MXPA97010209A - Valo transfer system - Google Patents

Abstract

The present invention relates to a value transfer system that uses integrated circuit cards to exchange electronic money in off-line transactions employing cryptographically secure message protocols. Each card is loaded with two schemes from a series and the interaction between the cards determines and uses the oldest scheme shared by the cards, which causes a card to change the schemes irrevocably if this common scheme is the same. second scheme. In this way, a change to a new scheme can migrate through the system

Description

SECURITIES TRANSFER SYSTEM The invention refers to a system of transfer of securities in which the value is transferred between electronic portfolios. A system of this type is described, for example, in patent application WO 91/16691. In the system described in the aforementioned patent specification, integrated circuit cards (ICC's) or "Smart Cards" are used as application transport devices (ACD's) to carry electronic wallets. An electronic wallet is a program application that controls the storage in memory in the ACD of a value register that represents "electronic money". By connecting two ACDs together through inter-face devices (IFD's), the respective portfolios are connected together and exchange a series of messages that result in the transfer of value from one portfolio to the other. It is clear that security against fraud is essential in a securities transfer system. The manufacturing process of the ICC's and the increasingly sophisticated security measures included in its manufacturing and programming make it virtually impossible to forge smart cards. Interception and duplication of value transfer messages is prevented by cryptographic encoding messages exchanged in a transaction. Despite the ex- tremely high levels of security that are achieved through modern cryptography, there is a theoretical risk that a particular cryptographic system may be compromised, if not by cryptographic analysis, perhaps by a breach of physical security. causes a leak of algorithms or keys. An object of the present invention is to provide a system of transfer of values in which the cryptographic system currently in use can be changed. Administratively, the change can be made as a regular precautionary measure or in response to an attack on the system currently in use. In accordance with one aspect of the invention, a value transfer system comprising several application-carrying devices is provided.

(ACDs) of electronically programmed microprocessors, each one compiling an electronic portfolio that has a stock of securities, the ACD's are adapted to be connected together in pairs in such a way that the portfolios are coupled and the value can be exchanged in transactions between the portfolios, this exchange of values is achieved through exchanges of messages secured by a cryptographic security scheme, the system also includes a sequential series of security cryptographic schemes that are indicated from old to new and each portfolio is programmed with at least two schemes in that series, the portfolios are additionally programmed to identify and locate, when they are connected in a pair to exchange values between electronic portfolios, the oldest employable common cryptographic security scheme of the pair of portfolios and to subsequently inhibit any scheme of the oldest cryptographic security of the being ie in any of the portfolios. With this arrangement a first portfolio can be automatically changed from the old cryptographic system to a new cryptographic system by finding a second portfolio that has the new system but not the old one. When changing, the first portfolio will then or will have the old system employed and in turn will cause other portfolios to change to the new system. Therefore, by sowing the population of portfolios with new portfolios that do not have the old cryptographic system, the new cryptographic system will migrate through the population of portfolios in a chain reaction. Preferably, each portfolio has a memory region in which an identifier is stored for the security cryptographic scheme currently employed by the portfolio; scheme identifiers will be exchanged between a connected pair of portfolios as a preliminary step in a transaction of exchange of values. While it is suggested that the portfolios may have three or more cryptographic systems to which to connect in sequences, in one embodiment of the present invention, each portfolio is programmed with two successive cryptographic security schemes in series in sequence. Preferably, each security cryptographic scheme comprises at least one cryptographic algorithm and at least one cryptographic key and members of the series differ in their algorithms and / or their keys. The aforementioned patent application describes the use of the RSA coding system which is an asymmetric system of public / private keys. Likewise, the exchange of keys through the DES system is also described. The coding schemes of the present invention may differ among themselves because they employ different unique coding algorithms such as for example RSA or DES, either because they combine the algorithms of different systems or because the keys are different. Successive cryptographic schemes in the series are not necessarily different. It may be desirable to force current smart cards towards obsolescence by having them switch to a new cryptographic scheme even though it is the same as the old one. Accordingly, in one embodiment of the present invention, miemt >The successive series of security cryptographic schemes are the same except that they are associated with different schema identifiers, the schema identifiers are stored in the portfolios and are used to identify the common cryptographic scheme plus arithmet- a pair of connected portfolios and to control the inhibition of any older security and cryptography scheme of any one of the portfolios. In addition, selected ACD's can be provided with two programmed electronic portfolios with respective and different cryptographic security schemes, said selected ACD's are programmed, when connecting with another ACD, to select a portfolio in order to allow a transaction between said portfolio. another ACD and the portfolio selected in accordance with the compactibility of the portfolio's cryptographic security systems. In accordance with another aspect of the present invention, there is provided a value transfer system comprising a multiplicity of electronic programmed microprocessor-carrying application (ACD's) devices each comprising an electronic wallet having a stock of securities, the ACD's are adapted to be connected together in pairs in order to connect the portfolios and allow the exchange of securities in transactions between the portfolios, this exchange of values is achieved through the exchange of messages secured by a security scheme, where provides selected ACDs with two electronic portfolios programmed with respective and different cryptographic security schemes, said selected ACDs are programmed, being connected to another ACD to select a portfolio in order to allow a transaction between the portfolio of said other ACD and the portfolio selected in accordance with the compatibility of portfolio security cryptographic systems. With this arrangement, it is possible to offer a cutting strategy for a particular cryptographic scheme or a set of schemes. By providing selected portfolios, for example retail sellers and banks, with double-walled smart cards (ACDs), a portfolio that has the old schemes and the other portfolio that has new schemes, it is possible to isolate "old money" from the "old". new money "while allowing transactions to continue with the old systems, perhaps for a limited period of time. The invention will be further described with reference to the accompanying drawings, in which: Figure 1 is a schematic diagram of an application carrier device in the form of an integrated circuit card (ICC) in a system in accordance with the present invention; Figure 2 is a diagram illustrating the allocation of memory in an electronic portfolio loaded in the ICC of Figure 1; Figure 3 is a diagram illustrating a transaction of securities transfer between two portfolios of a system in accordance with the present invention; and Figure 4 is a diagram illustrating a portfolio arrangement for achieving cryptographic cutting in a system in accordance with the present invention. It will be understood that the present invention is a development of the value transfer system described in the patent application no. WO 91/16691. This specification describes the use of ICC's as an application carrying device to carry electronic wallets. Electronic wallets have records of various types held in read-only memory, pragramables, electrically erasable (EEPROM) that includes the records of values for detention values, log records, etc. The portfolio can be connected through interface devices to exchange values in accordance with protocols that involve the exchange of cryptographically secure messages. The electronic money can, therefore, be withdrawn from a bank, exchanged in offline transactions, for example, with retailers and charged in a bank. For the sake of brevity, many of the technical details of the system will not be repeated here but, if necessary, reference will be made to the aforementioned previous patent specification. Figure 1 illustrates an application carrier device (ACD) in the form of an ICC 1. The ICC has a contact pad 2 on one surface that carries several separate electrical contacts so that an external power source can be connected to the object to provide energy to the. card and a serial communication channel can be established to transmit data to and from the card. The card includes a microprocessor 3, an EEPROM 4 and a random process memory 5. The EEPROM 4 contains an operating system that contains three subsystems: (a) a file manager; (b) an operating time executive; and (c) a BIOS (binary input / output system). When it is loaded, the operating system is used to load an electronic portfolio into the EEPROM, which is an application, that is, a program with associated data files. Figure 2 shows some of the elements of an electronic portfolio with schematic assignments of EEPROM regions. The operation of the portfolio is controlled by means of a program in 6 that has associated data files. For example, there is a registry of values in 7, transaction logs in 8 and a unique portfolio indicator in 9. Security is maintained through the use of cryptographic schemes and this portfolio has two schemes. Scheme A has algorithms at 10 and a set of cryptographic keys at 11. Scheme B has algorithms at 12 and a set of cryptographic keys at 13. A cryptographic file 14 includes 3 single-byte fields: a cut-off domain 15; migration level 16 and migrated indicator 17. The cut domain byte value indicates the particular cut domain in which the portfolio exists. Portfolio of different domains do not communicate between them. Therefore, if it is considered desirable to make a major change in the system from a particular cut-off date, then all new portfolios as of this date "will have a new byte of cut-off domain at 15. In a particular domain, A series of cryptographic schemes is defined, for example, in the first domain, the series A, B, C, D, E may exist where A is the first oldest scheme or schema to be used and E is the last scheme or schema Each portfolio includes two successive schemes of the series.The first set of portfolios will include schemes A and B, which can be called respectively the initial scheme and the final scheme for this portfolio. call Emission 1. Migration level byte 16 maintains, for example, "A" which indicates that the portfolio includes schemes A and B, that is, this portfolio is Emission 1, in the cut domain. will be described, l The portfolio can be irrevocably changed from the use of scheme A to the use of scheme B. The value of byte 17 of the indicated indicator indicates and this change has been made. Therefore, by reading bytes 15 to 17, the particular cryptographic scheme currently in use by the portfolio can be determined. When two portfolios X and Y communicate by a transfer of value, the security schemes used are determined by means of the following rules: i) If the current schemes and the current schemes of X and Y are the same, then the scheme is used and no schema change occurs; ii) If the current schemes of X and Y differ, they are adjacent in the histographic series, and if the oldest of the two schemes is the initial scheme for the portfolio to which it belongs, then a permanent change is made in the portfolio using his initial scheme in such a way that his final scheme will always be used from now on. Therefore, the "final" scheme is called the current scheme, and the initial scheme in this portfolio will no longer be used. iii) If neither (i) nor (ii) is applied, then the portfolios can not communicate. The transfer of value can not be carried out, and no change is made to the security scheme of any of the portfolios. It will be noted that transfers of securities between portfolios of Issue 1 are made using Scheme A, since it is the oldest common scheme of the two portfolios. When it is required to cancel scheme A, a portfolio issue two is released which contain B and C. When the transfer of securities is made between a portfolio of Issue 1 and a portfolio of Issue 2, rule (ii) take effect and an irreversible change is made in the Issue 1 portfolio to use scheme B from now on. So, the Issue 1 portfolio becomes an exchange agent in itself, since when a transfer of securities is made between said portfolio and another portfolio of Issue 1, which has not been changed to Scheme B, then rule (ii) applies again and the second portfolio of Issue 1 changes to scheme B. The change will be made by changing byte 17 migrated in the EEPROM. Gradually, through a process of osmosis, the portfolios of Issue 1 change to Scheme B. The change will be quite rapid and Issue 2 is widely released (in retail outlets, for example), even though in theory it is sufficient that there is a portfolio to trigger the entire process.

A change from B to C is carried out in the same way but creating an Issue 3 with schemes C and D. Once this issuance, and therefore the C system is established, the portfolios of Issue 1 can no longer be created . It should be noted that the change does not depend in any way on the dates. This is deliberate since dates are not always reliable and watches are not found on all computers. No decision regarding the life of a scheme should be made when the portfolios that contain it are issued. Figure 3 illustrates a point of sale terminal 18 in a retail place. Terminal 18 is a retail vendor interface and ICC 19 that includes the retail vendor wallet 19a. The CCI 1 of clients of FIGS. 1 and 2 can be inserted into a slot in the body of the terminal 18. In this example, the card 1 of the client has a portfolio with schemes A and B and the card 19 of the vendor. retail has a portfolio 19a with schemes B and C. As described in the foregoing paragraph specification, a transfer of securities transaction includes three essential messages encrypted: (a) Request for Submission: from the portfolio of the beneficiary (its retail vendor) to the payer's (customer) portfolio by requesting an agreed V-value. (b) Payment value: from the payer's portfolio to the beneficiary's portfolio that includes the payment command to pay V. (c) Payment Acknowledgment: from the beneficiary's portfolio to the payer's portfolio to adjust the payment receipt of value V. These are the payment messages and, as described in the previous patent specification, these messages have a cryptographic signature and are verified. Before the payment phase where payment messages are sent, there is a pre-payment phase where information is exchanged between the portfolios regarding the status of the portfolios. This information is transmitted in clear, that is, not in a cryptographic way, the data received in this stage by a portfolio from the other portfolio are "counterpart portfolio data". With reference to Figure 3, a sequence of messages for the transaction between the customer's portfolio and the retail seller's portfolio 19a is illustrated. The messages above line 20 are. pre-paid messages sent in clear and messages under line 20 are cryptographically signed messages. First, by sending interrogation commands to both portfolios, terminal 18 derives responses containing information on the status of the portfolios. In said portfolio status information is included the value of bytes 15 to 17 that collectively indicate the current cryptographic scheme of the series A to E under which each portfolio operates. The portfolio receives a message of "Start of Payment Payer" from terminal 18 and from data of counterpart portfolio determines that portfolio 19a is currently in scheme B and concludes that the portfolio will migrate to Scheme B. Portfolio 19a receives a "Beneficiary Payment Start" message from terminal 18 and from the counterpart portfolio data it recognizes that the portfolio is currently using scheme A and will migrate to scheme B The portfolio 19a sends a Payment Position message based on scheme B and contains information regarding the value of bytes 15 to 17 in its EEPROM. The portfolio expects portfolio 19a to be using Scheme B. It reviews the signature of the Request for Payment using Scheme B. As part of the review of the entry firm, it reviews that portfolio 19a has a correct understanding of the migration what will happen - that is, the portfolio will migrate and portfolio 19a will not. In this way any anomaly can be resolved. For example, it is not possible for both portfolios to igren. This will be indicated when the transaction is not carried out and none of the portfolios migrate. If the Signature of Payment Request is valid, the portfolio irrevocably migrates to scheme B adjusted byte 17 in its EEPROM. The portfolio sends a message of payment value to portfolio 19a. This message is cryptographically signed and includes information regarding bytes 15 to 17, showing that the portfolio has migrated to scheme B. Portfolio 19a uses scheme B to review the portfolio firms. Finally, the portfolio 19a sends a message of acknowledgment of payment to the portfolio, cryptographically signed, and again includes information regarding its bytes 15 to 17. Therefore it will be noted that the schema status information is exchanged first in clear between the portfolios and is then incorporated into the three basic messages of cryptographically signed payment. The information in these signed messages is derived internally within the ICC and can not be externally simulated in an attempt to fraudulently carry the schema migration. A procedure similar to the one described above is performed when the cryptographic scheme of the beneficiary's portfolio migrates due to a transaction with a client portfolio with a more recent current scheme. Here, the migration is made in the beneficiary's portfolio upon receipt of a valid validated Payment Value message. While the previous description refers to the productive migration towards successive cryptographic schemes, there may be opportunities in which it is necessary to implement a cut. A cut is a strategy to abandon all the cryptographic schemes in use to date in a system and to restart with a new rippling scheme or a series of schemes. The cut may be necessary, for example, to carry the removal of existing ICC's if a significant improvement in the system must be implemented or if a major breach of the security system has been discovered. In order to implement a cut, special ICC's could be introduced in the scheme. The EEPROM of one of these ICC's is shown in Figures 4 to 21. The EEPROM has two portfolios 22 and 23, each with two cryptographic schemes. In the case of a breach of security, the two portfolios would have schemes that belong to an "old" series and a "new" series and the two series would present a total difference and could not be merged. However, if the system is not cryptographically compromised and the cut is introduced for administrative reasons, it is possible that the two series could be the same. However, the two portfolios belong to different cut domains and have different respective values in byte 15. The portfolio programs will therefore not recognize any common cryptographic scheme with other portfolios with a different cut domain value since this value is part of the cryptographic schema identifier. As a result, portfolios can exchange securities only with portfolios of the same court domain. The selection of which portfolio to use in ICC 21 is done through a program routine that identifies the value of the 15th byte in the client's portfolio based on the counterparty's portfolio data. The supply of retail cards with two portfolios of different domains allows the continuation of transactions with old portfolios while introducing new cards. This splice period may be limited in time. The consequence of the arrangement is that the electronic money issued under the original domain is isolated from the electronic money issued under the new domain in such a way that any damage to the system in general can be limited. ? 0

Claims (7)

1. CLAIMS 1. A system of transfer of securities that includes a multiplicity of devices that carry application (ACD's) of programmed electronic microprocessors, each one comprises an electronic portfolio that has a stock of values, the ACD's are adapted to be connected together in pairs in such a way that the portfolios are coupled and that values can be exchanged in transactions between the portfolios, said exchange of values is carried out through exchanges of messages secured by a security cryptographic scheme, the system also comprises a sequence series! of cryptographic security schemes that are located from old to new and each portfolio is programmed with at least two schemes in said series, the portfolios are additionally programmed to identify and use, when they are connected in a pair to exchange values between electronic portfolios, the the oldest employable common security cryptographic scheme of the pair of portfolios and to later inhibit as replacement any older security cryptographic scheme of the series in both portfolios.
2. 2. A system for transferring securities according to claim 1, wherein said portfolio has a memory region in which an identifier is stored for the security cryptographic scheme currently in use by the portfolio, the identifiers of schemes they are exchanged between a pair of linked portfolios as a preliminary step in a securities exchange transaction.
3. 3. A system for transferring securities according to any of the preceding claims, wherein each portfolio is programmed with two successive cryptographic security schemes in the sequential series.
4. 4. A system for transferring values according to any of the preceding claims, wherein each security cryptographic scheme comprises at least one cryptographic algorithm and at least one cryptographic key and members of the series differ in their algorithms and / or your keys
5. 5. A system for transferring values according to claim as claimed in any of the preceding claims, wherein successive members of the series of security cryptographic schemes are the same except that they are related to different identifiers of the scheme, the iden ficators. Schema are stored in the portfolios and are used to identify the oldest common cryptographic scheme of a pair of connected portfolios and to control the inhibition of any older security cryptographic scheme of the series in any of the portfolios.
6. 6. A system for transferring securities in accordance with that claimed in any of the preceding claims, where selected ACD's are provided with two electronic portfolios programmed with respective and different security cryptographic schemes, said selected ACD's are programmed, being connected to another ACD to select a portfolio with the purpose of allowing a transaction between the portfolio of said other ACD and the selected portfolio in accordance with the compatibility of the portfolio's cryptographic security systems.
7. 7. A value transfer system comprising a multiplicity of electronically programmed microprocessor-based application bearer devices (ACD's) each comprising an electronic wallet having a store of values, the ACD's are adapted to be connected together in pairs in such a way that the portfolios are coupled and securities can be exchanged in transactions between the portfolios, this exchange of values is carried out through the exchange of messages secured by a security cryptographic scheme, where selected ACDs are provided with two electronic portfolios programmed with respective security cryptographic schemes and different, said ACDs are programmed, being connected to another ACD to select a portfolio in order to allow a transaction between the portfolio of the other ACD and the selected portfolio in accordance with the compatibility of the cryptographic security systems of the portfolio.