WO2002095548A2 - Procede pour le chargement securise de donnees dans des installations de traitement de donnees et dispositif pour mettre en oeuvre ledit procede - Google Patents

Procede pour le chargement securise de donnees dans des installations de traitement de donnees et dispositif pour mettre en oeuvre ledit procede Download PDF

Info

Publication number
WO2002095548A2
WO2002095548A2 PCT/EP2002/005569 EP0205569W WO02095548A2 WO 2002095548 A2 WO2002095548 A2 WO 2002095548A2 EP 0205569 W EP0205569 W EP 0205569W WO 02095548 A2 WO02095548 A2 WO 02095548A2
Authority
WO
WIPO (PCT)
Prior art keywords
data processing
processing system
data
check digit
encrypted
Prior art date
Application number
PCT/EP2002/005569
Other languages
German (de)
English (en)
Other versions
WO2002095548A3 (fr
Inventor
Michael Nolte
Richard Weigold
Original Assignee
Wincor Nixdorf International Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wincor Nixdorf International Gmbh filed Critical Wincor Nixdorf International Gmbh
Publication of WO2002095548A2 publication Critical patent/WO2002095548A2/fr
Publication of WO2002095548A3 publication Critical patent/WO2002095548A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]

Definitions

  • the invention relates to a method for backing up data, in which data are loaded from a first data processing system into a second data processing system.
  • Data can also be program data that are elements of a computer program. Of the data and programs to be loaded
  • a first check digit is formed in the first data processing system.
  • a second check digit is formed from the loaded data and programs. The two check digits are compared in the second data processing system in such a way
  • a method is known from patent specification DE 3705736 C2 in which data are loaded from a first data processing system into a second data processing system.
  • a first check digit is formed from the data to be loaded in the first data processing system, which is transmitted together with the data to the second data processing system.
  • a second check digit is formed from the loaded data in the second data processing system.
  • the two check digits are compared with each other and if the result of the comparison is negative, the processing of the data or the execution of program and system steps are blocked.
  • the data are each encrypted to form the check digits using a secret key using a symmetrical cryptographic algorithm.
  • the method is used to find impermissible changes to the data and to carry out an integrity check of the data.
  • the object of the invention is therefore to provide a method in which the security when loading data and programs is ensured and in which a low computing power and a low storage capacity of the data processing system are used to ensure security.
  • a first check digit of data to be transmitted is formed in a first data processing system, which is then encrypted according to a symmetrical cryptographic algorithm.
  • the encrypted check digit is transmitted together with the unencrypted data to the second data processing system.
  • a second check digit is formed from the unencrypted data, which is encrypted according to the same symmetrical cryptographic algorithm as the first check digit in the first data processing system.
  • the encrypted check digits are compared in the second data processing system. If the comparison result is negative, the processing of the data or the Execution of program and system flow steps blocked. This method ensures that manipulations are also ruled out when loading data or programs into a data processing system. Manipulations in the entire 5 program system are automatically recognized, even those that relate to data and programs that guarantee hardware functions or other basic functions.
  • the method also makes it possible to securely load data and programs onto a data processing system
  • the first and the second check digits are formed according to the Secure HASH algorithm.
  • the Secure HASH algorithm is a tried-and-tested zD algorithm for the generation of check digits, in which the repeated formation of check digits from a data set is highly likely to result in the same check digit.
  • the reproducibility of the check digit is an essential prerequisite for carrying out the method according to the invention.
  • the encryption of the first and the second check digit is carried out in at least one encryption unit.
  • the creation date of the program is preferred
  • 3D and a device-specific character string for example the serial number of the second data processing system, are also included.
  • encryption units manipulation possibilities during the encryption process, spying on the universal key stored in the encryption unit and the key formed from the universal key are excluded at today's discretion.
  • the creation date of the programs and a device-specific character string are included in the formation of the secret key, which means that programs which are written on a different day than the programs from which the
  • the second check digit is formed in the second data processing system according to the same algorithm and encrypted as the first check digit in the first data
  • the device-specific character string of the second data processing system is included, which was also included to create the key for encrypting the first check digit in the first data processing system.
  • this device-specific character string is preferably on a chip card, e.g. on a SIM card, stored in the second data processing system.
  • the DES Data Encryption Standard
  • the check digits are preferably encrypted three times according to the DES algorithm in the CBC (chiper block chain) encryption method. This will it is sufficient that the check digits are encrypted according to a method that is considered secure and that it is not possible to spy on the key used to manipulate the data.
  • the amount of data of the check digits formed can be predetermined and is usually in the range from one byte to 50 bytes. However, the amount of data can be chosen to be as large as required to increase security.
  • the check digit preferably comprises a data volume of 20 bytes. This provides a high level of security for the currently customary computing power, the computing effort being limited to an acceptable level.
  • a device with the features according to claim 12 is specified.
  • Such a device allows encrypted check digits to be used to check data or programs as to whether they have been manipulated between being created in a first data processing system and being loaded into a second data processing system.
  • the second data processing system is a controller, for example a controller with a microcontroller, the transmitted data including the firmware of the controller or the firmware for its hardware components.
  • Fig. 3 shows the basic structure of the target system for creating and encrypting a second check digit and for comparing the two encrypted check digits.
  • FIG. 1 shows an overview of the systems involved in the data transmission.
  • Firmware for a target system 12 for example for a central payment controller of an automated teller machine, is transmitted in the form of data 14 on a development system 10.
  • Line 20 marks the ⁇ D separation between the development system 10 and the target system 12 of the firmware.
  • These encryption units 16, 18 ⁇ 5 generally form an inseparable unit with an input unit, for example with a keyboard. The keyboard cannot be separated from the encryption unit 16, 18 without destroying the keys and data stored in the encryption unit 16, 18.
  • this arrangement ensures that secret data such as the personal identification number (PIN) of the Operator can not be spied on. This also prevents manipulation of the encryption unit 16, 18 or the keyboard.
  • PIN personal identification number
  • Such an encryption unit 16, 18 with an input unit in the development system 10 is, for example, a master pin pad from Krone.
  • the encryption unit 18 with input unit used in the target system 12 is also referred to as an encrypted pin pad.
  • FIG. 2 shows a basic structure of the development system.
  • the development system 10 has a computing unit 22, e.g. a personal computer, and a cryptographic unit 16, e.g. a master pin pad.
  • a check digit 26 which is also referred to as HASH, is formed from these net binary data 24 according to a secure hash algorithm.
  • the secure hash algorithm forms a check digit 26. This check digit 26 and a create
  • LDate 28 of the firmware is transferred to the cryptographic unit 16. This creates, among other things, the creation date 28 of the firmware and a device-specific character string of the target system 12, e.g. a serial number, a secret key 30 and thus encrypts the
  • ⁇ 5 check digit 26 according to a symmetrical cryptographic algorithm to an encrypted check digit 32.
  • the check digit 26 is encrypted three times by means of the DES algorithm in the CBC encryption method.
  • the net binary data 24, the encrypted check digit 32 and the creation date 28 of the firmware are combined in a firmware file 34.
  • the firmware file 34 will transmitted as a data set 14 to a computing unit 36 of the target system 12.
  • the basic construction of the target system 12 is shown for creating and encrypting a second 'check digit 42 5 as well as to compare the two encrypted check digits 32, 42nd
  • the computing unit 36 of the target system 12 is located in a mechanically secured area of the target system 12, for example in the safe of the ATM.
  • the encryption unit 18 of the line system 12, the encrypted pin pad, is not arranged in the secured area.
  • the input unit of the Encrypted Pin Pad is arranged in the target system so that it is freely accessible by the operator.
  • a second check digit 38 is formed according to the same symmetrical cryptographic algorithm as the first check digit 26 in the computing unit 22 of the development system 10.
  • ⁇ D 38 are transferred to the cryptographic unit 18. This creates from the firmware date 28 and one on a storage medium, e.g. a chip card, device-specific character string of the target system 12 stored in the target system 12, e.g. -the serial number, a secret key 40.
  • a storage medium e.g. a chip card
  • the second check digit 38 is encrypted to form the second encrypted check digit 42 and fed to a comparison unit 44.
  • the first encrypted check digit 32 transmitted together with the firmware file 34 is also assigned to the comparison unit 44.
  • the secret key 30, which is in the unlocking system 10 differs was formed by the secret key 40 formed in the target system 12.
  • the secret key 40 formed in the target system 12.
  • the U key ensures that the check digit 32 encrypted in the development system 10 is comparable to the check digit 42 generated and encrypted in the target system 12.
  • comparison result 46 If the comparison result 46 is positive, the net binary data 24 of the firmware are released for processing. In the event of a negative comparison result 48, the processing of the net binary data 24 of the firmware is prevented and a corresponding error signaling takes place on a display unit (not shown).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Detection And Prevention Of Errors In Transmission (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un dispositif pour le chargement sécurisé de données (24) d'une première installation de traitement de données (10) vers une deuxième installation de traitement de données (12). Dans la première installation de traitement de données (10), une somme de contrôle (26) est formée à partir des données (24) à transférer, puis elle est codée. Cette somme de contrôle (32) codée est chargée avec les données (24) dans une deuxième installation de traitement de données (12) où un deuxième chiffre de contrôle (38) est formé à partir des données (24). Ce deuxième chiffre de contrôle est ensuite codé et comparé à la somme de contrôle (32) codée transmise.
PCT/EP2002/005569 2001-05-21 2002-05-21 Procede pour le chargement securise de donnees dans des installations de traitement de donnees et dispositif pour mettre en oeuvre ledit procede WO2002095548A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10124786 2001-05-21
DE10124786.9 2001-05-21

Publications (2)

Publication Number Publication Date
WO2002095548A2 true WO2002095548A2 (fr) 2002-11-28
WO2002095548A3 WO2002095548A3 (fr) 2003-12-31

Family

ID=7685626

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2002/005569 WO2002095548A2 (fr) 2001-05-21 2002-05-21 Procede pour le chargement securise de donnees dans des installations de traitement de donnees et dispositif pour mettre en oeuvre ledit procede

Country Status (1)

Country Link
WO (1) WO2002095548A2 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5643086A (en) * 1995-06-29 1997-07-01 Silicon Gaming, Inc. Electronic casino gaming apparatus with improved play capacity, authentication and security
EP0849657A1 (fr) * 1996-12-18 1998-06-24 NCR International, Inc. Procédé et système de traitement de données sûr
WO2000033196A1 (fr) * 1998-11-26 2000-06-08 Aristocrat Technologies Australia Pty Ltd Jeu de casino electronique avec dispositif d'authentification et securite amelioree

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5643086A (en) * 1995-06-29 1997-07-01 Silicon Gaming, Inc. Electronic casino gaming apparatus with improved play capacity, authentication and security
EP0849657A1 (fr) * 1996-12-18 1998-06-24 NCR International, Inc. Procédé et système de traitement de données sûr
WO2000033196A1 (fr) * 1998-11-26 2000-06-08 Aristocrat Technologies Australia Pty Ltd Jeu de casino electronique avec dispositif d'authentification et securite amelioree

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BRUCE SCHNEIER: "Applied cryptography, protocols, algorithms and source code in C" , APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, NY: JOHN WILEY & SONS, US, PAGE(S) 139-147,174-175,351-354 XP002143530 ISBN: 0-471-11709-9 Seite 175 *

Also Published As

Publication number Publication date
WO2002095548A3 (fr) 2003-12-31

Similar Documents

Publication Publication Date Title
DE69531278T2 (de) Verfahren und Vorrichtung zum Laden einer geschützten Speicherzone in einem Datenverarbeitungsgerät
DE69021935T2 (de) Verfahren zum Überprüfen der Integrität eines Programms oder von Daten und Einrichtung zur Durchführung dieses Verfahrens.
EP0030381B1 (fr) Procédé et dispositif pour la production et le contrôle de documents protégés contre des falsifications et document utilisé à cet effet
EP0654919A2 (fr) Procédé d'authentification d'une partie par une autre partie dans un système de transfert d'informations selon le principe Challenge-Response
EP2126858B1 (fr) Carte à puce et procédé de libération d'une fonction de carte à puce
EP2689401B1 (fr) Procédé de commande d'une cassette de billets au moyen de clés spécifiques de clients
DE19925389A1 (de) Verfahren und Vorrichtung zur Übertragung von Daten auf SmartCards
EP0280035B1 (fr) Procédé de protection de programmes et de contrôle d'intégrité de programme protégé
EP1768342A1 (fr) Composant de réseau, réseau de communication et procédé pour fournir une liaison de données
EP2510475B1 (fr) Dispositif matériel
EP1080454A1 (fr) Support de donnees a acces protege
EP3576001A1 (fr) Procédé mis en uvre par ordinateur permettant de transférer une chaîne de données à partir d'une application vers un dispositif de protection des données à caractère personnel
EP1556743A1 (fr) Procede et dispositif pour eviter une erreur de commande d'une machine-outil
EP3078769B1 (fr) Procédé de validation de fonctions de machine dans un métier à filer
DE10218795A1 (de) Verfahren zum Herstellen eines elektronischen Sicherheitsmoduls
DE102018005284A1 (de) Chip-Personalisierung eines eingebetteten Systems durch einen Dritten
DE10218835B4 (de) Verfahren zum Herstellen einer Chipkarte und Chipkarte
WO2002095548A2 (fr) Procede pour le chargement securise de donnees dans des installations de traitement de donnees et dispositif pour mettre en oeuvre ledit procede
EP1912184A2 (fr) Dispositif et procédé destinés à la production de données
DE102017005057A1 (de) Personalisieren eines Halbleiterelements
DE10324507A1 (de) Verfahren zum Laden von Daten in eine Speichereinrichtung
EP1904980A1 (fr) Procede pour faire fonctionner un support de donnees portable
DE4420967C2 (de) Entschlüsselungseinrichtung von digitalen Informationen und Verfahren zur Durchführung der Ver- und Entschlüsselung dieser mit Hilfe der Entschlüsselungseinrichtung
WO2002093868A1 (fr) Procede pour produire des cles pour des cartes de signature
DE202019104891U1 (de) Kommunikationseinrichtung, die einen frei gewählten Code als einenVerschlüsselungscode verwendet

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase