Authentication Initiative (OATH) [http: //www.openauthentication org.]. 该OATH寻■求促进OTP产生令牌的标准以及它们的部署和使用所需的基础设施。 The search OATH OTP ■ seek promotion of standards and infrastructure to produce the token deployment and use of their need.

[0004] 同时,金融部门的强认证的需要已经导致MasterCard领导了基于标准'芯片和PIN'支付卡(图I)的变型的备选标准。 [0004] At the same time, strong authentication needs of the financial sector has led to MasterCard standards-based alternative leadership standards 'chip and PIN' payment card (Figure I) of the variant. 在该方案中,所谓的芯片认证程序(CAP) [ChipAuthentication Program FunctionArchitecturejMasterCard International,September2004],手持卡读取器(图2)用于基于该卡内的核心功能来创建0ΤΡ。 In this scenario, the so-called chip authentication program (CAP) [ChipAuthentication Program FunctionArchitecturejMasterCard International, September2004], handheld card reader (Figure 2) is used on the core functionality of the card to create 0ΤΡ. 该卡读取器是匿名的并且可互換的,并且提倡普遍的部署的构思让它们成为家庭或者办公室中平凡的物件,从而无需单个用户自己携帯他们的卡读取器。 The card reader is anonymous and interchangeable, and to promote the idea of universal deployed them as a home or office in ordinary objects, eliminating the need for individual users their own portable Bands card reader.

[0005] 然而,CAP是封闭的专有系统并且不与其它系统兼容。 [0005] However, CAP is closed and proprietary systems are not compatible with other systems. 在未来,CAP兼容卡读取器可以变得广泛可用,但是它们将仅对它们的发行银行批准应用的CAP兼容的芯片和PIN卡有用,这是由于只有发行银行可以访问验证该卡所产生的OTP所需的信息。 In the future, CAP-compliant card reader can become widely available, but they will only release the bank approved their application CAP-compatible chip and PIN card of useful, since only the issuing bank to verify that the card can be accessed arising OTP requested information.

发明内容 DISCLOSURE

[0006] 将描述利用标准CAP卡读取器以及传统的、非支付卡一起来产生OATH兼容的OTP的手段。 [0006] The CAP will be described using a standard card reader as well as traditional and non-payment cards together to produce a means of OATH-compliant OTP. 该方法的优点是可以使用标准OATH基础设施用于卡的部署以及产生的OTP的验证,同时通过利用部署的卡读取器基础,将令牌的成本減少至芯片卡的成本。 The advantage of this method is that you can use the standard OATH infrastructure for card deployment, and verification of the OTP generation, but by using a card reader infrastructure deployment, will reduce the cost of tokens to the cost of the chip card. 更一般地,将描述卡中的替换算法以及基于读取器的一次性ロ令设备。 More generally, the card will be described based on the replacement algorithm, and makes the reader ro disposable devices. 可以提供卡与例如RSASecureID、VASC0 DigiPass、Secure Computing 或者ActivIdentity 方案协同工作,或取而代之与OATH协同工作。 We can provide the card with, for example RSASecureID, VASC0 DigiPass, Secure Computing ActivIdentity program or work, or instead work with OATH.

[0007] 将描述ー种产生针对第一密码方案的动态ロ令的集成电路,所述电路适合与针对不同的第二密码方案而设计的设备一起使用,所述电路包括:电源输入,用于向集成电路供电;接ロ,用于向集成电路发送数据和接收来自集成电路的数据;以及与存储器耦合的处理器,所述存储器存储处理器控制代码,所述处理器控制代码用于控制处理器在运行时,进行以下处理:根据第一密码方案产生动态ロ令,然后产生适合向所述设备输出的中间密文数据,使得由所述设备根据第二密码方案执行的处理导致所述设备根据第一密码方案产生原始动态ロ令。 [0007] The description ー kinds of produce for integrated circuit dynamic ro first cryptographic scheme order, the circuit is suitable for use with a second password for different programs designed for use with the device, said circuit comprising: a power input for power to the integrated circuit; ro connected, for transmitting data and receiving data from the integrated circuit to the integrated circuit; and a processor coupled to the memory, the memory storing processor control code, said processor control code for controlling processing at run time, the following process: According to a first order ro generate dynamic password scheme, and then output to the device for generating an intermediate ciphertext data, such that the processing performed by the device according to the second program code causes the device produce original dynamic ro order according to the first password scheme.

[0008] 将描述一种根据第一密码方案输出与动态ロ令相对应的伪密文数据的方法,所述数据适合向针对不同的第二密码方案而设计的设备输出,所述方法包括:根据第一密码方案产生动态ロ令,并然后通过所述设备根据第二密码方案执行处理的反处理来产生中间密文数据,并且输出所述中间密文数据,使得处理数据的所述设备根据第一密码方案产生原始动态ロ令。 [0008] The method describes a password scheme based on the first output and dynamic pseudo-ro make corresponding ciphertext data, the data for the second password for different programs designed output device, the method comprising: According to a first password generating program makes dynamic ro, and then to produce intermediate ciphertext data processing by the device according to the anti-executed second cryptographic processing program, and the output of the intermediate ciphertext data, making the data processing apparatus according to The first password scheme produces original dynamic ro order.

[0009] 根据本发明的ー个方面,提供了一种产生与针对第一密码方案的ロ令相对应的中间密文数据的装置,所述装置适合与针对不同的第二密码方案而设计的设备一起使用,所述装置包括:用干与所述设备进行通信的通信接ロ;以及与存储器耦合的处理器,所述存储器存储处理器控制代码,所述处理器控制代码用于控制处理器在运行时进行如下操作:根据第一密码方案产生ロ令;以及产生与所述ロ令相对应的中间密文数据,所述中间密文数据适合向所述设备输出,使得当所述设备根据第二密码方案处理所述中间密文数据时, 所述设备产生所述ロ令。 [0009] According ー aspect of the present invention, there is provided a password for the first program and ro make corresponding intermediate ciphertext data generating apparatus of the device suitable for use with a second password for different programs designed Equipment used together, the apparatus comprising: performing communication with the communication apparatus with the dry pick ro; and a processor coupled to the memory, the memory storing processor control code, said processor control code for controlling the processor at run time as follows: According to the first password so generated ro programs; and generating ro make the corresponding intermediate ciphertext data, the intermediate ciphertext data for output to the device, such that when the device according to the second intermediate code program to process the ciphertext data, the device generates the ro order.

[0010] 优选地,所述ロ令包括:动态ロ令或者通过在密文计算中包括来自ニ进制计数器或者时钟的比特来产生的ロ令,并且在使用计数器的情况下,每次增加所述计数器时产生ロ令。 [0010] Preferably, the ro so include: dynamic ro order or by including bits from Ni binary counter or clock in the ciphertext calculations to produce the ro order, and in the case of the counter, which increments produce ro make when said counter.

[0011] 有时第一密码方案的动态ロ令与第二密码方案的所述设备不兼容,并且产生动态ロ令的代码可以包括重复地产生动态ロ令直到找到与第二密码方案兼容的动态ロ令为止的代码。 [0011] The apparatus of the first cryptographic schemes sometimes dynamic ro make a second password scheme incompatible, and generates code dynamically ro orders may include generating a dynamic ro make repeatedly until you find the program compatible with a second password dynamic ro make up the code.

[0012] 该不兼容性可能由发生在与所述第二密码方案的所述设备不兼容的第一密码方案中的特定动态ロ令中的前导零(leading zeros)所引起。 [0012] This may be caused by an incompatibility occurs is not compatible with the devices of the second program of the first cipher password scheme to make specific dynamic ro leading zeros (leading zeros).

[0013] 备选地,该不兼容性可能由与第一密码方案的特定动态ロ令不兼容的所述设备自动产生的校验数位所引起。 [0013] Alternatively, the incompatibility may be caused by specific dynamic ro with the first password solution so that the device is not compatible with automatic check digit generated by the Company.

[0014] 根据本发明的另一方面,提供了一种根据第一密码方案产生与密文相对应的中间密文数据的方法,所述数据适合在针对不同的第二密码方案而设计的设备上显示,所述方法包括:根据第一密码方案产生动态ロ令;以及产生与所述动态ロ令相对应的中间密文数据,所述中间密文数据适合向所述设备输出,使得当所述设备根据第二密码方案处理所述中间密文数据时,所述设备输出所述动态ロ令。 [0014] According to another aspect of the present invention, there is provided a method according to the first password scheme produces ciphertext corresponding intermediate ciphertext data, the data for the second password for different programs designed equipment On display, the method comprising: generating a dynamic password ro order under the first program; and generating the dynamic ro make corresponding intermediate ciphertext data, the intermediate ciphertext data for output to the device, so that when the said device when processing the intermediate ciphertext data, the output of the device according to the second order dynamic ro password scheme.

[0015] 本发明还提供了处理器控制代码以例如在通用计算机系统或数字信号处理器(DSP)上,或者在专用集成电路上(例如智能卡)实现上述方法。 [0015] The present invention further provides processor control code, for example, a general purpose computer system or a digital signal processor (DSP) on, or in application specific integrated circuits (such as smart cards) for implementing the method. 可以在诸如磁盘、CD或DVD-ROM、可编程存储器(如只读存储器(固件))等载体上、或者在诸如光或电信号载体等数据载体上提供所述代码。 It may be such as a diskette, CD or DVD-ROM, programmable memory (e.g., read only memory (Firmware)) and other carriers, or the code is provided on a carrier such as an optical or electrical signal carrier and other data. 实现本发明实施例的代码(和/或数据)可以包括传统编程语言(解释或编译)中的源、目标或可执行代码,如C或者汇编代码。 Implementation code (and / or data) may include a conventional programming languages embodiment of the present invention (interpreted or compiled) source, object or executable code, such as C or assembly code. 还可以例如在FPGA(现场可编程门阵列)上或者在ASIC(专用集成电路)中实现上述方法。 For example, or it may be the above method ASIC (Application Specific Integrated Circuit) in the FPGA (Field Programmable Gate Array) on. 从而所述代码还可以包括:用于设置或控制ASIC或FPGA的代码、或用于诸如Verilog(商标)、VHDL(超高速集成电路硬件描述语言等硬件描述语言的代码、或RTL代码或SystemC。典型地,使用诸如RTL(寄存器传送语言)等代码(或者使用较高级别的语言(比如C)来描述专用硬件。如本领域技术人员将理解的,可以在彼此通信的多个耦合组件中分布这种代码和/或数据。 So that the code can also include: means for setting or controlling an ASIC or FPGA code, or for applications such as Verilog (trademark), VHDL (ultra high speed integrated circuit hardware description language hardware description language code, or RTL code or SystemC. Typically, such as RTL (Register Transfer Language) or the like codes (or use a higher level language (such as C) described dedicated hardware. As those skilled in the art will appreciate, may be distributed in a plurality of coupled components in communication with one another This code and / or data.

[0016] 可以将本发明的上述方面和实施例的特征以任意排列进行结合。 [0016] may be above aspects and features of embodiments of the present invention to be combined in any order.

附图说明 Brief Description

[0017] 现在将參照附图来详细地描述本发明的这些和其它方面的实施例,在附图中: [0017] will now be described with reference to the drawings in detail and other aspects of these embodiments of the present invention, in the drawings:

[0018] 图3示出了根据本发明的实施例的方法的流程图。 [0018] FIG. 3 shows a flowchart of a method embodiment of the present invention.

[0019] 图4示出了根据本发明的实施例的设备的框图。 [0019] Figure 4 illustrates a block diagram of an embodiment of the apparatus according to the invention.

具体实施方式 DETAILED DESCRIPTION

[0020] 我们将首先描述MasterCard芯片认证程序。 [0020] We will first describe the MasterCard Chip Authentication Program.

[0021] 芯片和PIN卡 [0021] The chip and PIN card

[0022] '芯片和PIN'卡遵循形式上称作EMV的技术标准,类似于Europay、Mastercard和Visa。 [0022] 'chip and PIN' cards follow formal technical standard known as EMV, like Europay, Mastercard and Visa. 在世界上很多国家中广泛采用这种卡,这是由于它们提供強大的安全特征以允许卡的发行者可以控制各种形式的欺诈行为。 Many countries in the world, is widely used in this card, this is because they provide strong security features to allow the card issuer can control various forms of fraud.

[0023] 使用每个EMV卡中嵌入的芯片来授权交易。 [0023] The use of each EMV chip embedded in the card to authorize the transaction. 该授权是基于使用属于卡的密钥以及交易的细节所计算出来的密文。 This authorization is based on the use of keys belonging to the card and the transaction details are calculated ciphertext. 在发行过程期间将该密钥嵌入至芯片中,并且由发行银行安全地保存副本。 During the distribution process to the chip embedded in the key, and save a copy of the issue of bank safely. 该芯片还保持称作应用交易计数器(ATC)的计数器值,作为对重放性攻击(replayattack)的防御,在密文计算中包括该ATC并且会随着姆一次交易而增加。 The chip also hold counter value is referred to Application Transaction Counter (ATC) as against replay attacks (replayattack) defense, in the ciphertext included in the calculation of the ATC and will increase as the Farm a transaction. 最后,持卡人提供PIN,在允许计算密文之前,该芯片将该PIN与存储的參考值进行验证。 Finally, the cardholder PIN, before allowing the calculation of the ciphertext, the reference value of the chip with the stored PIN validation.

[0024] 当接收到交易时,发行者能够使用该卡的密钥的副本重计算该密文。 [0024] Upon receipt of the transaction, the issuer can use a copy of the card key recalculation of the ciphertext. 由于没有其他人具有该密钥,有效的密文必然由该卡发起,并且由该卡进行的PIN的验证证明了该卡依然为原始持卡人所有。 Since no one else has the key, effective ciphertext inevitably initiated by the card, and the PIN is verified by the card proved that the card is still the original cardholder all.

[0025] CAP 概述 [0025] CAP Overview

[0026] 特殊类型的交易是众所周知的'无卡(card not present)' (CNP)交易。 [0026] The particular type of transaction is known 'non-card (card not present)' (CNP) transactions. 这些交易包括邮件订购、电话订购以及基于网页的电子商务交易。 These transactions include mail order, telephone order and web-based e-commerce transactions. 在这些情况中,发行银行仅基于可视的卡的细节(如卡号和过期时间)来授权支付。 In these cases, the issuing bank based only on the details (such as the card number and expiration date) visible cards to authorize payments. 由于这些值实质上是静态的并且容易复制,因此CNP交易有吸引力的欺诈目标。 Since these values are essentially static and easy to copy, so CNP transaction attractive fraud targets.

[0027] MasterCard以及在卡エ业中的一些其他组织已经开发出允许芯片和PIN卡的安全性在CNP场景中得到补充支持的标准。 [0027] MasterCard and other organizations in the card EVAL industry has been developed to allow security chip and PIN card has been the scene for added support in CNP standards. 该方案被称作芯片认证程序(CAP)。 The program is called the chip authentication program (CAP). CAP要求向每ー个持卡人发行小型手持卡读取器。 CAP require the issue of small hand-held card reader to each ー cardholders. 通过将他们的卡插入他们的读取器,并且输入他们的PIN,该持卡人可以基于卡上的密钥和ATC来产生OTP。 By their card into their reader and enter their PIN, the cardholder may be based on the card key and the ATC to generate OTP. 发行者可以基于相同的输入数据和密钥通过重计算密文来验证该OTP。 The issuer may be based on the same input data and key ciphertext to verify that the OTP by recalculation.

[0028] 注意,卡读取器对于持卡人来说不是私人的,并且不执行重要的安全操作。 [0028] Note that the card reader is not private for cardholders, and does not perform important security operations.

[0029] EMV CAP OTP 计算 [0029] EMV CAP OTP calculation

[0030] 设计芯片和PIN芯片卡用于在现场销售支付终端(point-of-salepaymentterminals)和ATM上使用,不是特别用于一次性ロ令产生。 [0030] The design of the chip and PIN for chip card payment terminals on-site sales (point-of-salepaymentterminals) and ATM use, is not particularly useful in order to generate a one-time ro. CAP读取器在用卡进行的交易中模拟EMV支付終端,然后卡读取器负责获得由卡产生的支付密文并且将它转换成一次性ロ令。 CAP reader EMV payment terminal simulation transaction with the card, then the card reader is responsible for obtaining payment from the card generated ciphertext and convert it into a disposable ro order.

[0031] 在[芯片认证程序功能结构体系]中详细指定了由CAP读取器执行的处理,但是总之包括下列阶段: [0031] in [Chip Authentication Program features architecture] specifies in detail the processing performed by the CAP reader, but in short, consists of the following stages:

[0032] I、收集密文输入数据 [0032] I, to collect the ciphertext input data

[0033] 2、提取OTP数据 [0033] 2, the data extracted OTP

[0034] 3、十进制换算 [0034] 3, decimal conversion

[0035] 下面更详细地解释每个步骤。 [0035] explained in more detail below for each step.

[0036] 收集密文输入数据 [0036] collect the ciphertext input data

[0037] 对密文计算过程的两个主要输入是卡密钥和ATC。 [0037] The calculation of the ciphertext two main inputs are card key and ATC. 然而,根据EMV,存在用作对密文验证的输入的许多其它參数。 However, according to EMV, the ciphertext is used to verify the presence of many other parameters entered. 这些对于卡支付来说是特定的,并且不具有其它类型令牌的等同物。 These are specific for payment cards, it does not have other types of tokens and equivalents thereof. 为了再产生密文,对于这些參数来说验证服务器必须使用相同的值。 In order to produce the ciphertext again, for these parameters for the authentication server must use the same values.

[0038] 在典型的CAP情况下,大多数的这些參数在发行卡时是固定值,或者可以由验证服务器来预测。 [0038] In a typical CAP, most of these parameters when issuing the card is a fixed value, or may be predicted by the authentication server. 然而,根据卡的使用程度,在卡的生命周期期间少数參数可以改变。 However, according to the degree of use of the card, the card during the life cycle of a small number of parameters can be changed. 例如,这包括限制卡将授权脱机的交易的次数或量的參数。 For example, these include restrictions on the number or amount of the card will authorize transactions offline parameters. 由于验证服务器不能预测这些值,必须将这些參数嵌入在一次性ロ令本身中以将它们从卡发送至服务器。 Since the authentication server can not predict these values, these parameters must be embedded in a disposable ro satisfy itself to send them from the card to the server.

[0039] 提取OTP数据 [0039] Extracts data OTP

[0040] 为了尽可能地用户友好,产生的一次性ロ令应当尽可能短,同时维护合理的安全级别。 [0040] In order to maximize the user-friendly, disposable ro so generated should be as short as possible, while maintaining a reasonable level of security. 由于与密文本身组合的EMV密文输入数据太大以致于不能完整地包括在一次性ロ令中,因此需要对它进行压缩。 Because of EMV ciphertext input data combined with the ciphertext itself too large to be included in a disposable ro complete order, and therefore it needs to be compressed.

[0041] 由卡上的CAP特定字段来定义该压缩处理,被称作发行者专有位图(IPB),但是处理本身由卡读取器来执行。 [0041] The CAP is defined by a specific field on the card that the compression process is called issuer Proprietary Bitmap (IPB), but the process itself is performed by the card reader. IPB定义一次性ロ令中将使用的来自ATC、密文和其它EMV输入数据中的那些比特,丢弃其它比特。 IPB will be used to define a one-time ro make those bits from the ATC, the ciphertext, and other EMV input data and discard the other bits.

[0042] 典型地,包括少数ATC比特以协助服务器和卡之间的计数器值的同歩,以及包括至少16比特的密文,并且最終包括那些不能由服务器预测的附加密文输入。 [0042] Typically, including minority ATC bit counter values to assist with ho between the server and the card, and includes at least 16 bits of the ciphertext, and eventually including those attached to the encrypted input can not be predicted by the server. 在一些情况下,当卡应用仅用于CAP而不用干支付时,可以由服务器预测所有附加输入,因此OTP仅基于ATC和密文。 In some cases, when the card application only pay for the CAP and not dry, you can predict any additional input from the server, so OTP based only on ATC and ciphertext.

[0043] 十进制换算 [0043] Decimal Conversion

[0044] 最終,对来自压缩处理的ニ进制输出进行十进制換算以在读取器屏幕上向用户显示。 [0044] Ultimately, Ni binary output from the compression processing decimal conversion to display to the user on the screen reader. 许多十进制換算方案是可能的,但是CAP基于将截断处理输出简单地解释为单一整数的ニ进制表示来定义单一方案,忽略前导零,从而OTP的最终长度可以改变。 Many decimal conversion solution is possible, but will cut treatment based CAP output simply interpreted as a single integer ni hexadecimal representation to define a single program, ignoring leading zeros, so the final length OTP can be changed.

[0045] 接着,描述开放认证标准(OATH)。 [0045] Next, open authentication standards (OATH).

[0046] 概述 [0046] Overview

[0047] 针对开放认证(OATH)的倡议是寻求促进基于令牌的认证市场的标准化的エ业协调机构。 [0047] For Open Authentication (OATH) initiative is seeking to promote market-based token authentication standardized EVAL industry coordinating body. OATH已经出版描述一般认证框架的景象的'參考体系结构',并且正在促进针对该系统内各个接口和组件的许多标准。 OATH has published a general authentication framework described the scene of the 'reference architecture', and is contributing to a number of criteria for the various interfaces within the system and components.

[0048] 本申请最感兴趣的'Η0ΤΡ :基于HMAC的一次性ロ令算法',由IETF将其标准化为RFC4226[HOTP :An HMAC-Based One-TimePassword Algorithm, http://www. ietf. org/rfc/rfc4226. txt, December2005]。 [0048] This application is most interested in 'Η0ΤΡ: HMAC-based algorithm to make disposable ro', by the IETF to standardize RFC4226 [HOTP: An HMAC-Based One-TimePassword Algorithm, http:.. // Www ietf org / rfc / rfc4226. txt, December2005].

[0049] HOTP 计算 [0049] HOTP computing

[0050]和 CAP — 样,HOTP 算法基于底层密码基兀(underlyingcryptographicprimitive),在本情况下,是HMAC-SHA1。 [0050] and CAP - like, HOTP algorithm based on the underlying code base Wu (underlyingcryptographicprimitive), in this case, is HMAC-SHA1. 在HOTP中定义的该算法的输入是令牌密钥和计数器-非常类似于CAP使用的EMV密文计算的基本输入。 Enter HOTP in the definition of the algorithm is the token key and counter - very similar to the basic input EMV CAP ciphertext using calculations.

[0051] HOTP计算过程如下: [0051] HOTP calculated as follows:

[0052] 1、HMAC计算,基于令牌密钥和计数器。 [0052] 1, HMAC calculation, based on the token key and counters. 然后该计数器自动递増。 Then, the counter is automatically handed zo.

[0053] 2、结果的'动态截断'给出31比特值。 [0053] 2, the result of 'dynamic cut-off' gives 31-bit value.

[0054] 3、对截断值进行十进制換算,以给出0ΤΡ。 [0054] 3, a cutoff decimal conversion to give 0ΤΡ.

[0055] 同时与CAP相比,OTP计算是清楚的,重要的是注意到每ー个阶段的细节是完全不同的。 [0055] At the same time, compared with the CAP, OTP calculation is clear, it is important to note that every detail ー stage is completely different. 下面描述每个步骤并且与它的CAP等同物进行对比。 Each step is described below and equivalents thereof CAP and its comparison.

[0056] HMAC 计算[0057]在[HMAC :Keyed Hashing for Message Authentication, RFC2104, http://www.ietf. org/rfc/rfc2104. txt, February 1997]中指定了使用的HMAC 计算,使用SHAl 作为底层散列算法[US Secure Hash Algorithml (SHAl) ,RFC3174,http://www. ietf. org/rfc/rfc3174. txt, September2001]。 [0056] HMAC calculation [0057] in [HMAC:. Txt, February 1997 //www.ietf org / rfc / rfc2104: Keyed Hashing for Message Authentication, RFC2104, http.] Specified using the HMAC calculation, use SHAl as the underlying hash algorithm [US Secure Hash Algorithml (SHAl), RFC3174, http: // www ietf org / rfc / rfc3174 txt, September2001...]. HMAC-SHA1要求的密钥典型地是20字节长,并且[Η0ΤΡ]指定使用8字节计数器作为唯一的HMAC输入数据。 HMAC-SHA1 key requirement is typically 20 bytes long, and [Η0ΤΡ] Specifies an 8-byte counter HMAC as the only input data.

[0058] 相比于CAP使用的8字节密文,该结果是20字节ニ进制值。 [0058] Compared to the 8-byte ciphertext CAP used, the result is a 20-byte hexadecimal value ni. 在两个情况下,主要目标在于,从产生的OTP中恢复与密钥有关的信息应当是不可行的。 In both cases, the main objective is to recover from OTP generated key-related information should be feasible. 这就是在两个情况中使用某种类型的密码算法的原因。 This is the reason to use some type of cryptographic algorithms in both cases.

[0059] 动态截断 [0059] Dynamic truncation

[0060] 由[Η0ΤΡ]定义的截断处理将20字节HMAC输出减少到31比特串。 [0060] from the [Η0ΤΡ] defined truncation process will be reduced by 20 byte HMAC output to 31-bit string.

[0061] 首先,考虑HMAC输出的最后字节的最后4个比特作为范围O至15中的整数η。 [0061] First, consider the last four bits of the last byte HMAC output as the range of O to 15 integer η. 然后,使用字节n、n+l.....η+3作为截断输出(忽略前导比特)。 Then, using byte n, n + l ..... η + 3 as the cut-off output (ignoring leading bits).

[0062] 与CAP使用的压缩方案的不同表示如下: [0062] represents the CAP use different compression scheme is as follows:

[0063] CAP IPB始终从EMV密文的相同位置中选择比特以在OTP中使用。 [0063] CAP IPB always select bits from the same position EMV ciphertext to use in the OTP. 在OATH中,由HMAC输出的最后4个比特来确定的比特的位置是变化的,因此使用术语'动态的'。 In OATH, the position of the last four bits of bits from the HMAC output is varied to determine, and therefore the term 'dynamic'.

[0064] [Η0ΤΡ]当前版本不提供用于将计数器同步信息嵌入至产生的OTP中的机制,相反,CAP IPB可以指定用于包括在OTP中的任意数量的ATC比特。 [0064] [Η0ΤΡ] The current version does not provide for the counter synchronization information is embedded to the OTP generated by the mechanism, on the contrary, CAP IPB can specify include any number of bits in the OTP of the ATC.

[0065] #CAP IPB可以指定用于包括在OTP中的许多其它EMV特定数据元素。 [0065] #CAP IPB OTP can be specified to be included in many other EMV specific data elements. 对于HOTP来说没有相关的这种便利。 No such facilities for HOTP is.

[0066] 十进制换算 [0066] Decimal Conversion

[0067] HOTP十进制換算包括:将来自动态截断处理的31比特输出解释为整数的ニ进制表示,然后通过该整数IOd取模来減少,其中d是产生的OTP中所期望的数字的数目。 [0067] HOTP decimal conversion include: from the dynamic truncation processing, 31-bit output of the writing is interpreted as a decimal integer representation, then be reduced by the integers modulo IOd, where d is the number of OTP generated the desired number. 与CAP对比,如果该结果少于d个数字,则插入前导零以给出完整的OTP长度d。 Compared with the CAP, if the result is less than d digits, insert leading zeros to give a complete OTP length d.

[0068] 还注意到该十进制換算处理实际上执行了附加的截断,在某种意义上,输出具有比输入少的信息内容。 [0068] also noted the decimal conversion process actually performs additional truncated, in a sense, with less output than the input of information content. 在CAP中,十进制换算期间没有丢失任何信息。 In the CAP, the decimal conversion period does not lose any information.

[0069] 现在将描述使用CAP读取器来产生OATH OTPs。 [0069] Now will be described using the CAP reader to produce OATH OTPs. 图3示出了实现上述的方法的示例。 Figure 3 shows an example of realization of the method described above.

[0070] 描述ー种通过生产在标准、未修改CPA读取器内使用的特定OATH芯片卡,使用该读取器产生OATH兼容OTP的手段。 [0070] Description ー species through a specific chip card production in the OATH standard, unmodified CPA reader uses, the use of the reader produce OATH-compliant OTP means. 这允许希望部署OATH的组织部署低成本芯片卡而不是高成本令牌,开发所部署的CAP卡读取器基础结构来使用这些芯片卡以及现有的、现成的OATH验证服务器。 This allows the organization wants to deploy OATH deployment of low-cost chip card instead of the high cost of tokens, CAP card reader deployed infrastructure development to use these chip cards as well as existing, ready-OATH authentication server. [0071] 明显地,OATH芯片卡再产生EMV卡接ロ,或者由CAP读取器所使用的至少部分EMV接ロ。 [0071] Obviously, OATH produce EMV chip card and then snap ro, or at least part of the EMV CAP reader used by the access ro. 否则,读取器将拒绝该卡。 Otherwise, the reader will reject the card.

[0072] 最关键的卡功能呼叫是用于产生密文本身的GENERATE_AC呼叫。 [0072] The key card function call is used to produce the ciphertext itself GENERATE_AC call. 注意到,简单地将卡中该功能的实现替换为产生在OATH OTP的计算中使用的HOTP散列值的功能是不够的散列。 Notes that simply implement the feature card replaces the function HOTP generate a hash value used in the calculation of OATH OTP hash is not enough. 这是由于对密文进行压缩和十进制换算以给出OTP的过程是在读取器中执行的,并且在CAP和OATH之间是完全不同的。 This is the process of compression due to the ciphertext and decimal conversion to give the OTP is performed in the reader, and between the CAP and OATH are completely different.

[0073] 因此OATH芯片卡实现下述操作序列: [0073] Thus OATH chip cards for the following sequences:

[0074] I、基于卡密钥和计数器,产生HOTP散列值(301),并且递增计数器(302)。 [0074] I, and a counter on the card key to produce a hash value HOTP (301), and the counter is incremented (302).

[0075] 2、十进制换算对散列值(303)进行截断并十进制换算以产生OTP本身。 [0075] 2, the decimal conversion of the hash value (303) is truncated and the decimal conversion to produce the OTP itself.

[0076] 3、使用由CAP读取器采用的十进制换算处理的反处理,将该OTP转化回ニ进制格式(304)ο [0076] 3, used by the CAP reader decimal conversion process using reverse process, the OTP conversion back to binary format Ni (304) ο

[0077] 4、以由CAP读取器采用的压缩处理的反处理的方式填充产生的ニ进制数据(305)(如卡上IPB值所定义的)。 [0077] 4, Ni binary data processed by way of anti-compression process employed by the CAP reader-filling (305) (IPB value as defined on the card).

[0078] 我们将该结果称作中间密文。 [0078] The results we called intermediate ciphertext. 该OATH芯片卡将该中间密文传递给CAP读取器,好像它是正常EMV密文一祥。 The OATH chip card is passed to the middle of the ciphertext CAP reader, as if it were a normal EMV ciphertext Cheung. 然后CAP读取器将对该数据进行压缩和十进制換算,有效地将上述步骤4和3反转,如在上述步骤2处由OATH卡所计算的一祥,从而在读取器屏幕上显示的最终结果将是OATH OTP0图4示出了用于与CAP读取器兼容的OATH芯片卡的设备的示例的框图。 CAP will then read the data compression and decimal conversion, effectively reversing the above steps 4 and 3, as described in step 2 from the calculated one OATH card Cheung, resulting in the reader screen The end result will be OATH OTP0 Figure 4 shows a block diagram of an example for compatibility with CAP OATH chip card reader devices.

[0079] 特殊情况 [0079] Special circumstances

[0080] 出现许多特殊情况,考虑如下。 [0080] there were many special cases, consider the following.

[0081] 前导零 [0081] The leading zeros

[0082] 在十进制換算期间,CAP和HOTP都可能导致以'0'开头的十进制結果。 [0082] During decimal conversion, CAP, and HOTP decimal results may lead to '0' at the beginning. CAP指定应当移除这样的前导零(因此产生的OTP在长度上可以改变),而HOTP指定应当在OTP中包括这样的前导零(因此具有固定长度)。 CAP specify such leading zeros should be removed (OTP thus generated may vary in length), but should include a specified HOTP leading zeros in the OTP (and therefore has a fixed length).

[0083] 注意到,在CAP中,包括前导零的截断在内的十进制换算处理发生在读取器中。 [0083] noted that in the CAP, including the leading zero truncated including decimal conversion processing takes place in the reader. 因此,不管芯片卡中使用的方法如何,不可能強制CAP读取器显示包括前导零在内的HOTPOTP。 Therefore, regardless of the method used in the chip card, it is impossible to force CAP reader display, including leading zeros of HOTPOTP. 我们提出该问题的三种可能解决方案: We propose three possible solutions to this problem:

[0084] I、第一种可能的解决方案是简单的,但是不那么令人满意:当显示的OTP小于预期长度时,在该显示的OTP前面插入附加的零。 [0084] I, the first possible solution is simple, but not so satisfactory: OTP is displayed when less than expected length, in front of the display OTP insert additional zero.

[0085] 2、第二种可能是在验证OTP之前让认证应用或者验证服务器自动插入任何丢失的前导零。 [0085] 2, the second possibility is that before let Certified Application or verification OTP authentication server automatically insert any missing leading zeros. 这给出了更好的用户体验,但是丧失了实现OATH的原始目标:使用CAP读取器而不对验证基础设施作任何改变。 This gives a better user experience, but lost the realization OATH original goal: to use CAP reader to verify the infrastructure without any changes.

[0086] 3、第三种方法是针对OATH芯片卡识别这种情況,并且当它们发生吋,自动丢弃OTP (在上述步骤2),并且基于递增的计数器值产生新的0ΤΡ。 [0086] 3. The third method is for OATH chip card recognizes this situation, and when they occur inches, automatically discarded OTP (in step 2), and the value of creating new 0ΤΡ based counter that is incremented.

[0087] 由于前导零实际上是随机的,ロ令的长序列全部以零开头是非常不可能的。 [0087] Because leading zeros are actually random, long sequences ro make all leading zeros is highly unlikely. 此外,由于在任何情况下为了避免同步问题,验证服务器接受一定范围内的计数器值,忽略临时ロ令,这是由于其以零开头不会引起验证失败,并且用户注意不到它。 In addition, since in any case in order to avoid synchronization problems, verify that the server accepts the counter value within a certain range, ignoring ro interim order, which is due to its leading zeros do not cause validation fails, and the user noticing it. 最后,尽管该技术确实将可能的HOTP输出的数目減少大约10%,但是6个数字的最小长度给出至少ー百万种可能的0ΤΡ,所以提供的整体安全性依然是完全可接受的。 Finally, although the technique does reduce the number of possible output HOTP about 10%, but the minimum length of six numbers is given at least one million kinds ー possible 0ΤΡ, so the overall security provider remains perfectly acceptable. [0088] 计数器同步数字 [0088] Counter synchronous digital

[0089]目前HOTP不指定在OTP中包括计数器同步数字的任何手段,而CAP提供使用卡中嵌入的IPB来配置的灵活方案。 [0089] There are currently HOTP not specify any means including synchronous digital counter in OTP, whereas CAP provides a flexible scheme using embedded IPB card to configure. 通过简单地用适当的IPB值来抑制CAP同步数字,可以获 By simply using the appropriate values to suppress the CAP IPB synchronous digital, can be obtained

得兼容性。 Get compatibility.

[0090] 考虑HOTP的未来版本可以包括在OTP中包括计数器同步信息的手段的可能性。 [0090] HOTP consider future versions may include the possibility of including the means for counter synchronization information in the OTP. 所选算法极有可能与CAP所使用的算法不兼容,这是由于在HOTP中不存在与CAP IPB的相似物。 The selected algorithm is likely to be incompatible with the algorithm used by the CAP, which is due to the absence of similar composition and CAP IPB HOTP in. 我们注意到通过继续使用IPB来抑制CAP同步信息并且在中间密文中将HOTP同歩数据以及其他OTP从卡传递至读取器,依然可以获得兼容性。 We note that the synchronization information is suppressed by continued use of CAP and in the middle of the ciphertext IPB will HOTP same data as well as other OTP ho from the card to the reader is passed, you can still get compatibility.

[0091] 现在考虑CAP读取器包括強制校验数位或者其它同步数据、但HOTP不包括这些的情況。 [0091] Now consider the CAP reader includes a mandatory check digit or other synchronization data, but HOTP not include these situations. 在这种情况下,读取器将接收来自卡的密文,并且另外还将接收从中可以提取出同步数据的ATC值,将上述二者组合起来以给出显示的0ΤΡ。 In this case, the reader receives the ciphertext from the card, and will also be extracted from the received sync data ATC value, combine to give 0ΤΡ displayed above both. 在这种情况下,依靠附加的卡逻辑依然可以保持兼容性。 In this case, rely on the additional card logic can still maintain compatibility. 卡应当计算HOTP 0ΤΡ,并且将它分成两部分-读取器将从中间密文中提取出的部分以及读取器将从ATC中提取出的部分。 Cards should be calculated HOTP 0ΤΡ, and divide it into two parts - the reader from the intermediate ciphertext extracted portion and a reader from ATC extracted part. 然后卡向读取器提供中间密文和备选ATC,知道读取器将把这些组合起来以重构原始0ΤΡ。 Then the card to the reader to provide an intermediate ciphertext and alternative ATC, the reader will know these combined to reconstruct the original 0ΤΡ. 关键的观察结论是,读取器不知道备选ATC中的值与用于计算OTP的计数器值是不同。 Key observations concluded that the reader does not know the value of alternative ATC counter and used to calculate the value of OTP is different.

[0092] 最后,注意到,在HOTP和CAP实现同步方案的情况下,不同地,可以通过上述技术的组合来进行处理。 [0092] Finally, it is noted in the case of CAP HOTP and synchronization program differently, it can be treated by a combination of the above techniques.

[0093] 校验数位 [0093] check digit

[0094] 校验数位有时用于检测数据中的错误,特别是,由人类抄写所引入的错误。 [0094] The check digit is sometimes used to detect errors in the data, especially from the human transcription errors introduced. 目前,CAP或HOTP都不包括用于创建的OTP的校验数位机制,但是在将来可能会改变。 Currently, CAP or HOTP not include a check digit mechanism for the creation of OTP, but it may change in the future. 如果要求标准CAP读取器支持HOTP校验数位,这可以通过简单地将校验数位嵌入到传递给卡读取器的中间密文中,类似于上述用于传递上述同步数据的技木。 If the required standard CAP readers support HOTP check digit, which can be simply embedded in the check digit is passed to the card reader in the middle of the ciphertext, similar to the above for the synchronous data transfer technology of wood.

[0095] 备选地,假定CAP读取器将在OTP中自动包括校验数位,而HOTP没有指定该校验数位。 [0095] Alternatively, the reader is assumed that CAP will automatically include the check digit in the OTP, but HOTP not specified check digit. 这将产生更显著的问题,这是由于卡不具有抑制这种校验数位的手段。 This will produce a more significant problem, which is due to inhibition of this card does not have a check digit means. 唯一的解决方案是修改应用或验证基础设施以接受具有附加CAP校验数位的HOTP 0ΤΡ,或者使定制卡重复产生OTP直到(靠运气)找到具有正确检查数字的OTP为止,并且计算适当的中间密文(由于将由读取器来添加校验数位,因此该中间密文不包括校验数位)。 The only solution is to modify the application or verification infrastructure to accept HOTP 0ΤΡ CAP has an additional check digit, or make customized cards OTP generated repeatedly until (luck) to find the OTP has the correct check digit is reached, and calculate the appropriate intermediate density Wen (due by the reader to add a check digit, so the middle of the ciphertext does not include check digit).

[0096] 后ー种方法将极大地増加卡计算时间,这是由于在找到合适的值之前必须计算大量的0ΤΡ。ー method [0096] After the enlargement of carboplatin computing time greatly, which is due before finding a suitable value must be calculated a lot of 0ΤΡ. 卡计数器将比平常的更快速递增,并且因此可能需要调整验证服务器处的容限。 Card counter is incremented more quickly than usual, and therefore may need to adjust the margin at the authentication server. 尽管所需的卡计数器中的增加是不可预测的,只要由卡读取器插入的纠错信息的数量不太大,依然可能找到提供可接受的安全性和可靠性的系统參数(OTP长度、验证服务器容限)的恰当平衡。 Although the desired increase in the card counter is unpredictable, as long as the number of the inserted card reader error correction information is not too large, it may still be found to provide an acceptable safety and reliability of the system parameters (OTP length authentication server tolerance) is the right balance.

[0097] 注意到,该最后技术是用于处理基于HOTP的OTP中的前导零的技术的重复。 [0097] noted, this last technique is used to handle duplicate HOTP of OTP-based leading zeros technologies. 一般地,如果无论出于何种原因HOTP OTP与卡读取器不兼容(在上述示例中,由于前导零或者校验数位),对于卡而言始終有可能简单地递增卡计数器直到找到兼容的OTP为止。 Generally, if for whatever reason HOTP OTP is not compatible with card reader (in the above example, since the leading zeros or check digit), the card is concerned it is always possible to simply increment the counter until you find a compatible card OTP so far. 实际中该技术的可应用性依赖于不兼容OTP的数量和分布以及验证服务器的參数。 Practical applicability of this technique depends on the number and distribution parameters OTP authentication server and incompatible.

[0098] 已经描述了使用特定卡来实现OATH兼容性的CAP卡读取器的特定情況,以及关于计数器同步和校验数位的备选。 [0098] have been described using specific cards to achieve OATH compatibility CAP Card Reader particular case, and options on the counter synchronization and check digit. 下面将列出一些其它可能的应用。 Below are listed some other possible applications.

[0099] 可以提供卡与读取器一起使用,所述读取器基于用户接ロ分离的密码引擎为基础(不仅仅是CAP),被设计用于任何基于OTP的系统。 [0099] may be provided for use with the card with the reader, the reader ro based user interface based on the separation of the cryptographic engine (not just CAP), it is designed for use in any of the OTP-based system. 然而,CAP是最有可能在接下来几年中实现大量部署的系统。 However, CAP is most likely to achieve mass deployment of the system in the next few years. 可以提供卡在任意OTP系统中使用,不仅仅是OATH。 We can provide the card used in the system at any OTP, just OATH. 示例包括RSA SecureID>VASCO DigiPass、Secure Computing 和Activldentity。 Examples include RSA SecureID> VASCO DigiPass, Secure Computing and Activldentity. 可以提供卡用于挑战-应答认证。 We can provide cards for challenge - response authentication. 可以提供卡用于'短签名',在该短签名中令牌基于用户输入的消息数据来产生0ΤΡ(同时依然包括计数器值,以及不包括计数器值)。 We can provide cards for 'short signature' signature token in the short message based data input by the user to generate 0ΤΡ (while still including the counter value, and does not include the counter value). 可能的应用包括由移动电话代替CAP读取器(即具有卡读取器的移动电话,该卡读取器具有足够的CAP兼容性以与卡协同工作)。 Possible applications include mobile phones instead of the CAP by the reader (ie, having a mobile phone card reader, the card reader has sufficient CAP compatibility to work with the card). 其它应用包括将OATH卡插入与用户PC连接的卡读取器中。 Other applications include the OATH card into the user's PC connected card reader. 其它应用包括通过电话ロ头地对OTP进行通信,而不是通过因特网,或者通过邮件、传真、或者通过内部网络。 Other applications include ro head of OTP to communicate by telephone, rather than via the Internet or by mail, fax, or via the internal network. [0100] 毫无疑问,本领域技术人员将想到许多其它有效备选。 [0100] There is no doubt that the skilled person would not expect many other effective alternatives. 将理解本发明并不限于所述实施例并且本发明包含对于本领域技术人员显而易见的、并且落在所附权利要求的精神和范围内的修改。 It will be understood that the invention is not limited to the embodiments and the present invention encompasses apparent to the skilled person, and modifications falling within the spirit and scope of the appended claims.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
CN1484803A28 Oct 200224 Mar 2004Sk电信股份有限公司Method for paying and processing emv usingy irfm
EP1107089A111 Dec 200013 Jun 2001Connectotel LimitedStrong authentication method using a telecommunications device
WO03/096287A1 Title not available
Classifications
International ClassificationG06F21/34, G06Q20/40, G06Q20/34
Cooperative ClassificationG06Q20/4014, G07F7/1008, G07C9/00031, G06Q20/341, G06F21/34
European ClassificationG06F21/34, G06Q20/4014, G06Q20/341, G07C9/00B6, G07F7/10D
Legal Events
DateCodeEventDescription
20 Jan 2010C06Publication
28 Apr 2010C10Request of examination as to substance
19 Dec 2012C14Granted