CA2286851C - System for the secure reading and editing of data on intelligent data carriers - Google Patents

System for the secure reading and editing of data on intelligent data carriers Download PDF

Info

Publication number
CA2286851C
CA2286851C CA002286851A CA2286851A CA2286851C CA 2286851 C CA2286851 C CA 2286851C CA 002286851 A CA002286851 A CA 002286851A CA 2286851 A CA2286851 A CA 2286851A CA 2286851 C CA2286851 C CA 2286851C
Authority
CA
Canada
Prior art keywords
data
key
terminal
data carrier
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA002286851A
Other languages
French (fr)
Other versions
CA2286851A1 (en
Inventor
Frank Schaefer-Lorinser
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Deutsche Telekom AG
Original Assignee
Deutsche Telekom AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=7828409&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CA2286851(C) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Deutsche Telekom AG filed Critical Deutsche Telekom AG
Publication of CA2286851A1 publication Critical patent/CA2286851A1/en
Application granted granted Critical
Publication of CA2286851C publication Critical patent/CA2286851C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor

Abstract

The invention relates to a system for the secure reading and editing of data on intelligent data carriers (4), such as chipcards, as well as to working processes executable under said system, wherein the stored data and the therewith associated authorizations or values are especially well protected against access by unauthorized persons. This is achieved by the advantageous combination of known encryption processes. In particular, the risk involved if master keys stored in independently operating terminals (2b), such as vending machines or card telephones, became known to a criminal is eliminated or at least reduced and the misuse of the nowadays increasingly used cash-reloadable chipcards is thereby counteracted.

Description

FILE, R#4# THIS AMENDED
T-E" TRANSLATION

System for the secure reading and editing of data on intelligent data carriers Description The invention relates to a system for the secure reading and editing of data on intelligent data carriers according to the preamble of claim 1 as well as to processes executable under said system.

A system according to the preamble of claim 1 is disclosed, for example, in the technical book "Kryptologie" by A. Beutelspacher, 5th edition, Chapter 4, published in 1997 by Vieweg-Verlag [Vieweg Publishing House], Braunschweig/Wiesbaden, and is assumed as known. In particular, the challenge and response process described therein in connection with Fig. 4.12 on p. 93 and Fig. 4.16 on p. 101 and based on symmetrical encryption is suitable for the authentication of intelligent data carriers vis-a-vis computers or data entry terminals thereof.
Systems are also known which employ asymmetrical key processes or a plurality of symmetrical or asymmetrical key processes in succession (see e.g. "Funkschau"
1996, No. 25, pp. 60-63). However, asymmetrical key processes, such as the RSA algorithm described in the aforementioned book on p. 122 f., have, as compared with symmetrical processes, the disadvantage that, as a result of the need to carry out arithmetic operations with very large numbers, they are relatively slow and, if used for the authentication of the individual data carriers, require many keys to be stored in each terminal or - in the case of an existing data link to a central storage - in that storage.

The intelligent data carriers used in such systems, e.g. IC cards equipped with processors and storage devices - today usually referred to as chipcards - which often contain highly sensitive data, such as access authorizations to secure areas or the permission to withdraw amounts of money from an account, are largely secure against unpermitted userunauthorized reading and intentional falsification of the stored data thanks to the use of the aforementioned cryptographic processes. The same is true also of the nowadays increasingly used, reloadable so-called electronic purses (e.g. paycards, cashcards), from which amounts of money can be withdrawn in order to pay for goods or services, at least if the terminals at which the withdrawals are made have a link to a computer centre through which it is possible to retrieve a therein stored key required for the authentication of a data carrier or through which it is possible for a cryptogram communicated from a data carrier for authentication to be forwarded to the computer centre for verification.

99t2591 The latter, however, is not always the case, because data links for public card telephones, public-transport ticket machines, carpark ticket machines or vending machines are too costly.
In such cases, a key required for security-critical operations is stored usually in the terminal, inside a so-called security module. This kev is normally a master key which is used to calculate the key required for the data carrier in question and matching the specific key thereof, this involving the use of a data cartier-specific item of information communicated from the data camer, such as the chipcard number.

The fact that said master key is located in a terminal in an insecure environment compromises the security of the entire system, because, if it became known to a criminal, that criminal would then be able to make illegal duplicates of all the data camers used in the system.

The object of the present invention is to exclude or at least reduce such a risl: and thereby to increase the security of the system.

Working processes for said system are indicated, with regard to the reading of data and with regard to the editing of the data contained on the data carrier.

The storing of a second key pair on the data carrier - said second key pair satisfying an asymmetrical kev algorithm - makes it possible, at the end of a data-reading or -editing operation, to confirm the operation by means of a so-called electronic signature. The calculation and verification of saic electronic signature require the key pair stored on the data carrier and cannot be achieved simply by means of a key derived from the master key of a terminal and the reproduction of said key on the data carrier.

The further development of the invention makes it possible to verify that the individual data carriers belong to the system using an asymmetrical key process, without, however, there being the disadvantaaes of an asymmetrical kev process, as would result. for example, if secret keys for all data carriers were stored at a central location.
Furthermore, in this further development of the invention, the correctness of the key, pair stored on the data carrier and used for 2eneration of the electronic sianature is co-certified hv the svstem. The secret key used for the generation of the certificate remains in the computer centre and is therefore safe a2ainst outside access.

Further embodiments, for the authentication of the data carriers vis-a-vis a terminal_ permit the use of a kev process employing a sym.metrica] key algorithm. The derivation from a master key of the keys used for the authentication of the individual data camers dispenses with the need for the online connection of all terniinals to the computer centre or for the storage of extensive key lists in the terminals. The variants described in claims 4 and 5 of the stora2e and/or calculation on the data carrier of the key used for authentication permit the authentication operation to be adapted to the technical possibilities (computing and storage capacity) of the data camers used.

A further embodiment relates to the making available of a further key usable in a symmetrical key process. A further embodiment relates to measures aimed at better supervision of withdrawal operations in data carriers used as electronic purses.
Hereinbelow, example embodiments of the system according to the invention and of processes executed under said system for the reading and editing of the data stored on data carriers are to be described with reference to the drawinos, in which:

FiQ. 1 shows schematically the essential hardware of a svstem according to the invention, and Fig. 2 shows a flow chart relating to the secure modification of the data on a data carrier of a system in the form of that accordinQ to claim 7.

FiQ. I shows a computer centre I which is connected bv data lines to terminals 2a of a first tvpe. Teirninals 2b of a second tvpe do not have a permanent connection to the computer centre, but are able, like the ternlinals of the first type, to communicate with data carriers 4 belonQina to the system. For this purpose, the data carrier is inserted by its user into an appropriate slot on a terminal and is therebv connected through a power-transfer interface E to the power supply of the terminal and through a data interface D to a computer svstem in the terminal. Power and data transfer rnay be accomplished in known manner by electrical contacts_ inductively or optically. The data carrier 4 itself usuallv an IC
card or chipcard. is equipped with a complete microprocessor svstem containino a processor CPU and various storage devices ROM, R4M; EEPROM.

The data carriers may perform various functions, including a plurality of different functions.
This may be, for example, an ID function in which the data stored on the data carrier allows the user access to a secure area or grants the user permission to carry out a specific action. In the case of a cheque card, the stored data, possibly in combination with a secret number to be entered by the user, authorizes the user to make a withdrawal from an account.
- In the aforementioned cases, for data evaluation use will probably be made exclusively of terminals having a permanent data link to the computer centre, this making it possible for the keys required for the safeguarding of the data against tampering or unauthorized reading to be kept in a central, protected location -.

Data carriers of chipcard size, however, are also suitable for acting as electronic purses which, when loaded with an amount of money, can be used to pay for goods or services.
While, in this case, loading or reloading is carried out at special terminals connected to the computer centre, e.g. a bank, the withdrawal of amounts can also take place at vending machines, card telephones, public-transport ticket machines or carpark ticket machines which, however, in the form of terminals belonging to the system, are not connected to the computer centre.

At such terminals, the transfer of a key or of encrypted data to or from the computer centre is not possible and the terminal must, without the support of the computer centre, detect whether a data carrier belongs to the system, whether an amount of money stored on the data carrier is sufficient for a desired withdrawal and whether the withdrawal, once effected, has been correctly implemented on the data carrier.

Fig. 2 shows an example of a withdrawal operation on a chipcard, in the form of an electronic purse, at a terminal which is not connected to the computer centre.

In this case, the uppermost section of the chart contains the transaction-securing data as stored on the chipcard and in the terminal prior to the transaction. The beow-following sections show in chronological sequence the operations which take place on the chipcard (in the left-hand column), the transfers taking place between chipcard and terminal (in the centre column) and the operations in the terminal (in the right-hand column).

Before being issued to a user, the chipcard was provided by the computer centre with a certificate, a cryptogram generated using an asymmetrical key process, e.g.
the known RSA
algorithm, and representing an electronic signature. The cryptogram was generated using the signature function Sglob, available only in the computer centre, of a global key pair Sglob, Vglob - said global key pair Sglob, Vglob satisfying the aforementioned asymmetrical key 99t2591 algorithm - and contains - in addition to an identification number (ID number) uniquely identifying the chipcard and an indication of the period of validity Tgult -the verification function Vcard of a card-specific key pair, said card-specific key pair enabling the chipcard to generate electronic signatures using a further asymmetrical key process. The associated signature function Scard is likewise stored on the card and remains thereon.
In addition, a storage device on the chipcard contains further card-specific keys Kauth, Kred, used to perform symmetrical key processes, such as DES (Data Encryption Standard), Triple DES or IDEA, as well as further information, such as the name of the user, the amount of money stored and a sequence number indicating the number of withdrawals made.

The key Vglob, required in order to verify the certificates of the system chipcards, and two master keys KMauth and KMred are stored in all terniinals belonging to the system. From the master keys, the terminals are able, by combining said keys with the identification numbers of the cards being processed, to reproduce the keys Kauth and Kred stored on the cards, said keys Kauth and Kred being used to execute symmetrical key processes.

When the chipcard is brought into contact with a terminal, as soon as this is detected by the card, e.g. by the presence of a supply voltage, the certificate is transferred to the terminal. If the terminal is in possession of the global key Vglob, then its computer is able to verify the certificate and in the process learns the identification number of the card, the validity of the card and the verification function Vcard. The identification number and Vcard are temporarily stored by the terminal and are thus available for subsequent checking and computing operations.

In the next step, the terminal initiates a so-called challenge and response process in that it generates in known manner a random number R1 and communicates it to the card.
Thereupon, the processor on the chipcard produces a cryptogram el in which further data to be transferred to the terminal is encrypted together with the random number R1 using the key Kauth, said key Kauth employing a symmetrical key algorithm. In particular, said cryptogram contains the amount of money stored on the chipcard, so that the terminal learns the extent to which money can be withdrawn from the card. The cryptogram el is now transferred together with a second random number R2 generated on the card, said second random number R2 initiating a challenge and response process in the opposite direction.

While the cryptogram e 1 was being produced on the chipcard, the terminal has calculated -from the two master keys KMauth and KMred with the aid of the identification number of the card - the card-specific keys Kauth and Kred and is now in a position to decrypt the cryptogram el. Once it knows the amount to be withdrawn (which is dependent on the amount entered by the user on the terminal), the terminal compares said amount with the amount 99t2591 stored on the card and, unless the latter is lower, produces a withdrawal cryptogram e2, which, in addition to the amount to be withdrawn, contains the second random number R2. Said cryptogram is calculated using the further key Kred, which employs a symmetrical key algorithm, and is transferred to the chipcard together with a third random number R3. Here, it is basically possible, without any major loss of security, to use the key Kauth once again instead of the further key Kred and to make do without the key Kred.

In the next step, following the decryption of the cryptogram e2, the money is actually withdrawn from the chipcard. For this purpose, the chipcard produces a withdrawal data record DB with the originally stored amount of money, the amount of money withdrawn and the current amount of money as well as with further information provided for in the system, such as withdrawal/sequence number, withdrawal date, currency. The chipcard confirms said data record with an electronic signature in that, using the signature function Scard of the initially mentioned further key pair employing an asymmetrical key process, it produces an acknowledgement cryptogram e3 in which is encrypted, in addition to the withdrawal data record and the identification number, also the random number R3.
Once the terminal has temporarily stored the verification function Vcard belonging to Scard, it can decrypt the cryptogram e3 and thus verify the data record and the authenticity of the data.
If no error is found, the temporarily stored identification number and the verification function Vcard are deleted and the delivery of the product or ticket or the establishment of a telephone connection dialled by the user is initiated.

In a similar manner, it is possible to secure the readout of information from a portable data carrier, e.g. a chipcard serving as an ID card. In this case, the chipcard first of all authenticates itself vis-a-vis the checking apparatus (terminal). This is accomplished using a symmetrical key process. Subsequently, the terminal transmits a read command, cryptogram-secured using a symmetrical algorithm, and, with said read command, its authentication to the chipcard. The chipcard communicates the information with a digital signature generated using an asymmetrical key process.

If there is an especially great need for security and if the terminal is remote from the computer centre and not connected thereto, it is possible, also in such a case, to employ an asymmetrical key process permitting the transmission of a certificate. Usually, however, it will be sufficient to use a symmetrical key process, because, in this case, there is virtually no risk of duplicates of chipcards being made by an authorized person and a third person obtaining access to a key stored in the terminal would also have to gain possession of a valid chipcard in order to be able to provide the electronic signature which, ultimately, gives the authorization associated with the ID card.

99t2591 6a In accordance with one aspect of this invention, there is provided a system for the secure reading and editing of data on intelligent data carriers (4), especially IC cards, with terminals (2a, 2b) associated with a master computer centre (1) and equipped with interfaces (E, D) suitable for temporary communication with the data carriers, wherein stored on each data carrier, in addition to the information to be read or edited and in addition to an item of identification information, is a key (Kauth) which is available also to the terminals for the authentication of the data carrier in question using a symmetrical key process, characterized by the following features: a certificate stored on the data carrier for communication to the terminal is formed from data carrier specific data (ID) including a verification-specific function (Vcard) with aid of a global signature function (Sglob) serving for the certification of the data carriers to be used in the system, means for verification of the certificate in the terminal with aid of a global verification function (Vglob) stored in the terminal and for the temporary storage of data carrier-specific data (ID) and the verification-specific function (Vcard), means for deriving at least one key from the data carrier-specific data and of at least one master key stored in the terminal, means for data exchange between the data carrier and the terminal including communication of a data modification command of the terminal to the data carrier with a symmetrical key process, in particular a so-called challenge and response process, means for generating and communicating a data record documenting the data to be read from the chip card in form of a cryptogram formed with a signature-specific function (Scard) to the terminal and means for verifying the cryptogram with aid of the verification-specific function (Vcard) in the terminal and for subsequently 6b deleting the temporarily stored data carrier-specific data (ID, Vcard) in the terminal.

In accordance with a further aspect of this invention, there is provided a process for the secure reading and editing of data on intelligent data carriers, especially chip cards, with terminals (2a, 2b) associated with a master computer centre (1) and equipped with interfaces (E, D) suitable for temporary communication with the data carriers, wherein stored on each data carrier, in addition to the information to be read or edited and in addition to an item of identification information, is a key (Kauth) which is available also to the terminals for the authentication of the data carrier in question using a symmetrical key process, characterized by the following steps: communicating a certificate stored on the data carrier to the terminal, whereby the certificate is formed from data carrier-specif.ic data (ID) including a verification-specific function (Vcard) with aid of a global signature function (Sglob) serving for the certification of the data carriers to be used in the system, verification of the certificate in the terminal with aid of a global verification function (Vglob) stored in the terminal and for the temporary storage of data carrier-specific data (ID) and the verification-specific function (Vcard), deriving at least one key from the data carrier-specific data and of at least one master key stored in the terminal, a data exchange taking place between the data carrier and the terminal including communication of a data modification command of the terminal to the data carrier with a symmetrical key process, in particular a so-called challenge and response process, generating and communicating a data record documenting the data to be read from the chip card in form of a cryptogram formed with a signature-specific function 6c (Scard) to the terminal, verifying the cryptogram with aid of the verification-specific function (Vcard) in the terminal and for subsequently deleting the temporarily stored data carrier-specific data (ID, Vcard) in the terminal.

In accordance with yet a further aspect of this invention, there is provided a process for the secure reading and editing of data on intelligent data carriers, especially chip cards, with terminals (2a, 2b) associated with a master computer centre (1) and equipped with interfaces (E, D) suitable for temporary communication with the data carriers, wherein stored on each data carrier, in addition to the information to be read or edited and in addition to an item of identification information, is a key (Kauth) which is available also to the terminals for the authentication of the data carrier in question using a symmetrical key process, characterized by the following steps: communicating a certificate stored on the data carrier to the terminal, whereby the certificate is formed from data carrier-specific data (ID) including a verification-specific function (Vcard) with aid of a global signature function (Sglob) serving for the certification of the data carriers to be used in the system, verification of the certificate in the terminal with aid of a global verification function (Vglob) stored in the terminal and for the temporary storage of data carrier-specific data (ID) and the verification-specific function (Vcard), deriving at least one key from the data carrier-specific data and of at least one master key stored in the terminal, a data exchange taking place between the data carrier and the terminal including communication of a data modification command of the terminal to the data carrier with a symmetrical key process, in particular a so-called challenge and response process, generating and communicating a data record (DB) 6d documenting the data modification in form of a cryptogram formed with a signature-specific function (Scard) to the terminal, verifying the cryptogram with aid of the verification-specific function (Vcard) in the terminal and for subsequently deleting the temporarily stored data carrier-specific data (ID, Vcard) in the terminal.

Claims (12)

Claims
1. System for the secure reading and editing of data on intelligent data carriers (4), especially IC cards, with terminals (2a, 2b) associated with a master computer centre (1) and equipped with interfaces (E, D) suitable for temporary communication with the data carriers, wherein stored on each data carrier, in addition to the information to be read or edited and in addition to an item of identification information, is a key (K auth) which is available also to the terminals for the authentication of the data carrier in question using a symmetrical key process, characterized by the following features:
- a certificate stored on the data carrier for communication to the terminal is formed from data carrier specific data (ID) including a verification-specific function (V card) with aid of a global signature function (S glob) serving for the certification of the data carriers to be used in the system, - means for verification of the certificate in the terminal with aid of a global verification function (V glob) stored in the terminal and for the temporary storage of data carrier-specific data (ID) and the verification-specific function (V card), - means for deriving at least one key from the data carrier-specific data and of at least one master key stored in the terminal, - means for data exchange between the data carrier and the terminal including communication of a data modification command of the terminal to the data carrier with a symmetrical key process, in particular a so-called challenge and response process, - means for generating and communicating a data record documenting the data to be read from the chip card in form of a cryptogram formed with a signature-specific function (S card) to the terminal and - means for verifying the cryptogram with aid of the verification-specific function (V card) in the terminal and for subsequently deleting the temporarily stored data carrier-specific data (ID, V card) in the terminal.
2. System according to claim 1, characterized therein that the key to be used in the symmetrical key process for the authentication of a data carrier is derived from a master key (KM auth) using data carrier-specific data, especially an identification number, that said master key is stored in all terminals belonging to the system and that the key (K auth) required for the authentication of a data carrier vis-à-vis a terminal is in each case calculated from the stored master key and from the data carrier-specific data communicated from the data carrier.
3. System according to any one of the claims 1 or 2, characterized therein that a further key (K red) usable in a symmetrical key process is available on each data carrier and in each terminal, said further key (K red) being used to authenticate the terminal vis-à-vis a therewith communicating data carrier.
4. System according to claim 3, characterized therein that the further key (K red) is stored in each case on the data carrier and in the terminal or is derived from a stored master key (KM red) using data carrier-specific data.
5. Process for the secure reading and editing of data on intelligent data carriers, especially chip cards, with terminals (2a, 2b) associated with a master computer centre (1) and equipped with interfaces (E, D) suitable for temporary communication with the data carriers, wherein stored on each data carrier, in addition to the information to be read or edited and in addition to an item of identification information, is a key (K auth) which is available also to the terminals for the authentication of the data carrier in question using a symmetrical key process, characterized by the following steps:
- communicating a certificate stored on the data carrier to the terminal, whereby the certificate is formed from data carrier-specific data (ID) including a verification-specific function (V card) with aid of a global signature function (S glob) serving for the certification of the data carriers to be used in the system, - verification of the certificate in the terminal with aid of a global verification function (V glob) stored in the terminal and for the temporary storage of data carrier-specific data (ID) and the verification-specific function (V card), - deriving at least one key from the data carrier-specific data and of at least one master key stored in the terminal, - a data exchange taking place between the data carrier and the terminal including communication of a data modification command of the terminal to the data carrier with a symmetrical key process, in particular a so-called challenge and response process, - generating and communicating a data record documenting the data to be read from the chip card in form of a cryptogram formed with a signature-specific function (S card) to the terminal, - verifying the cryptogram with aid of the verification-specific function (V card) in the terminal and for subsequently deleting the temporarily stored data carrier-specific data (ID, V card) in the terminal.
6. Process for the secure reading and editing of data on intelligent data carriers, especially chip cards, with terminals (2a, 2b) associated with a master computer centre (1) and equipped with interfaces (E, D) suitable for temporary communication with the data carriers, wherein stored on each data carrier, in addition to the information to be read or edited and in addition to an item of identification information, is a key (K auth) which is available also to the terminals for the authentication of the data carrier in question using a symmetrical key process, characterized by the following steps:
- communicating a certificate stored on the data carrier to the terminal, whereby the certificate is formed from data carrier-specific data (ID) including a verification-specific function (V card) with aid of a global signature function (S glob) serving for the certification of the data carriers to be used in the system, - verification of the certificate in the terminal with aid of a global verification function (V glob) stored in the terminal and for the temporary storage of data carrier-specific data (ID) and the verification-specific function (V card), - deriving at least one key from the data carrier-specific data and of at least one master key stored in the terminal, - a data exchange taking place between the data carrier and the terminal including communication of a data modification command of the terminal to the data carrier with a symmetrical key process, in particular a so-called challenge and response process, - generating and communicating a data record (DB) documenting the data modification in form of a cryptogram formed with a signature-specific function (S card) to the terminal, - verifying the cryptogram with aid of the verification-specific function (V card) in the terminal and for subsequently deleting the temporarily stored data carrier-specific data (ID, V card) in the terminal.
7. Process according to claim 6, characterized therein that the data carrier is used as an electronic purse and in that the data record (DB) documenting the modification of data contains the amount of money valid prior to the editing of the data (withdrawal), the amount of money withdrawn and the amount of money valid after the editing of the data.
8. Process according to any one of claims 6 or 7, characterized therein that the number of data edits is serially counted on the data carrier and a sequence number representing the counting results is communicated to the terminal together with the data record documenting the data modification.
9) Process for the secure editing of data on intelligent data carriers, especially the withdrawal of amounts of money from chipcards used as electronic purses, in a system according to any one of the preceding claims, characterized by the following steps:

- authentication of the data carrier vis-à-vis the terminal using a symmetrical key process, especially a so-called challenge and response process, and communication to the terminal of specified data carrier-specific data stored on the data carrier as well as of the second key (V card) of the additional key pair (S card, V card) specifically associated with the data carrier, said second key (V card) serving the purpose of verification;

- communication of a data modification command, secured by a symmetrical key process, from the terminal to the data carrier, the symmetrical key process simultaneously authenticating the terminal vis-à-vis the data carrier;

- execution of the data modification depending on the correct authentication of the terminal;

- generation and communication of a data record (DB) documenting the data modification, with an electronic signature calculated using an asymmetrical key process by means of the first key (S card) of the additional key pair;

- verification of the electronic signature and of the data record by the terminal by means of the second key (V card) of the additional key pair.
10) Process for the secure reading of data on intelligent data carriers in a system according to any one of claims 2 to 7, characterized by the following steps:

- communication to the terminal of specified data carrier-specific data - said data carrier-specific data being stored on the data carrier together with the second key (V
card) of the additional key pair (S card, V card) specifically associated with the data carrier, said second key (V card) serving the purpose of verification, and said data carrier-specific data being secured by electronic signature of the computer centre by means of the first key (S glob), kept in a central location, of the further key pair (S glob, V
glob), said further key pair (S glob, V glob) satisfying an asymmetrical key algorithm - and verification of the electronic signature by means of the second key (V glob) of said key pair, said second key (V glob) being stored in all terminals;

- communication of a read command, secured by a symmetrical key process, from the terminal to the data carrier, the symmetrical key process, especially a so-called challenge and response process, simultaneously authenticating the terminal vis-à-vis the data carrier;

- communication of the data to be read, together with an electronic signature generated on the data carrier using an asymmetrical key process by means of the first key (S card) of the additional key pair specifically associated with the data carrier;

- verification by the terminal of the electronic signature generated on the data carrier by means of the second key (V card) of the additional key pair specifically associated with the data carrier.
11) Process for the secure editing of data on intelligent data carriers, especially the withdrawal of amounts of money from chipcards used as electronic purses, in a system according to any one of claims 2 to 7, characterized by the following steps.

- communication to the terminal of specified data carrier-specific data - said data carrier-specific data being stored on the data carrier together with the second key (V
card) of the additional key pair (S card, V card) specifically associated with the data carrier, said second key (V card) serving the purpose of verification, and said data carrier-specific data being secured by electronic signature of the computer centre by means of the first key (S glob), kept in a central location, of the further key pair (S glob, V
glob), said further key pair (S glob, V glob) satisfying an asymmetrical key algorithm - and verification of the electronic signature by means of the second key (V glob) of said key pair, said second key (V glob) being stored in all terminals;

- communication of further data stored on the data carrier using a communication process which secures the data by means of a symmetrical key process, said communication process being, in particular, a so-called challenge and response process initiated by the terminal;

- communication of a data modification command, secured by a symmetrical key process, from the terminal to the data carrier, the symmetrical key process, in particular, a so-called challenge and response process, simultaneously authenticating the terminal vis-à-vis the data carrier;

- execution of the data modification in the data carrier depending on the correct authentication of the terminal;

- generation and communication of a data record (DB) documenting the data modification, together with an electronic signature generated on the data carrier using an asymmetrical key process by means of the first key (S card) of the additional key pair specifically associated with the data carrier;

- verification by the terminal of the electronic signature generated on the data carrier and of the data record using the second key (V card) of the additional key pair specifically associated with the data carrier.
12) Process according to claim 9 or claim 11, characterized in that the data carrier is used as an electronic purse and in that the data record (D B) documenting the modification of data contains the amount of money valid prior to the editing of the data (withdrawal), the amount of money withdrawn and the amount of money valid after the editing of the data.
CA002286851A 1997-05-02 1998-04-15 System for the secure reading and editing of data on intelligent data carriers Expired - Fee Related CA2286851C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19718547.9 1997-05-02
DE19718547A DE19718547C2 (en) 1997-05-02 1997-05-02 System for secure reading and changing of data on intelligent data carriers
PCT/EP1998/002205 WO1998050894A1 (en) 1997-05-02 1998-04-15 System for secured reading and processing of data on intelligent data carriers

Publications (2)

Publication Number Publication Date
CA2286851A1 CA2286851A1 (en) 1998-11-12
CA2286851C true CA2286851C (en) 2007-06-19

Family

ID=7828409

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002286851A Expired - Fee Related CA2286851C (en) 1997-05-02 1998-04-15 System for the secure reading and editing of data on intelligent data carriers

Country Status (8)

Country Link
US (1) US6662151B1 (en)
EP (1) EP0990226B1 (en)
JP (1) JP2001525088A (en)
AT (1) ATE252259T1 (en)
CA (1) CA2286851C (en)
DE (2) DE19718547C2 (en)
DK (1) DK0990226T3 (en)
WO (1) WO1998050894A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7328350B2 (en) 2001-03-29 2008-02-05 Arcot Systems, Inc. Method and apparatus for secure cryptographic key generation, certification and use
BR9915474A (en) * 1998-11-19 2001-07-31 Arcot Systems Inc Method and apparatus for secure distribution of authentication credentials to users in transit
DE19855660C2 (en) * 1998-12-02 2000-09-21 Siemens Nixdorf Banking Syst Device and method for processing data stored on a card
DE19904292C2 (en) * 1999-01-28 2002-02-07 Juergen Dethloff Method and device for paying for services using a portable data carrier
CA2290170C (en) * 1999-01-29 2005-06-14 International Business Machines Corporation Improved digital signature
JP3389186B2 (en) * 1999-04-27 2003-03-24 松下電器産業株式会社 Semiconductor memory card and reading device
DE19919909C2 (en) 1999-04-30 2001-07-19 Wincor Nixdorf Gmbh & Co Kg Signing and signature verification of messages
DE19933731B4 (en) * 1999-07-19 2006-02-09 Db Systems Gmbh Procedure for the form-independent and verifiable granting of user rights
FR2800220B1 (en) * 1999-10-26 2002-02-15 France Telecom SECURE ELECTRONIC TRANSACTION PROCESS
DE10034276A1 (en) * 2000-07-14 2002-01-31 Infineon Technologies Ag Method for transferring data representing a value from a mobile data carrier
DE10140792A1 (en) * 2001-08-20 2003-03-13 Roland Beisert Device for automatic recording of a meter count in a supply meter has an optical image-capture device, an evaluatory/control unit to pick up an image signal and a data transmitter to send data to a central data-processing unit
US9246687B2 (en) * 2007-02-28 2016-01-26 Broadcom Corporation Method for authorizing and authenticating data
DE102020115034A1 (en) 2020-06-05 2021-12-09 Bundesdruckerei Gmbh Banknote with processor

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4799258A (en) 1984-02-13 1989-01-17 National Research Development Corporation Apparatus and methods for granting access to computers
FR2592510B1 (en) 1985-12-31 1988-02-12 Bull Cp8 METHOD AND APPARATUS FOR CERTIFYING SERVICES OBTAINED USING A PORTABLE MEDIUM SUCH AS A MEMORY CARD
GB9008362D0 (en) * 1990-04-12 1990-06-13 Hackremco No 574 Limited Banking computer system
DE4119924C3 (en) * 1991-06-17 1996-06-20 Siemens Ag Process for securing loadable credit in chip cards
US5396558A (en) 1992-09-18 1995-03-07 Nippon Telegraph And Telephone Corporation Method and apparatus for settlement of accounts by IC cards
DE4339460C1 (en) * 1993-11-19 1995-04-06 Siemens Ag Method for authenticating a system part by another system part of an information transmission system according to the challenge and response principle
FR2716021B1 (en) 1994-02-09 1996-04-12 Gemplus Card Int Chip card transaction method and system.

Also Published As

Publication number Publication date
US6662151B1 (en) 2003-12-09
JP2001525088A (en) 2001-12-04
ATE252259T1 (en) 2003-11-15
DE59809930D1 (en) 2003-11-20
DE19718547A1 (en) 1998-11-12
CA2286851A1 (en) 1998-11-12
DE19718547C2 (en) 2002-06-20
WO1998050894A1 (en) 1998-11-12
EP0990226B1 (en) 2003-10-15
DK0990226T3 (en) 2004-02-16
EP0990226A1 (en) 2000-04-05

Similar Documents

Publication Publication Date Title
US4357529A (en) Multilevel security apparatus and method
CN1344396B (en) Portable electronic charge and authorization devices and methods therefor
US6983882B2 (en) Personal biometric authentication and authorization device
US5721781A (en) Authentication system and method for smart card transactions
CN106415611B (en) Self-authentication chip
EP1254454B1 (en) System for securing data on a data carrier
US6910131B1 (en) Personal authentication system and portable unit and storage medium used therefor
US20020043566A1 (en) Transaction card and method for reducing frauds
US20030004827A1 (en) Payment system
WO2014104436A1 (en) Method for mutual authentication for payment device
JPH0762862B2 (en) Authentication method in IC card system
CA2286851C (en) System for the secure reading and editing of data on intelligent data carriers
JP2001512873A (en) Data carrier authentication inspection method
US20190005495A1 (en) Method for verifying transactions in chip cards
KR20010022588A (en) Method for the safe handling of electronic means of payment and for safely carrying out business transactions, and device for carrying out said method
GB2358500A (en) Programming data carriers
CN101714216A (en) Semiconductor element, biometric authentication method, biometric authentication system and mobile terminal
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
RU2412484C2 (en) Secure mobile terminal for electronic transactions and secure electronic transaction system
KR20190126730A (en) Method and system for performing a secure data exchange
US20090037744A1 (en) Biometric pin block
JPH11120310A (en) Ic card and ic card reader
JPH0822517A (en) Forgery preventing system for hybrid card
JP3792808B2 (en) Authentication method and authentication system
JPH0620117A (en) Ic card

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed