Transaction verification protocol for smart cards

摘要

A protocol appropriate for smartcard purchase applications such as those that might be completed between a terminal or ATM and a users personal card is disclosed The protocol provides a signature scheme which allows the card to authenticate the terminal without unnecessary signature verification which is an computationally intense operation for the smart card. The only signature verification required is that of the terminal identification (as signed by the certifying authority, or CA, which is essential to any such protocol). In the preferred embodiment, the protocol provides the card and terminal from fraudulent attacks from impostor devices, either a card or terminal.

主权项

1. A method of performing, in a communication system, a first transaction between a first participant device comprising a first processing unit performing cryptographic operations and a second participant device performing cryptographic operations wherein said second participant device permits a service to be provided to said first participant device to complete said first transaction and is enabled to obtain payment from a third participant in a second transaction, said method performed by said first processing unit and comprising:
verifying a digitally signed message from said second participant device, said digitally signed message comprising an identifier of said second participant device; generating a digital signature using an anomalous elliptic curve scheme involving two exponentiations by performing:
generating a first value comprising a first random bit string and a second value comprising a second random bit string wherein said second value is required by said third participant to complete said second transaction; andgenerating said digital signature comprising a first signature component encrypting said first value with said identifier of said second participant device and a second signature component generated using a hash, said hash being generated using said second value; providing said first signature component and second signature component and said hash to said second participant device, for decryption of said first signature component using said second signature component and said hash, and for extraction of said first value from said first signature component; receiving said extracted first value from said second participant device and verifying that said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit; and authenticating said second participant device by determining that said extracted first value received from said second participant device is equal to said first value originally generated by said first processing unit, said first processing unit completing said first transaction by providing said second value to said authenticated second participant device and thereby obtaining said service, whereupon said authenticated second participant device completes said second transaction by providing said second value, received from said first processing unit, to said third participant.