EP1150256A1 - Procédé pour la distribution sécurisée de modules de sécurité - Google Patents

Procédé pour la distribution sécurisée de modules de sécurité Download PDF

Info

Publication number
EP1150256A1
EP1150256A1 EP01104610A EP01104610A EP1150256A1 EP 1150256 A1 EP1150256 A1 EP 1150256A1 EP 01104610 A EP01104610 A EP 01104610A EP 01104610 A EP01104610 A EP 01104610A EP 1150256 A1 EP1150256 A1 EP 1150256A1
Authority
EP
European Patent Office
Prior art keywords
security module
distribution
electronic key
identification code
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP01104610A
Other languages
German (de)
English (en)
Other versions
EP1150256B1 (fr
Inventor
Gerrit Bleumer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Francotyp Postalia GmbH
Original Assignee
Francotyp Postalia GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Francotyp Postalia GmbH filed Critical Francotyp Postalia GmbH
Publication of EP1150256A1 publication Critical patent/EP1150256A1/fr
Application granted granted Critical
Publication of EP1150256B1 publication Critical patent/EP1150256B1/fr
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/0087Key distribution
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00959Cryptographic modules, e.g. a PC encryption board
    • G07B2017/00967PSD [Postal Security Device] as defined by the USPS [US Postal Service]

Definitions

  • the invention relates to a method for the secure distribution of security modules, especially for franking machines, from one manufacturer location to another Distribution location to a user location.
  • the invention also relates to a distribution system for the secure distribution of security modules.
  • Security modules can function like microprocessors and memory modules in large quantities at central locations that are particularly suitable for mass production.
  • Such security modules are used in various devices, especially those Devices that hold certain values of their users. Examples are franking machines, Cash registers, electronic purses, PCs, notebooks, palm tops and cell phones. If these devices are also mass-produced, they will by the customer, the future user, most conveniently together with the associated user Security module directly by mail order or retail related, at least mostly without further contact with the manufacturer of the security modules to record.
  • the invention is therefore based on the object of a method and a distribution system for the distribution of cryptographically initialized security modules create.
  • the security module should under all circumstances, d. H. even with extensive Infiltration of the cryptographic initialization at the production site, e.g. B. at large-scale bribery of the staff, ensuring that only equipment can be put into operation by the customer with such security modules, whose cryptographic keys are not compromised.
  • the invention is based on recognizing that by creating and reviewing special markings possibly a successful one in combination with appropriate certificates Protection against manipulation with the intention of forgery can be achieved.
  • a The first marking is made at the manufacturer's location in a manufacturing center a first cryptographic initialization of the security module, the first marking preferably a public one printed on a first label Is key and the label prefers the ready-to-ship packaging of the Security module or a device with an integrated security module attached becomes.
  • the first marking can be the electronic key to be sent contained in unencrypted or encrypted form depending on whether it is the key to be sent is a public key or a key private (secret) key.
  • the encryption can, for example using a hash algorithm.
  • a second marking is made at a distribution center from the manufacturer's location at a distribution point or a so-called import point, each for a specific region or country is provided when importing and registering the packaging with the security module. This enables one Identification of the packaging when the security module is later registered, triggered by the on-site user before requested data can be loaded onto the security module or the franking machine and the franking machine can be used.
  • the identification code generated at the distribution point is stored in a remote central database.
  • the verification is carried out according to the invention by means of a verification code, which consists of the identification code and the electronic one stored in the security module Key is generated.
  • a verification code is preferred a digital signature or an authentication code, e.g. B. a MAC (Message Authentication Code) are used.
  • the method according to the invention and the distribution system according to the invention ensure a safe distribution of security modules, in which the customer-ready packaged devices, e.g. B. franking machines, including those already installed Security modules or those sold separately and / or packed separately Security modules at the distribution point or the entry point are not unpacked need. It is particularly economical to have a single central entry point to have in a country or region through which everyone is packed Devices or security modules are imported. This entry point can be from Operators regularly inspected with reasonable effort or even operated themselves become. All incoming devices or security modules in this entry point unpacking and inspecting, which would be very expensive, is according to the invention not necessary anymore.
  • the customer-ready packaged devices e.g. B. franking machines
  • an electronic key in encrypted or unencrypted form e.g. B. is printed as a barcode.
  • This machine-readable marking is then from the distribution center or at the entry point read and used for identification, after which a second Label with the identification code is attached to the packaging. Doing so either pasted over or removed the first label so that it would especially with the user, is no longer legible. Even the identification code can be encoded or unencrypted as a barcode on the label his.
  • labels with barcodes there are other ways to send them or attaching the electronic key and / or the identification code on the packaging or the security module itself conceivable how for example chip cards, magnetic stripe cards or ID tags. It is in each case again preferably provided that from the distribution center or at the import point the electronic key stored by the manufacturer is deleted and replaced by the Identification code is replaced.
  • Another embodiment of the invention is the use of an authentication algorithm and a single electronic key provided by the manufacturer.
  • Such an authentication algorithm can be part of a so-called MAC (Message Authentication Code).
  • MAC Message Authentication Code
  • this electronic key which is stored in the security module and is sent simultaneously with the security module in an externally readable form, by means of a single one, only the manufacturer or a manufacturer center and one Service center is known in the region of the user.
  • the electronic key, which is then stored on the security module is also the user known and can later be used to encrypt further information, for example between user and service center.
  • an electronic key pair is a further development provided with a private and a public key.
  • This is generated using a digital signature algorithm, such as one RSA (Rivest, Shamir, Adleman), a DSA (Digital Signature Algorithm) or an ECDSA (Elliptic Curve DSA).
  • the public key is preferably in the central database, to which the distribution center and the Service center can be accessed and is readable from the outside using the Security module is sent while the private key is only in the Security module is saved and sent with it.
  • a separate one at both the manufacturer center and the distribution center electronic key pair can be provided.
  • a central database in which certain electronic keys, the identification code and any certificates generated in encrypted form or stored in unencrypted form, it can also be provided Data on a separate network, stored in the security module or on other means, for example by means of a data medium sent by post, from the manufacturer center to the distribution center and / or the regional service center to transmit.
  • the invention is of course also applicable when it is separate Manufacturer or manufacturer center for the security module and the application device, for example the franking machine.
  • the security modules are then sent to the manufacturer of the franking machine in the manner described, where the security module is identified and registered and then in the Franking machine can be installed. Even when sending the with the The franking machine equipped with the security module can then be the inventive one Procedures are applied accordingly.
  • the manufacturing center 1 operates a local manufacturing server (manufacturing service center) 6 in the immediate vicinity of the manufacturing end point of the factory.
  • the manufacturer server 6 generates an electronic manufacturer key pair (sk 1 , vk 1 ) (step 20 in FIG. 2).
  • the private key sk 1 is used by the manufacturer server 6 to sign messages about newly produced security modules 7, while the public key vk 1 is used by the service centers 5 to verify these signatures.
  • the public key vk 1 can be transmitted offline from the manufacturer server 6 to the distribution center 2 and / or the regional service center 5.
  • one or more certifying authorities can be provided.
  • the distribution center 2 which serves as an entry point for all security modules to be operated in a specific region, also first generates a distribution key pair (sk 2 , vk 2 ) with a private key sk 2 and a public key vk 2 (step 21). In this way, so-called input certificates can be generated for the security modules as digital signatures, which can be stored in the central database 4.
  • the various distribution centers in different regions or countries do not know the public distribution keys of the other distribution centers. Each distribution center only has to be able to check its own entries in the central database 4. In principle, it is also possible to provide several distribution centers or import points for a country or region.
  • a security module 7 After a security module 7 has been produced and provided with the mechanical protective devices, it is connected to the manufacturer server 6, for example via an intermediate registration PC (not shown). This requests a public key from the security module 7, the request containing the public manufacturer key vk 1 and the request to generate a transport key pair (step 22).
  • the security module 7 stores the key vk 1 in a non-volatile memory and generates the requested transport key pair (stk, vtk), which has a signing transport key stk (signing transport key) and a verification transport key vtk (verifying transport key) contains (step 23).
  • the security module 7 While the private key stk is kept private by the security module 7 and is only stored there, the security module 7 transmits a unique serial number s, which was assigned during manufacture, and the verification transport key vtk to the manufacturer via the registration PC Server 6 passed (step 24). The latter then uses his private key sk 1 and a signing algorithm cert to generate a public key certificate c 1 (step 25), which he then stores together with the serial number s and the verification transport key vtk in the public, remote central database 4 (Step 26). After this initial registration, the security module 7 will never again issue its verification transport key vtk, and it is also not necessary to store the same.
  • the security module 7 is then packed in a transport packaging 8, the security module 7 in a separate package or together with a user device 71, e.g. a franking machine, in a common Packing 8 can be included.
  • a user device 71 e.g. a franking machine
  • a common Packing 8 can be included.
  • a label 9 to which the serial number s, the verification transport key vtk des Security module 7 and possibly further information, preferably in the form of a two-dimensional bar code are printed (step 27).
  • This label will be 9 from the outside visible and legible applied to the package 9, so that the contained information with a machine, e.g. B. with a barcode reader can be read easily. If the labels 9 are not robust enough, To survive the transport, the barcodes can also be placed directly on the packaging or any accompanying documents are printed, which are then in a corresponding Cover to be applied to the
  • the packaging is then sent directly from manufacturer center 1 to Distribution center 2 sent in the respective regions in which the franking machines 71 or the security modules 7 are then to be sold and used.
  • There the barcodes of each incoming package 9 are scanned 10 read that to a corresponding computer 11 with a connected printer 12 is connected.
  • For each serial number s and each verification transport key vtk is then randomly chosen an identification code ID, even if the end customer of the product is neither already known nor determined.
  • the number of customer numbers must be large enough so that collisions identification codes are extremely rare and practically impossible, to guess which identification code is assigned to a particular security module will be.
  • the use of identification codes is therefore preferred provided with a length between 32 and 64 bits.
  • the distribution center 2 then links the new identification code ID with the serial number s and the verification transport key vtk on the packaging by printing the identification code ID on a new label 13 which is stuck on the packaging 8 via the first label 9, so that the barcode of the first label 9 can no longer be read.
  • the first label 9 can also be removed before the label 13 is stuck on.
  • the new label 13 is attached at this point.
  • the identification code ID is preferably applied to label 13 in a legible form, the exact format taking into account the properties of the input means of the franking machine to be equipped with the security module. If, for example, the input means have a number field, the identification code ID can also be printed in decimal numbers.
  • the distribution center 2 generates an input certificate c2 from the serial number s, the verification transport key vtk and the identification code ID using the private distribution key sk 2 by means of a signing algorithm cert (step 28). This is finally stored together with the identification code ID in the central database 4 and assigned there to the already stored data of the security module 7 (step 29).
  • the central database is a large, distributed directory that public verification key of security modules for franking machines in centrally managed in all countries. Access to this global database is 4 strictly limited, with read and write access to service centers 5, 6 and the distribution centers 2 are limited. Distribution centers 2 and service centers Each region only has access to the keys that are in their region Region operated security modules concern.
  • All packaging 8 with security modules processed in this way are subsequently Marketed directly from distribution centers 2 or through retailers expelled.
  • the distribution centers 2 do not know who ultimately the End customer 3 is which product he receives and when he receives it.
  • the security module 7 After a customer 3 has received a package 18 and removed the security module 7, he will install it in the franking machine 71, provided that it has not already been installed as shown, put it into operation and connect it to the telephone network. The franking machine is then connected to a regional service center 5 in its region in order to be registered there.
  • the security module 7 first generates a verification code sig from the private key stk stored in the security module and the identification code ID contained on the label 13 (step 30). This verification code sig is then transmitted together with the identification code ID to the regional service center 5, which then checks in the central database 4 whether the transmitted identification code ID has been generated by the distributor 2 of this region and whether there is a valid receipt certificate c 2 (Steps 31, 32).
  • the regional service center 5 receives the verification key vtk back from the central database 4 (step 33), which then uses ver for the verification of the security module by means of the verification algorithm based on the generated verification code sig and the identification code ID (step 34).
  • the security module and the associated one Franking machine registered and released for use after which the country-specific Software, initialization and authorization can be downloaded can.
  • PSD Postal Security Device
  • the method according to the invention and the distribution system according to the invention can withstand all described abuses, except for the security module is stolen from the customer and the mechanical security devices are broken open or the fraudsters lose the public transport key in the hands.
  • a fraudster does not have to only a registered key pair of transport keys, but also a fall into the hands of the associated identification code. If a scammer just that registered transport key pair and possibly finds a security module, it is still necessary that he have an identification code with the distributor must have generated. Otherwise no identification code will be inserted in the Central database entered and registration or use is made fail.
  • a fraudster could also try read it from the central database or the security module on the Intercept transport route to the user to get the identification code. It should be noted that not everyone has packaging with a security module and can order a label with an identification code.
  • the described distribution system comprises a distributed one Database with the highest security level, which is sufficiently against unauthorized Access must be protected. This is ensured by the fact that Infrastructure a closed system has no access via the Internet.
  • FIGS. 3 and 4 A second embodiment of the distribution system according to the invention and of the method according to the invention will be explained with reference to FIGS. 3 and 4.
  • key pairs with a private and a public key are not used here, but only a symmetrical key is used in each case.
  • the manufacturer server 6 generates a private key k 1 , which is agreed with the regional service center 5 (step 40).
  • Distribution center 2 likewise generates its own private key k 2 and security module 7 generates a transport key tk (steps 41, 42).
  • the security module 7 After the security module 7 has transmitted the transport key tk to the manufacturer server 6 (step 43), the latter encrypts the transport key tk using its private key k 1 using an encryption algorithm enc and sends the certificate c 1 back to the security module 7 (step 44 , 45).
  • the security module 7 stores the certificate c 1 , creates a hash value h from the transport key tk and prints it on the label 9, which is then attached to the packaging 8 of the security module 7 (step 46). This hash value h is finally also entered into the central database 4 via the manufacturer server 6 (step 47).
  • the hash value h is determined by the label 9 by means of the Scanners 10 read, an identification code ID generated and on the second label 13 printed, which is then attached over the label 9 on the package 8 (step 48).
  • the identification code ID is also in the central database 4 stored and assigned the hash value h there (step 49).
  • the security module 7 At the user location 3, the security module 7 generates a verification code m, often also referred to as a MAC (Message Authentication Code), from the transport key tk, which is stored in the security module, and the identification code ID of the label 13 after its arrival (step 50). This is transmitted together with the identification code ID and the certificate c 1 to the regional service center 5 (step 51). There, the certificate c 1 is decrypted using the private key k 1 using a decryption algorithm dec, from which the transport key tk results, from which a hash value h is then calculated (step 52). The regional service center 5 then checks whether the identification code ID and the hash value h are contained in the central database 4 (step 53).
  • MAC Message Authentication Code
  • the verification is finally carried out by means of the verification algorithm ver with the aid of the transport key tk, the identification code ID and the verification code m (step 54). If the verification is successful, registration can then take place, after which the security module can be used as intended.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
EP01104610A 2000-04-28 2001-02-23 Procédé pour la distribution sécurisée de modules de sécurité Expired - Lifetime EP1150256B1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10020904 2000-04-28
DE10020904A DE10020904B4 (de) 2000-04-28 2000-04-28 Verfahren zur sicheren Distribution von Sicherheitsmodulen

Publications (2)

Publication Number Publication Date
EP1150256A1 true EP1150256A1 (fr) 2001-10-31
EP1150256B1 EP1150256B1 (fr) 2007-05-02

Family

ID=7640249

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01104610A Expired - Lifetime EP1150256B1 (fr) 2000-04-28 2001-02-23 Procédé pour la distribution sécurisée de modules de sécurité

Country Status (3)

Country Link
US (1) US6850912B2 (fr)
EP (1) EP1150256B1 (fr)
DE (2) DE10020904B4 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1967976A2 (fr) 2007-03-06 2008-09-10 Francotyp-Postalia GmbH Procédé de transmission authentifiée d'un ensemble de données ou d'un programme personnalisé vers un module de sécurité matériel, en particulier une affranchisseuse

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4355124B2 (ja) * 2002-01-31 2009-10-28 インターナショナル・ビジネス・マシーンズ・コーポレーション 入出場管理システム、入出場管理方法、入出場管理を実行するためのプログラムおよび、該プログラムを記録した記録媒体
US20030229795A1 (en) * 2002-02-19 2003-12-11 International Business Machines Corporation Secure assembly of security keyboards
DE10260406B4 (de) * 2002-12-16 2007-03-08 Francotyp-Postalia Gmbh Verfahren und Anordnung zur unterschiedlichen Erzeugung kryptographischer Sicherungen von Mitteilungen in einem Hostgerät
US7433847B2 (en) * 2004-09-22 2008-10-07 Pitney Bowes Inc. System and method for manufacturing and securing transport of postage printing devices
US7634802B2 (en) * 2005-01-26 2009-12-15 Microsoft Corporation Secure method and system for creating a plug and play network
US8908870B2 (en) * 2007-11-01 2014-12-09 Infineon Technologies Ag Method and system for transferring information to a device
US8627079B2 (en) 2007-11-01 2014-01-07 Infineon Technologies Ag Method and system for controlling a device
US20110169602A1 (en) * 2010-01-08 2011-07-14 Gaffney Gene F System and method for monitoring products in a distribution chain
CN104229243B (zh) * 2014-09-26 2016-05-25 国网重庆市电力公司电力科学研究院 电能表自动贴标生产线

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0735722A2 (fr) * 1995-03-31 1996-10-02 Pitney Bowes Inc. Système de validation et de gestion de clés cryptographiques
WO1998057302A1 (fr) * 1997-06-13 1998-12-17 Pitney Bowes Inc. Systeme d'affranchissement virtuel
EP0948158A2 (fr) * 1998-04-01 1999-10-06 Francotyp-Postalia GmbH Procédé de distribution sécurisée de clés

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5153842A (en) * 1990-02-05 1992-10-06 Pitney Bowes Inc. Integrated circuit package label and/or manifest system
JPH08101867A (ja) * 1994-09-30 1996-04-16 Fujitsu Ltd ソフトウェア利用許可システム
US5786587A (en) * 1995-08-10 1998-07-28 American Bank Note Holographics, Inc. Enhancement of chip card security
US6260144B1 (en) * 1996-11-21 2001-07-10 Pitney Bowes Inc. Method for verifying the expected postal security device in a postage metering system
US6289452B1 (en) * 1997-11-07 2001-09-11 Cybersource Corporation Method and system for delivering digital products electronically

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0735722A2 (fr) * 1995-03-31 1996-10-02 Pitney Bowes Inc. Système de validation et de gestion de clés cryptographiques
WO1998057302A1 (fr) * 1997-06-13 1998-12-17 Pitney Bowes Inc. Systeme d'affranchissement virtuel
EP0948158A2 (fr) * 1998-04-01 1999-10-06 Francotyp-Postalia GmbH Procédé de distribution sécurisée de clés

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"INFORMATION-BASED INDICIA PROGRAM (IBIP) PERFORMANCE CRITERIA FOR INFORMATION-BASED INDICIA AND SECURITY ARCHITECTURE FOR CLOSED IBI POSTAGE METERING SYSTEMS", INFORMATION BASED INDICIA PROGRAM HOST SYSTEM SPECIFICATION,XX,XX, 12 January 1999 (1999-01-12), pages COMPLETE, XP002138350 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1967976A2 (fr) 2007-03-06 2008-09-10 Francotyp-Postalia GmbH Procédé de transmission authentifiée d'un ensemble de données ou d'un programme personnalisé vers un module de sécurité matériel, en particulier une affranchisseuse
DE102007011309A1 (de) * 2007-03-06 2008-09-11 Francotyp-Postalia Gmbh Verfahren zur authentisierten Übermittlung eines personalisierten Datensatzes oder Programms an ein Hardware-Sicherheitsmodul, insbesondere einer Frankiermaschine
DE102007011309B4 (de) * 2007-03-06 2008-11-20 Francotyp-Postalia Gmbh Verfahren zur authentisierten Übermittlung eines personalisierten Datensatzes oder Programms an ein Hardware-Sicherheitsmodul, insbesondere einer Frankiermaschine

Also Published As

Publication number Publication date
US20020046175A1 (en) 2002-04-18
US6850912B2 (en) 2005-02-01
DE50112418D1 (de) 2007-06-14
EP1150256B1 (fr) 2007-05-02
DE10020904B4 (de) 2004-12-09
DE10020904A1 (de) 2001-11-08

Similar Documents

Publication Publication Date Title
DE3841389C2 (de) Informationsübermittlungssystem zur zuverlässigen Bestimmung der Echtheit einer Vielzahl von Dokumenten
DE3841393C2 (de) Zuverlässiges System zur Feststellung der Dokumentenechtheit
DE69434621T2 (de) Postgebührensystem mit nachprüfbarer Unversehrtheit
DE60211841T2 (de) Vorrichtung zur Aktualisierung und zum Entzug der Gültigkeit einer Marke in einer Infrastruktur mit öffentlichen Schlüsseln
EP0944027B1 (fr) Machine à affranchir et un procédé pour générer des données valables pour affranchir
DE69628780T3 (de) Verfahren zur Erzeugung von sicheren Kästen in einem Schlüsselverwaltungssystem
DE10131254A1 (de) Verfahren zum Überprüfen der Gültigkeit von digitalen Freimachungsvermerken
DE69636631T2 (de) Verfahren zur Erzeugung und Registrierung von Grundschlüsseln
DE10136608B4 (de) Verfahren und System zur Echtzeitaufzeichnung mit Sicherheitsmodul
EP2283456B1 (fr) Procédé et dispositif pour identifier des objets
EP1150256B1 (fr) Procédé pour la distribution sécurisée de modules de sécurité
DE10056599C2 (de) Verfahren zum Versehen von Postsendungen mit Freimachungsvermerken
DE10020566C2 (de) Verfahren zum Versehen von Postsendungen mit Freimachungsvermerken
CN100486156C (zh) 票据防伪码生成及验证的系统
EP1340197A1 (fr) Procede pour apposer des marques d'affranchissement sur des envois postaux
US7409062B2 (en) Method and device for the generation of checkable forgery-proof documents
DE102021127976B4 (de) Wiederherstellen eines kryptografischen Schlüssels

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): CH DE FR GB IT LI

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

17P Request for examination filed

Effective date: 20020502

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: FRANCOTYP-POSTALIA AG & CO. KG

AKX Designation fees paid

Free format text: CH DE FR GB IT LI

17Q First examination report despatched

Effective date: 20040714

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: FRANCOTYP-POSTALIA GMBH

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): CH DE FR GB IT LI

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20070502

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: ROTTMANN, ZIMMERMANN + PARTNER AG

Ref country code: CH

Ref legal event code: EP

REF Corresponds to:

Ref document number: 50112418

Country of ref document: DE

Date of ref document: 20070614

Kind code of ref document: P

ET Fr: translation filed
PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20080205

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20110222

Year of fee payment: 11

Ref country code: IT

Payment date: 20110221

Year of fee payment: 11

Ref country code: FR

Payment date: 20110302

Year of fee payment: 11

Ref country code: DE

Payment date: 20101214

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20110217

Year of fee payment: 11

REG Reference to a national code

Ref country code: CH

Ref legal event code: PFA

Owner name: FRANCOTYP-POSTALIA GMBH

Free format text: FRANCOTYP-POSTALIA GMBH#TRIFTWEG 21-26#16547 BIRKENWERDER (DE) -TRANSFER TO- FRANCOTYP-POSTALIA GMBH#TRIFTWEG 21-26#16547 BIRKENWERDER (DE)

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20120223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120229

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120229

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20121031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120223

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 50112418

Country of ref document: DE

Effective date: 20120901

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120229

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120901