WO1998059327A1 - Module de securite - Google Patents

Module de securite Download PDF

Info

Publication number
WO1998059327A1
WO1998059327A1 PCT/SE1998/001019 SE9801019W WO9859327A1 WO 1998059327 A1 WO1998059327 A1 WO 1998059327A1 SE 9801019 W SE9801019 W SE 9801019W WO 9859327 A1 WO9859327 A1 WO 9859327A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
transaction station
transaction
central computer
cryptographic
Prior art date
Application number
PCT/SE1998/001019
Other languages
English (en)
Inventor
Bengt Hedin
Kjell Jansson
Bo Molander
Original Assignee
Digital Equipment Bcfi Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Equipment Bcfi Ab filed Critical Digital Equipment Bcfi Ab
Priority to JP11503383A priority Critical patent/JP2000507380A/ja
Priority to AU80447/98A priority patent/AU8044798A/en
Publication of WO1998059327A1 publication Critical patent/WO1998059327A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor

Definitions

  • the present invention relates to cryptographic processing of the communication between a transaction station and a central computer in connection with financial transactions.
  • a transaction station which is in communication with a central computer, for carrying out various types of financial transactions through the central computer.
  • So-called ATMs Automatic Teller Machines
  • PIN code PIN - Personal Identification Number
  • the PIN code is usually entered with the aid of a keypad located on the ATM. Subsequently, the user indicates the transaction he wishes to carry out, usually a desired withdrawal amount. Next, the ATM transmits this information (account number, PIN code, withdrawal amount) to a central computer which contains information about the accounts of various cardholders. The communication between the ATM and the central computer often takes place by the intermediary of a telephone connection. The central computer verifies that the PIN code entered is the correct one for the account number provided and, if so, transmits an enabling signal to the ATM, which enabling signal indicates that the transaction has been approved. Upon receipt of the approval, the ATM dispenses notes corresponding to the desired withdrawal amount from a note dispenser to the user.
  • the central computer determines that the PIN code entered is incorrect for the account number provid- ed, it transmits an error signal to the ATM, in which case the latter either allows the user to make another attempt to enter the correct PIN code, returns the card to the user without dispensing any cash, or withholds the card.
  • the verification of the PIN code and the like can also take place in the transaction station itself, so-called off-line verification.
  • transaction stations are equipped with a so-called safety module, in which cryptographic keys and algorithms for the communication between the transaction station and the central computer are provided and executed.
  • the safety module is essentially fixedly or stationarily connected to the transaction station. In the case of ATMs, the safety module is generally fixedly con-, nected inside a safety cabinet in the machine. Since one wishes to ensure that unauthorised individuals do not gain access to the information in the safety module, i.e.
  • the safety module is protected by embedding the electronic circuitry inside a physically protective shell and by providing the module with a destruct function which, by utilising various sensor members, e.g. an enclosing metal layer, is intended to destroy the cryptographic keys and other essential software in the event that someone tries to break open the safety module.
  • a destruct function which, by utilising various sensor members, e.g. an enclosing metal layer, is intended to destroy the cryptographic keys and other essential software in the event that someone tries to break open the safety module.
  • the safety module is usually equipped with a battery which ensures that the cryptographic keys are retained in the memory even if the power supply to the safety module is temporarily cut off or is lacking, for example in connection with a power cut or when an ATM is temporarily shut off for maintenance, repairs, updating or the like.
  • the battery is also active from the time when the safety module is provided with the cryptographic keys until the safety module has been arranged inside or adjacent to the transaction station and the latter has been connected to mains current. In some cases, the battery may also be necessary for maintaining the above-mentioned destruct function in a situation where the safety module has been disconnected.
  • a problem associated with these types of safety modules is that the need to protect the contents from unauthorised access, and therefore the necessity of safety arrangements and destruct functions, results in additional difficulties and costs in connection with the manufacture and design of the safety module.
  • a further problem is that a malfunction of the safety module cannot be easily dealt with. Often, service staff must go to the malfunctioning transaction station to replace or repair the malfunctioning part of the safe- ty module. Naturally, this results in undesired costs and time periods when the transaction station is not usable.
  • Another object of the invention is to provide a solution which avoids the problems connected with the limited life of the battery.
  • Yet another object is to provide a solution which enables easier and quicker repair, maintenance and updating of the safety module.
  • an IC card designed to be essentially sta- tionarily arranged in a card reader inside, or adjacent to, a transaction station for cryptographic processing of data which is to be transmitted from the transaction sta- tion to a central computer and/or data which is received by the transaction station from a central computer, said IC card being utilised in connection with the serving of several different users of said transaction station, which IC card comprises: means for storing one or more cryptographic keys; means for receiving input signals to the card; means for executing one or more cryptographic .
  • the invention is thus based upon the idea of replacing the conventional safety module with an IC card reader provided with an IC card according to the invention, which supplies the keys and algorithms required for cryptographic processing of the communication between the transaction station and the central computer.
  • the IC card is utilised for e.g. encryption, decryption and authentication of messages. Accordingly, the IC card advantageously stores master keys as well as session keys and authentication keys.
  • the preferred algorithm for cryptographic processing is the so-called DES algorithm (DES - Data Encryption Standard) .
  • IC cards are physical structures such that cryptogra- phic keys stored therein normally cannot be read from the card, considering what is practicable using existing technology. Consequently, the utilisation of an IC card according to the invention, as a replacement for the conventional safety module, results in inherent protection against the risk of an unauthorised individual gaining access to the secret keys. Even if the IC card itself were to fall into the wrong hands, this individual will still not gain access to the keys. Consequently, the IC cards themselves can be handled without any special safe- ty arrangements. If an IC card were to malfunction in a transaction station, a new card could easily be sent by mail to the persons responsible for the ongoing operation of the transaction station.
  • the memory used in the IC card consists of a non-volatile memory, usually of the EEPROM type, in which the information in the memory cells is changed with the aid of elec- trical signals but is physically preserved without any holding current being required, the need for providing a separate auxiliary current feed for the memory part of the IC card is eliminated, which is an advantageous difference in comparison with the known safety module.
  • IC cards according to the invention are not restricted to a specific card size.
  • IC cards of the following size types: ID-1, ID-00 (mini- cards), and ID-000 (plug-in cards).
  • ID-1 size types
  • ID-00 mini- cards
  • ID-000 plug-in cards
  • the IC card according to the invention should not be equated with the various types of cards, such as magnetic cards or IC cards, which a user of a transaction station sometimes carries to gain access to and utilise the station, such as ATM cards, credit cards or the like normally issued for personal use. Those types of cards are utilised only very temporarily in the transaction station when the specific cardholder is being served.
  • the IC card according to the invention is intended to be gene- rally stationarily arranged in, or adjacent to, the transaction station.
  • the IC card according to the inven- . tion is thus utilised essentially continuously in the transaction station in connection with the serving of several different users visiting the transaction station, usually one at a time.
  • the term generally stationarily means that the IC card according to the invention is permanently arranged in the transaction station during on-going operation, but that, obviously, the card can be replaced when required, for example in connection with a malfunction, when replac- ing or updating keys, or at regular intervals as a pure upgrading measure.
  • the invention relates to a transaction station, intended to communicate with a central computer and to serve a user in connection with the carrying out of desired financial transactions through the central computer, which transaction station comprises: a user interface for data inputting by a user; and means for cryptographic processing of data which is to be transmitted to and/or be received from the central computer; the transaction station according to the invention being characterised in that said means for cryptographic processing comprise a card reader intended to receive an IC card according to the above-mentioned first aspect of the pre- sent invention.
  • the transaction station according to the invention consists of an ATM ("Automatic Teller Machine"), for example of the types which in Sweden are provided in public places, in banks, etc., under the brand names "Bankomat” and “Minuten” .
  • ATM Automatic Teller Machine
  • said card reader is adapted to receive said IC card in such a way that it is inaccessible to a user. This reduces the risk of a user deliberately or inadvertently removing the IC card according to the invention, something which is not of great importance from the point of view of safety, as discussed above, but which nevertheless would mean that the encrypting function of the transaction station would be put out of order.
  • One way of achieving this is for the transaction station to be designed in such a way that the user only has access to a certain interface, while the card reader for the IC card according to the invention does not form part of this interface but is instead located elsewhere.
  • said card reader for the IC card according to the invention is arranged in a safety cabinet, for example inside the transaction station or adjacent to the transaction station.
  • a user interface as stated above advantageously comprises means for inputting a user identity, such as an additional card reader for reading an account number which is magnetically stored in the user's credit card; means for inputting a desired financial transaction, such as a keypad, and means for inputting an access code, such as a PIN code.
  • said additional card reader for reading, for example, an account number stored in the user' s credit card does not constitute the same card reader as the one employed for receiving the IC card according to the invention.
  • the user interface comprises a personal computer with an associated monitor, keyboard, mouse or like pointing device.
  • the transaction station according to the invention advantageously comprises means for providing control information, such as information concerning the desired type of cryptographic processing as well as information or data required for this processing, to said IC card according to the invention, as well as means for receiving said output signals from the IC card.
  • control information such as information concerning the desired type of cryptographic processing as well as information or data required for this processing
  • a transaction station can, for example, be designed as a so-called payment terminal which, for example, is located adjacent to cash registers in supermarkets, shops, and the like, where the customer can pay for goods or services purchased by, for example, entering an account number, usually also by means of a magnetic card, and confirming that he is an authorised user by inputting the correct PIN code.
  • one or more payment terminals are connected to a personal computer which in turn communicates with a central computer at a bank or the like.
  • a further example of transaction stations according to the invention comprise personal computer terminals which are configured to enable the user to request various financial transactions in a similar way through a central computer.
  • Such personal computer terminals can, for example, be made available to the public in public places, in banks, in companies as a service offered to employees, or explicitly for the accounting functions of the company.
  • the technique of providing this type of opportunity to carry out financial transactions at home with the aid of computers is also more or less a reality already.
  • FIG. 1 schematically shows a perspective view of a transaction station in the form of an ATM according to the present invention
  • Fig. 2 is a schematic block diagram of the transaction station in Fig. 1;
  • Fig. 3 is a schematic block diagram of the integrated circuit on the IC card in Fig. 2;
  • Fig. 4 is a flowchart for the control computer in Fig. 2;
  • Fig. 5 shows the structure of an example of a mes- sage being transmitted from the transaction station to the central computer in Fig. 2;
  • Fig. 6 is a flowchart for the integrated circuit in Fig. 3.
  • Fig. 1 is a perspective view of a transaction station 100 in the form of an ATM according to a preferred embodiment of the invention.
  • the transaction station 100 in Fig. 1 comprises a first card reader 110 (only the insertion slot is shown) , a keypad 120, a monitor 130, and a printer 140 (only the output slot is shown)
  • the transaction station further comprises a note box with a note dispenser 160.
  • the note box together with other electronic circuitry which is preferably kept at a higher level of safety, see Fig. 2 below, is contained in a safety cabinet 105 of the transaction station.
  • Fig. 2 is a schematic block diagram of the transaction station in Fig. 1.
  • the parts and components in Fig. 1 which are also shown in Fig. 2 are referred to by the same reference numerals.
  • Fig. 2 shows the transaction station 100 comprising the card reader 110, the keypad 120, the monitor 130, and the printer 140, all of which are arranged in an upper space in the transaction station 100.
  • the card reader 110 is designed to receive and read a magne- tic card 115 which the visitor or user, i.e. the cardholder, brings with him.
  • the transaction station 100 comprises a note box 160, a safety module in the form of a second card reader 170 in which an IC card 300 exhibiting an integrated circuit 310 is arranged, a control computer
  • the transaction station 100 Since extra high access protection is desired for these types of components, they are arranged in the safety cabinet 105 in the lower space of the transaction station 100.
  • the operation of the transaction station 100 is generally controlled by the control computer 180, which communicates with the first card reader 110, the keypad 120, the monitor 130, the printer 140, the note box/dispenser 160, and the second card reader 170 by the inter- mediary of a shared communication bus 150.
  • the transaction computer can be connected to a telephone network 197 and can thus communicate with a central computer 200 from a distance.
  • the integrated circuit 310 on the IC card 300 which in itself or together with the second card reader 170 can be said to form a safety module for the transaction station 100, provides the cryptographic algorithms and keys utilised in connection with the transmission of messages between the transaction station 100 and the central com- puter 200.
  • Fig. 3 is a schematic block diagram of the integrat- ed circuit 310 of the IC card 300.
  • the circuit 310 is thus formed on the IC card with the aid of conventional technology and can communicate with the control computer 180 when the IC card 300 is inserted into the second card reader 300.
  • the basic structure of the IC card 300 and the integrated circuit 310 such as connections and arrangements for transferring data between the card reader 170 and the integrated circuit 310 and like functions, are well known in the technical field relating to IC cards and, consequently, a more detailed description thereof will not be provided in this application.
  • the integrated circuit 310 of the IC card 300 generally comprises a microprocessor 315 and a non-volatile, writable memory 320, 330, usually of the EEPROM type.
  • the EEPROM memory comprises, inter alia, a first set of memory fields 320 which store the cryptographic keys employed in connection with cryptographic processing of messages transmitted between the transaction station 100 and the central computer 200.
  • a first set of memory fields 320 which store the cryptographic keys employed in connection with cryptographic processing of messages transmitted between the transaction station 100 and the central computer 200.
  • cryptographic keys stored in the memory fields 320.
  • MACs message authentication codes
  • session keys which are used in connection with encryption/decryption of PIN codes and other sensitive information transmitted between the transaction station and the central computer
  • one or more master keys which are used, inter alia, when new keys are transmitted, i.e. when old session or authentication keys are to be replaced by new keys by the intermediary of the telephone network 197.
  • the central computer 200 has access to such corresponding keys as are necessary for the central station to handle the cryptographically processed communication
  • each memory field 320 i.e. each key
  • each memory field 320 is associated with a corresponding field of a second set of memory fields 330.
  • the memory fields 330 store infor-. mation setting out the applications or functions for which the associated key may be utilised, since each specific key may usually only be used for a certain type of cryptographic processing or for cryptographic processing of only a certain type of information.
  • the processing m the integrated circuit 310 is carried out in the microprocessor 315.
  • the microprocessor 315 is configured to carry out various types of cryptographic processing by executing various program routines 340-370, which are schematically illustrated separated by dashed lines in Fig. 3, by employing various selected keys from the memory field 320.
  • the program routines in the microprocessor comprise a receiving/addressing routine which is configured to receive control information from the transaction station, preferably from the control computer 180.
  • control information comprises, for example, information about the type of cryptographic processing requested, the cryptographic key to be used, data which is to be processed, etc.
  • DES Data Encryption Standard
  • the DES algorithm in block 360 is thus used in the preferred embodiment in connection with encryption as well as decryption and authentication.
  • one of several different preparatory program routines 351-353 are used, which prepare and configure the information required in the subsequent DES algorithm 360 in order for the latter to provide the type of cryptographic processing desired.
  • the program routine 351 is addressed when encryption is requested, the program routine 352 when decryption is desired, and the program routine 353 when authentication is desired.
  • the respective program routine 351-353 fetches the keys to be utilised and structures the data to be processed in a suitable way, after which the actual cryp-_ tographic algorithm is carried out m the routine 360. Furthermore, one or more subsequent program routines 370 are included which assemble the processed information in a suitable manner and feed it back to the control computer 180 of the transaction station by the intermediary of the card reader.
  • the operation and structure of the integrated circuit 310 and the microprocessor 315 can be readily implemented in many different ways and that the invention is not restricted to the program routines and memory fields described above by way of example.
  • the different program routines can be more or less integrated with one another.
  • the actual program routines can be stored in a memory, similar to the way the information in the memory fields 320 and 330 is stored and, in this case, can be read into the microprocessor when requested.
  • it is an important characteristic of the integrated circuit 310 that the cryptographic keys are stored in such a way that, in view of what is reasonable and technically possible, they cannot be read from the card and thereby become accessible to unauthorised individuals .
  • the microprocessor 315 can, for example, also comprise program routines which are executed in connection with the replacement or updating of keys, initialising of cards, etc.
  • FIG. 4 schematically illustrates a flowchart for the control computer 180 in Fig. 2.
  • step S10 The routine shown in Fig. 4 is initiated in step S10 by the user inserting his magnetic card 115 into the card reader 110.
  • the card reader 110 reads the cardholder's account number, which is magnetically stored on the magnetic strip of the magnetic card 115, and feeds. it to the control computer 180 by the intermediary of the bus 150.
  • step S14 with the aid of the monitor 130, the control computer subsequently instructs the user to enter his PIN code with the aid of the keypad 120, after which the PIN code entered by the user is fed from the keypad 120 the control computer 180 by the intermediary of the bus 150.
  • step S16 with the aid of the monitor 130, the control computer 180 subsequently instructs the user to enter the desired withdrawal amount with the aid of the keypad 120, after which the amount entered by the user is fed from the keypad 120 to the control computer 180 by the intermediary of the bus 150.
  • the control computer sends an instruction, in step S18, to the IC card 310 which is essentially stationarily arrang- ed in the transaction station and which constitutes the safety module of the transaction station, instructing it to carry out the encryption of the PIN code utilising a specified encryption key.
  • the instruction to the IC card comprises control information in the form of details as to the operation requested (encryption) , data which is to be processed (the PIN code entered) , as well as details as to the key to be used for the processing. If desired, the account number, for example, could also be included in the information to be encrypted.
  • step S20 when the IC card has returned the encrypted PIN code, the control computer puts together the account number of the user, the encrypted PIN code, and the amount requested into a single connected message. Subsequently, in step S22, the control computer sends this message to the IC card 310 instructing it to calculate an authentication code (MAC) for the message.
  • the instruction to the IC card thus comprises control information in the form of details as to the operation requested (calculation of authentication code) , data to be processed (the message consisting of the account number, the encrypted PIN code, and the amount) , as well as details as to the key to be used. Subsequently, the finished message is sent, e.g.
  • a finished message is schematically shown in Fig. 5, in which the message comprises a first field 400 for the user's account number, a second field 410 for the encrypted PIN code, a third field 420 for the desired withdrawal amount 420, and a fourth field for the authentication code 430.
  • step 26 a reply is received from the central computer 200.
  • the control com- puter instructs the IC card 300, step S28, to authenticate the reply message.
  • the instruction to the IC card comprises control information in the form of details as to the operation requested (authentication) , data to be processed (the reply mes- sage) , as well as details as to the key to be used.
  • step S28 if the result of the authentication in the IC card is that the reply message is incorrect for some reason, the control computer proceeds to a program routine which is not shown in Fig. 4, which may, for example, involve the transaction station 100 awaiting a new reply message from the central computer 200 or the transaction station 100 interrupting the current transaction and returning the magnetic card 115 to the user. If the reply message from the central computer is correct, but states that the transaction requested is not approved, for example because the PIN code entered is incorrect or because the amount requested exceeds the balance available in the user's account, subsequent to step S28, the control computer 180 proceeds to a program routine which is not shown in Fig. 4, which, for example, may involve the transaction station 100 interrupting the .
  • the transaction station instructing the user to make a new attempt to enter the correct PIN code since the previous one was incorrect, or the transaction station withholding the user' s magnetic card and interrupt- ing the transaction without returning the card to the user .
  • the transaction station 100 in step S30, dispenses the amount requested from the note box/ dispenser 160 to the user, writes a transaction report to the user in the form of a transaction slip with the aid of the printer 140 in step S32, and returns the magnetic card 115 from the magnetic card reader to the user in step S34. Subsequently, in step S36, the transaction station returns to an idle position while waiting for a new magnetic card to be inserted into the card reader 110.
  • FIG. 6 shows a schematic flowchart for the microprocessor in Fig. 3.
  • the routine shown in Fig. 6 is initiated in steps B10 and B12 by the microprocessor 315, utilising the program routine 340 in Fig. 3, receiving an instruction by the intermediary of the bus 150 from the control computer 180 of the transaction station 100.
  • the instruction may, for example, be the instruction sent from the control computer 180 to the IC card 300 in step S18 (request for encryption) , step S22 (request for calculation of authentication code) , or step S28 (request for authentication of reply) in the flowchart described with reference to Fig. 4 above.
  • the microprocessor 315 establishes the type of function requested, i.e. the desired type of cryptographic processing, as well as the key to be used for this function, in steps B14 and B16, respectively, by deriving this information from the instruction received. Subsequently, the microprocessor 315 verifies, in step B18, that the information in the field 330 associated with the memory field 320 for the key indicated states that the key may be utilised for the function requested.
  • routine is interrupted and the IC card 300 informs the control computer 180 that the task will not be carried out.
  • this and similar kinds of preparatory obtaining, verifying, and formatting of information which is to be utilised in the actual cryptographic algorithm can be carried out in different ways, as indicated by the different rou- tines 315-353 in Fig. 3.
  • step B20 the cryptographic processing is executed, in the preferred case by using the DES algorithm in routine 360 in Fig. 3, depending on the desired cryptographic function and key as stated above.
  • step B22 program routine 370 in Fig. 6
  • the result of the cryptographic processing in step B20 is put together the preferred way according to the function requested, after which the result is sent back to the control computer (PC) 180 in step B24.
  • step B26 the IC card returns to an idle position awaiting new instructions.
  • the design of both the transaction station as a whole and the IC card according to the invention can vary depending on the application in question.
  • the invention has been described in connection with cash withdrawals from an ATM, it will be appreciated- that the invention can also be utilised for carrying out other types of financial transactions through the central computer.
  • the user interface can comprise other types of members than the ones described above.
  • the user interface can comprise a PC with a key- board, a mouse, and a monitor or the like.
  • the communication between the central computer and the transaction station according to the invention can take place over different types of communication networks.
  • the IC card according to the invention is arranged out of reach of the user, preferably in a safety cabinet, it can also be arranged in such a way that it is both accessible to the user and unprotected, since the keys are stored in such a way that they still cannot be accessed by unauthorised individuals.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

L'invention concerne une carte à circuit intégré, une station de transaction et différentes utilisations. Selon l'invention, on utilise une carte à circuit intégré cryptographique qui est placée essentiellement de façon stationnaire dans un lecteur de carte en liaison avec une station de transaction, telle qu'une station MTA ou équivalent, pour le traitement cryptographique de données à transmettre entre la station de transaction et un ordinateur central. La carte à circuit intégré remplace les modules de sécurité classiques. Elle est placée essentiellement de façon stationnaire dans le lecteur de carte et, par conséquent, utilisée en liaison avec la desserte de plusieurs utilisateurs de la station de transaction.
PCT/SE1998/001019 1997-06-10 1998-05-28 Module de securite WO1998059327A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP11503383A JP2000507380A (ja) 1997-06-10 1998-05-28 安全モジュール
AU80447/98A AU8044798A (en) 1997-06-10 1998-05-28 Safety module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE9702216A SE511507C2 (sv) 1997-06-10 1997-06-10 Säkerhetsmodul för transaktionsstation samt transaktionsstation
SE9702216-4 1997-06-10

Publications (1)

Publication Number Publication Date
WO1998059327A1 true WO1998059327A1 (fr) 1998-12-30

Family

ID=20407326

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1998/001019 WO1998059327A1 (fr) 1997-06-10 1998-05-28 Module de securite

Country Status (4)

Country Link
JP (1) JP2000507380A (fr)
AU (1) AU8044798A (fr)
SE (1) SE511507C2 (fr)
WO (1) WO1998059327A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1152377A2 (fr) * 2000-03-28 2001-11-07 Giesecke & Devrient GmbH Procédé et terminal pour mettre en oeuvre des transactions en utilisant un support de données portatif
WO2002001520A1 (fr) * 2000-06-26 2002-01-03 Covadis S.A. Dispositif destine a effectuer des transactions securisees dans un reseau de communication
WO2002097747A1 (fr) * 2001-05-31 2002-12-05 Schlumberger Systemes Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal
EP1388825A2 (fr) * 2002-08-02 2004-02-11 Wincor Nixdorf International GmbH Dispositif pour effectuer des transaction sécurisees à une machine bancaire
US7831828B2 (en) 2004-03-15 2010-11-09 Cardiac Pacemakers, Inc. System and method for securely authenticating a data exchange session with an implantable medical device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0138320A2 (fr) * 1983-09-02 1985-04-24 VISA U.S.A. Inc. Système pour la répartition de cléfs cryptographiques
EP0151491A2 (fr) * 1984-02-09 1985-08-14 Kabushiki Kaisha Toshiba Terminal pour le traitement de données
US5148481A (en) * 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
US5448638A (en) * 1991-02-28 1995-09-05 Gilbarco, Inc. Security apparatus and system for retail environments
US5572696A (en) * 1991-11-27 1996-11-05 Fujitsu Limited Secret information protection system erasing secret information upon detection of authorized user-initiated event

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0138320A2 (fr) * 1983-09-02 1985-04-24 VISA U.S.A. Inc. Système pour la répartition de cléfs cryptographiques
EP0151491A2 (fr) * 1984-02-09 1985-08-14 Kabushiki Kaisha Toshiba Terminal pour le traitement de données
US5148481A (en) * 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
US5448638A (en) * 1991-02-28 1995-09-05 Gilbarco, Inc. Security apparatus and system for retail environments
US5572696A (en) * 1991-11-27 1996-11-05 Fujitsu Limited Secret information protection system erasing secret information upon detection of authorized user-initiated event

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1152377A2 (fr) * 2000-03-28 2001-11-07 Giesecke & Devrient GmbH Procédé et terminal pour mettre en oeuvre des transactions en utilisant un support de données portatif
EP1152377A3 (fr) * 2000-03-28 2004-01-07 Giesecke & Devrient GmbH Procédé et terminal pour mettre en oeuvre des transactions en utilisant un support de données portatif
WO2002001520A1 (fr) * 2000-06-26 2002-01-03 Covadis S.A. Dispositif destine a effectuer des transactions securisees dans un reseau de communication
WO2002001522A1 (fr) * 2000-06-26 2002-01-03 Covadis S.A. Clavier d'ordinateur pour transactions securisees dans un reseau de communications
WO2002097747A1 (fr) * 2001-05-31 2002-12-05 Schlumberger Systemes Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal
FR2825495A1 (fr) * 2001-05-31 2002-12-06 Schlumberger Systems & Service Terminal electronique de paiement, carte a puce adaptee a un tel terminal et procede de chargement d'une cle secrete dans un tel terminal
US7971788B2 (en) 2001-05-31 2011-07-05 Gemalto Sa Electronic payment terminal, smart card adapted to such a terminal and method for loading a secret key in such a terminal
US8690060B2 (en) 2001-05-31 2014-04-08 Gemalto Sa Electronic payment terminal
EP1388825A2 (fr) * 2002-08-02 2004-02-11 Wincor Nixdorf International GmbH Dispositif pour effectuer des transaction sécurisees à une machine bancaire
EP1388825A3 (fr) * 2002-08-02 2006-01-11 Wincor Nixdorf International GmbH Dispositif pour effectuer des transaction sécurisees à une machine bancaire
US7831828B2 (en) 2004-03-15 2010-11-09 Cardiac Pacemakers, Inc. System and method for securely authenticating a data exchange session with an implantable medical device

Also Published As

Publication number Publication date
SE9702216L (sv) 1998-12-11
AU8044798A (en) 1999-01-04
SE9702216D0 (sv) 1997-06-10
SE511507C2 (sv) 1999-10-11
JP2000507380A (ja) 2000-06-13

Similar Documents

Publication Publication Date Title
RU2762299C2 (ru) Способ для системы генерирования защитного кода предоплаченной, дебетовой и кредитной карт
US5036461A (en) Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
US4961142A (en) Multi-issuer transaction device with individual identification verification plug-in application modules for each issuer
US4962531A (en) Transaction system comprising one or more host exchanges and a number of distributed terminal stations
US5892211A (en) Transaction system comprising a first transportable integrated circuit device, a terminal, and a security device
JP3722751B2 (ja) オフラインチップカード端末におけるパラメータの配布方法ならびにそれに適したチップカード端末およびユーザチップカード
US5917168A (en) System and method for revaluation of stored tokens in IC cards
US6078888A (en) Cryptography security for remote dispenser transactions
US5185798A (en) Ic card system having a function of authenticating destroyed data
EP0219880B1 (fr) Terminal pour le traitement de données
US4304990A (en) Multilevel security apparatus and method
US5923759A (en) System for securely exchanging data with smart cards
EP1271427B1 (fr) Dispositif de terminal de transactions
KR20000016729A (ko) 퓨스(puce)카드 시스템에서의보안 프로세스 및 보안 시스템
JPH0670818B2 (ja) 照合カード及びその認証方法
AU6188201A (en) Enabling use of smart cards by consumer devices for internet commerce
CN101095162A (zh) 用于安全交易模块的系统和方法
CN103282923A (zh) 验证令牌与便携式计算设备的整合
US20020046186A1 (en) Electronic purse system having a double-structured purse, ic card applicable to the electronic purse system, ic card transaction apparatus having a double-structured purse, ic card transaction system having a double-structured purse, and ic card applicable to the
WO1997010560A1 (fr) Systeme de transactions a memorisation de valeurs et procede d'utilisation de numeros de comptes anonymes
WO2015118176A1 (fr) Gestion d'identités dans une infrastructure de transactions
US20020013904A1 (en) Remote authentication for secure system access and payment systems
EP2854087A1 (fr) Procédé de traitement d'un paiement
CN100392589C (zh) 执行交易的系统和方法以及用于操作终端的方法
WO1998059327A1 (fr) Module de securite

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)

Free format text: (EXCEPT JP)

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA