Digital signatures on a smartcard

Abstract

A digital signature scheme for a “smart” card utilizes a set of prestored signing elements and combines pairs of the elements to produce a new session pair. The combination of the elements is performed partly on the card and partly on the associated transaction device so that the exchange of information between card and device does not disclose the identity of the signing elements. The signing elements are selected in a deterministic but unpredictable manner so that each pair of elements is used once. Further signing pairs are generated by implementing the signing over an anomalous elliptic curve encryption scheme and applying a Frobenius Operator to the normal basis representation of one of the elements.

Description

BACKGROUND OF THE INVENTION [0001] This application is a continuation of U.S. patent application Ser. No. 10 / 765,976 filed on Jan. 29, 2004 which is division of U.S. patent application Ser. No. 09 / 942,492 filed on Aug. 29, 2001, now U.S. Pat. No. 6,704,870 which is a continuation of U.S. patent application Ser. No. 09 / 434,247 filed on Nov. 5, 1999, now U.S. Pat. No. 6,925,564 which is a continuation in part of U.S. patent application Ser. No. 08 / 632,845 filed on Apr. 16, 1996, now U.S. Pat. No. 5,999,625. [0002] 1. Field of the Invention [0003] The present invention relates to methods and apparatus for generating digital signatures. [0004] 2. Discussion of Related Art [0005] It has become widely accepted to conduct transactions, such as financial transactions or exchange of documents, electronically. In order to verify the transaction, it is also well known to “sign” the transaction digitally so that the authenticity of the transaction can be verified. The signature is performed acc...

AI Technical Summary

Benefits of technology

This approach enables the generation of up to 500 session pairs from an initial set of 32 stored elements, enhancing the commercial viability of digital signatures on Smart Cards without compromising security, as sensitive information remains undisclosed throughout the process.

Problems solved by technology

Any attempt to tamper with the message or to use a key other than that of the signing party will result in an incompatibility between the sent message and that recovered from the signature or will fail to identify the party correctly and thereby lead to rejection of the transaction.

Transaction cards, i.e. credit / debit cards or pass cards are now available with limited computing capacity (so-called “Smart Cards”) but these do not have sufficient computing capacity to implement existing digital signature protocols in a commercially viable manner.

The value βk is computationally difficult for the DSS implementation as the exponentiation requires multiple multiplications mod p. This is beyond the capabilities of a “Smart Card” in a commercially acceptable time.

Although the computation could be completed on the associated ATM, this would require the disclosure of the session key k to the ATM and therefore render the private key, a, vulnerable.

However, the number of sets of values stored limits the number of uses of the card before either reloading or replacement is required.

A problem that exists therefore is how to generate sufficient sets of values within the storage and / or computing capacity of the card.

One possibility is to use a smaller value of p but with the DSS scheme this will jeopardize the security of the transaction.

This is not sufficient for commercial purposes.

The possibilities would be more limited when using DSS because of the smaller group of signing elements that could be stored.

This is not feasible within the practical limits of available “Smart” cards.

As noted above, the ATM used in association with the card has sufficient computing power to perform the computation but the transfer of the coordinates of k1P and k2P from the card to the terminal would jeopardize the integrity of subsequent digital signatures as two of the stored signing elements would be known.

Images