# Convert the decimal number into binary number system 130 640

List of numbers — Integers. Archived April 27, , at the Wayback Machine. Archived January 19, , at the Wayback Machine. Archived July 24, , at the Wayback Machine. Archived December 7, , at the Wayback Machine.

Retrieved 10 September Archived May 22, , at the Wayback Machine. Pharaohs and kings a biblical quest. Archived June 28, , at the Wayback Machine. Archived March 1, , at the Wayback Machine. Archived February 23, , at the Wayback Machine. The maximum level of deviation from a uniform distribution corresponds to a minimum level of randomness. The first and the second representation are preferably non-binary representations. By means of the third step these non-binary representations can be converted into a binary representation.

According to an embodiment of the first aspect of the invention, the set of credentials are divided into units for binary conversion, wherein the units for binary conversion are chosen in such a way that the proportion of binary representations that do not represent credential symbols is smaller than a predefined proportion.

By means of a brute force attack, an attacker can only rule out trial decryptions that do not represent valid credential symbols. Hence limiting the proportion of such representations reduces the susceptibility to brute force attacks. Other exemplary embodiments of the invention may use as predefined proportions e.

According to an embodiment of the first aspect of the invention, the set of credentials are divided into units for binary conversion that each comprise two or more credential symbols. Using units for binary conversion that comprise two or more credential symbols improves the flexibility and increases the possible number of units.

This offers more possibilities to choose a good or optimal unit for binary conversion that introduces no or little redundancy. If the set of credentials is a TAN-list, e. According to an embodiment of the first aspect of the invention, the first channel is an untrusted channel and the second channel is a trusted channel. An untrusted channel is susceptible for a man-in-the-middle attacker. A trusted channel is understood as a channel which the credential user and the credential issuer trust.

According to an embodiment of the first aspect of the invention the credentials are one time authentication codes. Such one time authentication codes could be e. TANs for online banking transactions. According to an embodiment of the first aspect of the invention, the first channel is a wireless communication channel and the second channel comprises one of a secure internet connection, a phone line and a mail service. According to an embodiment of the first aspect of the invention the user device comprises one of a mobile phone and a personal digital assistant.

According to an embodiment of the invention, the user device is a trusted device. A trusted device is understood as a device that the credential user trusts. Preferably the credential issuer trusts the trusted device as well. According to an embodiment of the invention, a binary representation with a uniform distribution is defined as a distribution in which the binary values one and zero are equally probable.

According to a second aspect of the invention, there is provided a method for distribution of a set of credentials from a credential issuer to a credential user, wherein the credential user is provided with a user device, wherein a first channel and a second channel are provided for communication between the user device and the credential issuer, wherein the method comprises, in a credential server, the steps of:.

This aspect of the invention relates to method steps performed by the credential server. According to a third aspect of the invention there is provided a computer program comprising instructions for carrying out the steps of the method according to the second aspect of the invention when said computer program is executed on a computer system.

According to a fourth aspect of the invention, there is provided a method for receiving a set of credentials from a credential server by a user device, wherein a first channel and a second channel are provided for communication between the user device and the credential server, wherein the method comprises, in the user device, the steps of:. According to a fifth aspect of the invention there is provided a computer program comprising instructions for carrying out the steps of the method according to the fourth aspect of the invention when said computer program is executed on a computer system.

According to a sixth aspect of the invention, there is provided a method for securely sending a set of credentials from a credential issuer to a credential user via an untrusted channel, the method comprising the steps of. This aspect of the invention relates to a method for securely sending a set of credentials from a credential issuer to a credential user via an untrusted channel.

The distribution of the shared key is not within the subject matter of the invention. It is assumed that the credential issuer and the credential user possess a shared key. According to a seventh aspect of the invention, there is provided a computer program comprising instructions for carrying out the steps of the method according to the sixth aspect of the invention when said computer program is executed on a computer system. The computer system may be established by a credential server of the credential issuer.

According to another aspect of the invention, there is provided a system for distribution of a set of credentials from a credential issuer to a credential user, wherein the credential user is provided with a user device, wherein a first channel and a second channel are provided for communication between the user device and the credential issuer, the system being provided for:.

According to another aspect of the invention, there is provided a credential server for distribution of a set of credentials to a credential user, wherein the credential user is provided with a user device, wherein a first channel and a second channel are provided for communication between the user device and the credential server, the credential server being provided for:.

According to another aspect of the invention, there is provided a user device provided for receiving a set of credentials from a credential server, wherein a first channel and a second channel are provided for communication between the user device and the credential server, the user device being provided for:. The steps of the different aspects of the invention can be performed in different orders.

Furthermore, the steps may also be combined, e. Any of the device features may be applied to the method aspect of the invention and vice versa. Advantages of the device features apply to corresponding method features and vice versa.

Preferred embodiments of the invention are described in detail below, by way of example only, with reference to the following schematic drawings. The drawings are provided for illustrative purpose only and do not necessarily represent practical examples of the present invention to scale. In the figures, same reference signs are used to denote the same or like parts.

The system comprises a user device In this exemplary embodiment of the invention the user device is a mobile phone. Other examples of user devices comprise Personal Digital Assistants PDAs , wired or cordless phones or any other user devices.

The user device comprises a smart card The system comprises as server a server computer system that is allocated to a credential issuer The credential issuer may be e. The credential issuer is provided for issuing a set of credentials , in particular a set of one-time credentials.

The credentials can be used as verification or authentication means, e. The credential issuer may comprise several server computer systems , e. In this exemplary embodiment of the invention it is assumed that the one shown server computer system performs the generation, distribution and verification of the credentials According to an embodiment of the invention the set of credentials is a Transaction Number TAN -list.

A first channel is established for communication between the user device and the server computer system The first channel comprises a communications network infrastructure The communications network infrastructure may be a wireless access network, e. A second channel is established for communication between the user device and the server computer system The second channel according to this embodiment of the invention comprises as a further device, a client computer system connectable to the server computer system The client computer system comprises a display , a computer and as manual user interface a keyboard According to other embodiments of the invention the further device may be a Personal Digital Assistant PDA , a wired or cordless phone or a mobile phone.

The client computer system may communicate with the server computer system by means of a communication network infrastructure The communication network infrastructure may be in particular the internet The communication network infrastructure may be in particular a secure or trusted internet connection such as a SSL-connection.

According to other embodiments of the invention the communication network infrastructure may comprise a wireless access network, e. The user device and the client computer system are allocated to a credential user The credential user may be a person or entity that wants to use credentials for performing a transaction or accessing a service of the credential issuer A manual user interaction of the credential user is provided for communication between the client computer system and the user device This manual user interaction is part of the second channel According to the embodiment of FIG.

Furthermore, the user device comprises a display In order to transfer information from the client computer system to the user device , the respective information can be displayed on the display of the client computer system The credential user reads the displayed information on the display and enters the information into the user device by means of the keypad In order to transfer information from the user device to the client computer system , the respective information can be displayed on the display of the user device The credential user reads the displayed information on the display and enters the information into the client computer system by means of the keyboard The system is provided for distribution of the set of credentials from the credential issuer to the credential user The second channel is provided for distribution of a shared key K between the user device and the credential issuer The shared key K is in particular a weak key.

This distribution of the shared key K provides an initial setup for credential distribution between the credential user and the credential issuer According to one embodiment of the invention, the shared key K is generated by the server computer system of the credential issuer Then the shared key K is sent from the server computer system via the communications network infrastructure to the client computer system Then the shared key is displayed on the display of the client computer system , read by the credential user and manually entered into the user device by the credential user via the keypad As the shared key K may be a weak and hence a short key, it can be conveniently entered by means of the keypad According to another embodiment of the invention, the shared key K is generated by the user device Then the shared key K is displayed on the display of the user device , read by the credential user and manually entered into the client computer system by the credential user by means of the keyboard Then the shared key K is sent from the client computer system to the server computer system via the communications network infrastructure As the shared key K may be a weak and hence a short key, it can be conveniently read on the display and conveniently entered by means of the keyboard As a result of both embodiments, the credential issuer and the credential user have the shared key K and can use this shared key K for the exchange of encrypted information, in particular for the exchange of encrypted credentials, via the first channel The server computer system is provided for generating a binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution.

The server computer system is further provided for encrypting this binary representation with the predefined maximum level of deviation from a uniform distribution by means of the shared key K. Then the encrypted set of credentials is sent via the first channel from the server computer system to the user device In the user device the encrypted set of credentials is decrypted by means of the shared key K and stored in the user device , in particular in the smart card In the memory is stored computer program code executable by the CPU The computer program code comprises an operating system in the form of a Java compatible operating platform and a tool kit The tool kit establishes application software in the form of a Java applet.

The memory also facilitates the storage of a set of credentials in a tamper resistant manner. The set of credentials is also denoted as SC. The operating system configures the CPU for executing the tool kit The tool kit facilitates handling of the credentials in the set of credentials Aspects of the functionality of the tool kit will be described in detail shortly. The encryption engine comprises cryptographic processing logic for encrypting and decrypting data to be transmitted from and received by the smart card The cryptographic processing logic may be implemented in hardware, software, or hardware and software in combination.

The user device comprises a radio frequency RF stage having an RF antenna , control logic , the visual display and the keypad all interconnected by a bus subsystem In operation, the RF stage and RF antenna facilitate wireless communications between the user device and other devices connected to the first channel The visual display provides a graphical user interface between the user and the user device for functions such as preparing messages and reading messages.

The key pad provides the user with keyboard control of the user device for functions such as data entry and call handling. The control logic controls functions of the user device such as call handling based on inputs received from, for example, the keypad Outputs from the user device , such as data displays on the visual display or outgoing calls via the RF stage , are also controlled by the control logic Similarly, the control logic coordinates transfers of data from the smart card and the other elements of the user device via the bus subsystem The control logic may be implemented in dedicated hardware, a programmed CPU, or a combination of a dedicated hardware and a programmed CPU.

The computer program code comprises an operating system and credential service application software CSAS The operating system configures the CPU for executing the credential service application software The credential service application software facilitates handling of the set of credentials Aspects of the functionality of the credential service application software will be described in detail shortly.

In operation, the first channel is established between the user device and the server computer system The first channel facilitates a transfer of the set of credentials from the credential service application software in the server computer system to the smart card in the user device The tool kit may be loaded into the memory of the user device during configuration of the smart card for the user.

Alternatively the tool kit may be loaded into the memory and refreshed dynamically via the first channel Access to the tool kit in the memory is protected by a PIN set by the credential user via the user device The keypad may be employed for this purpose. Alternatively, if the user device has voice recognition, the PIN may be set and reset orally. Other devices may support still further means of data entry. The first channel of the system is implemented in the same way as shown with reference to FIG.

A second channel is implemented in a different way than the second channel of FIG. The second channel comprises a paper mail system. The paper mail may be supplied via, for example, the conventional postal system. The paper mail contains the shared key K to be distributed between the credential issuer and the credential user The shared key K is generated by the credential issuer or the server computer system respectively.

It is then send by paper mail to the credential user The credential user is provided for opening the paper mail, reading the shared key K and manually entering the shared key K into the user device by means of the keypad In the following with reference to FIG. The flow chart of FIG. In step the server computer system generates a shared key K and a credential user identification code ID.

The credential user identification code ID is provided for identifying the respective credential user and for allocating a set of credentials and the generated shared key K to the corresponding credential user In step the shared key K and the corresponding credential user identification code ID is sent via the communication network infrastructure to the client computer system In step the shared key K and the credential user identification code ID are displayed on the display of the client computer system In step the credential user enters the PIN via the key pad On receipt of the PIN, the tool kit requests that the credential user enters the shared key K and the credential user identification code ID.

In step the credential user enters the shared key K and the credential user identification code ID via the key pad Again, if the user device has voice recognition, this data may be entered orally. However, it will be appreciated that this is a less secure entry technique as the user may be overheard reciting the data. On receipt of the above-listed user entries, the tool kit sends in step an initialization message, e. The initialization message indicates to credential service application software that the tool kit has been enabled.

With reference to FIG. Then the credential service application software generates in step a set of credentials in a non-binary representation, e. In step a binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated.

In other words, the non-binary representation of the set of credentials is transformed into a binary representation of zeros and ones that is distributed with the predefined maximum level of deviation from a uniform distribution.

In step , this binary representation with the predefined maximum level of deviation from a uniform distribution is encrypted with the shared key K. In step , the encrypted set of credentials is sent from the server computer system to the user device via the first channel In step , the tool kit decrypts the encrypted set of credentials.

The tool kit utilizes the encryption engine to decrypt the encrypted set of credentials by means of the shared key K. The tool kit then stores in step the decrypted set of credentials in the memory Initialization is then complete.

Referring now to FIG. The credential user then requests and reads in step a credential from the tool kit The credential may be the next credential in the set of credentials or a specific credential , depending on the credential allocation system employed by the credential issuer The user device displays in step the respective credential on the display and the credential user may read and use this credential for performing transactions with the credential issuer For displaying the credentials in a non-binary form to the credential user , the tool kit or a decoding unit of the user device retransforms or reconverts the binary representation of the set of credentials back into a non-binary representation.

In other words the tool kit or the decoding unit decodes the binary representation of the set of credentials The tool kit or the decoding unit of the user device has a respective decoding tool or a respective decoding engine. On receipt of a initialization message from the user device at the server computer system , the credential service application software looks up in step the respective credential user by means of the credential user identification code ID and retrieves the shared key K issued for the respective credential user In step , a first representation of a set of credentials is generated.

The set of credentials is a TAN-list. The individual TANs are ordered and provided with an order number. As an example, the first TAN is provided with the order number The structure of this TAN-list results in a first level of randomness. In a step , the first representation of the TAN-list is transformed into a second representation of the TAN-list. In step the structured form and allocation of the TAN-list is removed from the first representation This is done by removing the order numbers and the structured allocation of the individual TANs and by just arranging the TANs one after the other without any intermediate space or structure.

The second representation has a second level of randomness which is higher than the first level of randomness. In step , the second representation of the set of credentials is transformed into a binary representation with the predefined maximum level of deviation from a uniform distribution.

For step , one of the below described methods for binary conversion or binary transformation can be used. In step , the binary representation with the predefined maximum level of deviation from a uniform distribution is encrypted by means of the shared key K. This results in an encrypted set of credentials In the following, the steps of generating a binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution are explained in more detail.

In general, a set of credentials to be transported over the first channel comprises a set W of one or more words w, also denoted as strings w, constructed using an alphabet A.

Each word or string corresponds to a credential. The alphabet A establishes a credential alphabet or a credential character set respectively. The credential alphabet A is a finite set of symbols, also denoted as credential symbols.

The credential symbols may be e. The words w can be concatenated to form a message M being a sequence of credential symbols over the credential alphabet A: Instead of viewing the message M as a sequence of symbols, it can be viewed as a radix k number like this: For the purpose of processing this message M in an encryption scheme and for sending it via the first channel from the credential issuer to the credential user , it needs to be converted to a binary representation: For the following examples it is assumed that a bank as credential issuer wants to ship a transaction number TAN list as set of credentials to a credential user The set of credentials to be distributed via the first channel from the credential issuer to the credential user comprises random decimal digits.

It is furthermore assumed that the shared key K is a 12 digit decimal number. In order to evaluate the security level of the example, it is assumed that an attacker eavesdrops on the communication between the credential issuer and the credential user via the first channel The attacker captures the encrypted message containing the encrypted set of credentials, namely the encrypted TAN-list.

Now the attacker may run a brute force attack trying all keys in the key space and decrypt the encrypted message by means of the chosen test keys.

By looking at the structure of the decrypted message, he may recognize if the decrypted message is a possible TAN-list. If the chosen test key is not the correct key, the data in the decrypted message will be random.

This might be used by the attacker to rule out keys. According to an embodiment of the invention, the TAN list is viewed as a sequence of decimal numbers. The decimal numbers are divided into groups of three decimal digits. These groups establish units for binary conversion. The binary representation of the TAN-list is generated by applying the following encoding or conversion scheme:. Each of the values of the three decimal digits is encoded by means of a binary representation a binary number of 10 bits.

Thus there are some binary numbers representations that do not represent encoded TANs. This introduces some redundancy or structure in the binary representation of the TAN-list. However, the encryption or conversion scheme according to this embodiment of the invention is chosen in such a way that the binary representation of the TAN-list comprises a predefined maximum level of deviation from a uniform distribution.

The predefined maximum level of deviation from a uniform distribution of the binary representation of the set of credentials is determined by a predefined security level, the key-lengths of the shared key K and a predefined number of verification trials. The predefined number of verification trials is the number of trials that the credential issuer allows before he shuts down or closes the respective account of the credential user The security level of this exemplary embodiment of the invention can be determined as follows.

If all dice show only values from , the test key could be the real shared key. The chance that a single die shows a valid TAN value between 0 and is: If the predefined number of verification trials of the retry counter of the credential issuer for false TAN entries is e.

This chance corresponds to the security level of the system In this example the security level could be increased by reducing the predefined number of verification trials, by increasing the key-lengths of the shared key or by reducing the maximum level of deviation from a uniform distribution of the binary representation of the TAN-list, i.

By changing these three parameters, the credential issuer can adapt and predefine the security level of the respective application.

According to another embodiment of the invention, each individual credential, i. Accordingly, the decimal numbers are divided into groups of 6 decimal digits. These groups establish the units for binary conversion in this example. The binary representation of the TAN-list is generated by applying the following encoding scheme:.

In other words, each of the values of the six decimal digits is encoded by means of a binary representation a binary number of 20 bits. Thus there are again some binary numbers that do not represent encoded TANs. If all dice show only values from , the test key could be the real weak shared key. The security level could be increased by reducing the predefined number of verification trials, by increasing the key-lengths of the weak key or by reducing the maximum level of deviation from a uniform distribution of the binary representation of the TAN-list.

According to an embodiment of the invention, the security level is chosen in such a way that the chance of a brute force attacker to hit the right shared key is less than 0. If one of these security levels or another security level has been set, the other parameters, i.

According to yet another embodiment of the invention, a group of two individual credentials, i. These 50 groups establish the units for binary conversion. Hence the binary representation of the TAN-list is generated by applying the following encoding or conversion scheme:. In other words, each of the values of the twelve decimal digits is encoded by means of a binary representation a binary number of 40 bits. The likelihood that a trial decryption with a test key on an encrypted TAN-list shows only valid TANs, is therefore again: This chance corresponds to the security level of the credential system.

According to yet another embodiment of the invention, an encoding scheme that provides additional message space for the message M is provided. According to this embodiment of the invention, the credential alphabet A is enlarged by a number of additional noise symbols. Noise symbols are symbols that are not valid credential symbols. The enlarged alphabet is denoted as noise alphabet Ax. The noise alphabet Ax comprises the credential symbols of the credential alphabet A and, in addition, a number of noise symbols.

The number of additional noise symbols is preferably chosen in such a way that the total number of symbols in the noise alphabet is a power of two. As an example, in a TAN-list only decimal numerals are considered as valid credential symbols. The resulting noise alphabet comprises the credential symbols 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9 and the noise symbols A, B, C, D, E and F.

Providing a noise alphabet with a size equal to a power of two has the advantage that the binary representation of the set of credentials comprises a uniform distribution of zeros and ones. In step , the set of credentials is generated comprising a predefined number of credential symbols. In this example, it is again assumed that the set of credentials is a TAN-list that comprises decimal numbers as credential symbols. These decimal numbers represent TANs.

The step may be performed by a random generator of the credential issuer An example output of step may look as follows In step , a random message is generated consisting of a number of dummy credential symbols and noise symbols derived from the noise alphabet. The number of dummy credential symbols is greater or equal to the predefined number of credential symbols.

In this example the predefined number of credential symbols is the size of the TAN-list, i. The dummy credential symbols are decimal numbers of the credential alphabet 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. The random message may be generated by a random hexadecimal number generator. The random message consists in this example of hexadecimal digits. The first 12 symbols of the random message comprise 6 dummy credential symbols 3, 5, 9, 1, 8, 6 and 6 noise symbols A, C, F, A, D, F.

In step , a predefined set of the dummy credential symbols of the random message is replaced by the credential symbols.