EP2452319A1 - Method and device for authenticating components within an automatic teller machine - Google Patents
Method and device for authenticating components within an automatic teller machineInfo
- Publication number
- EP2452319A1 EP2452319A1 EP10725684A EP10725684A EP2452319A1 EP 2452319 A1 EP2452319 A1 EP 2452319A1 EP 10725684 A EP10725684 A EP 10725684A EP 10725684 A EP10725684 A EP 10725684A EP 2452319 A1 EP2452319 A1 EP 2452319A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- components
- self
- service machine
- encryption
- atm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
- G07F19/206—Software aspects at ATMs
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- a method for authenticating components of a self-service machine the components having unique identification information that is interchangeable among the components.
- Self-service (SB) machines often have a number of components to be interconnected. As a rule, these machines have a standardized PC platform that meets special security requirements. On this PC platform (motherboard), for example, via USB interfaces, keyboards, payoff units (banknote divider module), card readers, monitors, and other devices are connected. It should also be noted that ATMs are inserted into ATMs that are to be authenticated or that the ATM has to authenticate to the cartridge in order to enable it to function. Furthermore, the e ⁇ machines include the ability to connect rrn another computer, a tung Wa L-Ingenicur damic, for example, with his laptop can connect to the self-service machine.
- UJB or other serial (V24) links are used to interconnect the devices.
- Cs are cases in which a safety-relevant component m should be replaced by an oB-automaton, in the following abbreviation automaton.
- a safety-relevant component m should be replaced by an oB-automaton, in the following abbreviation automaton.
- Such a component could be a hardware module such as a cashbox sr-m, but also a software component such as a cashbox.
- Crucial to this process is that the ATM (PC) is authenticated to the new component or the ATM can verify the authenticity of the component. Only after successful authentication does the new component perform its service.
- the component itself is signed by a CA or has simulations that allow it to ileipi digital signatures or certificates. Also in this case, a classic PKE must be managed.
- the object of the invention is to provide an alternative authentication that does not have the disadvantages of the approaches described above.
- the object is achieved by a method and a device having the features of the independent claims.
- the invention describes a new approach to o.g. Problems
- the approach of the invention is based on a clever use of the so-called iden matic terbased cryptography (IBE).
- IBE iden matic terbased cryptography
- public unique information such as e.g. a serial number used as a public key.
- the money certificate equipped with all necessary parametres, demands the public information of the component. From this information, he can use the parameters to create a signature that the component can check with its public information.
- This method can also be combined with a challenge-response method, counters, or other methods to prevent replay attacks.
- IBE encryption is encryption based on the identity of the user or device.
- IBE encryption does not use a cryptic number key but the identity of a recipient. This has the advantage that the recipient does not have to remember a long payer code but can use an agreed identity feature such as his date of birth, the telephone number or the e-mail address as the public key.
- the Message rai L of an identity is encrypted and, the key manaqem is omitted.
- Ib information can be used.
- the data is signed with the private key and the signature ubeipi ⁇ f t with the identity and the public key (empf, pkPKG).
- two components within the self-service machine check themselves based on a detectable Idertatat.
- identity e.g. the line number, network number (MAC) or other unique identifiers prades t imecL.
- MAC network number
- a currency in addition to the senunary agreement, a currency is also incorporated, which feeds encrypted / signed information into it. If the payer is correct, this number is raised, so that a double use of a message can be avoided. It should be noted that the components must not only consist of Haidware, but this can also be a software exchange Whereby the software that is exchanged, signed or encrypted Wnd
- the so-called Servei can be placed in a terminal form directly in the / ATM as a "small" CA.
- the cassette should be able to dxe verify the authenticity of 7ATMo. For this purpose, no exchange of private locks should take place.
- the new cartridge can handle its own public key and thus can check the night of the ATM, which it knows with the private key de ⁇ _ lassette, which is a CA and thus can mend it to the IBS (Identity Based Signature) scheme
- the signature is used for the cassette, the cassette having its own lid and the public public key being able to derive its own public key in order to obtain its signature Cassette assume that it is in the right Geiat, or in the right group of devices
- the signatures are customizable for each authentication and therefore not abusive to other authentication processes.
- the solution may work on systems with limited resources, such as Cash cassettes, smart cards, etc., to be implemented.
- Fig. 1 shows a layer model of authentication, with a CA (Certificate Authority), an ATM (ATK) and an L cashbox, the cassette authenticating the machine to issue money.
- CA Certificate Authority
- ATM ATM
- L cashbox the cassette authenticating the machine to issue money.
- CA CA and an ATM, wherein a signed firmware is passed.
- Embodiment of the invention shows a layer representation of the present invention.
- the CA in possession of the two master keys creates a public key IBSp accessible to all components and a private key IBSs for each component generated by the master key taking into account the serial number of the component ,
- the private key since it was generated based on the ATM serial number, is merely handed over to the ATM, the public key is handed over to all.
- the CA preferably manages the private keys of the ATMs and the ATMs the private keys of the cash boxes so that the private keys of the cash boxes are not distributed with the cash boxes.
- Fig. 2 shows an alternative embodiment of the present invention.
- the ATM should receive new software.
- This software is provided by the CA, in this example a Challenge Response method is described.
- the CA asks the ATM to download the sotware.
- the ATM then counters the CA by offering to deploy the software.
- the CA provides its serial number and a signed firmware including a previously notified meter.
- the ATM verifies the signature using the CA's public key and serial number. If the verification of the signature and the counter were successful, the machine will be updated. In case of failure, the firmware is rejected
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE200910032355 DE102009032355A1 (en) | 2009-07-08 | 2009-07-08 | Method and device for authenticating components within an ATM |
PCT/EP2010/058480 WO2011003712A1 (en) | 2009-07-08 | 2010-06-16 | Method and device for authenticating components within an automatic teller machine |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2452319A1 true EP2452319A1 (en) | 2012-05-16 |
Family
ID=42358588
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10725684A Withdrawn EP2452319A1 (en) | 2009-07-08 | 2010-06-16 | Method and device for authenticating components within an automatic teller machine |
Country Status (5)
Country | Link |
---|---|
US (1) | US8898462B2 (en) |
EP (1) | EP2452319A1 (en) |
CN (1) | CN102511057B (en) |
DE (1) | DE102009032355A1 (en) |
WO (1) | WO2011003712A1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102010000482A1 (en) | 2010-02-19 | 2011-08-25 | WINCOR NIXDORF International GmbH, 33106 | Method and procedure for entering PINs with consistent software stack on ATMs |
DE102011001430A1 (en) | 2011-03-21 | 2012-09-27 | Wincor Nixdorf International Gmbh | Method of operating a cashbox with custom keys |
DE102011056191A1 (en) | 2011-12-08 | 2013-06-13 | Wincor Nixdorf International Gmbh | Device for protecting security tokens against malware |
BR102013026265A2 (en) * | 2013-10-11 | 2015-08-25 | Oki Brasil Indústria E Comércio De Produtos E Tecnologia Em Automação S A | System and safety method |
US11145152B2 (en) * | 2018-03-09 | 2021-10-12 | Global Payments Gaming Services Inc. | Bill-loading machine |
CN113299018A (en) * | 2021-06-22 | 2021-08-24 | 上海和数软件有限公司 | ATM software remote upgrading method |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080095369A1 (en) * | 2006-10-18 | 2008-04-24 | Nortel Networks Limited | Method of configuring a node, related node and configuration server |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2001291876C1 (en) | 2000-09-22 | 2006-11-23 | Gesellschaft Fuer Biotechnologische Forschung Mbh (Gbf) | Triazolo-epothilones |
US7121460B1 (en) * | 2002-07-16 | 2006-10-17 | Diebold Self-Service Systems Division Of Diebold, Incorporated | Automated banking machine component authentication system and method |
US7309004B1 (en) * | 2002-12-26 | 2007-12-18 | Diebold Self-Service Systems, Division Of Diebold, Incorporated | Cash dispensing automated banking machine firmware authentication system and method |
US20050005136A1 (en) | 2003-04-23 | 2005-01-06 | Liqun Chen | Security method and apparatus using biometric data |
US7017181B2 (en) | 2003-06-25 | 2006-03-21 | Voltage Security, Inc. | Identity-based-encryption messaging system with public parameter host servers |
GB0414840D0 (en) * | 2004-07-02 | 2004-08-04 | Ncr Int Inc | Self-service terminal |
DE102005018676B4 (en) | 2005-04-21 | 2008-09-25 | Wincor Nixdorf International Gmbh | Key management procedure for cryptographic modules |
DE102006049518A1 (en) | 2006-10-20 | 2008-04-24 | Wincor Nixdorf International Gmbh | Self-service device with monitoring device |
US20090119221A1 (en) | 2007-11-05 | 2009-05-07 | Timothy Martin Weston | System and Method for Cryptographically Authenticated Display Prompt Control for Multifunctional Payment Terminals |
DE102008060863A1 (en) | 2008-12-09 | 2010-06-10 | Wincor Nixdorf International Gmbh | System and method for secure communication of components within self-service terminals |
-
2009
- 2009-07-08 DE DE200910032355 patent/DE102009032355A1/en active Pending
-
2010
- 2010-06-16 EP EP10725684A patent/EP2452319A1/en not_active Withdrawn
- 2010-06-16 US US13/379,990 patent/US8898462B2/en active Active
- 2010-06-16 WO PCT/EP2010/058480 patent/WO2011003712A1/en active Application Filing
- 2010-06-16 CN CN201080030567.3A patent/CN102511057B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080095369A1 (en) * | 2006-10-18 | 2008-04-24 | Nortel Networks Limited | Method of configuring a node, related node and configuration server |
Non-Patent Citations (2)
Title |
---|
CARL YOUNGBLOOD: "An Introduction to Identity-based Cryptography", 1 January 2006 (2006-01-01), XP055219652, Retrieved from the Internet <URL:https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/youngblood.ppt> [retrieved on 20151009] * |
See also references of WO2011003712A1 * |
Also Published As
Publication number | Publication date |
---|---|
DE102009032355A1 (en) | 2011-01-20 |
WO2011003712A1 (en) | 2011-01-13 |
CN102511057B (en) | 2015-05-20 |
US20120102327A1 (en) | 2012-04-26 |
CN102511057A (en) | 2012-06-20 |
US8898462B2 (en) | 2014-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3596653B1 (en) | Issuing virtual documents in a block chain | |
EP3474172B1 (en) | Access control using a blockchain | |
DE102017212618B3 (en) | Hardware system with blockchain | |
EP3319006B1 (en) | Method for offline authenticity testing of a virtual document | |
EP3125492A1 (en) | Method and system for generating a secure communication channel for terminals | |
DE112011100182T5 (en) | Transaction check for data security devices | |
WO2018104276A1 (en) | Master blockchain | |
DE19947986A1 (en) | Method of downloading of application parts via distributed systems on to a chip-card, requires provision of secret code or session key by the server prior to loading command-sequence of commands for downloading | |
WO2011003712A1 (en) | Method and device for authenticating components within an automatic teller machine | |
AT506735B1 (en) | DISTRIBUTED DATA STORAGE DEVICE | |
EP3465513B1 (en) | User authentication by means of an id token | |
EP3422274A1 (en) | Method for configuring or changing a configuration of a payment terminal and/or for allocating a payment terminal to an operator | |
WO2018166942A1 (en) | Method for access control | |
EP3767513B1 (en) | Method for secure execution of a remote signature, and security system | |
EP4250636A2 (en) | Method for hsm migration | |
EP4254234A1 (en) | Digital credential issuing for an entity | |
WO2014037070A1 (en) | Method for generating a derived authority from an original data carrier | |
EP3125464B1 (en) | Blocking service for a certificate created using an id token | |
DE102008010788B4 (en) | Method for authentication and authentication of persons and units | |
EP3367285B1 (en) | Terminal, id-token, computer program and corresponding methods for authenticating access authorization | |
WO2016146726A1 (en) | Method for generating a certificate for a security token | |
WO2022069247A1 (en) | Device and method for setting up a service-based authentication | |
EP4092958A1 (en) | Issuing of a digital verifiable credential | |
WO2024046681A1 (en) | Method for authenticating data | |
EP3588416A1 (en) | Method and device for operating a digital payment system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20111209 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: NOLTE, MICHAEL Inventor name: RUNOWSKI, MATTHIAS Inventor name: KRUMMEL, VOLKER |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20140716 |
|
APBK | Appeal reference recorded |
Free format text: ORIGINAL CODE: EPIDOSNREFNE |
|
APBN | Date of receipt of notice of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA2E |
|
APBR | Date of receipt of statement of grounds of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA3E |
|
APAF | Appeal reference modified |
Free format text: ORIGINAL CODE: EPIDOSCREFNE |
|
APBT | Appeal procedure closed |
Free format text: ORIGINAL CODE: EPIDOSNNOA9E |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20200103 |