CA1191916A - Method and system for the mutual encyphered identification between data communicating stations and stations for use with such method and system - Google Patents
Method and system for the mutual encyphered identification between data communicating stations and stations for use with such method and systemInfo
- Publication number
- CA1191916A CA1191916A CA000400150A CA400150A CA1191916A CA 1191916 A CA1191916 A CA 1191916A CA 000400150 A CA000400150 A CA 000400150A CA 400150 A CA400150 A CA 400150A CA 1191916 A CA1191916 A CA 1191916A
- Authority
- CA
- Canada
- Prior art keywords
- station
- ciphering
- identification
- key
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/388—Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
ABSTRACT:
Method and system for the mutual encyphered identifica-tion between data communicating stations and stations for use with such method and system.
A method for transmitting ciphered information between two stations while using session keys. According to the method a mutual identification of the stations (AK, A; A,B) is obtained while using an identification device (ID) comprised in each station. Number values (r1, r2), originating from each station, may be exchanged by said identification in a form which is so ciphered that the number values may be recovered by the counter-part only. The session key (tm) is formed on basis of said nunber values in a modification device (MODIFI).
Ciphered data messages are exchanged between the station using the established session key and a message cipher-ing/deciphering device (MCRY, MDECRY) comprised in each station. According to the method the mutual identifica-tion and the establishment of the session key via an open channel may be obtained by transmitting one separate identification sequence in each direction. (Fig. 1).
Method and system for the mutual encyphered identifica-tion between data communicating stations and stations for use with such method and system.
A method for transmitting ciphered information between two stations while using session keys. According to the method a mutual identification of the stations (AK, A; A,B) is obtained while using an identification device (ID) comprised in each station. Number values (r1, r2), originating from each station, may be exchanged by said identification in a form which is so ciphered that the number values may be recovered by the counter-part only. The session key (tm) is formed on basis of said nunber values in a modification device (MODIFI).
Ciphered data messages are exchanged between the station using the established session key and a message cipher-ing/deciphering device (MCRY, MDECRY) comprised in each station. According to the method the mutual identifica-tion and the establishment of the session key via an open channel may be obtained by transmitting one separate identification sequence in each direction. (Fig. 1).
Description
PIIZ ~1OO3 1 26~2.~2 Method and system for the mutual encyphered identifica--tion between da-ta communiccting stations a:nd ~tations for use with such method and sys-tem~
This invention is clirected to a met'hod :~or the transmission of da.ta messages between two s-tations A and B, ~hich stations rnay each belong -to a group o.~
equally authorized stations, each message being trans-mitted af`-ter encipherment by using a message ciphering 'key. The invention is also directed to a -transmission system for carrying out the method~ and to a station ~`or use in sucl~ system.
The invention will be descri.'bed when applied -to a so-called EFT-system (Electronic Fund Transfer system) or a bank terminal system and to problems appear-ing in such sys-tems. However, the method and devices ac-cording to the invention are generally applicable in data transmission~systems of various types and in-tended for various purposes.
A bank terminal system or a sys-tem for trans-mission of data or -tex-t comprises a number of terminal stations having data input and data output means. Each terminal station may be connected to a cen-tral computer ~or the exchange o~ information in both directions. A
terminal station may also comprise a so-called cash dis-penser apparatus, ~rom which a customer may obtain cash by using a personal data carrier, which is temporarily connected to the system. Security of the system is ob-tained in -that a customer is o'bliged to identify hlm-self towards the systern before any trcmsaction is allowed.
At a hurrlan-operated terminal station this may rnean that thc custome:r will have to present an acceptable identi~i-cation docllIne:llt~ At .~n unsupervisecl terrni.nal station of t'he -type cash dispense:r said identif:ication rmay comprise the step tha-t the custome.r supplies a secret personal code, a so-called. PlN-code~ via a keyboard, -the corres-Pl-IZ S1003 2 26.2.~2 ponding PIN-code then being accessable in -the system :L`or comparison with -the code which is supplied~ The de-velopment is towards an increased n~1mber o~ unsupervised terminal stations which may o~`:eer c~n increased number of dieferent services. These personal data carriers are to-dav shaped as cards according -to an accepted ISO-stan-dard and comprise rnagnetizable carriers ~or da-ta storage.
A bank terminal system is sub~jec-t to security risks o di~eeren-t types, or th:reats~ Said threa-ts may 0 then be directed to informations transmitted in -the sys-tem, or to -the hardware comprised in the sys-tem, such as -transmission lines, terminal s-tations, or personal data carriers. The threats directed to the actual inormation mean that i-t could be possible 'by active or passive tap-ping -to derive, modi~y or distort the information content.
As counter measures, on the one hand the transmission lines and further system elements in question may be pro-tected physically~ In bank terminal systems the usual type o~ transmission means that a -terminal station com-municates with the central computer via a p~1blic or ge-neral data network. To physically protect a network o this type would, i possible at all, dernand high costs.
As a consequence the practicable solution means encipher-ing o e the information.
Alterna~ively, ~alse hardware may appear. Ac-cordingly, a ~alse cash dispenser apparatus may appear in a bank system. In a so-called POS-sys-tem (Point of Sales system) a customer could then pay for goods at a place for purchase by using his personal da-ta carrier in a f`alse terminal station. A d:if~`erent threa-t is -that :~`alse personal data carriers may appear. For the time be-ing the use of :ealse data carriers is prevented by the ract that t'he customer Ls obliged to supply his secret persona.:L code :i.n order to obtain access to the sys-tem.
Ho~ever, th:is procedure means no protection against a rr ~:L s e t e rrm :i:n al, T~le problem o:t`:ealse terminals ancL a:Lse data Lt-i Pl-IZ X1003 3 26.2~82 carriers may be illus-tra-tecL by -the so-called "wardrobe case". According to this case a customer may meet a i.`alse terrnlnal. which towards the customer appears as a genuine one. This ~alse terminal is connected to the so-calLed "wardrobel' in whlch is housed equipment for tapping t:he information sig~als supplied by the data carrier and the l~ey set of the terminal station~ and also equipment for forwarding correctly informa-ti.on be-tween ~.he false terminal and the eentral computer of -the system. By this tapping the en-tered~ seeret, personal code is achieved and further information from the data carrier. Said information may -then be used for -the pro~
vision of a false data carrier.
Thus -the transmission of unprotected. informa--tion on physieally aecessible lines would mean a grave risl~ F~lrthermore, this case also illustrates necessity for both identifieation of the user and his data carrier as being authorized in the system towards the -terminal but also for identifieation of the terminal towards the user and being a genuine one. This mu-tual identifieation may be obtained by giving the personal data earrier of the user the shape of an active card, on which the iden-tifieation information supplied by the terminal may be evaluated, The eard will eomprise semiconduetor memory and signal proeessing eapability, and will funetion as a station communieating with a terminal, By a mutual identifieation of aeti~e stations and eiphering of information whieh is transmitted many threats may be eliminated. The obtained seeurity will depend on -the ehoiee of iden-tification proeedure and eiphering method. Ciphering of a t:ra.ditional type means that author..ized stations of a system have aeeess to a eipher:ing a:Lgorithm and a deeipher:ing algorithm and also a eiphering key opera-ting as a parame-ter in said algo-r:i-thms. If an uneiphered or elear-text message is desi~natcd by x, the eiphered version thereof or "eipher"
is cLcsignated by y, ttle elphering key is designated as k, PM~ S1OO3 L~ ~6.2.82 the ciphering algorithm is designa-ted E and the de-ciphering algorithm is designated D, this may be e~-pressed according -to the following y = ~ (~,k) c~ld ~ = D(y,k) in -whicll e.~pression D is the inverse functio.n of E for all possibLe values of k. In a ciphering system of this type i-t is not necessary to keep the algorithms secret ~hile the key k shall be known to authorized stations on-Iy. The ciphering security depends on the difficulty to-find the key k. Accordingly, with a knowledge about x and y i-t should be difficult to find the value of` k for which holds y = E(x,k). In the ar-t this is expressed as that the finding of k should be "computa-tionally un-practicable ", which means imposing practically unac-ceptable requiremen-t on da-ta processing capacity and/or -time of operation. The weak points o~ a ciphering method of this type is the fac-t that the one same ciphering key must be distributed to all authorized stations and from that -time be kept secret. In a larger organization the distribution o~ keys appears a great problem. If trans-mission 'between the stations is effected via an unpro--tected channel, and no addi-tional measures are taken, no key may be transmitted along this channel. This problem has lecl -to systems in which the key or part thereo~ is distributed in a modi~'ied ~orm to authorized stations in order to be restored at a respective station by the use o~ secret information. Accordingly~ also in this case is obtained a system using in~orma-tion which is common to the stations, and this endangers the da-ta security.
The problem of enciphering key distribution is made even worse -i~ the aim ls a ~:requent change of ciphering keys. The desirable sit~a-tion is to use a ~res:h encip~hering key ~or every single case oI`-trans-m:ission. Such a key ls named a "session key". Dependent on the actual application of use a "session" may comprisc the transmission o~ a given amount of da-ta at one .6 P~IZ ~'1003 5 26.2.~2 single occasion OI` dif'fererl-t amoun-ts of data a-t diff`erent occasions ~i-thin a defined -time space, for e~ample one day.
~uropean pa-ten-t application 0002580 describes a method for verification of the cipherment keys used at t~o cooperating s-ta-tions. To this end a random number is sent in a ciphered form from one s-tation to the o-ther, which s-tation operates on the ciphered number using its own Icey~ The result ~hich is obtained is sen-t back to said one station at which i-t is checked agains-t the cipherecl number which was sent from the beginning. If -the checlc doesn~t fail is thereby veril'ied that bo-th stations have identical ciphering keys. Mo mutual identi-fica-tion of the par-ticipating s-tations is obtained ac cording to this method and furthermore the stations make use of identical9 secret key information.
US patent specification 4.227.253 describes a system operating with several "levels" of keys Accord-ing -to the specification a session key may be establish-ed 'between a hos-t system in one domain and a host system in another domain for performing cryp-tographic operations between the same. To this end a specific, mutually agreed upon, common cross-domain key is used, whereby each dif-ferent host system may avoid to reveal to other systems its own master key. Disregarding the fact -that a com-plicated arrangement o~ different keys for differentpurposes is used it is also evident that the participat-ing host systems have common, secret key in:~ormation, The prior art sys-tems described above have all the drawbaek that all operating par-ties make use of cornmon key inforrnation which must be kept secre-t by each party, which rneans tha-t if saiclIcey information is re-vealecl by one party this wlll damage the overall system.
further cLisadvantage is that no real "hand-shaking"
o~peration is perf'ormed between opera-ting parties in or-der to saf`e~,~uarcL-that a:Ll o~'-the communicating parties are authori~ed.
PIIZ Sloo3 ~ 26.2~8Z
The objec-t of -the invention is to obtain a met:hocl ~`or da-ta tr~nsmi.ssion that shall rna~e possibl.e a mutual identifi.eation of ae-tlve s-tations and ciphering of in~ormation by the use of ciphering keys which have been established via -the trc~smission channel by ex-changing as few transmission sequences as possi'ble and in ~ ich method the use of informa-tion whieh is common to all operating stati.ons ancL must be kept secre-t by each station, may be cornple-tely avoided.
The object of the invention is o'b-tained by a method which is characterizecl in that before transmis-sion of data messages stations A and B identify each o-ther by a mutual e~change of respective identif'ication sequences, which uniquely iden-tifies A against B and vice versa, and that said message ciphering key is established independen-tly a-t the respective stations on basis of -the identificati.on sequences which have been exchanged, and which may be operated upon by using a modifica-tion f~1nc-tion.
According to one preferred embodiment said identification sequenees are exehanged as respeetive eiphers obtained from an identifieation eiphering fune-tion, ~ld th~t said message eiphering key, when establish-ed, is used in a rnessage eiphering funetion for the eiphering of data messages to be transmitted, whieh is different from the identifeation eiphering fi1nction.
A f'urther preferred embodiment is eharaeteriz-ed in that eaeh identifieation sequenee has the form of eiphered number value, being preferably a pse-udo-random number; -that station A transmits a ciphered flrst num-ber value whieh may be deeip'herecL by station B only;that station B deei.phers and transmits 'baek to s-tation A said firs-t: number value in a f`orm whieh may be de-eiphered ancl evaluatecL by sta.tion A only, that sta-tion B -transmits to station A a eip:hered seeond number value wll:ieh rnay be deeiphered 'by station A only; and -that .statio:n A leeiphe:rs and transmits baek station B said PII7 ,S1003 ~ ~6.2.82 secolld nL1mber value in a Porrrl which may 'be deciphered and eva:Luated 'by sta-tion B only, while said f'irst and second nL1mber values whlch are received and deciphered a-t tlle respective stations may be converted b~ means of S a trans~ormation function, w'hich is known by the sta-tions~
'bef`ore -the same are ciphered again cLnd -transmit-ted back -to the respective counterparts~
According to a further pref`erred embodimen-t s-tation A -transmits to sta-tion B a f`irst cipher compris-ing said f`irst number value, -t'ha-t s-tation B t~ansmits back to s-tation A a second cipher comprising said second number value and the deci~hered ~irs-t number value, and that station A transmi-ts bac'k to s-ta-tion B a third cipher comprising the ciphered second number value~ while sa:id third cipher may 'be acco~paniad by a data message which is ciphered by means oi said message ciphering f`unction and said rnessage ciphering keyO
By the above mentioned embodiments of the method according to the invention -the following advantages are obtained:
- a message enciphering key having the charac-ter of a session key is established via an unprotec-ted or open channel, - by mealls of the iden-tification sequences which are e~changed and which may have the f`orm of` ciphered first and second pseudo-random num'bers which may be deciphered arld transmitted back by -the receiving counterpart only, a mutual iden-tif`ica-tion or "hand~
shaking" is ob-tained. 0 _ the num'ber of nec~ssary transrrlissiorl sequences for establishing a challne:L for ciphered transrnission be-t~een two stations is min:imized by usiIlg the neces-sary identification sequences themselves as a basis L'or l~ey establis'hrnent. 5 - cLirL'`ereIlt c:iphering f`unctions may 'be used for iden-t:irication/~ey es-ta'blishment and data message trans-rrl:iss:LoIl, ~nd thereby the .security and erL'ectiveness 3~
P~IZ ~-1003 S 2~.2.~2 of a -transmission session may be improved 'by selec-t-ing a more ela'borate and computationally demanding func-tion ~or the iderltification/key es-tablishment and a less demLLnding ancl faster function ~or the data message transmission.
The e~pression "cipher" as used above is rneant to cover also L -transmission sequence the informa-tion contents of t~hich has been protec-ted by encipherment and/or o-therwise in a way such -that decipherment or eva-luation may be carried out by c~n authorized receiver on-lyO Furtller -the mutual identification of the parties may also be ob-tained by having the parties to exchange a known message, which is -then enciphered by using the established message enciphering key, lf this enciphered message is not received correctly~ this means that the message enciphering key has not been established cor-xætly and consequently -t'he transmitting sta-tion is not authorized.
When using -the method according to the inven--tion in a data transmission system a threat rrlay appear i.n the form a so-called "twin station'l. A "twin station"
-to station A is an una-uthorized station having access to the secret information of station A and which may ac-cordingly in parallel with the true station A receive and decipher and/or evaluate the information which has to do with the station. Different from -the "wardrobe case" mentioned above such a -twin station is unkno~n to -the true station~ The problem of a passively tapping "twin" may be eliminated by converting -the second num-'ber value in sta-tion A by a transformation func-tion when it is transmit-ted baclc -to station B; by ha~ing first num-ber value convertecL in s-tation ~ by said transformation functio:n when transrrlitted back to station A, while iden-ti~`:i.cation is obtalned in that eac'h station converts its own number value by the trans:formation function and in-terna~ compares this converted num'ber value with the conv~rted number valLle which is received.
9~
PII~ ~1()03 9 ~6.2.82 A "twin stat-ion1' may also appear actively and replace the true station. Such a -threat may be rejected by "looking back" on earlier transac-tions of the station bef'ore any new -transmission, which for example may com-prise the step of giving a running n-umber -to each trans-action and sensing o~ the running number.
The number of` in-troductory transmission se-quencies may be as low as possible by including a data message already in the third cipher, -thereby requiring one transmission only from each sta-tion in order to ob-tain a mutual iden-tification and key establishment.
According to another preferred embodimen-t said first and second ciphers are f`ormed and deciphered by the use of an iden-tifica-tion ciphering f~nc-tion and its inverse and different keys for ciphering and de-ciphering, a public encipherrnent key being allot-ted to each station as well as a deciphering key associated therewi-th and being kept secret in a stationa each sta tion having from the beginning a knowledge abou-t its own secret deciphering key, the public ciphering key of thc counterpart and said ciphering function and i-ts in-verse. According to this embodiment a dras-tic decrease of the common secre-t information in the system is achieved.
The common secret information may be complete-ly elimina-ted if` the transf'ormation f`unction is of the type one-way functionO Thereby is obtained tha-t each station must keep secret i-ts OWIl deciphering key only, while on the contrary said ciphering function, said mes-sage ciphering function, said transforrnation func-tion, said modification ~unc-tion and as alreacly mentioned said ciphering keys all may be publicly Icnown.
Expressed differently, a consequence of the me-t'llod according to the invention is that a mu-tual iden-t:i~:ieation of t'he stations is o'btainecL by the use of a~`lrst and a second number value generated in sta-tion A
ancl sta1;ion ~, respectively. The process of iden-tifica-PMZ 1~1OO3 IO ~6.2.82 tion has -the outcome -tha-t each of said sta-tions knows about both said number valuesO Therea~te:r~ the number values are put together or modi~`ied accordingly at bo-th stations so that a message ciphering key (session key) wllich is common and which is -unique for the occasion o~
-transmission is obtained. By using saicL session key and a rnessage enciphering ~unction which is known -to both said stations rnessages may therea~ter be -transmitted be--tween the stations.
~ transmission system ~`or carrying out the method is charac-terized in that each s-ta-tion o~ the sys-tem is provided with an identi~ication device for a rnu-tual iden-ti~ication o~ a cooperating s-tation while using an idenli~ication ciphering ~unctio:n and i.ts inverse and a pair o~ ~eys which is allotted -to -the station and comp~ising a public ciphering key and a deciphering key which is kept secret in the station, said identi~ication device comprising a number generator ~or generating a number value as an identi.~ication sequence, a ciphering device for ciphering said nunlber value while using said ciphering ~unc-tion and the public ciphering key o~ the counterpart, a deciphering device f`or de-tecting a number value received ~rom the counterpart while using the in~
verse of said ciphering ~unction and the secret decipher-ing key o~ the sta-tion; a modi~ica-tion device ~or gene-ra-ting a message ciphering key based on the number values which have been e~changed; and a message ciphering/de-ciphering device for ciphering and deciphering data mes-sages while using the message cipheri.ng key which is ge-nerated~
The inventio:n ~urtherrnore relates to a station :~o:r use in the rnethod or system descr:ibed herebe~ore.
BI-~IE:F D~SCR:LPTION OF TI-IE FIGURES.
Ttle inven-tion will be described closer in the :~oL:Lo-wing w:ith reference to -the drawings, in which:
Eig~lre 1 shows a simpli~ied block diagrarn dis-9~
PHZ S1003 11 2~.2.82 closing three cooperating s-tations ~K, A, B;
Figure 2 shows a diagram comprising a sequence o~ operational steps performed at two coopera-ting sta--tions up to the -transmission of a first da-ta nessage;
~igure 3 shows a more detailed :Lunc-tionaL block diagram of the station A when performing the operational steps according to Fig 2.
DESCRIPTION OF A PREFERRED E~ODIMENTo ~ig. 1 shows a simplified block diagram having -three cooperating stations ~C (30), A (32) and B (34).
S-tations Al~, A have identical elements~ some thereof have no counterpar-t in station B. NormaLly communication takes place be-tl~een only two sta-tions a-t any ins-tant.
S-tation ~ represents a personal data carrier shaped as an active card. Station AK comprises an identification device ID (36) for identification towards a station com-municating with sta-tion ~, for e~ample, towards station A. Furthermore station AK comprises a modification device modifi (38) which receives number values that are exchang-ed during -the process of mutual identification for by mo-dificat:ion thereof generating a message ciphering key.The message ciphering ke~ is used thereafter for cipher-ing and deciphering data in a combined ciphering/de-ciphering device MCRY/MDECRY (L~4/46)~ The data to be -transmitted from station AK are produced by a message generator ~IGEN (L~o) and messages received are sent to a message receiver MR~C (42).
The station AK also cornprises a key set PlN (32) for entering into the card a personal secret code of the owner, -tha-t is a so-called PIN code. The supplied personaL
code is transmitted to an eva:luation cLevice (34) compris-ing a compara-tor circui-t COINC 80 and a reference code memory REF 78. In menory R~F the corresponding correct personal code is stored, which code is supplied to said comparator c:ircuit. When equality is detected be-tween -the personal code ~hich is entered and the one which is stored~ t11e comparator circuit generates a signal which PIIZ .~1003 -12 26.2.82 is suppliecl -to an ac-tivating means ACT 82 -which will -then ac-tiva-te ~temporarily the furtller functions cn -the active card by means of a control signal on line 83. On-ly during -this temporary ac-tivation -the card AK and -the cooperating station A (32~ may exec-u-te mutual iden-tif`ica-tion and e~change data rnessages. ~dvantagecusly, the activa-ting means ACT may be so dirnensionecL tha-t the carcl will be inactivated autornatically when the transmission is finished, ~or example after a predetermined time :in-terval or by means of a rese-t mechanism triggered by an "end o:t message" signal. Before the next-following data exchange s-tation Af~ must be ac-tivated again by a renewed supply of said PIN code. In this way an increased safety against unauthorized use of station AK is realized.
Fig. 1 also shows two sta-tions A and B, which for examp:Le may have a form of a bank -terrninal device or a POS device. Like station AK each of the s-tations A
and B, respectively, comprises an identification device ID, L~8, 66 a modification clevice MODIFI 50, 68, a mes-sage enciphering/deciphering cdevice MCRY, MDECRY 52/54, 70/72 and a message generator/receiver MGEN, MREC 56/58, 7~/76. Like station AK the stations A and B may comprise said means for a PIN controlled ac-tivation, that is the means PIN, REF, COINC, ACT (60-66) as shown in station A.
In certain cases -the latter sub-system may be omitted as has been sho~n for station B.
The sta-tions rnay be interconnected via a trans-mission ehannel which in Fig. 1 is represented by double arro-ws 86-32 between the identification and message en-ciphering/cleciphering devices -thereo~. The transmission ehannel may eomprise a galvanie eowpling or a radio con-neetlon ancl may eompr:ise a ehannel of a -time divisionaL
multiplex system or a frecluency cLivis:Lonal multiplex sys-tem. In the case of bank terrninals the transmission chan-nel may cornprise a part of the general data networ~. Forexamp:le Lines 86, 88 may be ernbodied in a single lead or time/rrecLIlellcy slot~ It is stressed that a communication 9~t~
PIIZ ~10~3 'l~ '6.2.82 may be set up via one or more further stations, which -than merely relay -the in~ormation -unchanged. Thus a com-municat:ion session coulcl be execu-ted dlrectly be-tween sta-tions ~l~ and B, s-tation ~ then merely relaying -the 5 rnessages~
The diagr~m of Fig. 2 shows the introduc-tory operational steps for a transmission between the station A c~nd the station B via -the -transmission channel ClIo The diagram comprises a column ST in which the operational steps are numbered sequentially. The num'bering o~ -the operational steps has 'been done without considering the fact that some of the s-teps may be carried 01,lt simul--taneously in the respective stations. As a consequence the nurnber of steps may be lower in the tim~ space. Fur thermore the diagram comprises for each station a column ME~I, in which is indicated what is stored in the station at each s-tep, and a column ~PERA indicating -the opera-tions carried out by the station. In the column CEI the -trans-mission sequences on the transmission channel are shown.
Furthermore, reference is already had to the more detail-ed bloclc ~iagram of a station sho~I in Figo 3.
This embodiment of the identification processuses an identi~ication enciphering function E and its inverse D, operating wi-th double keys, i.e. each station has an enciphering key and a deciphering key associated therewith. The ciphering key is public, i.e. it is avail-able (kno~) to all stations in the sys-tem~ but the de ciphering key of the s-tation is kept secre-t in the sta-tionO
The relation between the ciphering key ka and the associated dec:iphering Icey da is uniq-l,1e and may be expressed by means o~ a function F as follows ka = F(da) The secl,lri-ty o~ a ciphering system using a ~p-ublic key d~pencls on the d:if`~`:ic-ulty o~ ~`inding out the secret Icey when l{nowing the pub:Lie key. Expressed 'by means of the funet:ion IF t;his mecms that it should be "computa-tionally ~9~9~
PTIZ S1OO3 'I L~ 26 . 2. ~2 unpracticable"~ according to the definition given a'bove, to calculate da = F (ka) froln which follows that the functioll F shall 'be a so-ca:lled orle~-way functlon.
The ciphering function which is used in cornbi-nation w-ith a pair of keys k, d is a so-called "trap door function". A trap door L`unc-tion has the character of a one~way function to ~mybody no-t having available the complete information, i.e. bo-th of said keys k and d and said function and its inverse.
One example of a trap door function is C = Mk mod n (1), in which C designates the cipher of the message ~1, k designates the public ciphering key, n is an integer and (mod n) designates a function which is the reminder after a repeated devision by n.
The trap door character of the function means that deciphering may be obtained only with a knowledge about the associated secret deciphering key d by means o~ the function ~ = Cd mod (2).
In this trap door function the following rela-tion is valid between the keys k and d k . d = ('1). mod ~(n) (3) in whicll ~(n) designates the Euler ~-function.
Said ciphering and deciphering function E and D, respectively, may be according to e~pressions (1) and (2) above. I~ so~ the key pairs which are used ful-fill the relation (3).
In the diagram of Fig. 2 the ~ollowing desig-nations are also used:
k = public ciphering key of station A
d = secret deciphering key o~ station A
kb = public ciphering key of station ~
db = secret deciphering key o~ station B
r1 = number ~alue generated by station r2 = number value generated by station B
PllZ ~31003 'l 5 26. 2. 82 :f - transformation func-tion of the one way f`u.rnc tion type according to the defi.nition giv en ab ov e t = modifica-tion func tion~ having for example the me aning of an acl.di ti on t = the message ciphering key (.session key) establi shed for the transmis sion T"l = message enciphering function T~l = me s s age de ci phe ring :f unc ti on M1 = data message TM I = outcome of M1 from TM
gen = gene rat e c alc = cal c-ulat e tr = -transmi-t re = re c eive comp = compare C~1~ cg2 ~ cg3 = ciphers 1, 2 ~ 3 BL = blocking signal In addition to what is shown in coll1mns MEM, 20 each station 'knows from -the beginning the pu'blici-ty known functions E, D, f, t, T~l, and TM, The func-tion f may be realized by the same trap door function as said cipher--ing function E~ whi.ch is o'btained by selec-ting one of the keys of a pair of keys as a constant key and by ig-~5 noring the other one .
The message ciphering f~lnction TM and the in-verse thereof TM, used together wi-th the established so-called session key tm, is of he type which opera-tes with one key which is kno~,rn to bo th -transmitter and receive:r.
30 Several ciphering functions of -this type are known. An adequate choice is the so-called DES :~Lmc tion or algorithn~
in which DE~S stancls for "The United States Data Encryp-tion Algor:i thm~, For a detailed descrip tion of this algo-ri thm is ref`errecl to Federal Informa tion Pro cessing 35 S-tandards Publication 46 (January '15, -1977) by United States Dept. o:~ Commerce~Mational Bureau of Standards.
From t:l:le d:Lagram in Fig . 2 is eviden t tha t each P'~IZ ~l003 'l6 26.2.~2 s-ta-tion :L`rom star-t, s-l;ep 0, has in s-torage its o~in secret deci~phor:irlg l~.ey and the public ciphering key O:e the other sta-tion. The mutual iclentif`ication begins with sta-tion A generating and storing a number r1 ! pre~erably a pse-udo-random number. During step 2, r1 is ciphered by means Or kb to produce S1~ A ~irst cip:her cgl is ~ormed from s1 c~ld the adcLress a o~ the station A and is -trans-rtlitted in step 3 to station B~
Sta-tion B receives cg1 and in step 4 calculates rl by deciphering sl while using db; r1 is stored. In s-tep 5 -the resul-t of` the -trans~ormation ~unc-tion ~ ~rorn the received number value rl is calculatedt, which gives s2. S-tep num'ber 6 means generation o~ a second number value r2, 'being pre~erably a seco:nd pseudo-random number, which is also storedO The next step (7) means -that r2 is ciphered by using the key k 7 which gives S3. During the following step ~ a second cipher cg2 is -transmi-t-ted to sta-tion A comprising s2, S3, b.
The s-tation A receives cg2~ This is ~ollowed (9) by a calculation o~ the result o~ the -trans~ormation function from its own number value r1, which result, in the next step (10), is compared wi-th -the corresponding result o~ station B, that is s2, which was recei-ved in -the second cipher. In case o~ disagreement, the blocking signal BL is generated during step num'ber 11, said sig-nal blocking or breaking the connection between the sta-tions. In case o~ agreement, the num'ber value r2 is cal-cula~ted (12) by deciphering S3 received in the second cipher. At the sam~, time the calcula-ted r2 is s-tored.
As evident from the columns ME~I at this stage, (step num'ber 12), b:oth o~ the s-ta-tions know both rl and r2. Dur:ing -the nex-t ~ollowing s-tep 13, -t:he station A
calcula-tos the session key tm from r.l, r2. A-t the same time t is sto:recL. Thereal~ter the outcome o~` t:he trans-:t`ormation I`~nc~tion ~` ~rom the detected r2 is calculated,wl-uich g:ivos s~ icl1 is -transrrlitted in a third cipher cg3 to s-tati.on Bo PllZ ~'l003 'l7 2G~2,82 The station B receives cg3 and calculates dur-ingr the following step (16), the outcome of the trans-t`ormation ~unction :~ from its o~n number value r2, which outcome i5 thereafter compared with the corresponding ou-tcome of s-tation A9 -that is s~, wh-icll was received in said third cipher. In case of disagreemen-t, the blocking signal BL is genera-ted during s-tep nurnber 187 which sig-nal bloclcs or breaks the connection with station A. In case of agreement~ the session key tm is calc1:llated and stored (1~).
The mut-ual identifica-tion has now been obtain-ed and if -the connection is maintained 'both par-ties have available -the esta'blished session lcey t~n, which means that the te~t or data message transmission may begin.
Therefore -the s-tation A ciphers (20) a first message Ml while using t~n, which gives -the resul-t TMl, which, dur~
ing the ne.Yt following step 21, is transmitted to the s-tation B arld received thereby. In -the station B, TM1 is deciphered while -using t , which gives -the result ~1 (22). In sirnilar way, ~urther messages may be sent in one or in 'both direc-tions, until the intended packet of data has been -transmitted, ~hereafter the communica-tion is terminated by an end-of-communication signal.
In Fig~ 2 -the use of the PI~ code has no-t been considered e~plicitly because this represents an earlier s-tage in -time.
~ ecause -the s-tation A has available -tm already at step nurnber 13 -the first ciphered message TM1 may be transmitted together with the third cipher cg3. Conse-quently~ only one separate -transmission seq~1ence in each direction is required in order to carry out -the identi-~ication and the es-tcL'blisl-lrrlent vt` a session ~ey.
Fig. 3 shows a rnore detailed ~lnctionaL block diagrc-Lrrl o~' the station A. The cooperation between the bloclcs is il:Lustrated by -the signals which are generated in tho statlon A according to the di~gram of Fig. 2. Ac-corcling:ly, the time oI` appearance of said signals may be PIIZ S 1()03 '18 ''6. 2. 82 obtained ~`rom the diagrram. ~igo 3 is :in-tended -to il-lust-ra-te cooperating runctional 'blocks, wllich may also be realized by providing a computer or microcomputer th tile necessary software. Consequen-tly respective di t're rent blocl~s in Fig. 3 may be realized by means of -the same11ardware, and Fig, 3 cc~ulno-t be considered a one-to-one picture of a device. In consequence -the re-quired data paths, control decoders, timing means and the like have no-t been sho~n ~or brevi-ty.
The identif`ica tion device ID 36 is indicated by a do-tted line, ID cornprises a number generator NGEN
100 -f`or generating the number value rl of -the s tationO
The number generator comprises a ~pseudo-rando1n generator built as a f'eedback coupled shif`-t register. The number value r1 is supplied -to a ciphering device CRY ( 102) comprising the means ~or ciphering r1 by mear1s of said trap door E`unc-tion using the public ciphering key kb o:~
the counterpar-t, ~hich is o'btained :Erom a key memory CRYK ( 1 0 4 ) .
The device ID :~ur thennore comprises a decipher-ing device DECRY (-106), comprising -the means :E`OI' reali~;-ing the inverse of said trap door :E`unc-tion~ In this de-cipl1ering device the number value r2 of the other sta-tion is calculated while using the secret deciphering Zs key d of the stati on, which is ob tained from -the key memory CRYK ( 104) ~ The device Eur-thermore comprises a comparator COMP 10~. To the compara-tor a converted ver-sion f(r1 ) s~r r,1 is supplied :~rom a number converter NCONV ( 110), the lat-ter conver-ting the number values 30 which are supplied there to according to -the one way func tion ~ As a second :inpu t signal the cornparator COMP
receives the lnf`orma-tion s2, that is the in~ormatioll r as convertecL 'by the other s-tat:ion. The cornparator also has rnear1s :Eor generating -the 'b:Locking si,~lal BL on out-35 put 'I12 wl1en :inequality is de-tec-ted.
The nurrl'ber values r1 and r2 are supplied to a mod:i fi ca tion cLevicc MODIFI -1 '14 comprising the means for PI-IZ ~1003 19 '26.2.82 forming~ L`rom saicl number vcalues, a session key -trn ae-cording to a f`i~ed modification algo:rithrrl-t, which ma~
have the meaning of a simple addition, bit wise E~CLUSIVE OI'ING, eonca-tena-tion or a differen-t combina--tion of -the number values . Thc formecl session key t is supplied on the one hand -to a rnessage cip'hering devic~
~ICRY ('il~)) and on the other hand to a message deeipher~
ing device MDEC~Y ( 11~) eomprising the means ~or the realisation of said rnessage ciphering a:Lgorithm TM and said rnessage deeiphering algorithm TM, respeetively.
These rnay eomprise for example stancLardized circuits for the realisation of the DES algorithm rnen-tioned aboveO
To -the message eiphering deviee 116 are supplied data messages to be transmitted in the ciphered form -to sta-lS tion B, from a message genera-tor ~GEN (120). Corres-pondingly, -the output of message deeiphering device is connected to a menlory l~EC (122) for the data messages which are reeeived.
The station A also comprises a transmission unit T~' (121~) comprising the means for formatting -the transmission sequenees whieh are transmitted by the sta-tion. To said transmission unit is conneeted an address generator AD~GEN ~126) for generating the sta-tion address a. Aeeordingly, the transmission unit will for example put -together the eipher eg1 from the signal a received from address generator 126 and s1 received from cypher-ing deviee 102. In correspondenee there is eomprised a reception un:it ~F'U 12~ having the rneans for directing the signals of the reeeived signal sequences to -the re-levant fune-tional bloeks. Accordingly, in the rece:ived cipher cg2 t'he signal s2 is clireeted to the eomparator COMP (10~) and the sigIlal S3 is direeted to the decipher-ing deviee ~Cl~Y ~'106), and further rnessages are for-warcLed -to the message deeiphering device 1-l~. Likewise tho transmission un:it l2ll is also eonneeted to message eneyE~llering, unit 'll6 for therefrom reeeiving fur-ther message~s TMI -to 'be scnt to the other s-tation. Finally, P11Z (~lOO~ 20 26.2.
a cLotted line has 'been shown frorll n-urnber converter l10 -to tri~nsmiss:ion Llnit 'l24 -to comrnunica-te -the informa-tion s4, calclllated according to step 'l4 in Fig. 2~
~s rnentioned already tlle compara-tor COMP ge-.nerates a blocking signal BL at non-coincidence, :i~e. in case -the station B has not been able to icLentify itsalf towards the station A by transmitting 'back a correctly converted :r1. The blocking signal is used for -the co:n-trol o~' a blocking device BI,S 130, which is illustra.-ted ~ as a. s~i-tch~ The appearance of signal BL braaks the con-nection 'betwee:n -the transmission unit TRU and the channel CH 132 and thereby also -the connection between -the sta~
tions. The channe:L is bidirectionally operative, while the separation between da-ta-out and data-in is executed in elements 'l24, 128.
This invention is clirected to a met'hod :~or the transmission of da.ta messages between two s-tations A and B, ~hich stations rnay each belong -to a group o.~
equally authorized stations, each message being trans-mitted af`-ter encipherment by using a message ciphering 'key. The invention is also directed to a -transmission system for carrying out the method~ and to a station ~`or use in sucl~ system.
The invention will be descri.'bed when applied -to a so-called EFT-system (Electronic Fund Transfer system) or a bank terminal system and to problems appear-ing in such sys-tems. However, the method and devices ac-cording to the invention are generally applicable in data transmission~systems of various types and in-tended for various purposes.
A bank terminal system or a sys-tem for trans-mission of data or -tex-t comprises a number of terminal stations having data input and data output means. Each terminal station may be connected to a cen-tral computer ~or the exchange o~ information in both directions. A
terminal station may also comprise a so-called cash dis-penser apparatus, ~rom which a customer may obtain cash by using a personal data carrier, which is temporarily connected to the system. Security of the system is ob-tained in -that a customer is o'bliged to identify hlm-self towards the systern before any trcmsaction is allowed.
At a hurrlan-operated terminal station this may rnean that thc custome:r will have to present an acceptable identi~i-cation docllIne:llt~ At .~n unsupervisecl terrni.nal station of t'he -type cash dispense:r said identif:ication rmay comprise the step tha-t the custome.r supplies a secret personal code, a so-called. PlN-code~ via a keyboard, -the corres-Pl-IZ S1003 2 26.2.~2 ponding PIN-code then being accessable in -the system :L`or comparison with -the code which is supplied~ The de-velopment is towards an increased n~1mber o~ unsupervised terminal stations which may o~`:eer c~n increased number of dieferent services. These personal data carriers are to-dav shaped as cards according -to an accepted ISO-stan-dard and comprise rnagnetizable carriers ~or da-ta storage.
A bank terminal system is sub~jec-t to security risks o di~eeren-t types, or th:reats~ Said threa-ts may 0 then be directed to informations transmitted in -the sys-tem, or to -the hardware comprised in the sys-tem, such as -transmission lines, terminal s-tations, or personal data carriers. The threats directed to the actual inormation mean that i-t could be possible 'by active or passive tap-ping -to derive, modi~y or distort the information content.
As counter measures, on the one hand the transmission lines and further system elements in question may be pro-tected physically~ In bank terminal systems the usual type o~ transmission means that a -terminal station com-municates with the central computer via a p~1blic or ge-neral data network. To physically protect a network o this type would, i possible at all, dernand high costs.
As a consequence the practicable solution means encipher-ing o e the information.
Alterna~ively, ~alse hardware may appear. Ac-cordingly, a ~alse cash dispenser apparatus may appear in a bank system. In a so-called POS-sys-tem (Point of Sales system) a customer could then pay for goods at a place for purchase by using his personal da-ta carrier in a f`alse terminal station. A d:if~`erent threa-t is -that :~`alse personal data carriers may appear. For the time be-ing the use of :ealse data carriers is prevented by the ract that t'he customer Ls obliged to supply his secret persona.:L code :i.n order to obtain access to the sys-tem.
Ho~ever, th:is procedure means no protection against a rr ~:L s e t e rrm :i:n al, T~le problem o:t`:ealse terminals ancL a:Lse data Lt-i Pl-IZ X1003 3 26.2~82 carriers may be illus-tra-tecL by -the so-called "wardrobe case". According to this case a customer may meet a i.`alse terrnlnal. which towards the customer appears as a genuine one. This ~alse terminal is connected to the so-calLed "wardrobel' in whlch is housed equipment for tapping t:he information sig~als supplied by the data carrier and the l~ey set of the terminal station~ and also equipment for forwarding correctly informa-ti.on be-tween ~.he false terminal and the eentral computer of -the system. By this tapping the en-tered~ seeret, personal code is achieved and further information from the data carrier. Said information may -then be used for -the pro~
vision of a false data carrier.
Thus -the transmission of unprotected. informa--tion on physieally aecessible lines would mean a grave risl~ F~lrthermore, this case also illustrates necessity for both identifieation of the user and his data carrier as being authorized in the system towards the -terminal but also for identifieation of the terminal towards the user and being a genuine one. This mu-tual identifieation may be obtained by giving the personal data earrier of the user the shape of an active card, on which the iden-tifieation information supplied by the terminal may be evaluated, The eard will eomprise semiconduetor memory and signal proeessing eapability, and will funetion as a station communieating with a terminal, By a mutual identifieation of aeti~e stations and eiphering of information whieh is transmitted many threats may be eliminated. The obtained seeurity will depend on -the ehoiee of iden-tification proeedure and eiphering method. Ciphering of a t:ra.ditional type means that author..ized stations of a system have aeeess to a eipher:ing a:Lgorithm and a deeipher:ing algorithm and also a eiphering key opera-ting as a parame-ter in said algo-r:i-thms. If an uneiphered or elear-text message is desi~natcd by x, the eiphered version thereof or "eipher"
is cLcsignated by y, ttle elphering key is designated as k, PM~ S1OO3 L~ ~6.2.82 the ciphering algorithm is designa-ted E and the de-ciphering algorithm is designated D, this may be e~-pressed according -to the following y = ~ (~,k) c~ld ~ = D(y,k) in -whicll e.~pression D is the inverse functio.n of E for all possibLe values of k. In a ciphering system of this type i-t is not necessary to keep the algorithms secret ~hile the key k shall be known to authorized stations on-Iy. The ciphering security depends on the difficulty to-find the key k. Accordingly, with a knowledge about x and y i-t should be difficult to find the value of` k for which holds y = E(x,k). In the ar-t this is expressed as that the finding of k should be "computa-tionally un-practicable ", which means imposing practically unac-ceptable requiremen-t on da-ta processing capacity and/or -time of operation. The weak points o~ a ciphering method of this type is the fac-t that the one same ciphering key must be distributed to all authorized stations and from that -time be kept secret. In a larger organization the distribution o~ keys appears a great problem. If trans-mission 'between the stations is effected via an unpro--tected channel, and no addi-tional measures are taken, no key may be transmitted along this channel. This problem has lecl -to systems in which the key or part thereo~ is distributed in a modi~'ied ~orm to authorized stations in order to be restored at a respective station by the use o~ secret information. Accordingly~ also in this case is obtained a system using in~orma-tion which is common to the stations, and this endangers the da-ta security.
The problem of enciphering key distribution is made even worse -i~ the aim ls a ~:requent change of ciphering keys. The desirable sit~a-tion is to use a ~res:h encip~hering key ~or every single case oI`-trans-m:ission. Such a key ls named a "session key". Dependent on the actual application of use a "session" may comprisc the transmission o~ a given amount of da-ta at one .6 P~IZ ~'1003 5 26.2.~2 single occasion OI` dif'fererl-t amoun-ts of data a-t diff`erent occasions ~i-thin a defined -time space, for e~ample one day.
~uropean pa-ten-t application 0002580 describes a method for verification of the cipherment keys used at t~o cooperating s-ta-tions. To this end a random number is sent in a ciphered form from one s-tation to the o-ther, which s-tation operates on the ciphered number using its own Icey~ The result ~hich is obtained is sen-t back to said one station at which i-t is checked agains-t the cipherecl number which was sent from the beginning. If -the checlc doesn~t fail is thereby veril'ied that bo-th stations have identical ciphering keys. Mo mutual identi-fica-tion of the par-ticipating s-tations is obtained ac cording to this method and furthermore the stations make use of identical9 secret key information.
US patent specification 4.227.253 describes a system operating with several "levels" of keys Accord-ing -to the specification a session key may be establish-ed 'between a hos-t system in one domain and a host system in another domain for performing cryp-tographic operations between the same. To this end a specific, mutually agreed upon, common cross-domain key is used, whereby each dif-ferent host system may avoid to reveal to other systems its own master key. Disregarding the fact -that a com-plicated arrangement o~ different keys for differentpurposes is used it is also evident that the participat-ing host systems have common, secret key in:~ormation, The prior art sys-tems described above have all the drawbaek that all operating par-ties make use of cornmon key inforrnation which must be kept secre-t by each party, which rneans tha-t if saiclIcey information is re-vealecl by one party this wlll damage the overall system.
further cLisadvantage is that no real "hand-shaking"
o~peration is perf'ormed between opera-ting parties in or-der to saf`e~,~uarcL-that a:Ll o~'-the communicating parties are authori~ed.
PIIZ Sloo3 ~ 26.2~8Z
The objec-t of -the invention is to obtain a met:hocl ~`or da-ta tr~nsmi.ssion that shall rna~e possibl.e a mutual identifi.eation of ae-tlve s-tations and ciphering of in~ormation by the use of ciphering keys which have been established via -the trc~smission channel by ex-changing as few transmission sequences as possi'ble and in ~ ich method the use of informa-tion whieh is common to all operating stati.ons ancL must be kept secre-t by each station, may be cornple-tely avoided.
The object of the invention is o'b-tained by a method which is characterizecl in that before transmis-sion of data messages stations A and B identify each o-ther by a mutual e~change of respective identif'ication sequences, which uniquely iden-tifies A against B and vice versa, and that said message ciphering key is established independen-tly a-t the respective stations on basis of -the identificati.on sequences which have been exchanged, and which may be operated upon by using a modifica-tion f~1nc-tion.
According to one preferred embodiment said identification sequenees are exehanged as respeetive eiphers obtained from an identifieation eiphering fune-tion, ~ld th~t said message eiphering key, when establish-ed, is used in a rnessage eiphering funetion for the eiphering of data messages to be transmitted, whieh is different from the identifeation eiphering fi1nction.
A f'urther preferred embodiment is eharaeteriz-ed in that eaeh identifieation sequenee has the form of eiphered number value, being preferably a pse-udo-random number; -that station A transmits a ciphered flrst num-ber value whieh may be deeip'herecL by station B only;that station B deei.phers and transmits 'baek to s-tation A said firs-t: number value in a f`orm whieh may be de-eiphered ancl evaluatecL by sta.tion A only, that sta-tion B -transmits to station A a eip:hered seeond number value wll:ieh rnay be deeiphered 'by station A only; and -that .statio:n A leeiphe:rs and transmits baek station B said PII7 ,S1003 ~ ~6.2.82 secolld nL1mber value in a Porrrl which may 'be deciphered and eva:Luated 'by sta-tion B only, while said f'irst and second nL1mber values whlch are received and deciphered a-t tlle respective stations may be converted b~ means of S a trans~ormation function, w'hich is known by the sta-tions~
'bef`ore -the same are ciphered again cLnd -transmit-ted back -to the respective counterparts~
According to a further pref`erred embodimen-t s-tation A -transmits to sta-tion B a f`irst cipher compris-ing said f`irst number value, -t'ha-t s-tation B t~ansmits back to s-tation A a second cipher comprising said second number value and the deci~hered ~irs-t number value, and that station A transmi-ts bac'k to s-ta-tion B a third cipher comprising the ciphered second number value~ while sa:id third cipher may 'be acco~paniad by a data message which is ciphered by means oi said message ciphering f`unction and said rnessage ciphering keyO
By the above mentioned embodiments of the method according to the invention -the following advantages are obtained:
- a message enciphering key having the charac-ter of a session key is established via an unprotec-ted or open channel, - by mealls of the iden-tification sequences which are e~changed and which may have the f`orm of` ciphered first and second pseudo-random num'bers which may be deciphered arld transmitted back by -the receiving counterpart only, a mutual iden-tif`ica-tion or "hand~
shaking" is ob-tained. 0 _ the num'ber of nec~ssary transrrlissiorl sequences for establishing a challne:L for ciphered transrnission be-t~een two stations is min:imized by usiIlg the neces-sary identification sequences themselves as a basis L'or l~ey establis'hrnent. 5 - cLirL'`ereIlt c:iphering f`unctions may 'be used for iden-t:irication/~ey es-ta'blishment and data message trans-rrl:iss:LoIl, ~nd thereby the .security and erL'ectiveness 3~
P~IZ ~-1003 S 2~.2.~2 of a -transmission session may be improved 'by selec-t-ing a more ela'borate and computationally demanding func-tion ~or the iderltification/key es-tablishment and a less demLLnding ancl faster function ~or the data message transmission.
The e~pression "cipher" as used above is rneant to cover also L -transmission sequence the informa-tion contents of t~hich has been protec-ted by encipherment and/or o-therwise in a way such -that decipherment or eva-luation may be carried out by c~n authorized receiver on-lyO Furtller -the mutual identification of the parties may also be ob-tained by having the parties to exchange a known message, which is -then enciphered by using the established message enciphering key, lf this enciphered message is not received correctly~ this means that the message enciphering key has not been established cor-xætly and consequently -t'he transmitting sta-tion is not authorized.
When using -the method according to the inven--tion in a data transmission system a threat rrlay appear i.n the form a so-called "twin station'l. A "twin station"
-to station A is an una-uthorized station having access to the secret information of station A and which may ac-cordingly in parallel with the true station A receive and decipher and/or evaluate the information which has to do with the station. Different from -the "wardrobe case" mentioned above such a -twin station is unkno~n to -the true station~ The problem of a passively tapping "twin" may be eliminated by converting -the second num-'ber value in sta-tion A by a transformation func-tion when it is transmit-ted baclc -to station B; by ha~ing first num-ber value convertecL in s-tation ~ by said transformation functio:n when transrrlitted back to station A, while iden-ti~`:i.cation is obtalned in that eac'h station converts its own number value by the trans:formation function and in-terna~ compares this converted num'ber value with the conv~rted number valLle which is received.
9~
PII~ ~1()03 9 ~6.2.82 A "twin stat-ion1' may also appear actively and replace the true station. Such a -threat may be rejected by "looking back" on earlier transac-tions of the station bef'ore any new -transmission, which for example may com-prise the step of giving a running n-umber -to each trans-action and sensing o~ the running number.
The number of` in-troductory transmission se-quencies may be as low as possible by including a data message already in the third cipher, -thereby requiring one transmission only from each sta-tion in order to ob-tain a mutual iden-tification and key establishment.
According to another preferred embodimen-t said first and second ciphers are f`ormed and deciphered by the use of an iden-tifica-tion ciphering f~nc-tion and its inverse and different keys for ciphering and de-ciphering, a public encipherrnent key being allot-ted to each station as well as a deciphering key associated therewi-th and being kept secret in a stationa each sta tion having from the beginning a knowledge abou-t its own secret deciphering key, the public ciphering key of thc counterpart and said ciphering function and i-ts in-verse. According to this embodiment a dras-tic decrease of the common secre-t information in the system is achieved.
The common secret information may be complete-ly elimina-ted if` the transf'ormation f`unction is of the type one-way functionO Thereby is obtained tha-t each station must keep secret i-ts OWIl deciphering key only, while on the contrary said ciphering function, said mes-sage ciphering function, said transforrnation func-tion, said modification ~unc-tion and as alreacly mentioned said ciphering keys all may be publicly Icnown.
Expressed differently, a consequence of the me-t'llod according to the invention is that a mu-tual iden-t:i~:ieation of t'he stations is o'btainecL by the use of a~`lrst and a second number value generated in sta-tion A
ancl sta1;ion ~, respectively. The process of iden-tifica-PMZ 1~1OO3 IO ~6.2.82 tion has -the outcome -tha-t each of said sta-tions knows about both said number valuesO Therea~te:r~ the number values are put together or modi~`ied accordingly at bo-th stations so that a message ciphering key (session key) wllich is common and which is -unique for the occasion o~
-transmission is obtained. By using saicL session key and a rnessage enciphering ~unction which is known -to both said stations rnessages may therea~ter be -transmitted be--tween the stations.
~ transmission system ~`or carrying out the method is charac-terized in that each s-ta-tion o~ the sys-tem is provided with an identi~ication device for a rnu-tual iden-ti~ication o~ a cooperating s-tation while using an idenli~ication ciphering ~unctio:n and i.ts inverse and a pair o~ ~eys which is allotted -to -the station and comp~ising a public ciphering key and a deciphering key which is kept secret in the station, said identi~ication device comprising a number generator ~or generating a number value as an identi.~ication sequence, a ciphering device for ciphering said nunlber value while using said ciphering ~unc-tion and the public ciphering key o~ the counterpart, a deciphering device f`or de-tecting a number value received ~rom the counterpart while using the in~
verse of said ciphering ~unction and the secret decipher-ing key o~ the sta-tion; a modi~ica-tion device ~or gene-ra-ting a message ciphering key based on the number values which have been e~changed; and a message ciphering/de-ciphering device for ciphering and deciphering data mes-sages while using the message cipheri.ng key which is ge-nerated~
The inventio:n ~urtherrnore relates to a station :~o:r use in the rnethod or system descr:ibed herebe~ore.
BI-~IE:F D~SCR:LPTION OF TI-IE FIGURES.
Ttle inven-tion will be described closer in the :~oL:Lo-wing w:ith reference to -the drawings, in which:
Eig~lre 1 shows a simpli~ied block diagrarn dis-9~
PHZ S1003 11 2~.2.82 closing three cooperating s-tations ~K, A, B;
Figure 2 shows a diagram comprising a sequence o~ operational steps performed at two coopera-ting sta--tions up to the -transmission of a first da-ta nessage;
~igure 3 shows a more detailed :Lunc-tionaL block diagram of the station A when performing the operational steps according to Fig 2.
DESCRIPTION OF A PREFERRED E~ODIMENTo ~ig. 1 shows a simplified block diagram having -three cooperating stations ~C (30), A (32) and B (34).
S-tations Al~, A have identical elements~ some thereof have no counterpar-t in station B. NormaLly communication takes place be-tl~een only two sta-tions a-t any ins-tant.
S-tation ~ represents a personal data carrier shaped as an active card. Station AK comprises an identification device ID (36) for identification towards a station com-municating with sta-tion ~, for e~ample, towards station A. Furthermore station AK comprises a modification device modifi (38) which receives number values that are exchang-ed during -the process of mutual identification for by mo-dificat:ion thereof generating a message ciphering key.The message ciphering ke~ is used thereafter for cipher-ing and deciphering data in a combined ciphering/de-ciphering device MCRY/MDECRY (L~4/46)~ The data to be -transmitted from station AK are produced by a message generator ~IGEN (L~o) and messages received are sent to a message receiver MR~C (42).
The station AK also cornprises a key set PlN (32) for entering into the card a personal secret code of the owner, -tha-t is a so-called PIN code. The supplied personaL
code is transmitted to an eva:luation cLevice (34) compris-ing a compara-tor circui-t COINC 80 and a reference code memory REF 78. In menory R~F the corresponding correct personal code is stored, which code is supplied to said comparator c:ircuit. When equality is detected be-tween -the personal code ~hich is entered and the one which is stored~ t11e comparator circuit generates a signal which PIIZ .~1003 -12 26.2.82 is suppliecl -to an ac-tivating means ACT 82 -which will -then ac-tiva-te ~temporarily the furtller functions cn -the active card by means of a control signal on line 83. On-ly during -this temporary ac-tivation -the card AK and -the cooperating station A (32~ may exec-u-te mutual iden-tif`ica-tion and e~change data rnessages. ~dvantagecusly, the activa-ting means ACT may be so dirnensionecL tha-t the carcl will be inactivated autornatically when the transmission is finished, ~or example after a predetermined time :in-terval or by means of a rese-t mechanism triggered by an "end o:t message" signal. Before the next-following data exchange s-tation Af~ must be ac-tivated again by a renewed supply of said PIN code. In this way an increased safety against unauthorized use of station AK is realized.
Fig. 1 also shows two sta-tions A and B, which for examp:Le may have a form of a bank -terrninal device or a POS device. Like station AK each of the s-tations A
and B, respectively, comprises an identification device ID, L~8, 66 a modification clevice MODIFI 50, 68, a mes-sage enciphering/deciphering cdevice MCRY, MDECRY 52/54, 70/72 and a message generator/receiver MGEN, MREC 56/58, 7~/76. Like station AK the stations A and B may comprise said means for a PIN controlled ac-tivation, that is the means PIN, REF, COINC, ACT (60-66) as shown in station A.
In certain cases -the latter sub-system may be omitted as has been sho~n for station B.
The sta-tions rnay be interconnected via a trans-mission ehannel which in Fig. 1 is represented by double arro-ws 86-32 between the identification and message en-ciphering/cleciphering devices -thereo~. The transmission ehannel may eomprise a galvanie eowpling or a radio con-neetlon ancl may eompr:ise a ehannel of a -time divisionaL
multiplex system or a frecluency cLivis:Lonal multiplex sys-tem. In the case of bank terrninals the transmission chan-nel may cornprise a part of the general data networ~. Forexamp:le Lines 86, 88 may be ernbodied in a single lead or time/rrecLIlellcy slot~ It is stressed that a communication 9~t~
PIIZ ~10~3 'l~ '6.2.82 may be set up via one or more further stations, which -than merely relay -the in~ormation -unchanged. Thus a com-municat:ion session coulcl be execu-ted dlrectly be-tween sta-tions ~l~ and B, s-tation ~ then merely relaying -the 5 rnessages~
The diagr~m of Fig. 2 shows the introduc-tory operational steps for a transmission between the station A c~nd the station B via -the -transmission channel ClIo The diagram comprises a column ST in which the operational steps are numbered sequentially. The num'bering o~ -the operational steps has 'been done without considering the fact that some of the s-teps may be carried 01,lt simul--taneously in the respective stations. As a consequence the nurnber of steps may be lower in the tim~ space. Fur thermore the diagram comprises for each station a column ME~I, in which is indicated what is stored in the station at each s-tep, and a column ~PERA indicating -the opera-tions carried out by the station. In the column CEI the -trans-mission sequences on the transmission channel are shown.
Furthermore, reference is already had to the more detail-ed bloclc ~iagram of a station sho~I in Figo 3.
This embodiment of the identification processuses an identi~ication enciphering function E and its inverse D, operating wi-th double keys, i.e. each station has an enciphering key and a deciphering key associated therewith. The ciphering key is public, i.e. it is avail-able (kno~) to all stations in the sys-tem~ but the de ciphering key of the s-tation is kept secre-t in the sta-tionO
The relation between the ciphering key ka and the associated dec:iphering Icey da is uniq-l,1e and may be expressed by means o~ a function F as follows ka = F(da) The secl,lri-ty o~ a ciphering system using a ~p-ublic key d~pencls on the d:if`~`:ic-ulty o~ ~`inding out the secret Icey when l{nowing the pub:Lie key. Expressed 'by means of the funet:ion IF t;his mecms that it should be "computa-tionally ~9~9~
PTIZ S1OO3 'I L~ 26 . 2. ~2 unpracticable"~ according to the definition given a'bove, to calculate da = F (ka) froln which follows that the functioll F shall 'be a so-ca:lled orle~-way functlon.
The ciphering function which is used in cornbi-nation w-ith a pair of keys k, d is a so-called "trap door function". A trap door L`unc-tion has the character of a one~way function to ~mybody no-t having available the complete information, i.e. bo-th of said keys k and d and said function and its inverse.
One example of a trap door function is C = Mk mod n (1), in which C designates the cipher of the message ~1, k designates the public ciphering key, n is an integer and (mod n) designates a function which is the reminder after a repeated devision by n.
The trap door character of the function means that deciphering may be obtained only with a knowledge about the associated secret deciphering key d by means o~ the function ~ = Cd mod (2).
In this trap door function the following rela-tion is valid between the keys k and d k . d = ('1). mod ~(n) (3) in whicll ~(n) designates the Euler ~-function.
Said ciphering and deciphering function E and D, respectively, may be according to e~pressions (1) and (2) above. I~ so~ the key pairs which are used ful-fill the relation (3).
In the diagram of Fig. 2 the ~ollowing desig-nations are also used:
k = public ciphering key of station A
d = secret deciphering key o~ station A
kb = public ciphering key of station ~
db = secret deciphering key o~ station B
r1 = number ~alue generated by station r2 = number value generated by station B
PllZ ~31003 'l 5 26. 2. 82 :f - transformation func-tion of the one way f`u.rnc tion type according to the defi.nition giv en ab ov e t = modifica-tion func tion~ having for example the me aning of an acl.di ti on t = the message ciphering key (.session key) establi shed for the transmis sion T"l = message enciphering function T~l = me s s age de ci phe ring :f unc ti on M1 = data message TM I = outcome of M1 from TM
gen = gene rat e c alc = cal c-ulat e tr = -transmi-t re = re c eive comp = compare C~1~ cg2 ~ cg3 = ciphers 1, 2 ~ 3 BL = blocking signal In addition to what is shown in coll1mns MEM, 20 each station 'knows from -the beginning the pu'blici-ty known functions E, D, f, t, T~l, and TM, The func-tion f may be realized by the same trap door function as said cipher--ing function E~ whi.ch is o'btained by selec-ting one of the keys of a pair of keys as a constant key and by ig-~5 noring the other one .
The message ciphering f~lnction TM and the in-verse thereof TM, used together wi-th the established so-called session key tm, is of he type which opera-tes with one key which is kno~,rn to bo th -transmitter and receive:r.
30 Several ciphering functions of -this type are known. An adequate choice is the so-called DES :~Lmc tion or algorithn~
in which DE~S stancls for "The United States Data Encryp-tion Algor:i thm~, For a detailed descrip tion of this algo-ri thm is ref`errecl to Federal Informa tion Pro cessing 35 S-tandards Publication 46 (January '15, -1977) by United States Dept. o:~ Commerce~Mational Bureau of Standards.
From t:l:le d:Lagram in Fig . 2 is eviden t tha t each P'~IZ ~l003 'l6 26.2.~2 s-ta-tion :L`rom star-t, s-l;ep 0, has in s-torage its o~in secret deci~phor:irlg l~.ey and the public ciphering key O:e the other sta-tion. The mutual iclentif`ication begins with sta-tion A generating and storing a number r1 ! pre~erably a pse-udo-random number. During step 2, r1 is ciphered by means Or kb to produce S1~ A ~irst cip:her cgl is ~ormed from s1 c~ld the adcLress a o~ the station A and is -trans-rtlitted in step 3 to station B~
Sta-tion B receives cg1 and in step 4 calculates rl by deciphering sl while using db; r1 is stored. In s-tep 5 -the resul-t of` the -trans~ormation ~unc-tion ~ ~rorn the received number value rl is calculatedt, which gives s2. S-tep num'ber 6 means generation o~ a second number value r2, 'being pre~erably a seco:nd pseudo-random number, which is also storedO The next step (7) means -that r2 is ciphered by using the key k 7 which gives S3. During the following step ~ a second cipher cg2 is -transmi-t-ted to sta-tion A comprising s2, S3, b.
The s-tation A receives cg2~ This is ~ollowed (9) by a calculation o~ the result o~ the -trans~ormation function from its own number value r1, which result, in the next step (10), is compared wi-th -the corresponding result o~ station B, that is s2, which was recei-ved in -the second cipher. In case o~ disagreement, the blocking signal BL is generated during step num'ber 11, said sig-nal blocking or breaking the connection between the sta-tions. In case o~ agreement, the num'ber value r2 is cal-cula~ted (12) by deciphering S3 received in the second cipher. At the sam~, time the calcula-ted r2 is s-tored.
As evident from the columns ME~I at this stage, (step num'ber 12), b:oth o~ the s-ta-tions know both rl and r2. Dur:ing -the nex-t ~ollowing s-tep 13, -t:he station A
calcula-tos the session key tm from r.l, r2. A-t the same time t is sto:recL. Thereal~ter the outcome o~` t:he trans-:t`ormation I`~nc~tion ~` ~rom the detected r2 is calculated,wl-uich g:ivos s~ icl1 is -transrrlitted in a third cipher cg3 to s-tati.on Bo PllZ ~'l003 'l7 2G~2,82 The station B receives cg3 and calculates dur-ingr the following step (16), the outcome of the trans-t`ormation ~unction :~ from its o~n number value r2, which outcome i5 thereafter compared with the corresponding ou-tcome of s-tation A9 -that is s~, wh-icll was received in said third cipher. In case of disagreemen-t, the blocking signal BL is genera-ted during s-tep nurnber 187 which sig-nal bloclcs or breaks the connection with station A. In case of agreement~ the session key tm is calc1:llated and stored (1~).
The mut-ual identifica-tion has now been obtain-ed and if -the connection is maintained 'both par-ties have available -the esta'blished session lcey t~n, which means that the te~t or data message transmission may begin.
Therefore -the s-tation A ciphers (20) a first message Ml while using t~n, which gives -the resul-t TMl, which, dur~
ing the ne.Yt following step 21, is transmitted to the s-tation B arld received thereby. In -the station B, TM1 is deciphered while -using t , which gives -the result ~1 (22). In sirnilar way, ~urther messages may be sent in one or in 'both direc-tions, until the intended packet of data has been -transmitted, ~hereafter the communica-tion is terminated by an end-of-communication signal.
In Fig~ 2 -the use of the PI~ code has no-t been considered e~plicitly because this represents an earlier s-tage in -time.
~ ecause -the s-tation A has available -tm already at step nurnber 13 -the first ciphered message TM1 may be transmitted together with the third cipher cg3. Conse-quently~ only one separate -transmission seq~1ence in each direction is required in order to carry out -the identi-~ication and the es-tcL'blisl-lrrlent vt` a session ~ey.
Fig. 3 shows a rnore detailed ~lnctionaL block diagrc-Lrrl o~' the station A. The cooperation between the bloclcs is il:Lustrated by -the signals which are generated in tho statlon A according to the di~gram of Fig. 2. Ac-corcling:ly, the time oI` appearance of said signals may be PIIZ S 1()03 '18 ''6. 2. 82 obtained ~`rom the diagrram. ~igo 3 is :in-tended -to il-lust-ra-te cooperating runctional 'blocks, wllich may also be realized by providing a computer or microcomputer th tile necessary software. Consequen-tly respective di t're rent blocl~s in Fig. 3 may be realized by means of -the same11ardware, and Fig, 3 cc~ulno-t be considered a one-to-one picture of a device. In consequence -the re-quired data paths, control decoders, timing means and the like have no-t been sho~n ~or brevi-ty.
The identif`ica tion device ID 36 is indicated by a do-tted line, ID cornprises a number generator NGEN
100 -f`or generating the number value rl of -the s tationO
The number generator comprises a ~pseudo-rando1n generator built as a f'eedback coupled shif`-t register. The number value r1 is supplied -to a ciphering device CRY ( 102) comprising the means ~or ciphering r1 by mear1s of said trap door E`unc-tion using the public ciphering key kb o:~
the counterpar-t, ~hich is o'btained :Erom a key memory CRYK ( 1 0 4 ) .
The device ID :~ur thennore comprises a decipher-ing device DECRY (-106), comprising -the means :E`OI' reali~;-ing the inverse of said trap door :E`unc-tion~ In this de-cipl1ering device the number value r2 of the other sta-tion is calculated while using the secret deciphering Zs key d of the stati on, which is ob tained from -the key memory CRYK ( 104) ~ The device Eur-thermore comprises a comparator COMP 10~. To the compara-tor a converted ver-sion f(r1 ) s~r r,1 is supplied :~rom a number converter NCONV ( 110), the lat-ter conver-ting the number values 30 which are supplied there to according to -the one way func tion ~ As a second :inpu t signal the cornparator COMP
receives the lnf`orma-tion s2, that is the in~ormatioll r as convertecL 'by the other s-tat:ion. The cornparator also has rnear1s :Eor generating -the 'b:Locking si,~lal BL on out-35 put 'I12 wl1en :inequality is de-tec-ted.
The nurrl'ber values r1 and r2 are supplied to a mod:i fi ca tion cLevicc MODIFI -1 '14 comprising the means for PI-IZ ~1003 19 '26.2.82 forming~ L`rom saicl number vcalues, a session key -trn ae-cording to a f`i~ed modification algo:rithrrl-t, which ma~
have the meaning of a simple addition, bit wise E~CLUSIVE OI'ING, eonca-tena-tion or a differen-t combina--tion of -the number values . Thc formecl session key t is supplied on the one hand -to a rnessage cip'hering devic~
~ICRY ('il~)) and on the other hand to a message deeipher~
ing device MDEC~Y ( 11~) eomprising the means ~or the realisation of said rnessage ciphering a:Lgorithm TM and said rnessage deeiphering algorithm TM, respeetively.
These rnay eomprise for example stancLardized circuits for the realisation of the DES algorithm rnen-tioned aboveO
To -the message eiphering deviee 116 are supplied data messages to be transmitted in the ciphered form -to sta-lS tion B, from a message genera-tor ~GEN (120). Corres-pondingly, -the output of message deeiphering device is connected to a menlory l~EC (122) for the data messages which are reeeived.
The station A also comprises a transmission unit T~' (121~) comprising the means for formatting -the transmission sequenees whieh are transmitted by the sta-tion. To said transmission unit is conneeted an address generator AD~GEN ~126) for generating the sta-tion address a. Aeeordingly, the transmission unit will for example put -together the eipher eg1 from the signal a received from address generator 126 and s1 received from cypher-ing deviee 102. In correspondenee there is eomprised a reception un:it ~F'U 12~ having the rneans for directing the signals of the reeeived signal sequences to -the re-levant fune-tional bloeks. Accordingly, in the rece:ived cipher cg2 t'he signal s2 is clireeted to the eomparator COMP (10~) and the sigIlal S3 is direeted to the decipher-ing deviee ~Cl~Y ~'106), and further rnessages are for-warcLed -to the message deeiphering device 1-l~. Likewise tho transmission un:it l2ll is also eonneeted to message eneyE~llering, unit 'll6 for therefrom reeeiving fur-ther message~s TMI -to 'be scnt to the other s-tation. Finally, P11Z (~lOO~ 20 26.2.
a cLotted line has 'been shown frorll n-urnber converter l10 -to tri~nsmiss:ion Llnit 'l24 -to comrnunica-te -the informa-tion s4, calclllated according to step 'l4 in Fig. 2~
~s rnentioned already tlle compara-tor COMP ge-.nerates a blocking signal BL at non-coincidence, :i~e. in case -the station B has not been able to icLentify itsalf towards the station A by transmitting 'back a correctly converted :r1. The blocking signal is used for -the co:n-trol o~' a blocking device BI,S 130, which is illustra.-ted ~ as a. s~i-tch~ The appearance of signal BL braaks the con-nection 'betwee:n -the transmission unit TRU and the channel CH 132 and thereby also -the connection between -the sta~
tions. The channe:L is bidirectionally operative, while the separation between da-ta-out and data-in is executed in elements 'l24, 128.
Claims (14)
1. A method for the transmission of data messages between a station A and a station B, which stations each belong to a set of equally authorized stations, each message being transmitted after encipherment by using a message ciphering key, characterized in that before transmission of data message stations A and B identify each other by means of a first identification sequence (cg1) sent in one direc-tion and a second identification sequence (cg2) sent in the other direction, which identification sequences uniquely identify station A towards station B and vice versa, and that said message ciphering key is established independently at the respective stations on basis of the identification sequences which have been exchanged, and which may be operated upon by using a fixed modification function.
2. A method as claimed in claim 1, characterized in that said identification sequences are exchanged as respec-tive ciphers obtained from an identification ciphering func-tion, and that said message ciphering key, when established, is used in a message ciphering function for the ciphering of data messages to be transmitted, which is different from the identification ciphering function.
3. A method as claimed in claim 1, characterized in that each identification sequence has the form of a ciphered number value, being preferably a pseudo-random number; that station A transmits a ciphered first number value which may be deciphered by station B only; that station B deciphers and transmits back to station A said first number value in a form which may be deciphered and evaluated by station A only;
that station B transmits to station A a ciphered second number value which may deciphered by station A only; and that station A deciphers and transmits back to station B said second number value in a form which may be deciphered and evaluated by station B only, while said first and second number values which are received and deciphered at the respective stations may be converted by means of a trans-formation function, which is known by the stations, before the same are ciphered again and transmitted back to the respective counterparts.
that station B transmits to station A a ciphered second number value which may deciphered by station A only; and that station A deciphers and transmits back to station B said second number value in a form which may be deciphered and evaluated by station B only, while said first and second number values which are received and deciphered at the respective stations may be converted by means of a trans-formation function, which is known by the stations, before the same are ciphered again and transmitted back to the respective counterparts.
4. A method as claimed in claim 2 or 3, charac-terized in that station A transmits to station B a first cipher comprising said first number value; that the station B transmits back to station A a second cipher com-prising said second number value and the deciphered first number value; and that station A transmits back to station B a third cipher comprising the deciphered second number value, while said third cipher may be accompanied by a data message which is ciphered by means of said message cipher-ing function and said message ciphering key.
5. A method as claimed in claim 1 or 2, charac-terized in that said first and second number values are ciphered and deciphered while using as said identification ciphering function, a ciphering function and its inverse and different keys for ciphering and deciphering, to each station being allotted a public ciphering key and a deciphering key associated therewith and kept secret in the station, each station having from the starting point a know-ledge about its own secret deciphering key, the public ciphering key of the counterpart and said ciphering function and its inverse.
6. A method as claimed in claim 3, characterized in that the transformation function for converting said number values is a one-way function, meaning that a number value may not be recovered practically even with a knowledge about the function and the number value in the form as modified by said function.
7. A method as claimed in claim 3, characterized in that each station is arranged so as to break the connection when a correspondence fails to appear between the outcome of the transformation function from its own number value and the outcome of the transformation function received in said second and third ciphers, respectively.
8. A method as claimed in claim 1, 2 or 3, in which a station may appear in the shape of a personal data carrier built as an active card, and which at least one station comprising means for supplying and evaluating a personal code, characterized in that the transmission of said identification sequences or number values is initiated by an evaluation of the supplied personal code which is carried out and accepted internally in said station or on said data carrier.
9. A transmission system for carrying out the method as claimed in claim 1, characterized in that each station of the system is provided with an identification device for a mutual identification of a cooperating station while using an identification ciphering function and its inverse and a pair of keys which is allotted to the station and comprising a public ciphering key and a deciphering key which is kept secret in the station, said identification device comprising a number generator for generating a num-ber value as an identification sequence, a ciphering device for ciphering said number value while using said ciphering function and the public ciphering key of the counterpart, a deciphering device for detecting a number value received from the counterpart while using the inverse of said cipher-ing function and the secret deciphering key of the station;
a modification device for generating a message ciphering key based on the number values which have been exchanged;
and a message ciphering/deciphering device for ciphering and deciphering data messages while using the message ciphering key which is generated.
a modification device for generating a message ciphering key based on the number values which have been exchanged;
and a message ciphering/deciphering device for ciphering and deciphering data messages while using the message ciphering key which is generated.
10. A system as claimed in claim 9, characterized in that said identification device comprises a number con-verter for converting said number values while using a transformation function and a comparator for comparing the number value of the station in the form which is con-verted internally with the form converted by the counterpart and to generate a blocking signal when an agreement fails to appear.
11. A system as claimed in claim 9 or 10, charac-terized in that each station furthermore comprises a block-ing device for blocking a used transmission channel depen-dent on said blocking signal.
12. A system as claimed in claim 9 or 10, in which a station may appear in the form of a personal data carrier built as an active card, characterized in that at least one station comprises means for supplying and evaluation a personal code and means for activating temporarily said station or said data carrier and to initiate the exchange of said number values dependent on an evaluation which is carried out and accepted internally in the station or on the data carrier.
13. A station for use in a system according to claim 9, characterized in that it comprises identification means, modifying means cyphering-cum decyphering means, and message generating cum receiving means.
14. A station as claimed in claim 13, characterized in that it is provided with key means for entering a personal identification code for comparison with an internally generated code.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| SE8102268A SE426128B (en) | 1981-04-08 | 1981-04-08 | METHOD FOR TRANSFER OF DATA MESSAGES BETWEEN TWO STATIONS, AND TRANSFER PLANT FOR EXECUTING THE METHOD |
| SE8102268-3 | 1981-04-08 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1191916A true CA1191916A (en) | 1985-08-13 |
Family
ID=20343561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000400150A Expired CA1191916A (en) | 1981-04-08 | 1982-03-31 | Method and system for the mutual encyphered identification between data communicating stations and stations for use with such method and system |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US4720859A (en) |
| EP (1) | EP0064779B1 (en) |
| CA (1) | CA1191916A (en) |
| DE (1) | DE3274043D1 (en) |
| SE (1) | SE426128B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4799061A (en) * | 1985-11-18 | 1989-01-17 | International Business Machines Corporation | Secure component authentication system |
Families Citing this family (52)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE3300170C2 (en) * | 1983-01-05 | 1986-12-18 | DATA-LÖSCH Gesellschaft für Sicherheitstechniken im Datenschutz mbH, 4420 Coesfeld | Barrier control system |
| US4536647A (en) * | 1983-07-15 | 1985-08-20 | Atalla Corporation | Pocket banking terminal, method and system |
| FR2549989B1 (en) * | 1983-07-29 | 1985-09-13 | Philips Ind Commerciale | AUTHENTICATION SYSTEM BETWEEN A CARD READER AND A PAYMENT CARD EXCHANGING INFORMATION |
| DE3381329D1 (en) * | 1983-12-21 | 1990-04-19 | Ibm | SECURITY IN DATA TRANSFER SYSTEMS. |
| DK152239C (en) * | 1983-12-30 | 1988-07-04 | Sp Radio As | PROCEDURE FOR CRYPTOGRAPHIC TRANSFER OF SPEECH SIGNALS AND COMMUNICATION STATION FOR EXERCISING THE PROCEDURE |
| JPS60160491A (en) * | 1984-01-31 | 1985-08-22 | Toshiba Corp | Ic card |
| US4649233A (en) * | 1985-04-11 | 1987-03-10 | International Business Machines Corporation | Method for establishing user authenication with composite session keys among cryptographically communicating nodes |
| GB8524020D0 (en) * | 1985-09-30 | 1985-11-06 | British Telecomm | Electronic funds transfer |
| FR2601795B1 (en) * | 1986-07-17 | 1988-10-07 | Bull Cp8 | METHOD FOR DIVERSIFYING A BASE KEY AND FOR AUTHENTICATING A KEY THUS DIVERSIFIED AS HAVING BEEN PREPARED FROM A PREDETERMINED BASE KEY, AND SYSTEM FOR IMPLEMENTING IT |
| GB8619453D0 (en) * | 1986-08-08 | 1986-09-17 | British Broadcasting Corp | Data encipherment |
| US4916738A (en) * | 1986-11-05 | 1990-04-10 | International Business Machines Corp. | Remote access terminal security |
| ES2051780T3 (en) * | 1987-03-04 | 1994-07-01 | Siemens Nixdorf Inf Syst | CIRCUIT PROVISION TO ENSURE ACCESS TO A DATA PROCESSING SYSTEM WITH THE HELP OF A CHIPS CARD. |
| GB8819767D0 (en) * | 1988-08-19 | 1989-07-05 | Ncr Co | Public key diversification method |
| US4910777A (en) * | 1988-09-20 | 1990-03-20 | At&T Bell Laboratories | Packet switching architecture providing encryption across packets |
| ES2047730T3 (en) * | 1989-03-08 | 1994-03-01 | Siemens Nixdorf Inf Syst | PROCEDURE FOR THE GENERATION OF A RANDOM NUMBER FOR THE CODED TRANSMISSION OF DATA, USING A VARIABLE START VALUE. |
| US5196840A (en) * | 1990-11-05 | 1993-03-23 | International Business Machines Corporation | Secure communications system for remotely located computers |
| JP2901767B2 (en) * | 1991-02-08 | 1999-06-07 | 株式会社東芝 | Cryptographic communication system and portable electronic device |
| US5202921A (en) * | 1991-04-01 | 1993-04-13 | International Business Machines Corporation | Method and apparatus for authenticating users of a communication system to each other |
| EP0537903A2 (en) * | 1991-10-02 | 1993-04-21 | International Business Machines Corporation | Distributed control system |
| NL9101796A (en) * | 1991-10-25 | 1993-05-17 | Nederland Ptt | METHOD FOR AUTHENTICATING COMMUNICATION PARTICIPANTS, METHOD FOR USING THE METHOD AND FIRST COMMUNICATION PARTICIPANT AND SECOND COMMUNICATION PARTICIPANT FOR USE IN THE SYSTEM. |
| US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
| US5396558A (en) * | 1992-09-18 | 1995-03-07 | Nippon Telegraph And Telephone Corporation | Method and apparatus for settlement of accounts by IC cards |
| US5267314A (en) * | 1992-11-17 | 1993-11-30 | Leon Stambler | Secure transaction system and method utilized therein |
| GB2278518B (en) * | 1993-05-14 | 1997-12-10 | Trafford Limited | Encrypted data transfer |
| DE4496863T1 (en) * | 1993-09-14 | 1996-12-05 | Chantilley Corp Ltd | Device for key distribution in an encryption system |
| US5481611A (en) * | 1993-12-09 | 1996-01-02 | Gte Laboratories Incorporated | Method and apparatus for entity authentication |
| US5491749A (en) * | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks |
| US5491750A (en) * | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for three-party entity authentication and key distribution using message authentication codes |
| US5689564A (en) * | 1995-02-13 | 1997-11-18 | Eta Technologies Corporation | Personal access management system |
| US5692049A (en) * | 1995-02-13 | 1997-11-25 | Eta Technologies Corporation | Personal access management system |
| US5619574A (en) * | 1995-02-13 | 1997-04-08 | Eta Technologies Corporation | Personal access management system |
| US5696825A (en) * | 1995-02-13 | 1997-12-09 | Eta Technologies Corporation | Personal access management system |
| US5682428A (en) * | 1995-02-13 | 1997-10-28 | Eta Technologies Corporation | Personal access management system |
| US5778068A (en) * | 1995-02-13 | 1998-07-07 | Eta Technologies Corporation | Personal access management system |
| US5610980A (en) * | 1995-02-13 | 1997-03-11 | Eta Technologies Corporation | Method and apparatus for re-initializing a processing device and a storage device |
| US5694472A (en) * | 1995-02-13 | 1997-12-02 | Eta Technologies Corporation | Personal access management system |
| US5799290A (en) * | 1995-12-27 | 1998-08-25 | Pitney Bowes Inc. | Method and apparatus for securely authorizing performance of a function in a distributed system such as a postage meter |
| US5923762A (en) * | 1995-12-27 | 1999-07-13 | Pitney Bowes Inc. | Method and apparatus for ensuring debiting in a postage meter prior to its printing a postal indicia |
| GB9601924D0 (en) * | 1996-01-31 | 1996-04-03 | Certicom Corp | Transaction verification protocol for smart cards |
| US6041123A (en) * | 1996-07-01 | 2000-03-21 | Allsoft Distributing Incorporated | Centralized secure communications system |
| US5841872A (en) * | 1996-07-01 | 1998-11-24 | Allsoft Distributing Incorporated | Encryption enhancement system |
| US6247129B1 (en) | 1997-03-12 | 2001-06-12 | Visa International Service Association | Secure electronic commerce employing integrated circuit cards |
| JP3864401B2 (en) * | 1997-04-23 | 2006-12-27 | ソニー株式会社 | Authentication system, electronic device, authentication method, and recording medium |
| JP3951464B2 (en) * | 1998-07-28 | 2007-08-01 | 株式会社日立製作所 | Digital signal processor |
| GB2348568A (en) * | 1999-03-31 | 2000-10-04 | Ibm | Enabling conformance to legislative requirements for mobile devices |
| JP4177514B2 (en) * | 1999-04-28 | 2008-11-05 | 株式会社東芝 | Computer system and content protection method |
| DE10164131A1 (en) * | 2001-12-30 | 2003-07-17 | Juergen K Lang | Cryptographic module for the storage and playback of copy and usage protected electronic audio and video media |
| DE10164134A1 (en) * | 2001-12-30 | 2003-07-17 | Juergen K Lang | System for preparing and distributing copyright-protected electronic media in a receiver, involves encoding data for reproduction after applying cryptographic processes. |
| DE10164133A1 (en) * | 2001-12-30 | 2003-07-17 | Juergen K Lang | System for storing and reproducing copyright-/use-protected electronic sound/image media in a receiver encodes data for electronic media subject to cryptographic processes. |
| DE10164135A1 (en) * | 2001-12-30 | 2003-07-17 | Juergen K Lang | Multimedia protection system divides data for part encryption with variable length key |
| DE10352071A1 (en) * | 2003-11-07 | 2005-06-23 | Daimlerchrysler Ag | Method for detecting unauthorized component exchange |
| US7761591B2 (en) | 2005-12-16 | 2010-07-20 | Jean A. Graham | Central work-product management system for coordinated collaboration with remote users |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4193131A (en) * | 1977-12-05 | 1980-03-11 | International Business Machines Corporation | Cryptographic verification of operational keys used in communication networks |
| US4206315A (en) * | 1978-01-04 | 1980-06-03 | International Business Machines Corporation | Digital signature system and apparatus |
| US4408203A (en) * | 1978-01-09 | 1983-10-04 | Mastercard International, Inc. | Security system for electronic funds transfer system |
| US4186871A (en) * | 1978-03-01 | 1980-02-05 | International Business Machines Corporation | Transaction execution system with secure encryption key storage and communications |
| GB2020513B (en) * | 1978-05-03 | 1982-12-22 | Atalla Technovations | Method and apparatus for securing data transmissions |
| US4288659A (en) * | 1979-05-21 | 1981-09-08 | Atalla Technovations | Method and means for securing the distribution of encoding keys |
| US4264782A (en) * | 1979-06-29 | 1981-04-28 | International Business Machines Corporation | Method and apparatus for transaction and identity verification |
| FR2469760A1 (en) * | 1979-11-09 | 1981-05-22 | Cii Honeywell Bull | METHOD AND SYSTEM FOR IDENTIFYING PEOPLE REQUESTING ACCESS TO CERTAIN MEDIA |
| US4302810A (en) * | 1979-12-28 | 1981-11-24 | International Business Machines Corporation | Method and apparatus for secure message transmission for use in electronic funds transfer systems |
| US4326098A (en) * | 1980-07-02 | 1982-04-20 | International Business Machines Corporation | High security system for electronic signature verification |
| US4393269A (en) * | 1981-01-29 | 1983-07-12 | International Business Machines Corporation | Method and apparatus incorporating a one-way sequence for transaction and identity verification |
| DE3123168C1 (en) * | 1981-06-11 | 1982-11-04 | Siemens AG, 1000 Berlin und 8000 München | Key transfer procedure |
| US4423287A (en) * | 1981-06-26 | 1983-12-27 | Visa U.S.A., Inc. | End-to-end encryption system and method of operation |
| US4652698A (en) * | 1984-08-13 | 1987-03-24 | Ncr Corporation | Method and system for providing system security in a remote terminal environment |
| US4649233A (en) * | 1985-04-11 | 1987-03-10 | International Business Machines Corporation | Method for establishing user authenication with composite session keys among cryptographically communicating nodes |
-
1981
- 1981-04-08 SE SE8102268A patent/SE426128B/en not_active IP Right Cessation
-
1982
- 1982-03-31 CA CA000400150A patent/CA1191916A/en not_active Expired
- 1982-04-05 US US06/365,711 patent/US4720859A/en not_active Expired - Lifetime
- 1982-04-07 DE DE8282200425T patent/DE3274043D1/en not_active Expired
- 1982-04-07 EP EP82200425A patent/EP0064779B1/en not_active Expired
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4799061A (en) * | 1985-11-18 | 1989-01-17 | International Business Machines Corporation | Secure component authentication system |
Also Published As
| Publication number | Publication date |
|---|---|
| EP0064779B1 (en) | 1986-10-29 |
| DE3274043D1 (en) | 1986-12-04 |
| SE8102268L (en) | 1982-10-09 |
| EP0064779A3 (en) | 1984-07-25 |
| SE426128B (en) | 1982-12-06 |
| US4720859A (en) | 1988-01-19 |
| EP0064779A2 (en) | 1982-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1191916A (en) | Method and system for the mutual encyphered identification between data communicating stations and stations for use with such method and system | |
| US5371796A (en) | Data communication system | |
| US5029208A (en) | Cipher-key distribution system | |
| US4310720A (en) | Computer accessing system | |
| US5317636A (en) | Method and apparatus for securing credit card transactions | |
| EP0687087B1 (en) | Secure data transmission method | |
| EP0186981B1 (en) | Security module for an electronic funds transfer system | |
| Simmons | A survey of information authentication | |
| US5446796A (en) | Method and apparatus for settlement of accounts by IC cards | |
| US5351294A (en) | Limited broadcast system | |
| JPS6049471A (en) | System of verification between card leader and pay card exchange data | |
| US6529886B1 (en) | Authenticating method for an access and/or payment control system | |
| EP0818757A2 (en) | Universal Authentication device for use over telephone lines | |
| WO1998007255A1 (en) | Pocket encrypting and authenticating communications device | |
| JP2000516734A (en) | Certainty certification system | |
| AU7560298A (en) | Electronic transaction | |
| IL94633A (en) | System for transferring key encrypted data between computers | |
| EP0781427B1 (en) | Secure computer network | |
| EP0225010A1 (en) | A terminal for a system requiring secure access | |
| CA1226635A (en) | Generation of identification keys | |
| US6163612A (en) | Coding device, decoding device and IC circuit | |
| CA1255769A (en) | Secured message transfer system and method using updated session code | |
| US7188361B1 (en) | Method of transmitting signals | |
| EP0849713A1 (en) | A method and a system for the encryption of codes | |
| WO1999046881A1 (en) | Transaction card security system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEX | Expiry |