WO1999046881A1 - Transaction card security system - Google Patents

Transaction card security system Download PDF

Info

Publication number
WO1999046881A1
WO1999046881A1 PCT/IL1998/000116 IL9800116W WO9946881A1 WO 1999046881 A1 WO1999046881 A1 WO 1999046881A1 IL 9800116 W IL9800116 W IL 9800116W WO 9946881 A1 WO9946881 A1 WO 9946881A1
Authority
WO
WIPO (PCT)
Prior art keywords
secret
public
user
numbers
end apparatus
Prior art date
Application number
PCT/IL1998/000116
Other languages
French (fr)
Inventor
Ziv Rashman
Original Assignee
Guardtech Technologies Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guardtech Technologies Ltd. filed Critical Guardtech Technologies Ltd.
Priority to AU66339/98A priority Critical patent/AU6633998A/en
Priority to PCT/IL1998/000116 priority patent/WO1999046881A1/en
Publication of WO1999046881A1 publication Critical patent/WO1999046881A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Definitions

  • the present invention relates to security systems for transaction cards, including smart cards and magnetic strip cards.
  • each cardholder, or group of cardholders with an electronic card reader that is portable and can be plugged in to the relevant communications network.
  • the transaction card is entered into a receiving port and the card reader has a keyboard and screen so that the user PIN associated with the card can be entered.
  • the card reader then encodes the pin and sends the encoded PIN together with details of the transaction to a server associated with the provider of the card, who authorizes the transaction.
  • the card reader is a small, waferlike device, of about the thickness of three of the transaction cards and contains a central processor and memory as well as a connector for connecting the device to a communications network.
  • the card reader is issued with a serial number.
  • the serial number is transmitted with the transaction information and part of the authorization procedure involves matching up the card reader with the card. If the card is authorized to be used with that reader then the transaction is allowed and if not then the transaction is not authorized.
  • serial number of the reader is used for identification purposes.
  • secret information that is used in the authorization process is the PIN associated with the card. This number must be kept short because it has to be memorized by the user, usually four digits is the maximum length, and therefore the total amount of secret information that is used to establish the transaction is not that great.
  • no secure system is used to establish the identity of the card reader.
  • An object of the present invention is to provide a system by which both the card and reader can be separately identified, and in respect of which no single computer has stored therein sufficient information to carry out the identification itself.
  • a system for identifying users having user-end apparatus and provider end apparatus.
  • Each user-end apparatus comprises a first part having a public key and a secret key and a second part having a public key and a secret key, an encrypter for encrypting said two secret keys together using a one-way function, and an output for transmitting said public keys, said encrypted secret keys and other data.
  • the provider end apparatus comprises two separately located databases, one matching public and secret keys of first parts of said user-end apparatus and the second matching public and secret keys of second parts, a selector at each database to select secret keys corresponding to the public keys of each part, an encrypter for encrypting secret keys found on said data bases, a comparator to compare the result of the encryption at the provider end apparatus with the result of the encryption produced at the user-end apparatus, and an output for signaling the result of the comparison to indicate whether the user has been successfully identified.
  • the provider end apparatus has a third database matching public keys of said first and second parts of said user end apparatus, and wherein said third database is operated by control electronics to inhibit successful identification of said user unless said third database indicates a match between said two public keys.
  • the comparator is preferably located together with one of said separately located databases, and said secret key selected at the other of said separately located databases is sent to said comparator via a secure communication means.
  • the first part of said user-end apparatus may be any of a smart card and a magnetic strip card, and said second part of said user-end apparatus may be a portable card reader assigned to a user.
  • the secret key of said first part of said user-end apparatus is preferably not recorded on said first part. Rather it is a secret pin number memorised by the user.
  • the secret key of said second part of said user end apparatus may be variable in accordance with a variation procedure.
  • the variation procedure is preferably not recorded on said second part.
  • the encrypters may be operable to encrypt said secret key of said first part, said secret key of said second part and perhaps also a time varying element. Other elements may be optionally included.
  • the encryption may be carried out using a one-way hashing function.
  • the user end apparatus may be connected to a transaction target, and said transaction target is adapted to receive from said user end apparatus one or more of the public keys, transaction data and said encrypted secret keys, and to relay said at least the same to said provider end apparatus via a, public communication network, and to receive said acknowledgment output from said provider end apparatus.
  • the transaction target may add its own identification data, either secret or public, for verifying by the provider end apparatus.
  • a method of identifying a user comprising supplying a user with a first identification part having a public and a secret key and a second identification part having a public and a secret key, encrypting together said secret key of said first part and said secret key of said second part using a one-way encryption function to form a first encryption result, transmitting said public keys and the result of said encryption step to a verification apparatus, transmitting said public key of said first part to a database that matches public and secret keys of said first part and finding a corresponding secret key, transmitting said public key of said second part to a database that matches public and secret keys of said second part and finding a corresponding secret key, encrypting together said secret keys obtained from said databases using said one-way encryption function to form a second encryption result, comparing said first and second encryption results and, if they are identical, then indicating successful identification of said user.
  • Figure 1 shows a first embodiment of the invention
  • Figure 2 shows a part of figure 1 in more detail
  • Figure 3 shows a second embodiment of the invention
  • Figure 4 shows a third embodiment of the invention
  • Figure 5 shows a fourth embodiment of the present invention.
  • a card 10 is provided to the user and may preferably be a smart card or a magnetic card and may contain identification data A.
  • Identification data A is stored on the card, either in an electronic memory or on the magnetic strip. This data is not regarded as especially secure as it can be read by a card reader.
  • a user secret number or pin number P c which is not recorded on the card and is known only to the user and to the provider of the card.
  • the user is also provided with a card reader 12.
  • the card reader 12 is preferably a small portable device unique to the user.
  • An example of the device 12 is shown in greater detail in figure 2 and comprises card reader apparatus 30, a small keyboard 32, a small LCD screen 34, a memory 36, some signal processing ability 38 and an output port 40.
  • a power supply 40 may preferably be a battery, and recharging means may be included. All of these may be controlled by a processor 44.
  • the card reader apparatus 30 may preferably include a reader for a magnetic strip and a reader for a smart card.
  • the output means may simply be a tone generator that generates DTMF tones in accordance with numbers to be sent, and may thus work by placing the device next to the telephone speaker in order to effect transmission.
  • the output means may be a generator of digital signals for use in an internet connection.
  • the output may also be designed to be connected directly to transaction equipment 13 belonging to a vendor.
  • the output is connected to a secret data memory 46 and the memory 36 only via the processor 44 which carries out the encryption, so that there is no possibility of secret information being sent out unencrypted from the card reader apparatus.
  • the purpose of the card reader is to enable the user to use secret data to validate a transaction made through apparatus such as transaction equipment 13 in the possession of a third party, without at the same time handing over the secret data to the third party.
  • the card reader may have identification data B and may also have a secret number P w which is stored inside the machine and is known only to the issuer of the card reader. Identification data B may be stored in the machine 12 or may be a password typed in by the user.
  • the card reader 12 is designed to be connected via output port 40, to a communications network such as the public telephone network or the internet or, as shown in figure 1, directly to transaction apparatus of a third party. Neither the transaction apparatus nor the communications network can be regarded as secure and therefore any sensitive data to be transferred must be encrypted.
  • the card reader 12 is therefore able to encrypt data using a one way function.
  • the one way function is a hashing function.
  • a hashing function is a function that is many to one, that is to say more than one input can lead to a given output. Hence the function is one way, that is to say there is no inverse function that will allow the input to be derived unambiguously from the output.
  • a group of one-way hashing functions known as MD5 is used.
  • the reader 12 is connected via the output port 40, and it calculates the hashing product of say the pin code P c and the secret number of the reader P w , as well as of a third component that varies over time, for example the output of clock 46.
  • a time varying component is preferred so that the eavesdropper cannot simply copy the encrypted message and make it appear that he has access to the secret numbers when he does not..
  • the result of the hashing operation is sent as an authentication signature.
  • the remainder of the details of the transaction are sent unencrypted. Alternatively they are sent encrypted using a scheme that allows their decryption at the far end, for example a DES (data encryption standard) scheme.
  • DES data encryption standard
  • the entire transmission relating to the transaction is preferably received by an IAS client 13, which is a computerised transaction apparatus belonging to the other party to the transaction.
  • the client validates certain details of the transaction such as value and time, perhaps compares the username with a private list of bad debtors or the like, and then adds its own ID code C to the transaction transmission.
  • the transmission is then sent via a communication network 14 to an IAS (Identification and Authorization Server) 16.
  • the communication network may, for example, be the public telephone network or the Internet.
  • the server first identifies the IAS client using using the identification data C. Then it identifies at least enough information from the unencrypted part of the data to select appropriate destinations to pass on the information. That is to say it determines who the card provider is and who has provided the reader.
  • the authentication signature is thus directed to a server 20 which belongs to the provider of the card. This transmission may be made over an insecure data connection.
  • the server 20 sends on the reader public number B to a server 18 belonging to the appropriate provider of card readers.
  • the server 18 is able to identify which card reader 12 is involved in the transaction from the identification data B. It is therefore able to supply the secret number of the card reader p w .
  • the authentication signature plus P w are sent over a secure communication link 22 to the server 20.
  • the card provider knows from the card identification data A which card is being used and is therefore able to provide the corresponding pin or secret number P 0 .
  • the time of the transaction is known because it is approximately the same as that of a clock at the server 20. Alternatively the time may be transmitted unencoded as well as within the signature.
  • the card server thus has all of the components that went into the signature and it repeats the hashing function with the components it has obtained independently. If this produces the same result as the signature, and provided that the card is authorized for use with that same card reader, then the transaction is authorized and a signal to this effect is transmitted to the IAS server 16.
  • the transaction may now be completed by signalling authorisation of the transaction to the IAS client.
  • the secret number of the card reader P w is not stored in the server 20 once the authorization is completed.
  • it is preferably stored only in volatile memory as part of a data structure that is protected from being copied by the operating system into non-volatile memory even as a temporary swap file.
  • no single server has the ability to authenticate the signature and there is no single server that can be tapped illegally to obtain enough information to forge a signature.
  • Furthermore even the tapping of secure communication link 22 would not enable the user to obtain enough information to forge a signature.
  • either of the two servers 18 and 20 may carry out the authentication procedure, that is to say, either the card provider's server or the reader provider's server, may be sent the authentication signature, and carry out the authentication check.
  • the server that is not provided with the authentication signature may be provided directly with its respective public key from the IAS server 16 without the mediation of the the other server.
  • Figure 3 is a preferred embodiment operative in accordance with the present invention.
  • the recipient may not have an IAS client.
  • the tasks of the IAS client are carried out in association with the IAS server 16.
  • the need to send a secret number over a secured network is avoided.
  • the encryption product and the public numbers are received at the IAS server.
  • the public numbers are sent to their respective servers with the encryption product.
  • the corresponding secret numbers are found at each server 18 and 20 and are separately encrypted at each server.
  • the secured link 20 is used to send the encrypted version of one of the numbers to the other server which is then able to complete the identification as before, but without at any time having held the other secret number.
  • the only additional requirement for this alternative embodiment is that the one-way function is commutative.
  • the card reader secret number P w is preferably stored within the card reader as part of a secret data memory 46.
  • the connections to the secret data memory 46 are such that there is no readout operation that enables the secret number to be accessed. That is to say it cannot be read out except via the circuits for the encrypting function.
  • the secret data memory 46 is positioned within the card reader 12 in such a position that access is difficult and it is designed to wipe the information in the event of a direct attempt to access the data.
  • the secret number of the card reader could be a fixed code of fixed length. Its length is not restricted by the need for a user to be able to remember it as it is stored in the reader. Alternatively the length of the key could be varied in some way.
  • the secret data memory 46 may store a matrix of information and use different parts of this matrix at different times in accordance with a predetermined algorithm. Thus the length and the content of the secret number may be changed as desired. This has the added advantage that there is no single part of the card reader that can be hacked to obtain the secret number.
  • the algorithm for varying the number need not be stored anywhere within the card reader.
  • one of the secret numbers could be a number constructed in accordance with the recognition of the fingerprint of the user or some other invariant personal authentication means.
  • the card reader may produce two sets of authentication signatures, each based on different sets of public and secret information.
  • the card may have two public numbers A and A' and the card reader may likewise have two sets of such numbers B and B' as well as two secret numbers P w and P w ' .
  • Each of the signatures may then be sent for authentication to different pairs of servers respectively.
  • the card itself is essentially a data storage device. Indeed a smart card can store many kilobytes of data.
  • the card reader which is in fact not just a reader but a writer as well, can incorporate considerable data management abilities. It can be used to store databases on the card, as well as programs, and can be used to call programs from the card and run them.
  • the keyboard 32 is available to the user to write directly to the card, allowing it to serve as a notebook, diary and address book as well as a credit card.
  • the credit card reader 12 is also able to support the protocols necessary for EP standard electronic money and therefore the combination of card and reader serve as an electronic wallet.
  • the secret numbers may be encrypted together with the time, which is generated in the clock 46 of the reader.
  • the time used is GMT or some other agreed standard, so that international transactions are not adversely affected.
  • the three databases are preferably located on different machines at separate locations belonging to different organizations and arranged to prevent hacking.
  • the reader may require a user-entered password, in addition to the PIN of the card, and may lock up, that is to say may cease to operate, after a given number of unsuccessful attempts to enter the password.
  • Unlocking of the card is an operation that can only be carried out by an authorized maintenance center. It may depend on a further pin number, or any one of a range of alternative schemes well known to the skilled man.
  • FIG 4 is a simplified embodiment of the invention. In figure 4, parts that are the same as those shown in figure 1 or figure 3 are given identical reference numerals. In this figure neither a separate IAS client nor a separate IAS server are shown.
  • the card reader 12 has an encrypter 50 and the output 40 has the ability to route the transmission, including the encrypted portion thereof, directly to the two servers 18 and 20 that hold the databases of public against secret numbers.
  • Each of the servers has a selector, 52 which selects the appropriate secret number for the received public number.
  • the secret number selected is sent via secure connection 22 to the other server 20 where it is placed in an encrypter 54.
  • Encrypter 54 is identical in operation to that 50 in card reader 12.
  • the secret number selected by selector 52 in server 20 is likewise placed in encrypter 54, and an encryption operation is carried out on the two secret numbers plus the same time varying element, for example the time, that is indicated as the time of the transaction by the unencoded information sent by the card reader.
  • the result of the encryption is passed to a comparator 56 where it is compared with the encoded information received directly from the card reader. If they are the same
  • a transaction authorization signal is sent out, via output 58, to the public network.
  • the secret number that is sent from server 18 to server 20 is sent encrypted for additional security, although in this case the encryption operation used is a reversible encryption operation as it is necessary to extract the secret number at server 20.
  • Figure 5 shows an embodiment of the invention for use in telephone based ordering or for orders made over the internet, and in which the order is received by the vendor using electronic means.
  • a card reader with card inserted 60 is connected either directly to a telephone 62 or to an infra-red link terminal 64 or to a PC 66, which has itself been connected to the vendor 70 through the telephone network or the internet or like unsecured public network, 68.
  • Vendor processing apparatus 72 sets up the transaction with the user, and, as the transaction is completed the vendor processing apparatus requests authentication from the purchaser. The purchaser types in his secret number P c as before and the card reader/card combination sends an authentication signature.
  • the vendor processing apparatus receives the transmission but is unable to discover the purchaser's secret keys.
  • the authentication signature is passed, together with identification data of the vendor 70, back to the public network 68 and thence to the IAS server 16 where it is processed as described previously.
  • the identity of a purchaser can be authenticated through the vendor's processing apparatus without the vendor being able to discover any secret information of the purchaser.
  • the encryption of the public number is carried out using the reader 12, which contains an encryption key that can be used for a two-way encryption algorithm such as DES.
  • the public number is decrypted by the IAS server 16, which now has all the information it needs to route the signature to the servers of the correct providers.

Abstract

User verification for transactions in which the user has a transaction card (10) and his own card reader (12) is provided by assigning to the card and the reader both a public and a secret number. A one-way encoding function is used to encode the secret numbers, and the public numbers are used at the provider end to elicit corresponding secret numbers from separately located databases (18, 20). The corresponding secret numbers are encoded using the same one-way function at the provider end and if the result is the same as that performed at the sending end then the user is positively identified. The two databases are kept apart so that no single location can be hacked into to reveal enough information for the system to be successfully abused.

Description

Transaction Card Security System
Field Of The Invention The present invention relates to security systems for transaction cards, including smart cards and magnetic strip cards.
Background Of The Invention Transaction cards are widely used for making purchases and for obtaining cash and credit, and it has long been a preoccupation with card providers to provide security against theft for such cards. Recently there has been a growing tendency to use cards of this type in transactions made over the telephone or the internet or like unsecured public networks. In many cases transactions over the telephone are made verbally and involve the card owner reading out the serial number printed on the card. In other cases transactions over the telephone are carried out using the numerical keys of the telephone, a computer at the receiving end being adapted to recognize the tones associated with each numerical key. In neither case is any security provided, and the card holder is vulnerable should anyone be eavesdropping on the communication. However in such transactions no security is possible because the transaction is made directly between the two parties and thus no secret information can be used.
It is therefore desirable to use a system of authorizing transactions between two parties, whether made over the telephone, or the internet or like unsecured public communication network, or whether made face to face in a shop or the like, that allows the use of secret information to authorize the transaction, without handing over any secret information to the other party to the transaction or for that matter to eavesdroppers on the public communication network.
It has been proposed to provide each cardholder, or group of cardholders, with an electronic card reader that is portable and can be plugged in to the relevant communications network. The transaction card is entered into a receiving port and the card reader has a keyboard and screen so that the user PIN associated with the card can be entered. The card reader then encodes the pin and sends the encoded PIN together with details of the transaction to a server associated with the provider of the card, who authorizes the transaction. The card reader is a small, waferlike device, of about the thickness of three of the transaction cards and contains a central processor and memory as well as a connector for connecting the device to a communications network.
In an improvement of the above proposal the card reader is issued with a serial number. The serial number is transmitted with the transaction information and part of the authorization procedure involves matching up the card reader with the card. If the card is authorized to be used with that reader then the transaction is allowed and if not then the transaction is not authorized.
Thus the serial number of the reader is used for identification purposes. However the only secret information that is used in the authorization process is the PIN associated with the card. This number must be kept short because it has to be memorized by the user, usually four digits is the maximum length, and therefore the total amount of secret information that is used to establish the transaction is not that great. Furthermore, no secure system is used to establish the identity of the card reader.
A recent development in the use of transaction cards is the EP protocol for electronic money. A secure file is 'minted' as the electronic coin and is loaded onto the card. The coin is used in transactions involving the card and the card holder would wish to be able to use his coins securely without having to impart his secret information to equipment belonging to the other party to the transaction. The protocols involving electronic money require considerable processing power and therefore a card reader at least of the type described above is needed. Furthermore a means is needed to allow the card holder to manage his electronic money as electronic coins cannot be removed from a wallet and counted. Summary of the Invention An object of the present invention is to provide a system by which both the card and reader can be separately identified, and in respect of which no single computer has stored therein sufficient information to carry out the identification itself.
It is a further object of the present invention to ensure that secret information placed on an insecure public communications network to enable the above mentioned identification operation cannot be decrypted to allow discovery of the secret information with any significant degree of certainty.
It is yet a further object of the present invention to provide a system by which the total amount of secret information involved in the identification procedure exceeds the length of a password or PIN that the cardholder can reasonably be expected to remember.
Various embodiments of the present invention fulfill one or more of the above objects.
According to a first aspect of the present invention there is provided a system for identifying users, having user-end apparatus and provider end apparatus.
Each user-end apparatus comprises a first part having a public key and a secret key and a second part having a public key and a secret key, an encrypter for encrypting said two secret keys together using a one-way function, and an output for transmitting said public keys, said encrypted secret keys and other data.
The provider end apparatus comprises two separately located databases, one matching public and secret keys of first parts of said user-end apparatus and the second matching public and secret keys of second parts, a selector at each database to select secret keys corresponding to the public keys of each part, an encrypter for encrypting secret keys found on said data bases, a comparator to compare the result of the encryption at the provider end apparatus with the result of the encryption produced at the user-end apparatus, and an output for signaling the result of the comparison to indicate whether the user has been successfully identified.
In an embodiment the provider end apparatus has a third database matching public keys of said first and second parts of said user end apparatus, and wherein said third database is operated by control electronics to inhibit successful identification of said user unless said third database indicates a match between said two public keys..
The comparator is preferably located together with one of said separately located databases, and said secret key selected at the other of said separately located databases is sent to said comparator via a secure communication means.
The first part of said user-end apparatus may be any of a smart card and a magnetic strip card, and said second part of said user-end apparatus may be a portable card reader assigned to a user.
The secret key of said first part of said user-end apparatus is preferably not recorded on said first part. Rather it is a secret pin number memorised by the user.
The secret key of said second part of said user end apparatus may be variable in accordance with a variation procedure. In such an embodiment the variation procedure is preferably not recorded on said second part.
In order to form an authentication signature the encrypters may be operable to encrypt said secret key of said first part, said secret key of said second part and perhaps also a time varying element. Other elements may be optionally included.
The encryption may be carried out using a one-way hashing function. The user end apparatus may be connected to a transaction target, and said transaction target is adapted to receive from said user end apparatus one or more of the public keys, transaction data and said encrypted secret keys, and to relay said at least the same to said provider end apparatus via a, public communication network, and to receive said acknowledgment output from said provider end apparatus. The transaction target may add its own identification data, either secret or public, for verifying by the provider end apparatus.
According to a second aspect of the present invention there is provided a method of identifying a user comprising supplying a user with a first identification part having a public and a secret key and a second identification part having a public and a secret key, encrypting together said secret key of said first part and said secret key of said second part using a one-way encryption function to form a first encryption result, transmitting said public keys and the result of said encryption step to a verification apparatus, transmitting said public key of said first part to a database that matches public and secret keys of said first part and finding a corresponding secret key, transmitting said public key of said second part to a database that matches public and secret keys of said second part and finding a corresponding secret key, encrypting together said secret keys obtained from said databases using said one-way encryption function to form a second encryption result, comparing said first and second encryption results and, if they are identical, then indicating successful identification of said user.
Brief Description Of The Drawings For a better understanding of the invention and to show how the same may be carried into effect, reference will now be made, purely by way of example, to the accompanying drawings in which,
Figure 1 shows a first embodiment of the invention, Figure 2 shows a part of figure 1 in more detail,
Figure 3 shows a second embodiment of the invention,
Figure 4 shows a third embodiment of the invention, and
Figure 5 shows a fourth embodiment of the present invention.
Description Of The Preferred Embodiments Figure 1 shows a first embodiment of the invention. A card 10 is provided to the user and may preferably be a smart card or a magnetic card and may contain identification data A. Identification data A is stored on the card, either in an electronic memory or on the magnetic strip. This data is not regarded as especially secure as it can be read by a card reader. Associated with the card is a user secret number or pin number Pc which is not recorded on the card and is known only to the user and to the provider of the card.
The user is also provided with a card reader 12. The card reader 12 is preferably a small portable device unique to the user. An example of the device 12 is shown in greater detail in figure 2 and comprises card reader apparatus 30, a small keyboard 32, a small LCD screen 34, a memory 36, some signal processing ability 38 and an output port 40. A power supply 40 may preferably be a battery, and recharging means may be included. All of these may be controlled by a processor 44. The card reader apparatus 30 may preferably include a reader for a magnetic strip and a reader for a smart card. The output means may simply be a tone generator that generates DTMF tones in accordance with numbers to be sent, and may thus work by placing the device next to the telephone speaker in order to effect transmission. In other embodiments the output means may be a generator of digital signals for use in an internet connection. The output may also be designed to be connected directly to transaction equipment 13 belonging to a vendor. The output is connected to a secret data memory 46 and the memory 36 only via the processor 44 which carries out the encryption, so that there is no possibility of secret information being sent out unencrypted from the card reader apparatus. The purpose of the card reader is to enable the user to use secret data to validate a transaction made through apparatus such as transaction equipment 13 in the possession of a third party, without at the same time handing over the secret data to the third party.
The card reader may have identification data B and may also have a secret number Pw which is stored inside the machine and is known only to the issuer of the card reader. Identification data B may be stored in the machine 12 or may be a password typed in by the user. The card reader 12 is designed to be connected via output port 40, to a communications network such as the public telephone network or the internet or, as shown in figure 1, directly to transaction apparatus of a third party. Neither the transaction apparatus nor the communications network can be regarded as secure and therefore any sensitive data to be transferred must be encrypted. The card reader 12 is therefore able to encrypt data using a one way function. In a preferred embodiment the one way function is a hashing function. A hashing function is a function that is many to one, that is to say more than one input can lead to a given output. Hence the function is one way, that is to say there is no inverse function that will allow the input to be derived unambiguously from the output. In an embodiment a group of one-way hashing functions known as MD5 is used.
In order to carry out a transaction using the card and the reader, all that is necessary is for the user to insert the card 10 into the reader 12 and type in the pin number, as well as any relevant details of the transaction. The reader 12 is connected via the output port 40, and it calculates the hashing product of say the pin code Pc and the secret number of the reader Pw, as well as of a third component that varies over time, for example the output of clock 46. A time varying component is preferred so that the eavesdropper cannot simply copy the encrypted message and make it appear that he has access to the secret numbers when he does not.. The result of the hashing operation is sent as an authentication signature. The remainder of the details of the transaction, including identification data of the card A and of the reader B, are sent unencrypted. Alternatively they are sent encrypted using a scheme that allows their decryption at the far end, for example a DES (data encryption standard) scheme.
The entire transmission relating to the transaction is preferably received by an IAS client 13, which is a computerised transaction apparatus belonging to the other party to the transaction. The client validates certain details of the transaction such as value and time, perhaps compares the username with a private list of bad debtors or the like, and then adds its own ID code C to the transaction transmission. The transmission is then sent via a communication network 14 to an IAS (Identification and Authorization Server) 16. The communication network may, for example, be the public telephone network or the Internet.
The server first identifies the IAS client using using the identification data C. Then it identifies at least enough information from the unencrypted part of the data to select appropriate destinations to pass on the information. That is to say it determines who the card provider is and who has provided the reader. The authentication signature is thus directed to a server 20 which belongs to the provider of the card. This transmission may be made over an insecure data connection.
The server 20 sends on the reader public number B to a server 18 belonging to the appropriate provider of card readers. The server 18 is able to identify which card reader 12 is involved in the transaction from the identification data B. It is therefore able to supply the secret number of the card reader pw. The authentication signature plus Pw are sent over a secure communication link 22 to the server 20. The card provider knows from the card identification data A which card is being used and is therefore able to provide the corresponding pin or secret number P0. The time of the transaction is known because it is approximately the same as that of a clock at the server 20. Alternatively the time may be transmitted unencoded as well as within the signature. The card server thus has all of the components that went into the signature and it repeats the hashing function with the components it has obtained independently. If this produces the same result as the signature, and provided that the card is authorized for use with that same card reader, then the transaction is authorized and a signal to this effect is transmitted to the IAS server 16.
The transaction may now be completed by signalling authorisation of the transaction to the IAS client. The secret number of the card reader Pw is not stored in the server 20 once the authorization is completed. For the short period until the verification is completed it is preferably stored only in volatile memory as part of a data structure that is protected from being copied by the operating system into non-volatile memory even as a temporary swap file. Thus no single server has the ability to authenticate the signature and there is no single server that can be tapped illegally to obtain enough information to forge a signature. Furthermore even the tapping of secure communication link 22 would not enable the user to obtain enough information to forge a signature.
It will be appreciated by the person skilled in the art that either of the two servers 18 and 20 may carry out the authentication procedure, that is to say, either the card provider's server or the reader provider's server, may be sent the authentication signature, and carry out the authentication check. In a further variation the server that is not provided with the authentication signature may be provided directly with its respective public key from the IAS server 16 without the mediation of the the other server.
Figure 3 is a preferred embodiment operative in accordance with the present invention. In a transaction involving electronic money, the recipient may not have an IAS client. In these circumstances the tasks of the IAS client are carried out in association with the IAS server 16. In an alternative embodiment the need to send a secret number over a secured network is avoided. As before, the encryption product and the public numbers are received at the IAS server. The public numbers are sent to their respective servers with the encryption product. The corresponding secret numbers are found at each server 18 and 20 and are separately encrypted at each server. Then the secured link 20 is used to send the encrypted version of one of the numbers to the other server which is then able to complete the identification as before, but without at any time having held the other secret number. The only additional requirement for this alternative embodiment is that the one-way function is commutative.
The card reader secret number Pw is preferably stored within the card reader as part of a secret data memory 46. The connections to the secret data memory 46 are such that there is no readout operation that enables the secret number to be accessed. That is to say it cannot be read out except via the circuits for the encrypting function. The secret data memory 46 is positioned within the card reader 12 in such a position that access is difficult and it is designed to wipe the information in the event of a direct attempt to access the data.
The secret number of the card reader could be a fixed code of fixed length. Its length is not restricted by the need for a user to be able to remember it as it is stored in the reader. Alternatively the length of the key could be varied in some way. For example the secret data memory 46 may store a matrix of information and use different parts of this matrix at different times in accordance with a predetermined algorithm. Thus the length and the content of the secret number may be changed as desired. This has the added advantage that there is no single part of the card reader that can be hacked to obtain the secret number. The algorithm for varying the number need not be stored anywhere within the card reader.
As a further alternative one of the secret numbers could be a number constructed in accordance with the recognition of the fingerprint of the user or some other invariant personal authentication means.
10 Instead of an output port that demands physical contact between the card reader and the terminal of the communication network, it is possible to make an output port that sends infra-red signals, the terminal of the communication network being operative to detect these signals and convert them into a form suitable for sending down the network.
In a more elaborate version, the card reader may produce two sets of authentication signatures, each based on different sets of public and secret information. For example the card may have two public numbers A and A' and the card reader may likewise have two sets of such numbers B and B' as well as two secret numbers Pw and Pw' . Each of the signatures may then be sent for authentication to different pairs of servers respectively.
The card itself is essentially a data storage device. Indeed a smart card can store many kilobytes of data. Thus the card reader, which is in fact not just a reader but a writer as well, can incorporate considerable data management abilities. It can be used to store databases on the card, as well as programs, and can be used to call programs from the card and run them. The keyboard 32 is available to the user to write directly to the card, allowing it to serve as a notebook, diary and address book as well as a credit card. The credit card reader 12 is also able to support the protocols necessary for EP standard electronic money and therefore the combination of card and reader serve as an electronic wallet.
As mentioned above, the secret numbers may be encrypted together with the time, which is generated in the clock 46 of the reader. Preferably the time used is GMT or some other agreed standard, so that international transactions are not adversely affected.
In the embodiments described above the use of a card has been restricted to given readers because the public numbers of the card and reader are checked against a third database that lists the cards authorized for use with each reader. Thus any abuser of the system is obliged to hack three databases in order to obtain sufficient information to
11 impersonate a user successfully. The three databases are preferably located on different machines at separate locations belonging to different organizations and arranged to prevent hacking.
It is possible to configure the system such that only transactions above a certain amount are restricted to a given reader/card combination and this is a way of striking a balance between convenience and security. As an additional level of security the reader may require a user-entered password, in addition to the PIN of the card, and may lock up, that is to say may cease to operate, after a given number of unsuccessful attempts to enter the password. Unlocking of the card is an operation that can only be carried out by an authorized maintenance center. It may depend on a further pin number, or any one of a range of alternative schemes well known to the skilled man.
Figure 4 is a simplified embodiment of the invention. In figure 4, parts that are the same as those shown in figure 1 or figure 3 are given identical reference numerals. In this figure neither a separate IAS client nor a separate IAS server are shown.
The card reader 12 has an encrypter 50 and the output 40 has the ability to route the transmission, including the encrypted portion thereof, directly to the two servers 18 and 20 that hold the databases of public against secret numbers. Each of the servers has a selector, 52 which selects the appropriate secret number for the received public number. In one of the servers 18 the secret number selected is sent via secure connection 22 to the other server 20 where it is placed in an encrypter 54. Encrypter 54 is identical in operation to that 50 in card reader 12. The secret number selected by selector 52 in server 20 is likewise placed in encrypter 54, and an encryption operation is carried out on the two secret numbers plus the same time varying element, for example the time, that is indicated as the time of the transaction by the unencoded information sent by the card reader.
The result of the encryption is passed to a comparator 56 where it is compared with the encoded information received directly from the card reader. If they are the same
12 then a transaction authorization signal is sent out, via output 58, to the public network. In a variation the secret number that is sent from server 18 to server 20 is sent encrypted for additional security, although in this case the encryption operation used is a reversible encryption operation as it is necessary to extract the secret number at server 20.
Figure 5 shows an embodiment of the invention for use in telephone based ordering or for orders made over the internet, and in which the order is received by the vendor using electronic means. A card reader with card inserted 60 is connected either directly to a telephone 62 or to an infra-red link terminal 64 or to a PC 66, which has itself been connected to the vendor 70 through the telephone network or the internet or like unsecured public network, 68. Vendor processing apparatus 72 sets up the transaction with the user, and, as the transaction is completed the vendor processing apparatus requests authentication from the purchaser. The purchaser types in his secret number Pc as before and the card reader/card combination sends an authentication signature.
The vendor processing apparatus receives the transmission but is unable to discover the purchaser's secret keys. The authentication signature is passed, together with identification data of the vendor 70, back to the public network 68 and thence to the IAS server 16 where it is processed as described previously. Thus the identity of a purchaser can be authenticated through the vendor's processing apparatus without the vendor being able to discover any secret information of the purchaser.
It will be appreciated that in each of the above embodiments one or other of the secret numbers Pc and Pw could be assigned a zero value. The system is operated in exactly the same way and may be used to provide independent identification for either the card or the reader.
In a further embodiment of the invention it is possible to encode the public number of the card. This is desirable in order to keep the public number from the vendor. At the present time it is possible to use credit cards solely on the strength of the public number, for example in telephone ordering. Because the public number has to be known in order
13 to identify the signature a two-way encription algorithm has to be used. The encryption of the public number is carried out using the reader 12, which contains an encryption key that can be used for a two-way encryption algorithm such as DES. The public number is decrypted by the IAS server 16, which now has all the information it needs to route the signature to the servers of the correct providers.
It is appreciated that the various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable subcombination.
14

Claims

Claims
1. A system for identifying users, comprising user-end apparatus and provider end apparatus, wherein each user-end apparatus comprises a first part having a public number and a secret number and a second part having a public number and a secret number, an encrypter for encrypting said two secret numbers together using a one-way function, and an output for transmitting said public numbers, said encrypted secret numbers and other data, wherein the provider end apparatus comprises two separately located databases, one matching public and secret numbers of first parts of said user-end apparatus and the second matching public and secret numbers of second parts, a selector at each database to select secret numbers corresponding to the public numbers of each part, an encrypter for encrypting secret numbers found on said data bases, a comparator to compare the result of the encryption at the provider end apparatus with the result of the encryption produced at the user-end apparatus, and an output for signaling the result of the comparison to indicate whether the user has been successfully identified.
2. A system according to claim 1 wherein said provider end apparatus has a third database matching public numbers of said first and second parts of said user end apparatus, and wherein said third database is operated by control electronics to inhibit successful identification of said user unless said third database indicates a match between said two public numbers..
3. A system according to claim 1 wherein said comparator is located together with one of said separately located databases, and said secret number selected at the other of said separately located databases is sent to said comparator via a secure communication means.
4. A system according to claim 1 wherein said first part of said user-end apparatus is one of a group comprising a smart card and a magnetic strip card, and said second part of said user-end apparatus is a portable card reader assigned to a user.
15
5. A system according to claim 4 wherein said secret number of said first part of said user-end apparatus is not recorded on said first part.
6. A system according to claim 4 wherein said secret number of said second part of said user end apparatus is variable in accordance with a variation procedure.
7. A system according to claim 6 wherein said variation procedure is not recorded on said second part.
8. A system according to claim 1 wherein said encrypters are operable to encrypt said secret number of said first part, said secret number of said second part and a time varying element.
9. A system according to claim 1 wherein said encrypters are operable to encrypt using a one-way hashing function.
10. A system according to claim 1 wherein said user end apparatus is connected to a transaction target, and said transaction target is adapted to receive from said user end apparatus at least one of a group comprising said public numbers, transaction data and said encrypted secret numbers, and to relay said at least one of said group to said provider end apparatus via a, public communication network, and to receive said acknowledgment output from said provider end apparatus.
11. A system according to any preceding claim wherein said public number of said first part is encrypted prior to transmission using a two-way encryption function.
12. A method of identifying a user comprising supplying a user with a first identification part having a public and a secret number and a second identification part having a public and a secret number,
16 encrypting together said secret number of said first part and said secret number of said second part using a one-way encryption function to form a first encryption result, transmitting said public numbers and the result of said encryption step to a verification apparatus, transmitting said public number of said first part to a database that matches public and secret numbers of said first part and finding a corresponding secret number, transmitting said public number of said second part to a database that matches public and secret numbers of said second part and finding a corresponding secret number, encrypting together said secret numbers obtained from said databases using said oneway encryption function to form a second encryption result, comparing said first and second encryption results and, if they are identical, then indicating successful identification of said user.
17
PCT/IL1998/000116 1998-03-11 1998-03-11 Transaction card security system WO1999046881A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU66339/98A AU6633998A (en) 1998-03-11 1998-03-11 Transaction card security system
PCT/IL1998/000116 WO1999046881A1 (en) 1998-03-11 1998-03-11 Transaction card security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IL1998/000116 WO1999046881A1 (en) 1998-03-11 1998-03-11 Transaction card security system

Publications (1)

Publication Number Publication Date
WO1999046881A1 true WO1999046881A1 (en) 1999-09-16

Family

ID=11062319

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL1998/000116 WO1999046881A1 (en) 1998-03-11 1998-03-11 Transaction card security system

Country Status (2)

Country Link
AU (1) AU6633998A (en)
WO (1) WO1999046881A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001048963A1 (en) * 1999-12-23 2001-07-05 Setec Oy Handling a secret key
WO2001082246A2 (en) * 2000-04-24 2001-11-01 Visa International Service Association Online payer authentication service
WO2002048974A1 (en) * 2000-12-15 2002-06-20 Bording Data A/S A method for communicating a transaction between a payment terminal and at least one acquirer
WO2011106404A2 (en) * 2010-02-25 2011-09-01 Visa International Service Association Multifactor authentication using a directory server
TWI459305B (en) * 2010-12-15 2014-11-01 Syscom Comp Engineering Co Method and system for simulating tetminal machine
US9769134B2 (en) 2002-04-17 2017-09-19 Visa International Service Association Mobile account authentication service
US10672215B2 (en) 2002-09-10 2020-06-02 Visa International Service Association Data authentication and provisioning method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5347580A (en) * 1992-04-23 1994-09-13 International Business Machines Corporation Authentication method and system with a smartcard
US5379344A (en) * 1990-04-27 1995-01-03 Scandic International Pty. Ltd. Smart card validation device and method
USRE34954E (en) * 1990-08-02 1995-05-30 Bell Communications Research, Inc. Method for secure time-stamping of digital documents
US5513261A (en) * 1993-12-29 1996-04-30 At&T Corp. Key management scheme for use with electronic cards
US5534857A (en) * 1991-11-12 1996-07-09 Security Domain Pty. Ltd. Method and system for secure, decentralized personalization of smart cards
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5623637A (en) * 1993-12-06 1997-04-22 Telequip Corporation Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
US5757918A (en) * 1995-01-20 1998-05-26 Tandem Computers Incorporated Method and apparatus for user and security device authentication

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5379344A (en) * 1990-04-27 1995-01-03 Scandic International Pty. Ltd. Smart card validation device and method
USRE34954E (en) * 1990-08-02 1995-05-30 Bell Communications Research, Inc. Method for secure time-stamping of digital documents
US5534857A (en) * 1991-11-12 1996-07-09 Security Domain Pty. Ltd. Method and system for secure, decentralized personalization of smart cards
US5347580A (en) * 1992-04-23 1994-09-13 International Business Machines Corporation Authentication method and system with a smartcard
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5623637A (en) * 1993-12-06 1997-04-22 Telequip Corporation Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US5513261A (en) * 1993-12-29 1996-04-30 At&T Corp. Key management scheme for use with electronic cards
US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
US5757918A (en) * 1995-01-20 1998-05-26 Tandem Computers Incorporated Method and apparatus for user and security device authentication

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001048963A1 (en) * 1999-12-23 2001-07-05 Setec Oy Handling a secret key
AU2007203383B2 (en) * 2000-04-24 2011-06-16 Visa International Service Association Online payer authentication service
KR100933387B1 (en) * 2000-04-24 2009-12-22 비자 인터내셔날 써비스 어쏘시에이션 Online payer authentication service
US10572875B2 (en) 2000-04-24 2020-02-25 Visa International Service Association Online account authentication service
AU2001257280C1 (en) * 2000-04-24 2009-01-15 Visa International Service Association Online payer authentication service
US9864993B2 (en) 2000-04-24 2018-01-09 Visa International Service Association Account authentication service with chip card
EP2278538A1 (en) * 2000-04-24 2011-01-26 Visa International Service Association Online payer authentication service
KR101015341B1 (en) 2000-04-24 2011-02-16 비자 인터내셔날 써비스 어쏘시에이션 Online payer authentication service
WO2001082246A2 (en) * 2000-04-24 2001-11-01 Visa International Service Association Online payer authentication service
WO2001082246A3 (en) * 2000-04-24 2002-05-23 Visa Int Service Ass Online payer authentication service
WO2002048974A1 (en) * 2000-12-15 2002-06-20 Bording Data A/S A method for communicating a transaction between a payment terminal and at least one acquirer
US9769134B2 (en) 2002-04-17 2017-09-19 Visa International Service Association Mobile account authentication service
US10672215B2 (en) 2002-09-10 2020-06-02 Visa International Service Association Data authentication and provisioning method and system
US10679453B2 (en) 2002-09-10 2020-06-09 Visa International Service Association Data authentication and provisioning method and system
WO2011106404A3 (en) * 2010-02-25 2011-12-08 Visa International Service Association Multifactor authentication using a directory server
US10255601B2 (en) 2010-02-25 2019-04-09 Visa International Service Association Multifactor authentication using a directory server
WO2011106404A2 (en) * 2010-02-25 2011-09-01 Visa International Service Association Multifactor authentication using a directory server
TWI459305B (en) * 2010-12-15 2014-11-01 Syscom Comp Engineering Co Method and system for simulating tetminal machine

Also Published As

Publication number Publication date
AU6633998A (en) 1999-09-27

Similar Documents

Publication Publication Date Title
US5602918A (en) Application level security system and method
US5534857A (en) Method and system for secure, decentralized personalization of smart cards
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
US5721781A (en) Authentication system and method for smart card transactions
EP0852044B1 (en) Method and apparatus for user authentication
US4453074A (en) Protection system for intelligent cards
US7107246B2 (en) Methods of exchanging secure messages
CA2073065C (en) Method and system for personal identification using proofs of legitimacy
CA2417901C (en) Entity authentication in electronic communications by providing verification status of device
US8315948B2 (en) Method and device for generating a single-use financial account number
EP0668580A1 (en) Method of authenticating a terminal in a transaction execution system
EP1451786A1 (en) A method of distributing a public key
JP2003517658A (en) Portable electronic billing / authentication device and method
JP2007513529A (en) Method and system for generating dynamic verification values
WO1999024895A1 (en) Tamper resistant method and apparatus
CN101216923A (en) A system and method to enhance the data security of e-bank dealings
US20040039708A1 (en) Electronic seal, IC card, authentication system using the same, and mobile device including such electronic seal
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
WO2000062214A1 (en) Credit card security technique
WO1999046881A1 (en) Transaction card security system
US20040015688A1 (en) Interactive authentication process
EP1172776A2 (en) Interactive authentication process
AU2008203481B2 (en) Entity authentication in electronic communications by providing verification status of device
WO2002001325A1 (en) Communication method and device
JP2005038222A (en) Financial system using ic card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase