Printed by Jouve, 75001 PARIS (FR)

(19)E

P2

290

577

A2

��&�� ������ �(11) EP 2 290 577 A2

(12) EUROPEAN PATENT APPLICATION

(43) Date of publication: 02.03.2011 Bulletin 2011/09

(21) Application number: 10186185.4

(22) Date of filing: 20.02.2001

(51) Int Cl.:G06F 21/20 (2006.01) G06K 5/00 (2006.01)

H04L 29/06 (2006.01)

(84) Designated Contracting States: AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

(30) Priority: 18.02.2000 US 183640 P

(62) Document number(s) of the earlier application(s) in accordance with Art. 76 EPC: 01910964.4 / 1 277 162

(71) Applicant: Vasco Data Security International GmbH8152 Glattbrugg (CH)

(72) Inventors: • Hoornaert, Frank

3061, Leefdaal (BE)• Houthooft, Mario

1780, Wemmel (BE)

(74) Representative: D’Halleweyn, Nele Veerle Trees GertrudisArnold & Siedsma Sweelinckplein 12517 GK The Hague (NL)

(54) Token device having a USB connector

(57) The invention pertains to a token device for au-thenticating users, the token comprising a user interfacewith a display, a processing unit, a memory for storingsecret values, a memory for storing one or more appli-cations, and a USB connector for connecting the deviceto a computer. The token device is adapted to generateone-time passwords or responses to challenges or sig-natures. The token device is further adapted to be oper-able in both a connected or a non-connected mode.

EP 2 290 577 A2

2

5

10

15

20

25

30

35

40

45

50

55

Description

Field of the Invention

[0001] The invention relates generally to digital devic-es typically used for secure applications.

Background

[0002] A "smart card" is a common term used to referto a card-like device, typically of the size of a credit card,that includes stored thereon a set of data, which is oftenspecifically related to the bearer or user of the card. Smartcards often contain their data stored by means of mag-netic storage (a "swipe strip" or "mag strip") or in a read-only memory (ROM) or random access memory (RAM),and usually include either a central processing unit (CPU)or a stored set of instructions in order to provide somedegree of intelligence. The smart card arena has grownin recent years to include a variety of users and availableapplications. One such example is the banking world,where banks, brokerages, and other financial institutionshave introduced the use of smart cards as electronicswallets for making electronic purchases and electronicpayments.[0003] A problem with the traditional type of electronicwallet is that the wallet needs to be charged, i.e., moneyneeds to be ’loaded’ into them, prior to use. Currently,one of the methods for loading electronic wallets is byusing automated teller machines (ATM’s) that have beenspecially adapted for this purpose, or through the use ofspecial publically accessible dedicated card loading de-vices. In some cases, specialized public telephones maybe used to make a telephone call with the smart card,and also to load the electronic wallet.[0004] The same banks and financial institutions thatcurrently support or anticipate supporting the use ofsmart cards have already implemented a lot of home-banking services such as phonebanking, PC banking,and Internet banking. A typical desired requirement ofthese applications is that they not be bound or restrictedto being used at a restricted place or time. This is com-monly referred to as the "triple A concept" - that the ap-plication be accessible anywhere, anytime, anyhow. Toallow this flexibility while at the same time ensuring ad-equate controls and security, these homebanking appli-cations normally require the user to use a digital token -a secure mechanism by which to identify a user or toencrypt the user’s communications with the bank.[0005] There is today a large demand to use the ex-isting smart cards already in circulation to support newremote banking applications. This demand is spurredlargely by a desire to create a return on investment al-ready made by various banking organizations, but alsoby a desire to get the user acquainted with his/her elec-tronic wallets and to encourage its use in a variety ofdifferent ways at an increasing number and variety ofestablishments. There also exists today a combined de-

mand to offer to banking customers a homebanking fea-ture together with an ability to remotely load the smartcard. Such loading devices are currently available in themarketplace but they are expensive because they needto be specially adapted for each different banks loadingor payment scheme, and require specialized applicationsto be installed within the internal operating software ofthe device.[0006] To encourage the growth of secure smart cardtechnology within society, and to provide a satisfactoryreturn on investment for those industries, such as thebanking industry, which have historically been earlyadopters of the smart card format and its applications, amethod is clearly needed to allow rapid, easy, and low-cost distribution of smart card technology and their as-sociated readers, to the widest available audience ormarketplace.

Summary of the Invention:

[0007] To satisfy this demand for an easily manufac-tured and distributable smart card technology the inven-tion provides a field programmable user authenticationdevice, electronic token, or token device. In accordancewith the invention, several embodiments of such devicesare supported, herein commonly referred to as a "tokendevice."[0008] The inventors have identified at least two differ-ent potential users of the invention, depending on theirexisting infrastructure:

1. Those customers that have already invested intraditional smart card readers but wish to add tokenfunctionality in order to support remote access, a fea-ture not implemented in their traditional smart cardtechnology; and,2. Those customers that may have invested in smartcard technology but not in the infrastructure needed(i.e. the terminals, readers and associated servertechnology) to support distributed users at home.

[0009] In the case where the organization has alreadyinvested in smart cards and applications but needs areader for distribution to their customers, the inventionprovides a generic token device. In one embodiment thisgeneric token device is a self-powered unit that acceptssmart cards, and has both an integrated display and key-board. It can work in a connected or non-connected way.In a non-connected mode the user selects which appli-cations to run and provides inputs (personal identificationnumbers, etc.) if required. In a connected mode the tokendevice acts as a slave to the users personal computer(PC). The PC makes interrogatories, asking questions,and the token provides answers.[0010] In one embodiment, the invention comprises afield programmable electronic smart card terminal for al-lowing secure communication between a user and a hostservice, service provider, or application provided by a

1 2

EP 2 290 577 A2

3

5

10

15

20

25

30

35

40

45

50

55

service provider, comprising a token personality logic;and, a smart card reader adapted to receive and com-municate with a smart card having stored thereon a useridentification data, wherein with a smart card receivedby said smart card reader said token personality logiccan generate a token device personality using said userauthentication data; and, a communications mechanismfor communicating an element of said token device per-sonality to a service or application.[0011] In another embodiment, the invention compris-es A method of accessing a secure application, compris-ing the steps of: providing a generic smart card readerterminal, wherein said generic smart card reader terminalincludes:

a generic token personality logic, a smart card readeradapted to receive and communicate with a smartcard, and, a communications mechanism for com-municating said token device personality to a hostservice;receiving at said generic smart card reader a usersmart card having stored thereon a user identifica-tion data; generating a token device personality us-ing said user authentication data; and, accessing asecure application using an element of said tokendevice personality.

[0012] In a further embodiment, the invention compris-es a method of allowing a user secure access to a serviceprovider application, comprising the steps of: distributingto a plurality of users a plurality of generic smart cardreader terminals, wherein each of said generic smart cardreader terminals includes:

a generic token personality logic, a smart card readeradapted to receive and communicate with a smartcard, and, a communications mechanism for com-municating said token device personality to a hostservice;receiving at said generic smart card reader a user’ssmart card having stored thereon a user identifica-tion data; allowing a user to generate a token devicepersonality using said user authentication data; and,allowing said user to access a secure applicationprovided by a service provider, using an element ofsaid token device personality.

Brief Description of the Drawings:

[0013]

Figure 1 is an illustration of a token device in ac-cordance with an embodiment of the invention.Figure 2 is an illustration of a smart card and tokendevice in accordance with an embodiment of the in-vention.Figure 3 is an illustration of a token device deploy-ment process in accordance with an embodiment of

the invention.Figure 4 is a flowchart of a token device deploymentprocess in accordance with an embodiment of theinvention.Figure 5 is an illustration of a token device connect-ed to a personal computer in accordance with anembodiment of the invention.Figure 6 is a schematic layout of a token device inaccordance with an embodiment of the invention.Figure 7 is a flowchart of a token device upgradeprocess in accordance with an embodiment of theinvention.Figure 8 is a flowchart of a token device mediumsecurity process in accordance with an embodimentof the invention.Figure 9 is a flowchart of a token device medium-high security process in accordance with an embod-iment of the invention.Figure 10 is a flowchart of a token device high se-curity process in accordance with an embodiment ofthe invention.

Detailed Description:

[0014] Traditional user access devices which are usedfor accessing financial systems, such as point of saleterminals, electronic tokens, trusted wallets, and bankingcards, utilize a long and complex method of distribution.This is because a central system or service provider mustkeep track of the different secrets and/or personal iden-tification numbers (PIN’s) that are distributed to whichcustomer and on what terminal. One target market forthe present invention are the owners of such systemsthat are either originally smart card based, or are tokenbased but the owner wishes to switch to a smart card.[0015] An advantage of the present invention is that itcan take advantage of such existing infrastructure with-out requiring the new installation of terminals. The smartcard reader or smart card terminal provided by the inven-tion can be used as a token that needs no programmingof user-specific secrets. As used herein, the terms "user"and "cardholder" are used to refer to the user of the smartcard or token device. This is typically an end-user or clientof a bank or financial institution who has been issued witha personal smart card. As used herein the terms "systemowner" and "service provider" are used to refer to suchbanks, financial institutions, and other vendors who pro-vide a service to the cardholder, while the terms "service","host service", and "application" are used to refer to thevarious services or applications a service provider maymake available to the user. Instead of preprogramming,the secret values used for authentication and user-hostcommunication are instead derived from external param-eters, such as identification data or secret values storedon the smart card itself (for example the card’s serialnumber). The advantage of this procedure is that thesmart card terminal can be shipped and put into distribu-tion directly from the factory. A subscribing user gets his

3 4

EP 2 290 577 A2

4

5

10

15

20

25

30

35

40

45

50

55

terminal and enters his card and the parameters, andsecrets are set accordingly, creating a token. The inven-tion is intended to be a mass product, which can be fac-tory pre-set for a specific system owner or service pro-vider such as a particular bank or financial institution.Such pre-sets are collectively referred to herein as a"scheme" which allows different banks to personalize theworking of their own token system. The delivered terminal/ token device for each system owner are all identical andare intended to go straight to the points of distribution.This provides a great advantage in speed and ease ofdistribution over prior methods.

Personalized Token

[0016] The invention may be considered the first of anew generation of intelligent, unconnected smart cardreaders or terminals, which offer the strong authentica-tion functionality of a token based on smart card security.Strong authentication itself is traditionally based on acombination of at least two factors present at the sametime: something the user has, something they know, andpossibly something they are. Figure 1 shows an exampleof a smart card terminal in accordance with an embodi-ment of the invention. As shown therein the smart cardterminal 100 includes an ON/OFF switch 101, a keypad102, a set of function keys 103, a display 107, and asmart card reader 104, adapted to receive and commu-nicate with a smart card 105. Figure 2 illustrates the op-eration of the terminal device, in which the smart card105 may be inserted into, and removed from the terminal100.[0017] In accordance with an embodiment of the in-vention, the user may already have a secure smart cardand knows the PIN associated with that smart card. Whenthe smart card is inserted into the smart card terminal, ittransforms the terminal into an electronic token devicevia a predefined set of instructions or protocol agreedwith and approved beforehand by the smart card issueror system owner. From then on the terminal (now morecorrectly considered an electronic token device) can beused for a variety of secure applications. For example, itcan be used to log-on remotely to computer networks, togenerate one-time passwords, accept challenge mes-sages and calculate responses, and even generate MAC(media access control) signatures over messages. Asused herein the terms "terminal" and "token device" areused to refer to the same physical device of the inventionand to the two instances of that device - one as a smartcard reader, and the other as an electronic token device.Any data entry can be performed using an included key-pad, while user action is guided using messages on anLCD display. Since it can operated in an unconnectedmode the token device can be used on any platform (apersonal computer, phone, Internet, kiosk, etc) at anytime, and from any place.[0018] Banks currently have millions of smart cards inthe field for combined electronic purse and debit func-

tions. At the same time they use tokens for strong userauthentication to grant access to their phone, home orInternet banking channel. Both of these systems requirean identical process of personalization of the card or to-ken, shipment, PIN mailers, a host system and a help-desk. The invention now removes this logistical burdenand focuses on the smart cards already delivered to thebank customers. Terminal / token devices created in ac-cordance with the invention may be manufactured ac-cording to the "factory-to-field" concept. In this sense theymay all be identical even up to delivery to the bank agen-cy. There is thus no need to personalize the terminalbefore it is actually handed over or shipped to the cus-tomer. At that point the customer initializes the terminal,transforming it into a token device, by inserting their ownpersonal smart card. The token device derives all re-quired keys according to the rules set up by the cardissuer and embedded directly in the unalterable proces-sor mask of the terminal unit. If the card is removed fromthe token device, all secrets are immediately erased, andthe device reverts back to being a regular smart cardterminal (i.e. it no longer acts as a token).[0019] Figure 3 illustrates schematically the processin which the smart card and terminal are used by a userto access a service provider, such as a bank or otherfinancial institution. A service provider 120 distributes awide number of low-cost smart card terminals to the pub-lic, or at least to a large subset of the population who maybe interested in using the services of the service provider.A particular user 124 receives one of the smart card ter-minal, and inserts their own personal smart card 126 intothe terminal to create a personalized electronic token126/128. This token is then used to access the serviceproviders network, or services.[0020] The steps required to accomplish this processare shown in Figure 4. As shown therein a user obtainsa smart card (step 130) while a service provider distrib-utes generic terminals to the public (step 132). The userobtains one of these generic terminals (step 134) anduses it together with his/her smart card to create the tokendevice, and to generate an electronic token (step 136).This token is then used to access the services providedby the service provider, either locally (in unconnectedmode with the application stored on the smart card ter-minal itself), or remotely, via an intermediate client com-puter and host server (step 138).[0021] In the general networking world, public key in-frastructure (PKI) encryption solutions are becomingmore common but they require a more expensive, con-nected smart card reader with all related problems ofdrivers and connections. But the connection of the readeris not always possible and even not required for justgranting remote access to users. Still they have a hugeinvestment in smart cards that has to be re-used. Withthe invention, the smart card may be used for the firsttime at all network entry points. The innovative terminaldevice replaces the tokens that have to provide secureremote access to Internet, phone banking and other

5 6

EP 2 290 577 A2

5

5

10

15

20

25

30

35

40

45

50

55

banking services. The terminal provided by the inventioncan be used in combination with existing smart cardschemes - the combination of both becomes unique with-out requiring the troublesome personalization of the to-kens by the service provider.[0022] The invention creates a win-win situation for theservice providers such as banks, their customers, and tonetwork owners who have already invested in smartcards. The banks win because the inventions terminalunit allows their customers to use their smart card foralmost every contact with their bank. They also get areasonably priced smart card reader that can be deliv-ered in volume and that needs no specific programming.The cardholder wins because his smart card becomeshis standard interface with his bank. At the same time hehas an integrated balance reader at his disposal, and inthe unfortunate case that his terminal / token device stopsfunctioning, he can just walk to the bank and get a re-placement unit without having to wait for a newly pro-grammed one with a new PIN to be delivered. The net-work owner, who already invested in smart cards andeven smart card readers, can now offer a solution to hisuser who are either unconnected or need secure remotenetwork access.[0023] The biggest advantage of the invention is thefact that smart cards and tokens are no longer consideredrival products when it comes to promoting their advan-tages. From now on they can live in a symbiotic wayprofiting from the intrinsic security of the smart card com-bined with the advantage of unconnected tokens. Thesetwo key elements permit secure network access fromanywhere, anyhow and at anytime, without being limitedin access methods and platforms. This allows networkoperators to address the widest possible users groupwithout any discrimination. The security is also fully inthe hands of the issuer as no security parameters and/orkey programming and distribution is needed. Every se-cret that is used is either predefined in the card or derivedfrom parts of that smart card in a secure and unalterableway.

Modes of Operation

[0024] In accordance with an embodiment of the in-vention, the token device may operate in any of threedifferent phases: an initial programming phase, an oper-ational phase, and a battery fail phase.[0025] In the initial programming phase, the token de-vice is shipped to the system owner. As shipped, it con-tains all required parameters for the system owner in abuilt-in read only memory (ROM). When batteries areinserted, the token is reset and asks for the smart cardto be installed during a 10-second boot up period. Whenthe unit is reset at any later time, it will again ask for asmart card to start the initialization. This phase can alsobe repeated by removing the batteries from an opera-tional token device.[0026] In the operational phase the token device can

be used in either a connected or unconnected mode; andwhether it has a smart card inserted into its reader or not.Depending on these parameters the behavior of the to-ken device will automatically change from one of dumbsmart card reader to electronic token device, and froman unconnected electronic wallet, to a connected client.In one embodiment the token device becomes fully op-erational once a smart card is introduced for the first timeand a pre-defined initialization phase is successfully ex-ecuted. In unconnected mode the token device supportstime and/or event-based dynamic passwords, challenge/response, and signatures, and acts as an electronic to-ken or electronic wallet in it’s own right. These differentmodes are described in further detail below. In connectedmode, as illustrated in Figure 5, a token generating ap-plication runs on the user’s personal computer (PC) 140while the token device (the combination of smart cardterminal 100 and smart card 108) acts as a slave device,connected to the PC by a serial or equivalent connection142. Depending on the complexity, certain firewall-likefilters can be installed into the token device or the tokenapplication that may be used to accept certain addressesin the card, or specify certain field length, sequence ofoperations, specific commands, etc.[0027] When the voltage level drops under a prede-fined level, the token device enters a battery fail phase,and signals a "battery low" warning. The battery mustthen be replaced in order to keep the RAM contents in-tact.

Customer Use

[0028] As any prospective banking, financial, or equiv-alent organization will wish to distribute the smart cardterminal / token device at the lowest possible cost to theircustomers, it is important that as many people as possiblecan use that one token. A modern household may havea variety of different cards - perhaps one or two for eachperson in the household. Hence the token device is de-signed such that many members of a family can use it,while the smart card activates each users own personalsecrets. It will be evident that the invention is not limitedto home applications but instead that it’s features, andparticularly it’s ability to offer a group of people a commonsecurity interface, makes the invention useful in manycommercial or industrial settings.[0029] Other than the original electronic wallet appli-cations, space may be reserved in the token device forfuture applications such as electronic ticket reservation,user authentication, secure access control, etc. Each ofthese applications needs different attention and may uti-lize different ways of handling the secrets. One embod-iment of the present invention may be implemented bypresetting the number of applications per user (4, for ex-ample). In the 4-limit application embodiment, a tokendevice may have up to 16 applications which can be de-fined as coexisting beside each other. If so required,these 16 applications can also be used by a single user,

7 8

EP 2 290 577 A2

6

5

10

15

20

25

30

35

40

45

50

55

or alternatively two individual users may use up to 8 ap-plications. Any alternative combination of users and ap-plications may be implemented.[0030] In one embodiment, messages are defined toguide the user through the use of each application. Mes-sages may be limited to save resources. For example,in one embodiment a total of 64 messages may be pro-grammed over all 16 applications. These messages re-main in one block of memory. The messages may bestored in ROM and shared across applications, or maybe stored in the applications themselves. Alternatively,additional resources may be provided for more extensivemessaging. The messages can be updated as a full blockby use of a program smart card.[0031] In one embodiment, the original software usedwith the smart card is already factory programmed duringmanufacturing into a programmable Read Only Memory(ROM) area of the token device. When the token devicereceives a hardware reset, this initial program is copiedfrom ROM storage to the first partition in the RAM Mem-ory and executed.[0032] In accordance with one embodiment of the in-vention the token device is upgradable. However, as newapplications arrive, not everybody may want to subscribe.Therefore, in one embodiment, the token device includesa memory management system that is block-based andthat can be managed from an upgrade smart card. Theblock size is defined in such a way that the memory isused in an optimal fashion. For example, certain appli-cations may use several memory blocks. The token de-vice operating system will automatically put the new ap-plication into the available position. If insufficient memoryspace is available for this process then the user will bewarned on the display. A new application or an upgradecan be set to delete a previous version. The upgradesmart card should in this case contain the file header,the version number and the instruction to delete a previ-ous version if found.[0033] On-line upgrades are mainly directed towardconnected applications for the token device and fall withinthe responsibility of the application or system owner i.e.,the bank, financial institution, or other organization whichhas developed the application. In one embodiment, forsecurity purposes, an on-line upgrade can only be usedto upgrade only those token applications residing on thePC, and not the applications residing in the memory ofthe token device.[0034] Token device applications can be also upgrad-ed or expanded offline by using a program smart card.In one embodiment, this card needs a specific operatorpersonal identification number (PIN) and is not intendedfor distribution to the end-user. To guarantee the authen-ticity of the token device and of the upgrade smart card,an initial mutual challenge/response mechanism can beused, or if available a "certified read" mechanism can beused to authenticate both devices. Users wanting to up-grade or subscribe to a new service may also visit a serv-ice point of the system owner with their token device.

Figure 7 shows a flowchart of one such upgrade processin accordance with the invention. The upgrade card isinserted into the reader (step 172). The reader hardwarerecognizes the upgrade card and starts an upgrade func-tion (step 174). Upgrade data, programs etc. are loadedfrom the upgrade card into the memory of the smart cardreader / token device (step 176), and stored in an appro-priate ROM memory block (step 178). Upgraded appli-cations are then accessible by the user (step 180).

External Device Characteristics

[0035] In one embodiment the housing for the tokendevice has a portrait design for easy handheld use. Thelength and width is approximately the same as a standardcredit card. The thickness largely depends on the thick-ness of an optional Universal Serial Bus (USB) connectorused to connect the smart card terminal or token deviceto a user’s personal computer. Other housing types andshapes may be utilized while remaining within the spiritand scope of the invention. The token device may utilizeany convenient electronic packaging for independent useand/or may be integrated into other standard electronicdevices, for example a cell phone, or personal digital as-sistant (PDA) etc. The different elements of the tokendevice can be divided into 3 interface levels: the interfacewith the user, the interface with external devices such asa connected PC, and the interface with the smart card.

User Interface

[0036] In one embodiment of the smart card terminal/ token device, the user interface has two elements - adisplay, and a keypad. The display may be a liquid crystaldisplay (LCD) type although other display types and de-signs may also be substituted (for example a backlightdisplay, LED display, etc.). The physical size of the dis-play can be maximized with respect to the overall size ofthe token device, and special measures may be takenso that the glass is protected against breaking. The dis-play should be easily legible for a user that sits in frontof it, and can include a tilted or hinged display to facilitateviewing.[0037] The keypad may be fabricated of a rubber orrubber-like flexible mat offering a good travel of the keysand tactile feedback. Other technologies can be consid-ered. The functions of the keys should support the normaltoken device functions. Because most of these token de-vices may be used in non-professional (i.e. in the home,or on the road) environments the keys should be suffi-ciently large to allow easy handling. The design may takeinto account, where possible, that there are certain de-sign considerations for physically handicapped people,like the size and type of keypad letters. All keys havetheir denomination imprinted in ink. The ink may be of apermanent type to prevent easy wipe out of the imprint.Alternatively, impressions may also be utilized (impres-sion lettering, symbols, Braille, etc.). The function keys

9 10

EP 2 290 577 A2

7

5

10

15

20

25

30

35

40

45

50

55

can have different colors. Smart grouping can limit thenumber of colors to reduce manufacturer costs. TheON/OFF key should be protected against an accidental,continuous ON state during transport. This helps to pre-vent unnecessary battery drain. The "5" key may have areference mark for visually disabled people.

External Interface

[0038] A universal serial bus (USB) connection is op-tionally available for interface with a personal computer(PC). Alternatively, any of infra-red (IR), parallel, serial,or other connections may be implemented. The connec-tor can be integrated into the token device housing. Tosupport Plug & Play, in one embodiment, the port addressand interrupt settings are automatically set by the PC. Ifthe USB port of the PC is used, the token device will usethe power coming from the USB bus. If required, powerregulation circuits can be provided. If volume users (larg-er banks, etc.) consider the USB connection is not nec-essary for their particular application, then it may be leftout.

Internal Device Characteristics

[0039] Figure 6 illustrates schematically one embod-iment of the smart card terminal and reader in accordancewith the invention. An embodiment of the token devicecomprises a smart card reader 150 which has a slot toinsert a standard smart card 154. Other smart card de-signs, shapes, etc. may be accommodated in alternateembodiments, while remaining within the spirit and scopeof the invention. For maximum compatibility with currentstandards the smart card reader must accept full sizedcards that conform to the International Standards Organ-ization (ISO) 7810 specification. Ergonomically, position-ing of the smart card reader follows 2 main criteria: itshould be suitable for both left and right handed people;and it should not allow access at the top because thecard opening will work as a dust aspirator and the accu-mulated dust will eventually cover the contacts, block theend-of-travel switch or de-align the contacts with thecard.[0040] Access from the front is one possible designsolution since it allows the USB connection 159 to sit atthe back pointing towards the PC. Arranging the connec-tions in this way is automatically compatible with left orright handed people. Alternative positioning may also beutilized. The use of landing contacts is preferred to scrap-ing contracts, as the landing contacts do not damage thegold plated contacts on the smart card. However, othercontacts may be utilized. An end-of-travel switch contin-uously monitors the presence of the smart card in thoseapplications or phases pre-set to work with the smartcard. When using these types of applications a removalof the smart card halts the ongoing application immedi-ately.[0041] For proper operations with a PC, a suitable soft-

ware driver must be delivered either to the bank or indi-vidually with each distributed token device. Drivers maybe currently provided for Windows, unix, OS/2, and NTsystems. Other drivers may be provided as needed. Spe-cialized applications and drivers may be stored in a com-bination of ROM 146 and RAM 144 memory, and ac-cessed via a central processing unit 148. The centralprocessing unit also monitors user input from a keyboardor touchscreen device 156.[0042] The token device can interoperate with otherspecial cards. Once in connected mode the token devicecan be designed to work with Java cards, and with Smartcards with cryptographic co-processor such as RSAcards.[0043] In most instances it is preferred that the smartcard should be well insertable into the token device to atleast 75% of its overall size. Taking out the card is andeasy push out or pull-out process. The card reader in-cludes an end-of-travel switch to detect the correct inser-tion of the card, and to display the status of such on thedisplay or as a computer application icon.[0044] An internal clock 160 is required for token de-vice time-dependent application such as time-basedpasswords, time based signatures etc. The internal clockis powered by an internal battery. The clock is internallyset to Greenwich mean time (GMT) time during produc-tion.[0045] The token device may be allowed to work inconnected or non-connected mode. In the connectedmode it gets its power from the USB port. In non-con-nected mode the token device works by getting powerfrom the internal batteries 158. To allow exchange of thebatteries without loss of memory, in one embodiment 2independent batteries, each of 3 Volts, can be used. Typ-ically, the batteries will already be in place at the momentof delivery to the user. In one embodiment, a plastic tem-porary insulation strip, accessible from the outside, canbe removed after which the contacts close and the bat-teries becomes operational. This keeps the batteries inthe best condition. In this embodiment, a couple of issueshave to be carefully considered: the token device shouldbe tested before the plastic is put in place; and, a schemeshould be defined to set the clock to the correct GMTtime. The battery status can be visualized through a menuitem, and is some embodiments may be replaceable. Atypical lifetime of the token device is at least 3 years.

Secure Applications

[0046] The secure applications of the token device aredesigned to be compatible with legacy systems and leg-acy tokens. This means that token device can handle:

• time or event based dynamic passwords• fast and slow time changes• challenge/response• basic signatures• extended signatures, even if concatenated

11 12

EP 2 290 577 A2

8

5

10

15

20

25

30

35

40

45

50

55

[0047] In some embodiments the token device sup-ports Data Encryption Standard (DES) and triple DES.In some embodiments, the token device also supportsthe PKA mechanism to unlock a secret that resides inencrypted mode on a PC. The exchange of the dynamickey between PC and token device can be automated ifthe two are linked via the USB. The token device mayallow customers, using a smart card containing privatekeys and digital certificates on the smart card, to transferthese keys and certificates to the application in the PC.The fact that a PIN can be requested to open the tokendevice and/or the smart card provides a double securitymechanism.[0048] Balance reader functions are functions that areaccessible in a smart card, which don’t require large ap-plications. Typically, they show the balance of the amountin the electronic wallet; show the last five transactions;and control the locking and unlocking the electronic wal-let. In some embodiments these functions are accessedby 1 or 2 direct access keys on the keypad. If this is notdesired then they should be part of a user-accessiblemenu. One feature of the present invention as imple-mented in the electronic wallet variant provides for show-ing the current balance and the last five transactions,which displays in one continuous flow with a displaypause of 3 seconds before going to the next entry.[0049] A balance feature shows the current balance inthe electronic wallet. As the token device is designed tobe marketed worldwide, the currency may be shown be-hind the total. The information to derive which currencyis used, can be found in the international currency valuethat is stored in the smart card. To reduce the incorpo-rated translation database in the token device this valuecan be either prefixed during production or else the da-tabase can be limited to one country and eventually someimportant surrounding currencies. The last five transac-tions may be shown (credit as well as debit with the cor-responding "+" (load) or "-" (payment) sign). The date ofthe transaction may also be shown. The order will typi-cally be most recent transaction first. Partial transactions(such as telephone calls) will be shown as a single trans-action. Once the last transaction is shown, the token de-vice will halt showing information from the card. Alternateembodiments provide for any number of last transac-tions.[0050] In one embodiment, a locking feature of the wal-let is provided. A special icon on the display may showan open or closed lock depending on the state of theelectronic wallet. Locking and unlocking will require a PINentry for the smart card and may require writing to thesmart card..[0051] In one embodiment for use in Europe primarily,the token device includes a feature that is able to convertthe Euro’s form of currency to the old local (i.e. country-specific) currency. Access to this conversion feature iseither through a menu item or through direct access viaa dedicated key. The corresponding conversion factor ispreferably programmable by the user. In that way users

outside the Euro community can use it to convert to adesired local currency while traveling abroad. Alterna-tively, a table of conversion rates may be maintained inthe token device. The table may be updated from an up-date card or connection to a web page having an updatedtable. In another alternative, the conversion factor canbe programmed in ROM during the production process.

Device Security

[0052] The token device includes a variety of PIN man-agement features. As the token device can be used asa standalone token device even without the smart cardinserted, embodiments of the invention allow the tokendevice to be secured with a PIN. In one example, a dif-ferent PIN can be set for each of the maximum 4 users.The PIN length may be set between 2 and 8 digits. Afactory default PIN can be set and a new PIN can beforced at initialization. As the token device is used to-gether with a smart card, which in turn is also PIN pro-tected, users may be tempted to use the same PIN forboth. In one embodiment, in order to prevent that the PINis retrieved by hacking the token device, the token devicePINs are not saved in the memory of the token device.[0053] An unlock code for each of the 4 per-card sup-ported users is provided. Unlocking is possible only inthose cases where the PIN of the token device is usedand where the PIN is not handled by the smart card. Insuch cases the smart card may lock itself and the un-locking sequence will need to be followed as specifiedby the system owner.[0054] The token device may contain a number of se-crets, counters and initial vectors. In one embodiment ofa typical token device, it may for example contain peruser:

• 4 secrets keys of 64 or 128 bit• 1 unlock key valid for each of the users• a signature of the PIN

[0055] In one embodiment, the token device includesa true random generator that can be used to personalizethe token device based on an historical secret. A smartcard terminal / token device that is handed over to a cus-tomer cannot be used until it is personalized, i.e. it isconverted from a regular smart card terminal or readerinto an electronic smart card token. Personalization startswhen a smart card is inserted. Depending on the wishesof the card organization the security level employed bythe token device can vary from a "medium" to a "veryhigh" level of security.

Medium Security Mode

[0056] A flowchart showing the operation of the medi-um security mode is shown in Figure 8. The user obtainsa generic smart card reader / token device (step 190)and their own personal smart card. The smart card is

13 14

EP 2 290 577 A2

9

5

10

15

20

25

30

35

40

45

50

55

then inserted into the smart card reader (step 192) wherethe data can be read (step 194). In this security modethe token device random generator generates a one time"historical" secret that is displayed (step 196). The usernotes down this value (step 198) and stores it for thesecases where he/she gets a new token device or has tore-initialize the token device. In this way, the new tokendevice will restore the secrets as they originally were inthe initial token device without requiring any interventionin the server. The user also sends this value to the cardorganization or service provider. The card organization(for example, a bank) must introduce this value into theirdatabase and do the correct calculation with the secretkey to derive at their end the derived key that the tokendevice will use when it actually authenticates (step 200).The derived keys may be compared (step 202) to ensureuser authentication (step 204). As there is a slight risk ofexposure of the historical value, the security level is re-garded as medium although any potential hacker wouldneed to intercept this information during this single win-dow in time and would also need the secret key in thecard to be able to crack the system.

High Security Mode

[0057] A flowchart showing the operation of the medi-um security mode is shown in Figure 9. Again, the usermust first obtain a generic smart card reader / terminaldevice (step 210), smart card (step 212) and insert thesmart card into the reader (step 214). In this securitymode, the smart card is given a certain value (for examplea serial number, an account number, a fixed or predefinedvalue in the token device) as an input (step 216). Thisvalue is then used as input in the DES engine of the smartcard together with one of the smart card secrets (addressto be defined by the card operator) to derive a new valuethat will be stored in the RAM memory of the token device(step 218). From then on the token device will use thissecret in the calculations. If this value is a value knownby the service provider (step 220), they can derive thesame token device key and store that in his database(step 222) to authenticate a user (step 224). This workcan be done automatically..

Very High Security Mode

[0058] A flowchart showing the operation of the medi-um security mode is shown in Figure 10. Again, the usermust first obtain a generic smart card reader / terminaldevice (step 230), smart card (step 232) and insert thesmart card into the reader (step 234). In this mode orsecurity level, the token device uses the secrets embed-ded in the smart card all of the time (step 236). As thesekeys have to remain in the card, the smart card will haveto do all the calculations. The card organization, systemowner, or service provider can define which fields can beaddressed and with what restrictions (on length, numeric,etc.). In this way the token device can work as a firewall,

since the smart card can only be accessed via document-ed commands. The keys in the card can not be compro-mised and no other external keys are used. In fact thetoken device is initialized each time the smart card isintroduced and the user can do a transaction on any tokendevice issued by the smart card operator. As the serviceprovider knows (step 238) which secret a customer willuse, no extra work is required in the authentication center.The customer or transaction can then be authenticated(step 240).[0059] The present invention may be conveniently im-plemented using a conventional general purpose or aspecialized digital computer or microprocessor pro-grammed according to the teachings of the present dis-closure, as will be apparent to those skilled in the com-puter art.[0060] Appropriate software coding can readily be pre-pared by skilled programmers based on the teachings ofthe present disclosure, as will be apparent to those skilledin the software art. The invention may also be implement-ed by the preparation of application specific integratedcircuits or by interconnecting an appropriate network ofconventional component circuits, as will be readily ap-parent to those skilled in the art.[0061] The present invention includes a computer pro-gram product which is a storage medium (media) havinginstructions stored thereon/in which can be used to con-trol, or cause, a computer to perform any of the processesof the present invention. The storage medium can in-clude, but is not limited to, any type of disk including floppydisks, mini disks (MD’s), optical discs, DVD, CD-ROMs,microdrive, and magnetooptical disks, ROMs, RAMs,EPROMs, EEPROMs, DRAMs, VRAMs, flash memorydevices (including flash cards), magnetic or optical cards,nanosystems (including molecular memory ICs), RAIDdevices, remote data storage/archive/warehousing, orany type of media or device suitable for storing instruc-tions and/or data.[0062] Stored on any one of the computer readablemedium (media), the present invention includes softwarefor controlling both the hardware of the general purpose/specialized computer or microprocessor, and for ena-bling the computer or microprocessor to interact with ahuman user or other mechanism utilizing the results ofthe present invention. Such software may include, but isnot limited to, device drivers, operating systems, and userapplications. Ultimately, such computer readable mediafurther includes software for performing the present in-vention, as described above.[0063] Included in the programming (software) of thegeneral/specialized computer or microprocessor aresoftware modules for implementing the teachings of thepresent invention, including, but not limited to, retrievinguser secrets from a smart card reader, automatically per-forming functions, setting security levels, managing elec-tronic wallet accounts, managing different users, gener-ating encrypted communications, and the display, stor-age, or communication of results according to the proc-

15 16

EP 2 290 577 A2

10

5

10

15

20

25

30

35

40

45

50

55

esses of the present invention.[0064] Obviously, numerous modifications and varia-tions of the present invention are possible in light of theabove teachings. It is therefore to be understood thatwithin the scope of the appended claims, the inventionmay be practiced otherwise than as specifically de-scribed herein.[0065] For some customers, other embodiments of theinvention provide for a token engine and technology in-tegrated into a CPU on a smart card. This chip is thenreadable in existing smart card readers and uses thereaders keyboard and display in combination to form atoken device in accordance with the invention. There maybe different types of token devices: token only, integratedwith other smart cards, integrated with memory cards forcellular phones etc.

Industrial Applicability:

[0066] Any sector wanting to introduce strong authen-tication for network access based on smart cards canuse the invention. The main trigger to use these smartcards is that there should be a sufficiently high issuanceof smart cards or an important installed park of smartcards. Even if these cards were not originally designedfor this application, the invention allows the use of em-bedded strings or secrets on the card to initialize itself ina unique way without compromising the security of theexisting applications. Typical markets are primarily thebanks having millions of smart cards issued or compa-nies involved in smart card applications such as PKI se-curity.[0067] The advantage of the system is that with theinvention there is no real need for a connected smartcard reader. In an unconnected way the token devicecan be used on any platform (PC, Mac, phone, Internet,kiosk, etc) at any time and from any place simply becauseit works in an unconnected way. This lowers dramaticallythe reluctance level of users. But what is more importantthat it most certainly lowers the cost of ownership to thecardissuers as the helpdesk is not overloaded with callsfor new software drivers, other types of cables and fromconfused users not knowing how to connect the reader.

Claims

1. A token device (100) for authenticating users, saidtoken device comprising a user interface with a dis-play (107), a processing unit (148), a memory forstoring secret values (144), a memory for storing oneor more applications (146), and a USB connector(159) for connecting the device to a computer (140);said token device (100) being adapted to generateone-time passwords or responses to challenges orsignatures and being further adapted to be operablein both a connected or a non-connected mode.

2. The token device (100) of claim 1 further comprisinga smart card reader (104, 150), a firewall-like filterfor enforcing constraints on commands for a smartcard (105, 154) inserted in said smart card reader(104, 150), a keyboard with at least one button(101-103) for data entry by a user, said token device(100) being adapted to support event-based dynam-ic passwords, request a PIN, provide an input to asmart card (105, 154) inserted in said smart cardreader (104, 150), and store a secret value crypto-graphically derived from said input by said smart cardin said memory for storing secret values (144).

3. The token device (100) of claim 1 wherein said userinterface further comprises a user-operated mecha-nism for data entry.

4. The token device (100) of claims 1 or 3 wherein saiduser-operated mechanism comprises a keyboardcomprising at least one button (101-103).

5. The token device (100) of any of claims 1, 3 or 4,further adapted to support event-based dynamicpasswords.

6. The token device (100) of claim 1 or any of claims 3to 5, further adapted to support time-based dynamicpasswords or time-based signatures.

7. The token device (100) of claim 6 further comprisingan internal clock (160).

8. The token device (100) of claim 1 or any of claims 3to 7 further comprising one or more batteries (158)to provide power to the token device (100) when usedin non-connected mode.

9. The token device (100) of claim 8 further comprisingone or more exchangeable batteries (158).

10. The token device (100) of claim 1 or any of claims 3to 9, further adapted to draw its power from said USBconnector (159) when used in connected mode.

11. The token device (100) of claim 1 or any of claims 3to 10, further adapted to request a PIN.

12. The token device (100) of claim 1 or any of claims 3to 11 further comprising a smart card reader (104,150).

13. The token device (100) of claim 12 further adaptedto derive a secret from data provided by a smart card(105, 154) inserted in said smart card reader (104,150).

14. The token device (100) of claim 12 or 13 further com-prising a firewall-like filter for enforcing constraints

17 18

EP 2 290 577 A2

11

5

10

15

20

25

30

35

40

45

50

55

on commands for a smart card (105, 154) insertedin said smart card reader (104, 150).

15. The token device (100) of any of the precedingclaims , further adapted to exchange a dynamic val-ue with said computer (140) over said USB connec-tor (159) when operated in the connected mode.

19 20

EP 2 290 577 A2

12

EP 2 290 577 A2

13

EP 2 290 577 A2

14

EP 2 290 577 A2

15

EP 2 290 577 A2

16

EP 2 290 577 A2

17

EP 2 290 577 A2

18

EP 2 290 577 A2

19

EP 2 290 577 A2

20