CA2390239C - Centralised cryptographic system and method with high cryptographic rate - Google Patents
Centralised cryptographic system and method with high cryptographic rate Download PDFInfo
- Publication number
- CA2390239C CA2390239C CA002390239A CA2390239A CA2390239C CA 2390239 C CA2390239 C CA 2390239C CA 002390239 A CA002390239 A CA 002390239A CA 2390239 A CA2390239 A CA 2390239A CA 2390239 C CA2390239 C CA 2390239C
- Authority
- CA
- Canada
- Prior art keywords
- cryptographic
- units
- pim
- security
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/4424—Monitoring of the internal components or processes of the client device, e.g. CPU or memory load, processing speed, timer, counter or percentage of the hard disk space used
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
- G06Q20/123—Shopping for digital content
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
- G06Q20/127—Shopping or accessing services according to a time-limitation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/14—Payment architectures specially adapted for billing systems
- G06Q20/145—Payments according to the detected use or quantity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F17/00—Coin-freed apparatus for hiring articles; Coin-freed facilities or services
- G07F17/0014—Coin-freed apparatus for hiring articles; Coin-freed facilities or services for vending, access and use of specific services not covered anywhere else in G07F17/00
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42607—Internal components of the client ; Characteristics thereof for processing the incoming bitstream
- H04N21/42623—Internal components of the client ; Characteristics thereof for processing the incoming bitstream involving specific decryption arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42684—Client identification by a unique number or address, e.g. serial number, MAC address, socket ID
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43607—Interfacing a plurality of external cards, e.g. through a DVB Common Interface [DVB-CI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
- Exchange Systems With Centralized Control (AREA)
Abstract
In a service system distributed as, for example, pay-television, the information exchanged between the operating centre and the user modules uses cryptographic means to guarantee the authenticity and confidentiality of the data. The code processing needs of the operating centre are substantial. For this reason a cryptographic system is proposed that has modularity and security for the cryptographic operations by means of monolithic security units in the form of smart cards.
Description
CENTRALISED CRYPTOGRAPHIC SYSTEM AND METHOD WITH HIGH
CRY_PTOGRAPHIC RATE
Field of the Invention This invention concerns a centralised cryptographic procedure and system, particularly intended for applications that need high flux cryptographic.
Related Art In a service system distributed as, for example, pay-television, payment by credit card or by means of Internet, the information exchanged between the operating centre and the user modules uses cryptographic means to guarantee the authenticity and confidentiality of the data.
Depending on the type of application, the number of user modules can be high, and each of these modules sends the information by means of a concentrator to one or several operating centres in charge of authentifying and carrying out the transactions.
These operations are based on encrypted communications and need cryptographic means, on the one hand for the user modules and on the other hand for the operating centre. It can easily be imagined that if a great number of user modules have to be processed, the cryptographic means of the operating centre will have to be very powerful, while those of the user modules, being particular of each user, do not have the same needs.
For this reason, while a processor contained in a smart card is capable of processing these data at the user module level, powerful computers have to be installed at the operating centre.
A fundamental point concerns the cryptographic keys. At the operating centre the cryptographic operations take place in a specialised cryptographic module, where particular attention is paid to security. These modules consist of a high capacity processor, which carries out the cryptographic operations, and a memory that contains the keys. For security reasons, these modules are either situated in a protected enclosure, such as a safe or a closed room, or they are encapsulated in a box, which, if opened by whatever means, will erase the sensitive data.
Although these measures have undeniable qualities, these modules suffer weaknesses in their electronic structure, and can be vulnerable to an operator with bad intentions. In fact, the employee who has the key to the door of the room where the cryptographic modules are situated can easily gain access to the memory where the cryptographic keys are stored. Such a damage can be catastrophic for the system's security and for the credibility of the supplier of the service.
Furthermore, although these cryptographic modules have a great processing capacity, they are not flexible when higher capacities are needed. For example, a 10% power increase involves the doubling of the cryptographic module, which in fact means increasing the capacity by 100%. Another aspect concerns the updating of these modules, which is difficult for a card especially developed for this purpose.
It is known to use more than one smart card for the decoding operations in the subscriber module, and this configuration is described in WO 96/07267.
However, the presence of these multiple cards on the receiver's side is due to the fact that it is necessary to decode several sources using different keys, even different cryptographic functions. The presence of these cards does not solve the problem of processing an important flux of data, it only ensures the compatibility with various standards.
Summary of the Invention This invention intends to solve the problem of finding a cryptographic module that offers high security against intrusion, both at the physical and logical level, a great flexibility depending on the cryptographic flux necessities, and that allows an easy updating.
This objective is totally achieved by a centralised cryptographic system, comprising a control module and at least one cryptographic module, characterised in that each cryptographic module comprises one or several interface modules on which are one or several monolithic security units.
A monolithic security unit is a unit that includes all the necessary elements for the cryptographic operations located on a single support in order to ensure security.
They generally consist of a single electronic smart card that has a mechanical or electronic anti-intrusion protection. However, other structures consisting of, for example, two electronic chips are also included in the denomination "monolithic" as long as they are intimately linked and supplied by the distributors as a single element.
^
CRY_PTOGRAPHIC RATE
Field of the Invention This invention concerns a centralised cryptographic procedure and system, particularly intended for applications that need high flux cryptographic.
Related Art In a service system distributed as, for example, pay-television, payment by credit card or by means of Internet, the information exchanged between the operating centre and the user modules uses cryptographic means to guarantee the authenticity and confidentiality of the data.
Depending on the type of application, the number of user modules can be high, and each of these modules sends the information by means of a concentrator to one or several operating centres in charge of authentifying and carrying out the transactions.
These operations are based on encrypted communications and need cryptographic means, on the one hand for the user modules and on the other hand for the operating centre. It can easily be imagined that if a great number of user modules have to be processed, the cryptographic means of the operating centre will have to be very powerful, while those of the user modules, being particular of each user, do not have the same needs.
For this reason, while a processor contained in a smart card is capable of processing these data at the user module level, powerful computers have to be installed at the operating centre.
A fundamental point concerns the cryptographic keys. At the operating centre the cryptographic operations take place in a specialised cryptographic module, where particular attention is paid to security. These modules consist of a high capacity processor, which carries out the cryptographic operations, and a memory that contains the keys. For security reasons, these modules are either situated in a protected enclosure, such as a safe or a closed room, or they are encapsulated in a box, which, if opened by whatever means, will erase the sensitive data.
Although these measures have undeniable qualities, these modules suffer weaknesses in their electronic structure, and can be vulnerable to an operator with bad intentions. In fact, the employee who has the key to the door of the room where the cryptographic modules are situated can easily gain access to the memory where the cryptographic keys are stored. Such a damage can be catastrophic for the system's security and for the credibility of the supplier of the service.
Furthermore, although these cryptographic modules have a great processing capacity, they are not flexible when higher capacities are needed. For example, a 10% power increase involves the doubling of the cryptographic module, which in fact means increasing the capacity by 100%. Another aspect concerns the updating of these modules, which is difficult for a card especially developed for this purpose.
It is known to use more than one smart card for the decoding operations in the subscriber module, and this configuration is described in WO 96/07267.
However, the presence of these multiple cards on the receiver's side is due to the fact that it is necessary to decode several sources using different keys, even different cryptographic functions. The presence of these cards does not solve the problem of processing an important flux of data, it only ensures the compatibility with various standards.
Summary of the Invention This invention intends to solve the problem of finding a cryptographic module that offers high security against intrusion, both at the physical and logical level, a great flexibility depending on the cryptographic flux necessities, and that allows an easy updating.
This objective is totally achieved by a centralised cryptographic system, comprising a control module and at least one cryptographic module, characterised in that each cryptographic module comprises one or several interface modules on which are one or several monolithic security units.
A monolithic security unit is a unit that includes all the necessary elements for the cryptographic operations located on a single support in order to ensure security.
They generally consist of a single electronic smart card that has a mechanical or electronic anti-intrusion protection. However, other structures consisting of, for example, two electronic chips are also included in the denomination "monolithic" as long as they are intimately linked and supplied by the distributors as a single element.
^
According to the invention, the cryptographic module comprises a first control module in charge of administrating the entry/exit of the data to be processed. It allows to determine the cryptographic flux that is desirable and knows the cryptographic capabilities that are available. This control module can be material or logical. It has one or several interface modules on which are monolithic security units in order to process the data. Each of these units consist of a cryptographic calculating unit, a memory containing at least a part of the cryptographic keys and means to communicate with the interface module. The keys appear decoded only in the security units, which have, as indicated previously, a high level of security.
This level is achieved by the fact that they consist of a single standardised card designed for this purpose. Their structures do not allow them to achieve high processing capacities. For this reason the increase in cryptographic flux is ensured by using a great number of these units. The more the necessary flux of the cryptographic system increases, the more the number of these working units will increase.
This configuration allows to ensure a great flexibility as to the cryptographic flux of the system by adding security units depending on the needs. This configuration allows to attend the demand by adding the necessary security units.
According to one embodiment, the monolithic security units are set on the interface modules in an removable way. This allows an easy updating of the latter, as technology progresses rapidly. Another advantage of this solution is their cost, because these security units are manufactured in large quantities and thus have attractive prices.
According to one embodiment, the security units are smart cards following the norms ISO 7816.
The present invention includes also a method of centralised cryptographic processing of data consisting in transmitting the data to be processed to a cryptographic module, said module comprising one or several interface modules and transmitting the data by means of said interface modules to one or several monolithic security modules in charge of the cryptographic operations according to the flux of the data. .
According to this method, the number of security units in service depend on the flux of the data required to the cryptographic module. In fact, because each unit has not enough power to process a great number of cryptographic operations in a short time it is necessary to use several security units. The control module and the interface module allow the parallel processing of the resources of the security units.
One of the functions of the interface module is the administration of the resources that are further available. The interface module carries out in an initialisation phase the inventory of the security units that are attached to it, as well as their characteristics. This resource file will be able to direct the requests according to the characteristics of these units.
According to another embodiment of the invention, this method consists in executing the same cryptographic operations by means of several security units and comparing the various results. If the results are different, the control module sends an error message to the console. This console can react in different ways, for example, establishing which of the security units is responsible of the error, by using either a reference security unit or several security units and detecting which unit sends a different result.
The result of this test will be notified to the resource list so that the defective unit or units are not used any more.
In the hypothetical case that the error is not in one of the security units but concerns all the units of a same interface module, the parallel cryptographic operations are executed by two security units situated in two different interface modules. In fact, some parameters are stored on the interface module, and their modification can produce a malfunction of all the security units.
In order to ensure a good functioning of the various modules, it is possible to execute test operations on the security units that are not being used. These tests can be carried out with reference data of which the result is known in advance, or they can be executed by testing in parallel several modules with randomly generated data and comparing the results.
Brief Description of the Drawings The invention will be better understood with the following detailed description that makes reference to the annexed figures, which are given as a non-limiting example, in which:
This level is achieved by the fact that they consist of a single standardised card designed for this purpose. Their structures do not allow them to achieve high processing capacities. For this reason the increase in cryptographic flux is ensured by using a great number of these units. The more the necessary flux of the cryptographic system increases, the more the number of these working units will increase.
This configuration allows to ensure a great flexibility as to the cryptographic flux of the system by adding security units depending on the needs. This configuration allows to attend the demand by adding the necessary security units.
According to one embodiment, the monolithic security units are set on the interface modules in an removable way. This allows an easy updating of the latter, as technology progresses rapidly. Another advantage of this solution is their cost, because these security units are manufactured in large quantities and thus have attractive prices.
According to one embodiment, the security units are smart cards following the norms ISO 7816.
The present invention includes also a method of centralised cryptographic processing of data consisting in transmitting the data to be processed to a cryptographic module, said module comprising one or several interface modules and transmitting the data by means of said interface modules to one or several monolithic security modules in charge of the cryptographic operations according to the flux of the data. .
According to this method, the number of security units in service depend on the flux of the data required to the cryptographic module. In fact, because each unit has not enough power to process a great number of cryptographic operations in a short time it is necessary to use several security units. The control module and the interface module allow the parallel processing of the resources of the security units.
One of the functions of the interface module is the administration of the resources that are further available. The interface module carries out in an initialisation phase the inventory of the security units that are attached to it, as well as their characteristics. This resource file will be able to direct the requests according to the characteristics of these units.
According to another embodiment of the invention, this method consists in executing the same cryptographic operations by means of several security units and comparing the various results. If the results are different, the control module sends an error message to the console. This console can react in different ways, for example, establishing which of the security units is responsible of the error, by using either a reference security unit or several security units and detecting which unit sends a different result.
The result of this test will be notified to the resource list so that the defective unit or units are not used any more.
In the hypothetical case that the error is not in one of the security units but concerns all the units of a same interface module, the parallel cryptographic operations are executed by two security units situated in two different interface modules. In fact, some parameters are stored on the interface module, and their modification can produce a malfunction of all the security units.
In order to ensure a good functioning of the various modules, it is possible to execute test operations on the security units that are not being used. These tests can be carried out with reference data of which the result is known in advance, or they can be executed by testing in parallel several modules with randomly generated data and comparing the results.
Brief Description of the Drawings The invention will be better understood with the following detailed description that makes reference to the annexed figures, which are given as a non-limiting example, in which:
- Figure 1 represents a centralised cryptographic system according to the state of the art;
- Figure 2 represents a cryptographic system according to the invention;
Detailed Description of the Preferred Embodiments In Figure 1 are represented diagrammatically the various blocks of the system that is responsible for the encryption in the operating centre. The data to be encrypted are on the bus, which communicates the various information that are necessary for the functioning of the operating centre. When such an operation is required by the operating centre, the specialised cryptographic system is used, which is represented here by the control module block CM and the cryptographic module block EM. The mission of the control module CM is to filter the access to the cryptographic module EM, that is to say, it offers protection against attacks coming from the exterior by means of the communication bus. It is not conceived to resist a local attack, be it physical or "programming", for example, of the operator.
This control module CM, after having filtered the data, sends them to the cryptographic module EM to be processed. As mentioned above, it has powerful cryptographic means in order to satisfy the high flux of the central bus. To achieve this, it has clear readable keys in its memory. In this example, the module is situated in a physically protected enclosure in order to prevent any non-authorised person from taking out the keys or from modifying the software in his/her own benefit.
In Figure 2 the architecture of the system according to the invention is represented.
We find again the control module CM that works as a software filter against external damage. As indicated in Figure 2, this module communicates with several interface modules IM. These modules have a software protection, that is to say, a certain number of operations (for example, the reading) are simply not possible. These modules, on the other hand, are not physically protected. This function is left to the security units PIM. Each interface module IM has a certain number of these PIM
units in order to increase the cryptographic flux.
Another task of this CM module is to direct the requests coming from the central bus towards the security units. When the desired operation is finished (for example, the coding) the result is transmitted to the CM module, which informs the entity that has required this operation. In order to ensure the distribution of the requests, the CM
^
- Figure 2 represents a cryptographic system according to the invention;
Detailed Description of the Preferred Embodiments In Figure 1 are represented diagrammatically the various blocks of the system that is responsible for the encryption in the operating centre. The data to be encrypted are on the bus, which communicates the various information that are necessary for the functioning of the operating centre. When such an operation is required by the operating centre, the specialised cryptographic system is used, which is represented here by the control module block CM and the cryptographic module block EM. The mission of the control module CM is to filter the access to the cryptographic module EM, that is to say, it offers protection against attacks coming from the exterior by means of the communication bus. It is not conceived to resist a local attack, be it physical or "programming", for example, of the operator.
This control module CM, after having filtered the data, sends them to the cryptographic module EM to be processed. As mentioned above, it has powerful cryptographic means in order to satisfy the high flux of the central bus. To achieve this, it has clear readable keys in its memory. In this example, the module is situated in a physically protected enclosure in order to prevent any non-authorised person from taking out the keys or from modifying the software in his/her own benefit.
In Figure 2 the architecture of the system according to the invention is represented.
We find again the control module CM that works as a software filter against external damage. As indicated in Figure 2, this module communicates with several interface modules IM. These modules have a software protection, that is to say, a certain number of operations (for example, the reading) are simply not possible. These modules, on the other hand, are not physically protected. This function is left to the security units PIM. Each interface module IM has a certain number of these PIM
units in order to increase the cryptographic flux.
Another task of this CM module is to direct the requests coming from the central bus towards the security units. When the desired operation is finished (for example, the coding) the result is transmitted to the CM module, which informs the entity that has required this operation. In order to ensure the distribution of the requests, the CM
^
module has a list of the available resources. When an error has been detected, the unit that is responsible for the error is disabled in the resource list.
It is not necessary that all the security units be of the same type. Some may have a cryptographic calculation unit based on a different algorithm than the other units. In this example, some units have, for example, a unit of the type RSA; others have a unit of the type DES or IDEA.
These information are contained in the resource list stored in the CM module.
This module directs the requests depending on the availability and the capability of the security units.
According to another embodiment, the interface modules are cards of the PCI
type and the security units are smart cards of the ISO 7816 type.
Although this invention concerns in the first place the coding of data, the architecture described above is equally applicable to the decoding of a flux of data. In fact, it is possible that during an emission purchase many users accede the operating centre, generating in this way an important flux to be decoded. The security units are then used for data decoding operations.
It is not necessary that all the security units be of the same type. Some may have a cryptographic calculation unit based on a different algorithm than the other units. In this example, some units have, for example, a unit of the type RSA; others have a unit of the type DES or IDEA.
These information are contained in the resource list stored in the CM module.
This module directs the requests depending on the availability and the capability of the security units.
According to another embodiment, the interface modules are cards of the PCI
type and the security units are smart cards of the ISO 7816 type.
Although this invention concerns in the first place the coding of data, the architecture described above is equally applicable to the decoding of a flux of data. In fact, it is possible that during an emission purchase many users accede the operating centre, generating in this way an important flux to be decoded. The security units are then used for data decoding operations.
Claims (13)
1. A centralised high cryptographic system in an operating centre and managing data to be transmitted to a plurality of user modules, comprising a control module (CM) and at least one cryptographic module (EM), characterised in that the control module comprises means for determining a required cryptographic rate and for knowing available cryptographic resources, and in that each cryptographic module comprises at least one or several interface module (IM) on which are connected in parallel a plurality of monolithic security units (PIM), these units being part of said cryptographic systems.
2. A system according to claim 1, characterised in that the security unit (PIM) comprises at least one calculation unit for cryptographic functions, a memory containing cryptographic keys, and communication means to the interface module.
3. A system according to any one of claims 1 or 2, characterised in that the security unit (PIM) is set in a removable way on the interface module (IM).
4. A system according to any one of claims 1 to 3, characterised in that the security unit (PIM) is in the form of a smart card.
5. A system according to claim 4, characterised in that said smart card follows the norms ISO 7816.
6. A system according to any one of claims 1 to 5, characterised in that the monolithic security units (PIM) have cryptographic calculation units of a different type, such as RSA, DES, T-DES, or IDEA.
7. A system according to any one of claims 1 to 6, characterised in that the control module (CM) has a resource list of the monolithic units comprising the available number, their state, their version, and their cryptographic capability.
8. A centralised method of encryption/decryption method of data transmitted between an operating centre and a plurality of user modules, comprising:
transmitting, by the operating centre, data to be encrypted or decrypted to a control module (CM) placed in a cryptographic module (EM) of said operating center, determining a required cryptographic rate and knowing available cryptographic resources, transmitting by means of an interface modules (IM), the data to be encrypted or decrypted to a plurality of monolithic security units (PIM) connected in parallel to said interface module, the security units for cryptographic operations depending on the rate of the data.
transmitting, by the operating centre, data to be encrypted or decrypted to a control module (CM) placed in a cryptographic module (EM) of said operating center, determining a required cryptographic rate and knowing available cryptographic resources, transmitting by means of an interface modules (IM), the data to be encrypted or decrypted to a plurality of monolithic security units (PIM) connected in parallel to said interface module, the security units for cryptographic operations depending on the rate of the data.
9. The method according to claim 8, for transmitting to several security units (PIM) same data to be processed, comparing data when returning from the security units (PIM), and informing an external entity if their values differ.
10. The method according to claim 9, for transmitting the data to be processed to security units (PIM) connected to different interface modules (IM).
11. The method according to claim 8, for carrying out test operations on one or several security units that are not currently in use and comparing results with a reference result.
12. The method according to claim 8, for carrying out cryptographic test operations on at least three security units (PIM) that are not currently in use and comparing results in order to determine if these units (PIM) are operative.
13. The method according to any one of claims 8 to 12, for administrating the security units (PIM) based on a resource list in the control module (CM) and comprising a number of available units, their state, their version, and their cryptographic capacity.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CH2045/99 | 1999-11-08 | ||
| CH204599 | 1999-11-08 | ||
| PCT/IB2000/001589 WO2001035659A1 (en) | 1999-11-08 | 2000-11-02 | Centralised cryptographic system and method with high cryptographic rate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2390239A1 CA2390239A1 (en) | 2001-05-17 |
| CA2390239C true CA2390239C (en) | 2009-06-30 |
Family
ID=4224654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002390239A Expired - Lifetime CA2390239C (en) | 1999-11-08 | 2000-11-02 | Centralised cryptographic system and method with high cryptographic rate |
Country Status (28)
| Country | Link |
|---|---|
| EP (1) | EP1228642B1 (en) |
| JP (1) | JP2003514461A (en) |
| KR (1) | KR100740737B1 (en) |
| CN (1) | CN1214639C (en) |
| AP (1) | AP2002002502A0 (en) |
| AR (1) | AR026368A1 (en) |
| AT (1) | ATE306788T1 (en) |
| AU (1) | AU777158B2 (en) |
| BR (1) | BR0015408B1 (en) |
| CA (1) | CA2390239C (en) |
| CO (1) | CO5300378A1 (en) |
| CZ (1) | CZ20021513A3 (en) |
| DE (1) | DE60023170T2 (en) |
| DZ (1) | DZ3242A1 (en) |
| EA (1) | EA004077B1 (en) |
| ES (1) | ES2250199T3 (en) |
| HK (1) | HK1050447A1 (en) |
| IL (2) | IL149303A0 (en) |
| MA (1) | MA25503A1 (en) |
| MX (1) | MXPA02004517A (en) |
| MY (1) | MY128057A (en) |
| OA (1) | OA12581A (en) |
| PL (1) | PL199982B1 (en) |
| SI (1) | SI1228642T1 (en) |
| TR (1) | TR200201242T2 (en) |
| TW (1) | TW480886B (en) |
| WO (1) | WO2001035659A1 (en) |
| ZA (1) | ZA200202938B (en) |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| MY125706A (en) * | 1994-08-19 | 2006-08-30 | Thomson Consumer Electronics | High speed signal processing smart card |
-
2000
- 2000-10-20 TW TW089122125A patent/TW480886B/en not_active IP Right Cessation
- 2000-11-02 EP EP00969758A patent/EP1228642B1/en not_active Expired - Lifetime
- 2000-11-02 CA CA002390239A patent/CA2390239C/en not_active Expired - Lifetime
- 2000-11-02 CN CNB008151768A patent/CN1214639C/en not_active Expired - Lifetime
- 2000-11-02 TR TR2002/01242T patent/TR200201242T2/en unknown
- 2000-11-02 AT AT00969758T patent/ATE306788T1/en not_active IP Right Cessation
- 2000-11-02 WO PCT/IB2000/001589 patent/WO2001035659A1/en active IP Right Grant
- 2000-11-02 MX MXPA02004517A patent/MXPA02004517A/en active IP Right Grant
- 2000-11-02 IL IL14930300A patent/IL149303A0/en active IP Right Grant
- 2000-11-02 AP APAP/P/2002/002502A patent/AP2002002502A0/en unknown
- 2000-11-02 OA OA1200200111A patent/OA12581A/en unknown
- 2000-11-02 PL PL355575A patent/PL199982B1/en unknown
- 2000-11-02 CZ CZ20021513A patent/CZ20021513A3/en unknown
- 2000-11-02 ES ES00969758T patent/ES2250199T3/en not_active Expired - Lifetime
- 2000-11-02 DZ DZ003242A patent/DZ3242A1/en active
- 2000-11-02 BR BRPI0015408-3A patent/BR0015408B1/en active IP Right Grant
- 2000-11-02 SI SI200030767T patent/SI1228642T1/en unknown
- 2000-11-02 AU AU79404/00A patent/AU777158B2/en not_active Expired
- 2000-11-02 KR KR1020027005915A patent/KR100740737B1/en active IP Right Grant
- 2000-11-02 JP JP2001537276A patent/JP2003514461A/en not_active Withdrawn
- 2000-11-02 EA EA200200408A patent/EA004077B1/en not_active IP Right Cessation
- 2000-11-02 DE DE60023170T patent/DE60023170T2/en not_active Expired - Lifetime
- 2000-11-06 AR ARP000105835A patent/AR026368A1/en active IP Right Grant
- 2000-11-06 MY MYPI20005187A patent/MY128057A/en unknown
- 2000-11-08 CO CO00084953A patent/CO5300378A1/en not_active Application Discontinuation
-
2002
- 2002-04-12 MA MA26596A patent/MA25503A1/en unknown
- 2002-04-15 ZA ZA200202938A patent/ZA200202938B/en unknown
- 2002-04-23 IL IL149303A patent/IL149303A/en unknown
-
2003
- 2003-04-10 HK HK03102585A patent/HK1050447A1/en not_active IP Right Cessation
Also Published As
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5048085A (en) | Transaction system security method and apparatus | |
| US5148481A (en) | Transaction system security method and apparatus | |
| EP0981807B1 (en) | Integrated circuit card with application history list | |
| CN101506815B (en) | Bi-processor architecture for secure systems | |
| CN100363855C (en) | Key storage administration | |
| US5781723A (en) | System and method for self-identifying a portable information device to a computing unit | |
| US7730311B2 (en) | Key transformation unit for a tamper resistant module | |
| EP1703406B1 (en) | Data communicating apparatus and method for managing memory of data communicating apparatus | |
| US20100330958A1 (en) | Mobile communication device and method for disabling applications | |
| IE980328A1 (en) | Method for controlling access to electronically provided services and system for implementing such method | |
| RU2573211C2 (en) | Execution method and universal electronic card and smart card system | |
| CA2390239C (en) | Centralised cryptographic system and method with high cryptographic rate | |
| US7925892B2 (en) | Method to grant modification rights for a smart card | |
| JP2877316B2 (en) | Transaction processing equipment | |
| CN118153126B (en) | RFID smart card information interaction method, device and system with privacy protection | |
| KR100198825B1 (en) | Electronic money-bag terminal | |
| Yashiro et al. | T-Kernel/SS: a secure filesystem with access control protection using tamper-resistant chip | |
| Karppinen | Attacks related to the smart card used in electronic payment and cash cards | |
| Chaumette et al. | Extended secure memory for a java card in the context of the java card grid project | |
| KR20030067147A (en) | Complex smart card and system and method for processing the card | |
| GB2368948A (en) | Smart card authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKEX | Expiry |
Effective date: 20201102 |
|
| MKEX | Expiry |
Effective date: 20201102 |