DE102009032070A1 - System and procedure for the delivery of data-transmission-related data - Google Patents

Abstract

The present invention is concerned with a system and method (delivery service) for mail sent electronically by remote data transmission from external computers (outgoing computers) for identified customers, based on computer systems of the delivery service that can be addressed by DÜF and computer systems that can be addressed by DÜF, which as Intermediate storage functions (trust center) in such a way that for any data from the outgoing computer (correspondence objects) · (a) a secure and authentic generation of defined printed pieces and associated letters is enabled, which can then be physically delivered, or · (b) a secure and Authentic delivery of the correspondence objects for identified customers to external computers (target computers) via DÜF, whereby in case (a) the entire process up to the writing of the letter can be automated or in case (b) the entire process up to data acquisition on the respective target computer. The EDI delivery can be carried out so securely by suitable initialization with so-called base values that it is impossible to obtain the correspondence object even if a third party receives all data transmitted via EDI and has a quantum computer.

Description

The The present invention is concerned with a system and method for the Secure and authentic delivery of data sent by remote data transmission were made, in particular with the delivery, again via dial-up (Variant EDI delivery) can or alternatively by generating defined plungers and associated Letters (variant letter delivery).

such Procedures and systems are in outline or partial aspects in the state known in the art or are discussed in professional circles. They have but the disadvantage that they are not safe or not future-proof and are not authentic.

Therefore It is an object of the present invention, a method and a to provide a system oriented according to this method through technical measures On the one hand the highly secure and authentic external lettering position allows (on-site expression) - and so on Saves time and costs - and on the other hand a completely secure and authentic dial-up delivery, leaving an attack over the process itself impossible is.

One Attack over the dial-up delivery procedure So is z. B. even then impossible if a third party (a) receives all information that communicates via dial-up and (b) that third party has a quantum computer. Also a change the legal position, if necessary subsequently the disclosure of the data-communication data enforces, so does not help, d. H. The solution is also in every way future-proof. However, abuse is not possible because customers are identified have to be.

These Asked object is achieved with the characterizing features of the main claims.

The System supports can be addressed by dial-up Computer systems (called services) accepting mail or process and addressable via dial-up Computer systems that act as temporary storage (Trustcenter called).

The method according to the invention for letter delivery, after the system works advantageously, is characterized in that
in a first main process, an external computer (outbound computer) with an arbitrary correspondence object K and a customer number N1
(Kryptonization 1) K via a ONE-TIME-PAD (OTP) method by key generation and OTP encryption kryptonisiert as sizes K1, K2, so that K can be obtained by OTP decryption from K1, K2 and
(Kryptonisierung2) arbitrarily sizes K1 *, K2 * calculated, which allow a recalculation of K1, K2 or K1 * = K1 and K2 * = K2 sets and
(Reference formation) for K1 a customer-suitable reference R determined and
(Order specification) specifies a delivery order A, which identifies at least the addressee via a customer number N2 or via letter minimum information allows a letter delivery, and
(Placing of order) by means of EDI (outgoing mail1) at least R, K1 * deposited in trust centers and sent via EDI (outgoing mail2) at least R, A, K2 * to departments (acceptance offices);
finally, in a second main process, an acceptance office or another service that has received the minimum data of the outgoing mail2 by way of EDI (clearing department),
(Picking up) the missing crypto-component K1 * via DTP via a trustcenter-request,
(Decryptonization1) if necessary K1, K2 calculated via K1 *, K2 *,
(Dekryptonization2) K calculated by OTP decryption from K1, K2,
(Brieferstellung) via correspondence object and delivery order at least one letter generated automatically and
(Letter mail) gives up the letter or provides him for the task.

The method according to the invention for the EDI delivery, after the system works advantageously, is characterized in that
in the first main process, an external computer (outbound computer) with an arbitrary correspondence object K and a customer number N1
(Kryptonization1) K via a ONE-TIME-PAD (OTP) method by single or multiple key generation and single or multiple OTP encryption of K kryptonisiert as sizes K1, K2, ..., so that K by OTP Decryption from K1, K2, ... can be calculated,
(Kryptonization2) arbitrarily calculates a list of quantities K1 *, K2 *, ..., which allow a retroactive calculation of K1, K2, ... or sets K1 * = K1, K2 * = K2, ....
(Reference formation) for K1 determines a customer-appropriate reference R,
(Order specification) specifies a delivery order A that identifies at least the addressee via a customer number N2 or EDI address,
(Order placement) at least R, K1 * stored in trust centers by means of EDI (outgoing mail1) and sent at least R, A, K2 * to departments (acceptance offices) by means of EDI, and if crypto components K3 *, ... were formed by EDI ( Ausgangspost3) transmits at least these crypto components to any external computer (Zielrechner1); and
that then, in a second main process, an acceptance office or another service, which has received the minimum data of the outgoing mail2 by way of EDI (clearing department),
(Activation1) determines release parameters via an automatable dial-up question-and-answer dialog with external computers (target computer2a) if necessary, which were identified by the delivery order,
(Activation2) if necessary releases the K1 * stored in a trust center by pick-up for pick-up,
(Delivery) sends at least R and K2 * via remote data transmission to target computer 2a or to external computers (Zielrechner2b), which were identified by the delivery order or by the activation 1; and
Finally, in a third main process, an external computer (Zielrechner3), which has received the minimum data of the delivery and possibly the minimum data of the Ausgangspost3 by remote data transmission - whereby the target computers do not have to be different -
(Pickup) procured the missing cryptocomponent K1 * by dial-up via a trustcenter request, as well
(Decryptonization1) if necessary K1, K2, ... calculated via K1 *, K2 *, ...,
(Dekryptonization2) K calculated by OTP decryption from K1, K2, ....

in the The following are the two variants (delivery method) closer to drawings explained. It shows

1 : a complete execution of the letter delivery;

2 : A Complete Execution of Dial-Up Delivery.

• • (Kryptonisierung1) K über ein ONE-TIME-PAD(OTP)-Verfahren (siehe Erläuterung unten zu den OTP-Verfahren bzw. die OTP-Artikel in der wikipedia) durch Schlüsselgenerierung und OTP-Verschlüsselung als Größen K1, K2 kryptonisiert, so dass K durch OTP-Entschlüsselung aus K1, K2 gewonnen werden kann,
• • (Kryptonisierung2) beliebig Größen K1*, K2* berechnet, die eine Rückrechnung von K1, K2 erlauben (zum „warum”: siehe Erläuterung unten) bzw. K1* = K1 und K2* = K2 setzt,
• • (Referenzbildung) für K1 eine kundenübergreifend eindeutige Referenz R bestimmt (z. B. über N1, Ausgangsrechnernummer, und eine laufende Nummer für K1),
• • (Auftragsspezifikation) einen Zustellauftrag A spezifiziert, der mindestens den Adressaten über eine Kundennummer N2 identifiziert oder über postalische Mindestangaben eine Briefzustellung ermöglicht, und
• • (Auftragserteilung) per DFÜ (Ausgangspost1) mindestens R, K1* in Trustcentern hinterlegt und per DFÜ (Ausgangspost2) mindestens R, A, K2* an Dienststellen (Annahmedienststellen) schickt.

The 1 shows a schematic representation of a complete execution of a letter delivery. The first main process of the letter delivery is characterized in that an external computer (outbound computer) with any correspondence object K and a customer number N1 (as the sender identification)

• Kryptonized K (Kryptonization 1) K via a ONE-TIME-PAD (OTP) method (see explanation below for the OTP methods or the OTP articles in the wikipedia) by means of key generation and OTP encryption as quantities K1, K2 that K can be obtained by OTP decryption from K1, K2,
• • (kryptonization2) arbitrarily calculates variables K1 *, K2 * that allow a retroactive calculation of K1, K2 (for the "why": see explanation below) or K1 * = K1 and K2 * = K2 sets,
• • (reference formation) for K1 determines a customer-unique reference R (eg via N1, source computer number, and a serial number for K1),
• • (order specification) specifies a delivery order A which identifies at least the addressee by means of a customer number N2 or which enables a postal delivery via minimum postal details, and
• • (order placement) at least R, K1 * deposited by means of EDI (outgoing mail1) in trust centers and sent via RDT (Ausgangspost2) at least R, A, K2 * to departments (acceptance offices).

• • (Abholung) das fehlende K1* per DFÜ über eine Trustcenter-Anfrage beschafft,
• • (Dekryptonisierung1) falls erforderlich K1, K2 via K1*, K2* berechnet,
• • (Dekryptonisierung2) K durch OTP-Entschlüsselung aus K1, K2 berechnet,
• • (Brieferstellung) via Korrespondenzobjekt und Zustellauftrag mindestens einen Brief automatisiert erzeugt und
• • (Briefversand) den Brief aufgibt bzw. ihn für die Aufgabe zur Verfügung stellt.

The second main process of letter delivery is characterized in that an acceptance office or another service which has received the minimum data of the outgoing mail2 by way of EDI (clearing department),

• • (pick-up) the missing K1 * via DTP via a Trustcenter request,
• • (decryptonization1) if necessary K1, K2 calculated via K1 *, K2 *,
• • (decryptonization2) K calculated by OTP decoding from K1, K2,
• • (Brieferstellung) via correspondence object and delivery order at least one letter generated automatically and
• • (letter mail) gives up the letter or makes it available for the task.

Recommendation: The dial-up communication The computer systems will also have a Public-key method encrypted (Transport Encryption).

Recommendation: The outgoing computer also forms a one-time password (P1), the he deposited in the trust center and sent to the acceptance office.

The Procedure guaranteed furthermore anti-counterfeiting security, if the trustcenter ensures access security.

We now discuss security. First, K1 and K2 are data without Information (see below: explanation to the OTP methods), d. H. above a component alone, no information can be obtained.

are then also K1 * and K2 * data without information (examples see below), so over K1 * or K2 * alone no information is obtained.

in the Extreme case could an attacker K1 * and K2 * win or government agencies enforce the disclosure. Then you would have to the attacker or state agency but still the retroactive accounting from K1 and K2 from K1 * and K2 *.

However, the calculation of K1 * and K2 * via K1 and K2 can be controlled via parameters (called base values) in such a way that you need to know the underlying values for efficient retroactive accounting. B. by a mixing method: Bitlists L1 and L2 are randomly generated and then back-mixed with the components K1 and K2, where the mixing function is controlled via the base values. Then K1 * and K2 * are also without information and typically not even length correlated.

• • Wird ein 1-Bit angetroffen, so wird das nächste K1-Byte an K1* angefügt.
• • Wird ein 0-Bit angetroffen, so wird das nächste L1-Byte an K1* angefügt.
• • Sind K1 bzw. L1 abgearbeitet, so wird der Rest von L1 bzw. K1 (sofern vorhanden) an K1* angehängt und die Iteration ist beendet.

In principle, any number of arbitrarily complex mixing functions can be constructed which mix and disassemble efficiently with given basic values. By way of example, let us introduce a simple mixing function, which generates K1 * stepwise from K1 and L1 by using a base value as a "mixed pattern" (analogously one could generate K2 * step by step from K2 and L2). For this purpose, the bit pattern of the base value is processed iteratively from "left to right" until finally K1 or L1 have been processed:

• • If a 1-bit is encountered, the next K1 byte is added to K1 *.
• • If a 0 bit is encountered, the next L1 byte is appended to K1 *.
• • If K1 or L1 have been processed, the remainder of L1 or K1 (if present) is appended to K1 * and the iteration is completed.

Adoption:

• • The "pattern value" and the "fill value" L1 become randomized in variable length generated.
• • pattern value and fill value can basically "arbitrary grow up (in practice: very big, z. Up to 1 MB).

conclusion:

• • Knows one only K1 * and K2 *, so fails a "recalculation by tasting" already at the computational effort.
• • One Looking at the example pattern feature shows another problem on: For each K1 * and each "sufficient smaller "K1 'you can always appropriate Sample and fill values specify, so that from K1 'through Mixing the value K1 * can be generated. "Try" would not be unique Deliver results. Therefore, fill and pattern values become disposable values generated, d. H. For K1 or K2 generated and only for K1 or K2 used, so any statistical attack is excluded.

Note: In addition to the pure mixing process can also be easily process specify that is chargeable mix and change. Also for this Again, you can specify any number of efficient variants. However, the presented simple mixing function has the advantage that you can easily explain it and may create trust among customers.

In order to is clear how about appropriate mixing process security can be generated: a customer could create a (long) list of such underlyings in advance and then per disk with appropriate storage capacity (CD, DVD, ...) to the delivery service conduct. The respective selection could He then transferred to the delivery service the Ausgangspost2 announce by list index (even unencrypted). The attacker would have to So completely investigate the departments and trust centers involved or a government agency to force the disclosure of these data. However, if the data in the trust center is deleted as quickly as possible (without external fuse), the system can still be classified as highly secure.

Note: It is conceivable, of course also that the delivery service generates the basic data and the customer via data carrier feeds.

In a previous application to the DPMA, a procedure was presented randomized on a source computer in normal operation for any length of time Deliver bitlists efficiently and in high randomization quality can. The wished Security level can be easily achieved as described become.

We now describe the dial-up delivery and show that they are running like this can be that an attacker completely explore the target computer would have d. H. an attack over the process itself is impossible.

• • (Kryptonisierung1) K über ein OTP-Verfahren durch ein- bzw. mehrfache Schlüsselgenerierung und ein- bzw. mehrfache OTP-Verschlüsselung von K als Größen K1, K2, ... kryptonisiert, so dass K durch OTP-Entschlüsselung aus K1, K2, ... berechnet werden kann,
• • (Kryptonisierung2) beliebig eine Liste von Größen K1*, K2*, ... berechnet, die eine Rückrechnung von K1, K2, ... erlauben bzw. K1* = K1, K2* = K2, ... setzt,
• • (Referenzbildung) für K1 eine kundenübergreifend eindeutige Referenz R bestimmt,
• • (Auftragsspezifikation) einen Zustellauftrag A spezifiziert, der mindestens den Adressaten über eine Kundennummer N2 oder DFÜ-Adresse identifiziert,
• • (Auftragserteilung) per DFÜ (Ausgangspost1) mindestens R, K1* in Trustcentern hinterlegt und per DFÜ (Ausgangspost2) mindestens R, A, K2* an Dienststellen (Annahmedienststellen) schickt, und falls Kryptokomponenten K3*, ... gebildet wurden: per DFÜ (Ausgangspost3) mindestens diese sonstigen Kryptokomponenten an beliebige externe Rechner (Zielrechner1) übermittelt.

In 2 A complete version of the EDI delivery is shown schematically. The first main process of EDI delivery is characterized in that an external computer (outbound computer) with an arbitrary correspondence object K and a customer number N1 (sender identification)

• • (kryptonization1) K kryptonisiert over an OTP procedure by single or multiple key generation and single or multiple OTP encryption of K as sizes K1, K2, ..., so that K by OTP decryption from K1, K2 , ... can be calculated,
• • (kryptonization2) arbitrarily calculates a list of variables K1 *, K2 *, ... that allow a recalculation of K1, K2, ... or K1 * = K1, K2 * = K2, ...,
• • (reference formation) for K1 determines a client-unique reference R,
• • (order specification) specifies a delivery order A that identifies at least the addressee via a customer number N2 or dial-up address,
• • (order placement) at least R, K1 * deposited by means of EDI (outgoing mail1) in trust centers and sent via EDI (outgoing mail2) at least R, A, K2 * to departments (acceptance offices), and if crypto components K3 *, ... were formed: per EDI (outgoing mail3) at least these other crypto components to any external ne computer (Zielrechner1) transmitted.

• • (Freischaltung1) falls erforderlich Freigabeparameter über einen automatisierten DFÜ-Frage-Antwort-Dialog mit externen Rechnern (Zielrechner2a) bestimmt, die über den Zustellauftrag identifiziert wurden,
• • (Freischaltung2) falls erforderlich das in einem Trustcenter hinterlegte K1* per DFÜ zur Abholung frei gibt, und
• • (Zustellung) mindestens R und K2* per DFÜ an Zielrechner2a schickt bzw. an externe Rechner (Zielrechner2b), die über den Zustellauftrag identifiziert wurden bzw. durch die Freischaltung1.

The second main process of EDI delivery is characterized by the fact that an acceptance office or another department which has received by means of EDI the minimum data of the outgoing mail2 (processing department)

• • (Activation1) determines release parameters via an automated dial-up question-and-answer dialog with external computers (target computer2a) if necessary, which were identified via the delivery request,
• • (Activation2) if necessary, the K1 * stored in a trust center can be picked up for collection by means of a data transmission, and
• • (delivery) at least R and K2 * to the target computer2a via remote data transmission or to external computers (target computer2b) identified via the delivery order or through the activation1.

• • (Abholung) das fehlenden K1* per DFÜ über eine Trustcenter-Anfrage beschafft,
• • (Dekryptonisierung1) falls erforderlich K1, K2, ... via K1*, K2*, ... berechnet,
• • (Dekryptonisierung2) K durch OTP-Entschlüsselung aus K1, K2, ... berechnet.

The third main process of the EDI delivery is characterized in that an external computer (Zielrechner3), which has received the minimum data of the delivery and possibly the minimum data of the Ausgangsspost3 by remote data transmission - whereby the target computers do not have to be different -

• • (pick-up) the missing K1 * via DTP via a Trustcenter request,
• • (decryptonization1) if necessary K1, K2, ... calculated via K1 *, K2 *, ...,
• • (decryptonization2) K calculated by OTP decoding from K1, K2, ....

in the 3. Main process is again grasped that the pickup and decryptonization on different target computers.

Recommendation: The dial-up communication The computer systems will be back in addition via a public-key method encoded (Transport Encryption).

Recommendation: The output computer also forms a one-time password P1 and a associated sequential number M, which he encrypts to the acceptance point and encrypted transmitted to the target computer. The settlement service requests M from the target computer P1 and another one-time password P2: Knows the target computer P1, then he is authenticated and P2 becomes the share in the trust center deposited.

The Procedure guaranteed Protection against forgery, if the trustcenter ensures access security. High access security can by an "ensemble solution" (see note below) be reached, d. H. only identified customer systems can access. It makes sense to only access a customer system in main process 3 can, that in the main process 1 via customer number was identified.

recommendation for ensemble solutions: Trust centers and customer systems form through every communication step Control numbers and formulate with each new communication step a "challenge" over the total history of control numbers, d. H. the trustcenter answered a request from an external system that declares itself a customer system, only if it has calculated the challenge value correctly. Of the Challenge value could be z. B. as a hash over the control number history is calculated.

We now discuss security. First, K1, K2, ... are data without information (see below: explanation to the OTP methods), d. H. is missing also only a component in the List, so with the remaining components alone no Information to be gained.

are then also K1 *, K2 *, .... Data without information, this applies analogously for this List.

in the Extreme case could an attacker will win the entire list K1 *, K2 *, ... or state bodies force the disclosure of these data. Then the attacker or the government agency but still the recalculation of K1, K2, ... from K1 *, K2 *, ... accomplish. The calculation of K1 *, K2 *, ... via K1, K2, ... but can be controlled via base values as described above that you need to know these underlying assets for retroactive accounting. One Customer could prepare a list of such underlying assets in advance and then by means of a data carrier (CD, DVD, ...) to the partner customers. The respective selection he could then the partner over the List index by dial-up to communicate the initial post3 (even unencrypted). The procedure itself would be so no longer vulnerable and would still be - except for the initialization - completely automatable.

Note: It goes without saying that the customer systems with corresponding modular infrastructure equip. Esp. should define interface conventions for mixing procedures so that the customer can use any implementations can or implements itself.

There one of the distinguishing features of the method is secure encryption is, this is briefly presented (note: a good overview also give the OTP article in wikipedia).

The secure encryption is "information destroying", d. H. the encrypted Plain text (cipher) bears no information in the sense that - mathematically justified - over the Cipher alone no information can be obtained.

It It is easy to see that one-time-pad (OTP) methods are information-destroying: There every bit of the plaintext K becomes with a random bit connected, that only for this link is used. The key so it must be randomized for K are generated (one-time key) and must be at least as long as K.

exemplary be as a bit link called the bit addition (also known as XOR operation): 0 + 1 = 1 + 0 = 1, 1 + 1 = 0 + 0 = 0. Then E is a one-time key for K in the length of K, then K + E is the encrypted one Plain text (V), with bitwise addition. Apparently V + E = K, can also be decrypted with E again. Note to the mathematical Literature: The bit addition has the properties of a "abelschen Group"; So you can z. B. count "like with integers ". The bit addition is also known in algebra as "addition in the smallest body (| F_2)".

Of the completeness half the bit addition is short and that for the enciphering proven relevant properties. It will be a "programming close Notation "used d. H. instead of the + character, the ^ character becomes the corresponding bit operator used in many programming languages.

• Definition: Let! 0 = 1,! 1 = 0 (negation)

It then obviously applies !! x = x

• Definition: Let 0 ^ 0 = 1 ^ 1 = 0 and 0 ^ 1 = 1 ^ 0 = 1 (bit addtion or XOR-connection)

• • x^x = 0 (klar)
• • x^!x = 1 (klar)
• • x^0 = x (denn 1^0 = 1, 0^0 = 0)
• • x^1 = !x (denn 1^1 = 0, 0^1 = 1)

Then always applies

• • x ^ x = 0 (clear)
• • x ^! X = 1 (clear)
• • x ^ 0 = x (because 1 ^ 0 = 1, 0 ^ 0 = 0)
• • x ^ 1 =! X (because 1 ^ 1 = 0, 0 ^ 1 = 1)

• • x^y = y^x (klar)

Furthermore, for two bit variables x, y, the following always holds:

• • x ^ y = y ^ x (clear)

• • x^(y^z) = (x^y)^z

Annahme: y = z.We now consider arbitrary bit variables x, y, z and show:

• • x ^ (y ^ z) = (x ^ y) ^ z

Assumption: y = z.

• • x^(y^z) = x^0 = x

The right side then delivers

• • x ^ (y ^ z) = x ^ 0 = x

• • (x^x)^x = 0^x = x
• • (x^!x)^!x = 1^!x = !!x = x

Annahme: y ≠ z.For the left side two cases are possible:

• • (x ^ x) ^ x = 0 ^ x = x
• • (x ^! X) ^! X = 1 ^! X = !! x = x

Assumption: y ≠ z.

• • x^(x^!x) = x^1 = !x
• • x^(!x^x) = x^1 = !x

The following cases are possible for the left side:

• • x ^ (x ^! X) = x ^ 1 =! X
• • x ^ (! X ^ x) = x ^ 1 =! X

• • (x^!x)^x = 1^x = !x
• • (x^x)^!x = 0^!x = !x

The following cases are possible for the right side:

• • (x ^! X) ^ x = 1 ^ x =! X
• • (x ^ x) ^! X = 0 ^! X =! X

consequently the equation applies in all cases.

Be so K is an arbitrary bit-list, E is an equal-length one-time-key, and the cipher K 'is defined as K '= K ^ E, where is added component by component. Then O is a bitmap of the same length with all zeros, then K '^ E = (K ^ E) ^ E = K ^ (E ^ E) = K ^ O = K.

apparently K '^ E = E ^ K', d. H. Key and cipher can the "exchange places". For a given Pair (K1, K2) = (E, K ') or (K ', E) can So you - mathematically secured - not Find out more, what keys and what is the cipher. Also the "historical Knowledge of the genesis "can be a source system easily destroy: The cryptographic unit of the source system must be before the Output from (K1, K2) the components only randomly swap. It then became meaningless to talk about keys or ciphers: K1 and K2 "work" like keys and like ciphers, but even the "historical Identification "is impossible become, since these are absolute empty data.

• • per DFÜ ansprechbare Rechnersysteme des Zustelldienstes (Dienststellen) und
• • per DFÜ ansprechbare Rechnersysteme, die als Zwischenspeicher fungieren (Trustcenter)

dergestalt, dass für beliebige Daten der Ausgangsrechner (Korrespondenzobjekte)

• • (a) eine sichere und authentische Erzeugung definierter Druckstücke und zugehöriger Briefe ermöglicht wird, die dann physisch zugestellt werden können bzw.
• • (b) eine sichere und authentische Zustellung der Korrespondenzobjekte für identifizierte Kunden an externe Rechner (Zielrechner) per DFÜ,

wobei im Fall (a) der gesamte Prozess bis zur Brieferstellung automatisiert erfolgen kann bzw. im Fall (b) der gesamte Prozess bis zur Datengewinnung auf dem jeweiligen Zielrechner. Die DFÜ-Zustellung kann durch geeignete Initialisierung mit sog. Basiswerten so sicher ausgeführt werden, dass die Gewinnung des Korrespondenzobjektes selbst dann unmöglich ist, wenn eine Drittpartei alle per DFÜ übermittelten Daten erhält und über einen Quantencomputer verfügt.In summary, it should be noted that the present invention is concerned with a system and method (delivery service) intended and supported for mail sent electronically via remote data transmission (DUN) to identified customers

• • Computer-accessible computer systems of the delivery service (departments) and
• • computer-accessible computer systems that act as temporary storage (Trustcenter)

such that for any data the source computer (correspondence objects)

• • (a) a secure and authentic production of defined plungers and associated letters is made possible, which can then be physically delivered or
• • (b) a secure and authentic delivery of the correspondence objects for identified customers to external computers (target computers) via EDI,

where in case (a) the whole process can take place automatically until the delivery of the letter or in case (b) the whole process up to the data acquisition on the respective target computer. Dial-up delivery can be done by suitable initialization with so-called Basis values can be executed so securely that it is impossible to obtain the correspondence object even if a third party receives all the data transmitted via EDI and has a quantum computer.

Claims (3)

System for the delivery of electronically dispatched mail (delivery service), characterized in that at least one computer addressable by computer (service) accepts or processes mail and at least one addressable by dial-up computer acts as a cache (trust center), so that via outgoing mail from an external computer (outgoing computer) with any object K and a customer number N1 (Ausgangspost1) is sent by remote data transmission to trust center and (outgoing mail2) is sent by dial-up to departments and at least (first) the sender identified via N1 and (second) the addressee Identified via a customer number N2 or EDI address or via postal minimum information letter delivery and for the defined addressee a letter is generated, which contains at least one print piece, which was created via the correspondence object, or a defined external computer (target computer) Information be made available so that the target computer can win the correspondence object. Procedure for the delivery of electronically dispatched mail is characterized that (1st main process) an external computer (home computer) with a any correspondence object K and a customer number N1 (Kryptonisierung1) K over a ONE-TIME-PAD (OTP) method through key generation and OTP encryption as sizes K1, K2 kryptonized, so K gained by OTP decryption from K1, K2 can be, (Kryptonization2) arbitrarily sizes K1 *, K2 * calculated, the a recalculation of K1, allow K2 or K1 * = K1 and K2 * = K2 sets, (Reference formation) for K1 a customer-suitable Reference R determines (Order specification) a delivery order A specifies that identifies at least the addressee via a customer number N2 or over postal minimum information allows a letter delivery, and (Order placement) by dial-up (Ausgangspost1) at least R, K1 * deposited in trust centers and via dial-up (outgoing mail2) at least R, A, K2 * to departments (acceptance offices); that after all (2nd main process) an acceptance office or another service, the via dial the Has received minimum data of the outgoing mail2 (settlement service), (Pickup) procured the missing crypto component K1 * via data transmission via a trust center request, (Dekryptonisierung1) if necessary K1, K2 calculated via K1 *, K2 *, (Dekryptonisierung2) K by OTP decryption off K1, K2 calculated, (Brieferstellung) via correspondence object and delivery order generates at least one letter automatically and (Letter delivery) the letter gives up or him for the task to disposal provides. Method for the delivery of electronically dispatched mail, characterized in that (1 st main process) an external computer (outgoing computer) with an arbitrary correspondence object K and a customer number N 1 (kryptonization 1) K via a ONE-TIME-PAD (OTP) method by means of a or multiple key generation and single or multiple OTP encryption of K as sizes K1, K2, ... kryptonisiert so that K can be calculated by OTP decryption from K1, K2, ..., (Kryptonisierung2) any one List of quantities K1 *, K2 *, ... that allow a recalculation of K1, K2, ... or K1 * = K1, K2 * = K2, .... sets (reference formation) for K1 suitable reference R for all customers, (order specification) specifies a delivery order A which identifies at least the addressee via a customer number N2 or EDI address, (order placement) via EDI (outgoing mail1) at least R, K1 * stored in trust centers and via EDI (outgoing mail st2) at least R, A, K2 * to departments (Annahmedienststellen) sends, and if crypto components K3 *, ... were formed by remote data transmission (Ausgangspost3) at least these crypto components to any external computer (Zielrechner1) transmitted; that (second main process) an acceptance office or another service, which has received the minimum data of Ausgangspost2 (Abwicklunglungsstelle), (Unlocking1) if necessary release parameters via an automated dial-up question-and-answer dialog with external computers (Zielrechner2a) determined , which were identified by the delivery order, (activation2) if necessary releases the K1 * stored in a trust center for pickup by means of EDI, (delivery) sends at least R and K2 * via dial - up to target computer 2a or to external computers (target computer 2b), which via the delivery order has been identified or through activation 1; that finally (3rd main process) an external computer (Zielrechner3), by means of data transmission the minimum data of the delivery and if necessary the minimum data of the Output post3 received - whereby the target computers do not have to be different - (picking up) the missing Kryptokomponente K1 * by DTP over a trust center inquiry procured, (Dekryptonisierung1) if necessary K1, K2, ... via K1 *, K2 *, .. ., (decryptonization2) K calculated by OTP decryption from K1, K2, ....

Images