EP1604336A1 - Verfahren zum überprüfen der gü ltigkeit von digitalen freimachungsvermerken und vorrichtung zur durchführung des verfahrens - Google Patents
Verfahren zum überprüfen der gü ltigkeit von digitalen freimachungsvermerken und vorrichtung zur durchführung des verfahrensInfo
- Publication number
- EP1604336A1 EP1604336A1 EP04703745A EP04703745A EP1604336A1 EP 1604336 A1 EP1604336 A1 EP 1604336A1 EP 04703745 A EP04703745 A EP 04703745A EP 04703745 A EP04703745 A EP 04703745A EP 1604336 A1 EP1604336 A1 EP 1604336A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- data
- data key
- message
- import
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00185—Details internally of apparatus in a franking system, e.g. franking machine at customer or apparatus at post office
- G07B17/00435—Details specific to central, non-customer apparatus, e.g. servers at post office or vendor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00741—Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
- G07B2017/0075—Symmetric, secret-key algorithms, e.g. DES, RC2, RC4, IDEA, Skipjack, CAST, AES
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/0087—Key distribution
Definitions
- the digital postage indicia contain cryptographic information, for example about the identity of the customer system controlling the generation of the postage indicium.
- the invention has for its object to provide a method with which the authenticity of the postage indicia can be checked quickly and reliably.
- the method is intended to be suitable for a check in a large series application, in particular in letter or freight centers.
- this object is achieved in that the method for checking the authenticity is carried out in such a way that a data key is generated and transferred from a central database (ZinS central system) to local payment assurance companies. Systems (ZinS-local) is transferred. This is done by means of a franking key generated and a franking mark applied to a mail item, the cryptographic information contained in the franking mark being decrypted and used to check the authenticity of the franking mark.
- the local security systems import the data key and transmit a result of the import to the central database (ZinS central system).
- the result of the import is transmitted as a data record.
- the data record preferably contains a key.
- the key can have different textures. In particular, it can be both a symmetrical and an asymmetrical key.
- the key is used to decrypt and / or encrypt information. Due to its nature, the key can also carry information. For example, the key contains information about the franking key, its key generation and / or its expiry date.
- the result can be checked in different ways. However, it is particularly advantageous that the result is checked by decrypting the key.
- a preferred embodiment of the method is characterized in that when the data key is successfully imported into essentially all local payment assurance systems (ZinS-local), the data key is released as a new franking key at the value transfer center (Postage Point) and then used to create new postage ,
- ZinS-local essentially all local payment assurance systems
- Postage Point the value transfer center
- This embodiment of the method makes it possible to carry out a key change in the value transfer center as a function of key changes previously carried out in the payment assurance systems. This ensures that postage indicia are only generated using the new key after the new key is already available in the local remuneration security systems. This ensures that the local
- Remuneration assurance systems can check the validity of the franking notes generated.
- This particularly preferred embodiment of the method with control of the key change in the value transfer center as a function of the key changes in the local security systems is particularly advantageous in combination with at least some of the further method steps according to the invention.
- a combination of several features ensures that the key change can be carried out quickly and reliably and that the implementation of the respective key change is checked.
- the new data key is transferred from the value transfer center (postage point) to the central payment security system.
- the value transfer center encrypts the data key with a transport key (KT).
- the transport key is encrypted with a master transport key (KTM).
- KTM master transport key
- the data key is preferably generated in the area of the value transfer center. This has the advantage that improper changes to the data key during a
- Transport to the value transfer center can be avoided.
- the data key is advantageous for the data key to be provided with key identification information.
- the key identification information is also expediently transmitted in encrypted form.
- the data key In order to ensure that a valid data key is used for the encryption and / or decryption steps used, it is expedient for the data key to be provided with a generation counter and / or to be transmitted together with the generation counter. To avoid the use of invalid keys, it is also expedient that the franking key is provided with an expiry date for the previous data key and / or is transmitted with the expiry date.
- the data key shown can be used both for one or more partial checks and for generating postage indicia and / or decrypting information contained in the postage indicia.
- one of the partial checks includes the decryption of the cryptographic information contained in the postage indicium.
- one of the partial checks includes a comparison between the date of creation of the postage indicium and the current date.
- the integration of the generation date of the postage indicium - in particular in encrypted form - increases data security since the comparison between the generation date of the postage indicium and the current date avoids multiple use of a postage indicium.
- the reading unit and the checking unit exchange information using a synchronous protocol.
- the reading unit and the checking unit communicate with one another via an asynchronous protocol.
- the reading unit sends a data telegram to the checking unit.
- the data telegram preferably contains the content of the franking notice.
- FIG. 3 shows a schematic diagram of an interface between a central payment assurance system (ZinS central system) and a value transfer center (postage point);
- ZinS central system central payment assurance system
- postage point value transfer center
- FIG. 7 shows a basic illustration of method steps for encapsulating components and for handling error messages.
- the invention is illustrated below using the example of a PC franking system.
- the procedural steps used to secure remuneration are independent of the system used to generate the postage indicia.
- decentralized check shown at individual control points in particular in letter centers, is particularly preferred, but a centralized check is equally possible.
- the individual control points form local remuneration security systems, which are preferably connected to a central remuneration security system via a data connection.
- the central payment assurance system is also connected to a value transfer center.
- the technical interface to be implemented between the value transfer center and the payment security system consists of exchanging cryptographic keys.
- the key that is to be exchanged between the value transfer center and the remuneration security system ensures that the franking marks produced are secure against forgery. This is done in particular by encrypting part of the content of the 2D barcode forming the franking mark with it. Since the selected key is a symmetrical key for performance reasons, it must be transferred from the value transfer center to the remuneration security system and distributed there to the individual letter centers.
- the secure storage of the keys is guaranteed through the use of special crypto cards.
- the invention includes various applications in which these keys are managed using this special hardware.
- the entire life cycle of these keys, from generation, export, distribution to import on the decentralized systems, is used to optimize process parameters.
- FIG. 1 A particularly preferred sequence for key distribution can be seen in FIG. 1.
- 1 shows a particularly preferred key distribution between the value transfer center and the central payment assurance system.
- a new franking key is first generated.
- franking key is not to be understood in any way restrictive, since the keys shown can be used in various ways for the creation of frankings.
- a crypto string as disclosed for example in German patent application DE 100 20 402 AI, is introduced into the franking key.
- the franking key is exchanged as the need arises.
- the franking key is recreated at regular intervals, for example after a predeterminable time interval has elapsed.
- the new franking key can generally be created at any point. To increase data security, however, it is expedient to minimize the transfer effort for the new franking key and to generate the key in the value transfer center or in the area of the value transfer center.
- the franking keys are transferred from the value transfer center to the central remuneration security system.
- the transmission is preferably automated.
- the exchange is preferably carried out via a server of the payment assurance system (ZinS central server).
- the postage point does not need to be configured. Since the server does not need to know the value transfer center (ZinS local systems) and its associated crypto systems, the ZinS central server is the only important factor for him.
- the key is released at the value transfer center (postage point) and then used to create new postage amounts - method step 6 in FIG. 1 -.
- the preferably symmetrical keys are an essential part of the security against forgery of franking marks generated with the aid of the franking key, which have the form of two-dimensional bar codes, for example.
- the exchange of these keys must be secured by strong cryptography. To ensure this, the following points are particularly important:
- both communication partners have the same key KT.
- the value transfer center (postage point) encrypts the data key KD to be transmitted with the key KT and transfers it to the server of the central payment assurance system (ZinS central system).
- This key is distributed from the central payment security system to the ZinS local crypto systems of the local payment security systems. These also have KT and can therefore decrypt the KD key again. Because the key is used to KT
- the transport key To protect the key KD securely during transport, it is also referred to below as the transport key.
- KTM master transport key
- This key must be put on the crypto card under special security measures and therefore only needs to be changed at large intervals.
- KTM is installed on all systems.
- This key is then used to encrypt the transport key KT, which is then automatically distributed and imported via the same channel. The distribution is like the distribution of the
- MAC matrix code
- the signature key KS is required, which, like the KTM, is imported during the initialization of the crypto cards.
- the data key messages are then signed with this KS.
- the procedure for encrypting and decrypting messages is Triple DES (key length 168 bits).
- Hash values are preferably calculated using the SHA-1 algorithm.
- KD Ne u the new key is transferred to the crypto systems of the payment protection systems. If this has been successfully imported by all crypto systems of the local payment assurance systems, the ZinS central system will release a message and KD Neu will be used for the encryption of new postage amounts at the postage point. From this point on, the old KD should be deleted from the postage point or should not be used to create new postage amounts.
- the following implementation of the key distribution method is particularly advantageous in order to achieve a uniform status, which enables a clear versioning of the keys and results in system maintenance that is as simple as possible: a) Data keys are identified with a unique key ID (key phase Indicator), an ambiguous generation counter and an expiry date for the valid previous data key.
- the generation counter is used to differentiate error-related multiple loading attempts from wanted updates of the symmetrical data key (to ensure transaction security, see (g)).
- the generation counter is increased by one for the transmission of a subsequent data key. d) If there is a negative acknowledgment, the data key has not been successfully installed in all local payment assurance systems and should not be provided by the value transfer center for the generation of postage indicia
- the generation counter is not increased by one for the transmission of a subsequent data key, i.e. it remains at the value of the previous transfer.
- a crypto card As soon as a crypto card receives a data key, it deletes all data keys that have the same generation counter value as the most recent transmission. This ensures that in the event of error-related multiple transmission, keys, that could previously only be loaded successfully on a part of all crypto cards are deleted. This enables transaction-secure key transmission.
- a security routine is called several times, preferably regularly, in particular daily, which deletes the data keys that are no longer required.
- a data key is then deleted (in an expedient embodiment, in addition to point g)) if the expiry date stored in the successor data key in the attribute CKA_END_DATE is earlier than the current system date.
- a grace period (as short as possible) should be planned for the expiry date for the previous key, as postage paid for an expired postage amount will still be recognized as valid two days after the validity date when checking in the area of the local remuneration system.
- a time lag between the creation and release of a new data key must also be taken into account.
- FIG 2 shows an overview of the areas of application of the key management shown and their use in the area of payment security. Preferred areas of application are also shown.
- the LMK should be divided into at least three components, two of which are particularly advantageous for restoring or re-initializing crypto server cards. Each of the components is preferably written on S artCards in a PIN-protected manner, with the security administrators receiving a SmartCard. Backup SmartCards should also be created.
- the LMK serves as the one described above
- New transport master keys are preferably generated in the manner shown below.
- the Local Master Key of a corresponding authorization card serves as the KTM.
- the LMK should be divided into at least three components, of which at least two components are required for re-import.
- the individual components are stored on SmartCards, with each security administrator receiving a SmartCard and securing it with an individual PIN.
- PIN PIN
- SmartCards By keeping the PIN secret and keeping the SmartCards in a safe place, it must be prevented that unauthorized persons can gain access to them.
- the transport master keys are preferably at least two LMK components - corresponding to two different authorization cards - are provided, so that this implements an automated implementation of a four-eyes principle.
- the KTM must be a Triple DES key.
- the ID attribute of the key consists of a type identifier and a unique number.
- the signing key ensures the integrity of the key messages. It can also be used to determine whether the sender of the key message is the postage point before the key is imported.
- the generation of the signature key should only be possible by a security administrator registered with a smart card. This should be a TDES key that has the security attributes Sensitive set to "True” and Extractable set to "False” to prevent the key plain text from being determined outside the card.
- the ID attribute of the key consists of a type identifier and a unique number.
- Type code KS Unique number: 01 to 99.
- Length fixed 4 bytes is stored as CK_CHAR []. To export the key, it must be wrapped with the KTM and then saved as a file on a floppy disk. The floppy disk must be kept safely and is used to initialize the crypto server cards. The integrity of the key file is ensured by the processing routine preferably contained in the cards, which is used for wrapping.
- Preferred attributes of the transport key KS are shown in the table below.
- the random number in the attribute label serves to confirm the successful import on the crypto server cards.
- a hash value (for example using SHA-1) is formed for this random number and this is used to confirm the successful import and to activate the transport key.
- the attributes CKA_ID and CKA_LABEL are to be set as CK_CHAR. All other attributes are defined in the type via the Pkcsll.h file.
- a transport key including the associated key message is created.
- the key generation module is preferably designed such that the generation of the transport key and / or the associated key message can only be triggered by a security administrator.
- the change interval should be annual or biennial.
- the transport key is again a TDES key with the following attribute settings:
- the random number in the attribute label serves to confirm the successful import on the crypto server cards.
- a hash value (using SHA-1) is formed for this random number and this is used to confirm the successful import and to activate the transport key.
- the attributes CKA_ID and CKA_LABEL are to be set as CK_CHAR []. All other attributes are defined in the type via the Pkcsll.h file.
- F nl + 1 - MAC MAC to which f nl + 24 key message; is formed by forming a SHAl hash value for fields 1-5 of the message, and this hash value is encrypted with the signing key (mechanism CKM_DES3_CBC_PAD, the IV is padded with zeros; ID see field 5).
- This transport key message is then passed on to the ZinS central server for further distribution.
- the interface is implemented as a session bean, this service is found using a name service (JNDI).
- JNDI name service
- the message is saved on the postage point as a file so that the security administrators can later save it on one or more disks that are to be kept safe.
- the floppy disks are then found when initializing new crypto server cards Use.
- the value transfer center is designed in such a way that it can unlock the transport key KT.
- An interface is provided to enable the transport key KT, via which the central value transfer center can be used after successful distribution and import of a transport key to all local ones
- Payment security systems can unlock this transport key.
- the transport key concerned is only used for the encryption of data keys (KD) after activation.
- the interface is implemented as a session bean. This service is located using a name service.
- the data structure for activation preferably has the following parameters:
- the authentication of the key allocation system of the remuneration security system (ZinS key management system) to the PP key management system takes place via parameter 2. It is a hash value that is generated using the SHA-1 method from the attribute label of the transport key. The attribute label is assigned a random value when the transport key is generated. Since the transport key and all of its attributes are encrypted during transmission, only the ZinS crypto server can calculate the correct hash value.
- the transport key becomes activated. This means that the data key messages are subsequently encrypted with the transport key.
- a data key including the associated key message is created.
- the key assignment system is preferably such that this action can only be triggered by a security administrator. It should be done quarterly. If there is a data key KD in circulation, none of which is yet available from the central payment assurance system (ZinS central system)
- the data key (KD) is used to encrypt certain matrix code contents and ensures that no valid postage indicia can be created that have not been billed to the postal company. This data key is used on the ZinS crypto servers to verify the digital postage indicia.
- the data keys are also TDES keys that are generated using the PKCS # ll function C_GenerateKey and have the following attributes:
- the system specifies the values for the attribute CKA_ID and the generation counter.
- the CKA_ID is always incremented by one, the generation counter only if the key has been successfully released.
- the attributes CKA_ID and CKA_LABEL are to be set as CK_CHAR []. All other attributes are defined in the type via the Pkcsll.h file.
- the random number in the attribute label serves to confirm the successful import on the crypto server cards.
- a hash value (using SHA-1) is formed for this random number and this is used to confirm the successful import and to unlock the data key.
- the intermediate message is in turn encrypted with the active transport key KT with the aid of the mechanism CKM_DES3_CBC_PAD (the IV is filled with zeros).
- the message to be distributed is formed, which has the following structure:
- the security administrators store it on one or more floppy disks to be used for initializing new ZinS crypto server cards.
- An interface and a protocol mechanism are provided for the activation of the data key KD, through which the activation of the data key is logged.
- the central payment security system is preferably created in such a way that the data key is only released after the successful distribution and import of a data key on the crypto systems of the local payment security systems. Only after activation, the data key concerned is subsequently used for the encryption of crypto strings to be included in the postage indicia and the associated key identification information KeylD in the
- the interface is implemented via CWMS between the central payment assurance system (ZinS Prima) and the local payment assurance system (ZinS Lokal).
- the value transfer center (Postage Point) PP receives the information about the corresponding bean.
- the data structure for activation has the following content:
- the key allocation system of the value transfer center PP is carried out via parameter 2.
- This is preferably a hash value that is generated by means of the method SHA-1 is formed from the attribute label of the data key.
- the attribute label is assigned a random value when the data key is generated. Since the data key and all of its attributes are encrypted during transmission, the correct hash value can only be calculated by the crypto server of the payment protection system.
- the data key is activated. This means that in the following the crypto strings for the postage indicia / postage amounts are encrypted with this data key.
- Activation of a data key increases the generation counter of the data key by one.
- the status of this key generation and distribution is logged and the associated data key is deleted on the card accordingly.
- the generation counter is not increased by one.
- the key assignment systems preferably contain a status memory for storing key generations that have been carried out. As long as there is no feedback from the central payment assurance system (ZinS central system) regarding the key distribution, the
- Security administrator start an archiving function that encrypts all keys (exception KTM) with the KTM (mechanism CKM_KEY_WRAP_WEBSENTRY) and returns it. These keys should be saved in the database or in a secure file system area.
- the restoration of keys - especially in the area of the value transfer center PP - is done by decrypting the archived key data (unwrap) and storing it on the card.
- the mechanism used is again CKM_KEY_WRAP_WEBSENTRY.
- the KTM master transport key is securely protected against compromise thanks to special security measures on both the WebSentry card and the distribution across several SmartCards.
- the previous KTM remains on the card as a so-called "dormant LMK" and must be deleted accordingly by the security administrator.
- a first use case is the initialization of the crypto card in the area of the payment security system.
- Firmware contains the embedded code (own software routines) (the latter functionality is integrated in WebSentryManager)
- User administration deletion of the default security administrator and definition of the security administrator incl. Required authentication rules (smart card-based) Creation of two "normal" users (one for key verification / one for key import) who authorize themselves via a specified PIN.
- the functionality of the user administration is also provided by the WebSentryManager.
- the keys are to be imported in the order defined above. Card initialization can take place at a central location, whereby the complete crypto system computer must be initialized and then sent. This is because the WebSentry card clears the internal memory as soon as it is pulled out of the PCI slot.
- the transport master key can preferably only be imported by at least two
- This functionality is provided via the administration tool Web Sentry Manager.
- LTK Local Master Key
- the signing key ensures the integrity of the key messages, and it can also be used to determine whether the key is imported before the key is imported
- the sender of the key message is the postage point.
- the signing key can be generated in various ways, the examples shown being particularly advantageous.
- the associated key message is stored on a floppy disk by the administrator and is loaded onto a crypto card of the remuneration security system to be initialized via this use case.
- the key message stored on the diskette is decrypted with the master transport key KTM (PKCS # ll function CJJnwrap, mechanism CKM_KEY_WRAP_WEBSENTRY).
- KTM master transport key
- the integrity of the key message is automatically checked by this routine. If a key with this KeylD already exists, it will be deleted afterwards.
- the server of the central payment assurance system provides an interface via which the distribution and the subsequent import on the crypto systems of the individual local payment assurance systems can be stimulated.
- the interface is implemented as an RMI service. This service is found using a
- JNDI Name service
- the crypto systems are managed via an application of the payment protection system.
- the receipt of new key messages on the individual crypto servers is checked at regular intervals (depending on the distribution mechanism) by an import controller.
- the "Import transport key" application is triggered automatically.
- the return value of this action is checked. If there is negative feedback, the import attempt is repeated up to three times.
- the log messages are processed centrally using the "Log key processing" use case.
- the release of the transport key is also triggered accordingly.
- Importing the transport key is either carried out by a security administrator who carries out the initialization on site at the crypto system, or it is triggered automatically by the key distribution import controller when he receives a new transport key message.
- the key is preferably imported in accordance with the following process steps:
- a hash value is formed for fields 1-5 of the transport key message using the SHA-1 method.
- the signature key is determined, which has the KeylD that was specified in field 4.
- a hash value was formed using the SHA-1 method and returned together with the KeylD and the positive message as a return value.
- a variant of this use case is that one of the routines or the MAC check fails.
- the further processing is terminated and a return value is returned that contains the KeylD, the error code and an error message.
- the saved number of failed attempts is increased by one. If it has reached three, a protocol message is generated from the last returned return value and sent to the central payment assurance system.
- the result of the import is also displayed on the security administrator's screen.
- Steps 2-7 preferably run directly in the
- Card software (embedded code). This increases both the performance and the security against being spied on.
- a further interface is provided by the server of the central payment security system, via which the distribution and the subsequent import of the data keys to the individual crypto systems of the local payment security systems takes place.
- the interface is implemented as a session bean, this service is found using a name service (JNDI).
- JNDI name service
- the distribution is preferably carried out via the CWMS used to distribute the P / N list.
- the key message is forwarded to all currently registered crypto systems and a log entry is written in each case.
- the crypto systems are managed via an allocation system. If a distribution order for a data key is already in circulation, for which no confirmation has yet been sent to the PP value transfer center, the acceptance of further distribution keys for data keys will be rejected until the time of the confirmation.
- the receipt of new key messages on the individual crypto servers is checked at regular intervals (depending on the distribution mechanism) by an import controller.
- the "Import data key" use case is triggered automatically.
- the return value of this action is checked. If there is negative feedback, the import attempt is repeated up to three times.
- the log messages are processed centrally using the "Log key processing" use case. This use case also triggers the release of the data key.
- the import of the data key is either carried out by a security administrator who is on site at the The crypto system carries out the initialization or it is triggered automatically by the key distribution import controller when it receives a new data key message.
- the key is imported in the same way as the transport key, taking into account the special features of a data key message:
- a hash value is formed for fields 1-7 of the data key message using the SHA-1 method.
- the signature key is determined, which has the KeylD that was specified in field 5.
- the transport key is determined that has the KeylD that was specified in field 6 of the key message.
- the content of field 1 of the intermediate message is decrypted using the KTM (method CJJnwrapKey, mechanism CKM_KEY_WRAP_WEBSENTRY). This automatically creates and stores the corresponding data key object on the card. The mechanism also implicitly checks the integrity of the key and the correct sender.
- KTM method CJJnwrapKey, mechanism CKM_KEY_WRAP_WEBSENTRY
- a hash value is formed for bytes 2-65 of the attribute label of the newly imported key using the SHA-1 procedure and this is returned together with the KeylD and the positive message as a return value.
- a variant of this use case is that one of the routines or the MAC check fails.
- the further processing is terminated and a return value is returned that contains the KeylD, the error code and an error message.
- the saved number of failed attempts is increased by one. If it has reached three, a protocol message is generated from the last returned return value and this is sent to the central payment assurance system (ZinS Central System).
- the result of the import is also displayed on the security administrator's screen.
- Steps 2-10 preferably run directly in the card software (embedded code). This increases both the performance and the security against espionage (especially of the IV, as well as the KTM).
- the data keys are cleaned several times, preferably regularly, on as many, preferably all, crypto systems of the payment security system as possible and are used to delete data keys that are no longer required.
- the key processing is preferably logged on the central server
- the keys that are logged by this use case are the transport and data keys.
- each distribution order For each distribution order, it is logged to which active crypto systems the key message was sent. A separate entry is created for each system and each distribution order, which is initially set to the status "Sent". After successful but also unsuccessful key processing, the individual crypto systems create a protocol message and send it to the central payment assurance system (ZinS central system). This distribution takes place either via JMS queues or via database replication.
- the messages are used after receipt to update the log entries described above.
- the status "Processing successful” / "Not successful” as well as a possible error code and the message are saved.
- the call for the key release is noted in the distribution order so that multiple releases are not carried out for one order. As long as the note has not yet been set, attempts will be made to contact the approval service at regular intervals.
- a special variant is present if, after a time to be defined, preferably several days, for example 3, not all crypto systems have given feedback. After this time, a negative release message is sent to the value transfer center.
- the key assignment system preferably contains a user interface which enables an administrator to control the status of a key distribution order. The following data is then displayed for each distribution order:
- a detailed list can also be created, with the current status for each system being displayed.
- the key restoration of transport and data keys can be triggered centrally for a special cryptosystem.
- the current keys are determined from the archive and sent to the special crypto system.
- Log messages are also generated for this. Only the release notification is not required with this type of key distribution.
- the corresponding crypto system must either be sent to the security administrators for reinitialization, or the security administrators must reinitialize the respective system on site.
- the KTM master transport key is securely protected against compromise thanks to special security measures on both the WebSentry card, as well as the distribution over several SmartCards and the multi-level key system.
- the previous KTM master transport key remains on the card as a so-called "dormant LMK" and must be used by be deleted accordingly by the security administrator.
- the key handling and decryption should be available as embedded code on the crypto card. As a result, not only is an increased security level achieved, but also a performance gain of the cryptosystem is expected.
- the crypto cards preferably contain the following standard Pkcs # ll functions:
- CE stands for Crypto Extension.
- Each embedded method delivers a return value of the type
- CK_RV which is defined as an integral part of the include file pkcsll.h. It is advisable that further error return values are defined when implementing the embedded methods and these in a C ++ Header file to be provided. This measure is advantageous in that various Pkcsll methods can be called nested on the hardware by calling an embedded method. Another advantage here is the completely new key handling within the software of the crypto cards.
- CK_RV CE_MethodName (parameter list)
- parameters that must be filled with a result are transferred by call by reference.
- the method name is formed from meaningful combinations of words that give a good impression of what the method does.
- the wording is chosen in such a way that it can be assigned to meaning content, for example by using English technical terms.
- CE_EnumKey ⁇ CE_KT, CE_DT, CE_SE, CE_KA ⁇
- CE_KA has a special position. It is not a key, but the set of all keys. If this enum element is specified, the methods implement a functionality that relates to all keys contained on the card.
- CE_EnumKeyAttribut ⁇ CE_ID, CE_LABEL, CE_STARTDATE, CE_ENDDATE ⁇
- the necessary defines have to be included in the file pkcsll.h.
- the defined extensions can be in a separate header file, which is included in the pkcsll.h file.
- Various mechanisms are possible when implementing embedded methods.
- CK_RV CE_Decrypt (CK_SESSION_HANDLE session, CK_BYTE [] message, CK_BYTE * postagelD, CK_BBOOL bOk)
- the embedded cryptography method is given a 57 byte long date in the parameter message, which corresponds to the
- the matrix code of the franking mark corresponds.
- the counting in the following explanation of the work steps starts at one.
- Step 1 Formation of the initialization vector IV
- the initialization vector the first two bytes are filled with zero and then the bytes f6 - flO plus byte f14 are appended to the matrix code.
- Step 2 Determine the KD to be used
- the key phase indicator is contained in byte fl4 and provides information on which key is to be used.
- the key phase indicator is stored in the key attribute CKA_ID and thus clearly identifies the key.
- the key handling listed below should enable the key to be found efficiently.
- CK_MECHANISM The mechanism used in CK_MECHANISM is CKM_DES3_CBC.
- the bytes fl5 - f38 are decrypted, that is 24 bytes, the first 12 bytes of the decrypted result are carried out by the parameter postagelD. If the decrypte has been carried out successfully, the procedure is continued in step 4, otherwise in step 5.
- the hash value of the date is obtained from a specially constructed 77-byte data block.
- Bytes 66 to 77 Corresponds to the last 12 bytes of the current, unencrypted part of the message.
- the hash value is formed according to SHA-1 and the first four bytes must match bytes f54 - f57 after this process. If this is not the case, the date is invalid. If an error occurs during the execution of the hashing or the hash value differs, the procedure is as in step 5.
- Step 5 return of the success indicator
- the bOk parameter is set to true if all the steps have been successful and false if the hash value comparison has resulted in a deviation or one of the Pkcs # ll methods has caused an error.
- the return value is accordingly with the Error message to be filled or with CKR_OK if no error has occurred.
- CK_RV CE VerifyMsg (CK_SESSI0N_HANDLE Session, CK_BYTE [] message, int length, CK_BBOOL bOk)
- KD MAC, to the key message; Is formed by adding a SHA1 hash to the fields
- Unused fields are padded with zeros.
- the method of operation of the method is determined via the parameter MsgType.
- Step 1 Formation of the initialization vector IV
- the initialization vector is padded with zeros.
- Step 2 Decrypt the encrypted message it contains
- CK_MECHANISM The mechanism used in CK_MECHANISM is CKM_DES3_CBC_PAD.
- the bytes of the variable MAC field are decrypted. If an error occurs during decoding, proceed as in step 4.
- Step 3 matching the hash value
- a hash is formed from fields 1 + 2 + 5 + 6 + 8 of the transport key message to form the hash value of the date. Which is compared with that from step 2.
- the hash value is formed according to SHA-1. If the hash values are not identical, the date is invalid. If an error occurs during the execution of the hashing or the hash value differs, the procedure is as in step 4.
- Step 4 return of the success indicator
- the parameter bOk is set to "true” if all work steps have been successful and "false” if the hash value comparison has resulted in a deviation or one of the Pkcs # ll methods has caused an error.
- the return value is accordingly with the Error message to be filled or with CKR_OK if no error has occurred.
- Step 1 Formation of the initialization vector IV
- the initialization vector is padded with zeros.
- Step 2 Decrypt the encrypted message it contains
- CK_MECHANISM The mechanism used in CK_MECHANISM is CKM_DES3_CBC_PAD.
- the bytes of the variable MAC field are decrypted. If an error occurs during decoding, proceed as in step 4.
- Step 3 Matching the hash value To create the hash value of the date, the
- Fields 1 + 2 + 4 + 3 + 6 + 7 + 8 of the data key message have a hash that is compared with that from step 2.
- the hash value is formed according to SHA-1. If the hash values are not identical, the date is invalid. If an error occurs during the execution of the hashing or the hash value differs, the procedure is as in step 4.
- Step 4 return of the success indicator
- the parameter bOk is set to "true” if all work steps have been successful and "false” if the hash value comparison has resulted in a deviation or one of the Pkcs # ll methods caused an error. Accordingly, the return value must be filled with the error message or with CKR_OK if no error has occurred.
- These embedded key handling methods should include key import of a wrapped key and efficient key management. Keys of the type KS, KD and KT are to be imported.
- CK_RV CE_ImportKey (CK_SESSION_HANDLE session, CK_BYTE_PTR data,
- the function assignment CE_ImportKey is preferably carried out as described below:
- the mechanism CKM_KEY_WRAP_WEBSENTRY is used for wrapping. Accordingly, the same mechanism is required for the unwrap.
- the key obtained is imported to the crypto hardware by the unwrapping, whereby a key that is imported a second time, ie with the same key phase, overwrites the old key.
- the wrapped key is passed in the data parameter and its length in the length parameter.
- the length of the key depends on the key attributes.
- the key type is verified via the keyTyp parameter and handled accordingly.
- the key is then included in the cached key management and possibly. the double predecessor deleted.
- the DT is decrypted by the KT, which is identified by the KeyKTID parameter; for all other key types, this parameter is ignored and is set to NULL.
- the random attribute in the key attribute of the imported key contains the hash value according to SHA-1.
- the hash value is returned in the hashValue parameter of the embedded method.
- the hash value is required for the key confirmation message.
- the corresponding error code is output in the return value, otherwise CKR_OK.
- the function assignment CE_GetKeyCount shows how many
- Keys of the respective key type are registered on the card in the cached key management. This makes it possible to read out key attributes in conjunction with the method shown below.
- CK_RV CE_GetAttribute (CK_SESSION_HANDLE session, CE_EnumKey keyTyp, CE_EnumKeyAttribute keyAttribute, int pos,
- the key type is used to determine the key type and thus the table from which to read if the different key types are kept in different lists on the crypto hardware, arranged according to the type of key.
- the keyAttribut parameter defines the attribute that is to be read out and the pos parameter supplies the
- the attributes for a date have a fixed length of 8 bytes, whereas the attributes CKA_ID and CKA_LABEL have a fixed length of 128 bytes. If the attributes within the key are shorter than 128 bytes for these two parameters, the remaining bytes up to 128 are filled with zero. In this way, the user can always provide the appropriate methods with sufficient storage space. In the event that the user provides a buffer that is too small, the information is trimmed and a corresponding error message is transmitted via CK RV.
- CK_RV CE_ DeleteExpiredKeys (CK_SESSION_HANDLE Session, CE_EnumKey keyTyp, int * counter)
- CE_DeleteExpiredKeys searches the card for expired keys and deletes them from the card.
- Expired keys can be identified by the characteristic that the system date is older than the CKA_END_DATE of the successor key, see under 2.5.8. also applies to KT and KS.
- the enum type enables selective deletion and with CE_KA the entire card can be deleted (only the LMK is retained). It is important that this method must not be activated if a key import is carried out. This is preferably checked in the embedded code and displayed with a corresponding return value. This measure may prevent possible side effects in internal key maintenance that are not clear.
- the interface between the payment assurance system and the value transfer center is preferably as narrow as possible in order to rule out manipulation possibilities through side channels.
- the value transfer center (postage point) and the central payment assurance system are shown in FIG. 3.
- the central payment security system provides an interface for the distribution of keys, via which keys created in the KeyManagement component of the value transfer center (Postage Points) can be distributed to the crypto systems of the payment security systems.
- the value transfer center provides the
- Fee security system a key release interface is available, via which from the fee security system after successful distribution and processing of a
- a session bean provides the functionality required to import the key data into the ZinS central system. The entire communication is shown in Fig. 4.
- the importKey procedure passes the data key set to ZinSZentral.
- ASN.l prepares the received message and causes the message to be stored in the database.
- the importKey procedure then initiates the distribution of the key data to the ZinS local systems using CWMS.
- the parameters of the insertKeyData method have not yet been specified, as it is not yet clear whether the ASN.l format is supported. However, the method will have to be equipped with two parameters in order to be able to send a more detailed message to the Postage Point.
- ASN.l The data are transmitted from the value transfer center (Postage Point) in ASN.l format.
- the corresponding response is also expected in ASN.l format.
- other formats can of course also be used.
- the respective formats are adapted for use by a suitable parser.
- Preferred data formats in ASN.l look as follows: Distribution message transport key
- the data structures can have a different structure. However, a structure corresponding to the exemplary embodiments shown is particularly advantageous, since both the transmission of all information to be taken into account and the low data transmission effort are achieved.
- the data is transmitted to the local payment assurance systems, which are preferably located in the mail company's mail centers, using CWMS.
- the data packets received by the CWMS correspond to the key messages previously defined in this document. These are then subjected to the VerifyMsg method of the embedded code after they have been previously adapted to the data table on page 29. After checking it, either the key import via the embedded code is started or a corresponding error message is generated. Compare key messages and page 12-14 regarding the import data structure of the embedded code method CE_ImportKey.
- the old keys are deleted and updated automatically using the embedded code methods described above.
- CE_DeleteExpiredKeys is called daily, which removes the expired keys from the crypto hardware daily, insofar as this is necessary.
- CA_ImportKey method ensures that duplicate keys are deleted and newer ones replace them.
- KryptoAdapters offer all functions (in particular the same) that the embedded code and other Pkcs # ll methods offer.
- a DLL (KryptoAdapter.DLL) is used that has the Zaxus DLL provided with a static link. Static linking further minimizes the security risk.
- the C ++ implementation of the JNI interface also provides error handling for each requested session, see the design document PCFM level 3 under multithreading.
- the worker concept is supported in that the crypto hardware is initialized in multithreading mode and after the login each worker gets his own session (getSession, C_GetSession), which registers this worker in the DLL and establishes a specially managed error handling for him.
- the mainstream of the DLL is addressed by the login and also has its own error handling with regard to the execution of Pkcs # ll methods and the embedded methods.
- the key messages from the Postage Point are stored in ZinS Central in a database for later use
- the key message stores the key data as it was received by the postage point; its archiving is used in the event of a failure of a local payment assurance system to coordinate this with the other remaining local payment assurance systems by uploading the archived keys. Before being saved, the message must be dismantled by ASN.l in order to transmit it to the local systems.
- the common form of the data records is preferred for storage, this corresponds to the table which contains the data block describes, which is used for the embedded method CE " VerifyMessage.
- This data set is of central importance. It serves on the one hand to evaluate the feedback received from the local remuneration system in the mail centers, preferably all of the mail centers integrated in the mailing company's mailing system, as well as a strong error analysis and
- This table also has administrative information processing.
- the associated transport key data can be entered via the SNPosNr entry
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10305730A DE10305730B4 (de) | 2003-02-12 | 2003-02-12 | Verfahren zum Überprüfen der Gültigkeit von digitalen Freimachungsvermerken |
DE10305730 | 2003-02-12 | ||
PCT/DE2004/000083 WO2004072911A1 (de) | 2003-02-12 | 2004-01-21 | Verfahren zum überprüfen der gültigkeit von digitalen freimachungsvermerken und vorrichtung zur durchführung des verfahrens |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1604336A1 true EP1604336A1 (de) | 2005-12-14 |
Family
ID=32797351
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP04703745A Withdrawn EP1604336A1 (de) | 2003-02-12 | 2004-01-21 | Verfahren zum überprüfen der gü ltigkeit von digitalen freimachungsvermerken und vorrichtung zur durchführung des verfahrens |
Country Status (16)
Country | Link |
---|---|
US (1) | US7580529B2 (de) |
EP (1) | EP1604336A1 (de) |
JP (1) | JP2006527512A (de) |
KR (1) | KR20050101543A (de) |
CN (1) | CN100585643C (de) |
AU (1) | AU2004211020B2 (de) |
BR (1) | BRPI0407431A (de) |
CA (1) | CA2514020A1 (de) |
DE (1) | DE10305730B4 (de) |
IL (1) | IL170246A (de) |
MX (1) | MXPA05008506A (de) |
NO (1) | NO20053932L (de) |
NZ (1) | NZ541371A (de) |
RU (1) | RU2333534C2 (de) |
UA (1) | UA84861C2 (de) |
WO (1) | WO2004072911A1 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104301332A (zh) * | 2014-10-31 | 2015-01-21 | 成都卫士通信息产业股份有限公司 | 一种基于无线级联的密钥分发系统 |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1379968A2 (de) * | 2001-02-23 | 2004-01-14 | United States Postal Service | Systeme und verfahren zum ausgeben von briefmarken |
US20060101310A1 (en) * | 2004-10-22 | 2006-05-11 | Nimrod Diamant | Device, system and method for verifying integrity of software programs |
US7912223B2 (en) * | 2006-09-29 | 2011-03-22 | Hitachi, Ltd. | Method and apparatus for data protection |
DE102007052458A1 (de) * | 2007-11-02 | 2009-05-07 | Francotyp-Postalia Gmbh | Frankierverfahren und Postversandsystem mit zentraler Portoerhebung |
JP2010220019A (ja) * | 2009-03-18 | 2010-09-30 | Panasonic Corp | 鍵管理方法および鍵管理装置 |
US9177281B2 (en) | 2010-03-18 | 2015-11-03 | United Parcel Service Of America, Inc. | Systems and methods for a secure shipping label |
US8995667B2 (en) * | 2013-02-21 | 2015-03-31 | Telefonaktiebolaget L M Ericsson (Publ) | Mechanism for co-ordinated authentication key transition for IS-IS protocol |
US10861025B2 (en) * | 2018-03-02 | 2020-12-08 | Capital One Services, Llc | Systems and methods of photo-based fraud protection |
US20210051002A1 (en) * | 2019-08-15 | 2021-02-18 | F5 Networks, Inc. | Accessing Security Hardware Keys |
US11682010B2 (en) * | 2021-06-03 | 2023-06-20 | Fidelity Information Services, Llc | Systems and methods for executing real-time reconciliation and notification of electronic transactions |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS60183842A (ja) * | 1984-03-02 | 1985-09-19 | Toshiba Corp | 伝送方式 |
JP2574279B2 (ja) * | 1987-03-09 | 1997-01-22 | 松下電器産業株式会社 | 暗号化情報処理方式 |
US5150408A (en) * | 1991-02-27 | 1992-09-22 | Motorola, Inc. | Key distribution communication system |
US5150508A (en) * | 1991-06-28 | 1992-09-29 | E. R. St. Denis & Sons, Limited | Hemming machine and method |
US5729608A (en) * | 1993-07-27 | 1998-03-17 | International Business Machines Corp. | Method and system for providing secure key distribution in a communication system |
US5481613A (en) * | 1994-04-15 | 1996-01-02 | Northern Telecom Limited | Computer network cryptographic key distribution system |
US5812666A (en) | 1995-03-31 | 1998-09-22 | Pitney Bowes Inc. | Cryptographic key management and validation system |
JPH09319673A (ja) * | 1996-05-27 | 1997-12-12 | Matsushita Electric Works Ltd | 暗号鍵更新方法およびそのシステム |
US5748736A (en) * | 1996-06-14 | 1998-05-05 | Mittra; Suvo | System and method for secure group communications via multicast or broadcast |
US5982896A (en) * | 1996-12-23 | 1999-11-09 | Pitney Bowes Inc. | System and method of verifying cryptographic postage evidencing using a fixed key set |
US6820065B1 (en) * | 1998-03-18 | 2004-11-16 | Ascom Hasler Mailing Systems Inc. | System and method for management of postage meter licenses |
DE19816344C2 (de) * | 1998-04-01 | 2000-08-10 | Francotyp Postalia Gmbh | Verfahren zur sicheren Schlüsselverteilung |
JP3726259B2 (ja) * | 1999-02-18 | 2005-12-14 | 日本電信電話株式会社 | 公開鍵証明証の有効性確認方法、公開鍵証明証の有効性確認装置における利用者側装置、および公開鍵証明証の有効性確認プログラムを記録した記録媒体 |
AU767180B2 (en) * | 1999-08-31 | 2003-11-06 | Motorola Solutions, Inc. | Key management methods for secure communication systems |
US20020018571A1 (en) * | 1999-08-31 | 2002-02-14 | Anderson Walter F. | Key management methods and communication protocol for secure communication systems |
US7089211B1 (en) * | 2000-01-12 | 2006-08-08 | Cisco Technology, Inc. | Directory enabled secure multicast group communications |
US7231517B1 (en) * | 2000-03-03 | 2007-06-12 | Novell, Inc. | Apparatus and method for automatically authenticating a network client |
DE10020402C2 (de) * | 2000-04-27 | 2002-03-14 | Deutsche Post Ag | Verfahren zum Versehen von Postsendungen mit Freimachungsvermerken |
JP2002290396A (ja) * | 2001-03-23 | 2002-10-04 | Toshiba Corp | 暗号鍵更新システムおよび暗号鍵更新方法 |
DE10131254A1 (de) * | 2001-07-01 | 2003-01-23 | Deutsche Post Ag | Verfahren zum Überprüfen der Gültigkeit von digitalen Freimachungsvermerken |
DE10150455A1 (de) * | 2001-10-16 | 2003-04-24 | Deutsche Post Ag | Verfahren und Vorrichtung zum Bearbeiten von Postsendungen |
-
2003
- 2003-02-12 DE DE10305730A patent/DE10305730B4/de not_active Expired - Fee Related
-
2004
- 2004-01-21 KR KR1020057014161A patent/KR20050101543A/ko not_active Application Discontinuation
- 2004-01-21 US US10/543,962 patent/US7580529B2/en not_active Expired - Fee Related
- 2004-01-21 CA CA002514020A patent/CA2514020A1/en not_active Abandoned
- 2004-01-21 BR BR0407431-9A patent/BRPI0407431A/pt not_active IP Right Cessation
- 2004-01-21 JP JP2006501466A patent/JP2006527512A/ja active Pending
- 2004-01-21 WO PCT/DE2004/000083 patent/WO2004072911A1/de active Search and Examination
- 2004-01-21 RU RU2005123803/09A patent/RU2333534C2/ru not_active IP Right Cessation
- 2004-01-21 NZ NZ541371A patent/NZ541371A/en unknown
- 2004-01-21 MX MXPA05008506A patent/MXPA05008506A/es active IP Right Grant
- 2004-01-21 CN CN200480003858A patent/CN100585643C/zh not_active Expired - Fee Related
- 2004-01-21 AU AU2004211020A patent/AU2004211020B2/en not_active Ceased
- 2004-01-21 UA UAA200507603A patent/UA84861C2/ru unknown
- 2004-01-21 EP EP04703745A patent/EP1604336A1/de not_active Withdrawn
-
2005
- 2005-08-11 IL IL170246A patent/IL170246A/en not_active IP Right Cessation
- 2005-08-23 NO NO20053932A patent/NO20053932L/no not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of WO2004072911A1 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104301332A (zh) * | 2014-10-31 | 2015-01-21 | 成都卫士通信息产业股份有限公司 | 一种基于无线级联的密钥分发系统 |
CN104301332B (zh) * | 2014-10-31 | 2017-10-27 | 成都卫士通信息产业股份有限公司 | 一种基于无线级联的密钥分发系统 |
Also Published As
Publication number | Publication date |
---|---|
NZ541371A (en) | 2008-12-24 |
KR20050101543A (ko) | 2005-10-24 |
DE10305730A1 (de) | 2004-09-02 |
DE10305730B4 (de) | 2005-04-07 |
US20060190732A1 (en) | 2006-08-24 |
WO2004072911A1 (de) | 2004-08-26 |
CN1748231A (zh) | 2006-03-15 |
US7580529B2 (en) | 2009-08-25 |
RU2333534C2 (ru) | 2008-09-10 |
NO20053932L (no) | 2005-08-23 |
MXPA05008506A (es) | 2005-10-20 |
AU2004211020A1 (en) | 2004-08-26 |
CN100585643C (zh) | 2010-01-27 |
CA2514020A1 (en) | 2004-08-26 |
JP2006527512A (ja) | 2006-11-30 |
IL170246A (en) | 2010-06-16 |
AU2004211020B2 (en) | 2009-04-09 |
BRPI0407431A (pt) | 2006-01-24 |
UA84861C2 (ru) | 2008-12-10 |
RU2005123803A (ru) | 2006-03-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0944027B1 (de) | Frankiereinrichtung und ein Verfahren zur Erzeugung gültiger Daten für Frankierabdrucke | |
DE69433466T2 (de) | Verfahren und Vorrichtung zum Ändern eines Verschlüsselungsschlüssels in einem Postverarbeitungssystem mit einer Frankiermaschine und einem Überprüfungszentrum | |
EP0892368B1 (de) | Verfahren zur Statistikmodusnachladung und zur statistischen Erfassung nach Statistikklassen bei der Speicherung eines Datensatzes | |
DE69932396T2 (de) | Verfahren und Vorrichtung zur sicheren Schlüsselübertragung zwischen einer Frankiermaschine und einer entfernten Datenzentrale | |
WO2003005307A1 (de) | Verfahren zum überprüfen der gültigkeit von digitalen freimachungsvermerken | |
EP1615173A2 (de) | Verfahren und Anordnung zum Generieren eines geheimen Sitzungsschlüssels | |
WO2006111135A1 (de) | Verfahren zur schlüsselverwaltung für kryptographiemodule | |
DE10305730B4 (de) | Verfahren zum Überprüfen der Gültigkeit von digitalen Freimachungsvermerken | |
DE19816344C2 (de) | Verfahren zur sicheren Schlüsselverteilung | |
DE10056599C2 (de) | Verfahren zum Versehen von Postsendungen mit Freimachungsvermerken | |
EP0969420B1 (de) | Verfahren zur sicheren Übertragung von Dienstdaten an ein Endgerät und Anordnung zur Durchführung des Verfahrens | |
DE60015907T2 (de) | Verfahren und Vorrichtung zur Erzeugung von Nachrichten welche eine prüfbare Behauptung enthalten dass eine Veränderliche sich innerhalb bestimmter Grenzwerte befindet | |
EP1807808B1 (de) | Verfahren und vorrichtung zum frankieren von postsendungen | |
EP1279147B1 (de) | Verfahren zum versehen von postsendungen mit freimachungsvermerken | |
EP1340197B1 (de) | Verfahren zum versehen von postsendungen mit frankierungsvermerken | |
DE10020561A1 (de) | Sicherungsmodul und Verfahren zur Erstellung fälschungssicherer Dokumente | |
EP2439902A2 (de) | Verfahren und Anordnung zum rechtsverbindlichen Senden und Empfangen von vertraulichen elektronischen Mitteilungen | |
EP1222512B1 (de) | Sicherungsmodul und verfahren zur erstellung fälschungssicherer dokumente | |
EP1486028B1 (de) | Verfahren und vorrichtung zur erstellung prüfbar fälschungssicherer dokumente | |
WO2024012624A1 (de) | Verfahren zur sicheren generierung eines herausgebbaren tokens, verfahren zur sicheren vernichtung eines tokens und tokenherausgeber |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20050912 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1077114 Country of ref document: HK |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20100127 |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1077114 Country of ref document: HK |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20120607 |