WO2004042997A1 - Method and devices for performing security control in electronic message exchanges - Google Patents
Method and devices for performing security control in electronic message exchanges Download PDFInfo
- Publication number
- WO2004042997A1 WO2004042997A1 PCT/EP2003/009063 EP0309063W WO2004042997A1 WO 2004042997 A1 WO2004042997 A1 WO 2004042997A1 EP 0309063 W EP0309063 W EP 0309063W WO 2004042997 A1 WO2004042997 A1 WO 2004042997A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- identifier
- msg
- owner
- checking
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- the present invention relates to a method and devices for performing security control in electronic message exchanges and in particular for monetary transactions such as those made with credit or debit cards and the like.
- Security problems in the exchange of messages in electronic form and especially over intrinsically unsafe networks like for example the networks making up Internet are known.
- a method for verifying the security of a message transmitted and received in electronic form which on the transmitting side comprises the steps of associating with the message for its later security verification a univocal message identifier and an identifier for control of the identity of the owner of the message with the control identifier being obtained by applying to the univocal message identifier an encoding associated with the owner of the message to be transmitted, and on the receiving side for security verification of a received message comprises the steps of verification and signaling of the fact of having or not having already received a message with the same univocal identifier of the associated message, applying a decoding associated with a supposed owner of the received message to the checking identifier of the owner associated with the received message, and ascertaining and signaling the agreement or not between the univocal message identifier associated with the received message and proven to be said decoding of the control username.
- a system for safety verification of a message transmitted and received in electronic form comprising on the transmitting side a univocal username generator of a message, and an encoding device receiving the message username produced by the generator and encoding it in accordance with a code associated with the owner of the message to be transmitted to obtain therefrom an identifier for checking the identity of the message owner, and transmission means associating with the message to be transmitted the checking identifier and the univocal message identifier obtained, and on the receiving side comprises for safety verification of a received message a checking device which verifies and signals that the message identifier associated with the received message has of has not been received previously, and a decoding device which receives the owner checking identifier associated with the received message and applies thereto a decoding associated with a supposed owner of the received message, and verification means which ascertain and signal the agreement or not of the univocal message identifier with the result of the decoding of the checking username.
- a device for association of security verification factors with a message transmitted in electronic form characterized in that it comprises a univocal message username generator, an encoding device receiving the message username produced by the generator and encoding it in accordance with a code associated with the owner of the message to be transmitted to obtain therefrom an identifier for checking the identity of the message owner, and means which associate with the message to be transmitted the checking identifier and the univocal • message identifier obtained.
- FIG 1 shows a block diagram of a device or part on the transmitting side of a security verification system realized in accordance with the present invention
- FIG 2 shows a block diagram of a device or part on the receiving side of a security verification system realized in accordance with the present invention
- FIG 3 shows diagrammatically a possible combination of information in accordance with the method of the present invention.
- FIG 1 shows the part on the transmitting side designated as a whole by reference number 10 of a security system realized in accordance with the present invention.
- This part or device 10 comprises a generator 11 for generation of a univocal message username (designated by ID Msg ) and an encoding device 12 which receives the message username ID Msg produced by the generator and encodes it to obtain an encoded version thereof called here identifier ID CR which will be usable as clarified below as the identifier for checking the identity of the message owner.
- ID Msg univocal message username
- ID CR an encoded version thereof
- the device 10 is associated with a known system 13 (not described here as it is well known and readily imaginable to those skilled in the art) for production of messages Msg to be transmitted and of which it is wished to ensure the security offered by the present invention.
- These messages can be conventional electronic messages for management of monetary transactions of, for example, a credit or debit card circuit.
- the generator 11 is a known generator of single keys. It can be realized either as hardware or software, for example the known GUID generator of Microsoft. Its main operational principle is based on the random generation of a key or ID sufficiently long to make the probability of generating two identical keys practically zero.
- the generator For each message to be sent, the generator therefore produces an identifier which can be represented by a sequence of bits, numbers, characters et cetera and which is the only one and will never be used again. This ensures that no "twin" keys exist.
- the ID of the message (which can also be called LEFT KEY) is surely to be understood therefore as a key but produced before and thus a new key.
- the encoding device 12 encodes the ID Msg so as to obtain a username IDR containing the ID Msg in a concealed manner making it possible if the correct decoding is known to go back to it or at least to a representation thereof allowing knowing whether ID CR was really created by correct encoding of ID Msg .
- the IDC R can also be called RIGHT KEY.
- encoding of ID Msg in ID CR is done in accordance with a code which was previously associated with the owner of the message to be transmitted.
- the encoding and the following corresponding decoding be realized as encryption and decryption operations with a key and with a particular key or algorithm associated with the particular owner of the message.
- such encryption and decryption can be advantageously of the known public/private key type in which the encryption is done by the encoding device 12 using the private secret key of the owner who sends the message or to whom it refers.
- the usernames and the message can be assembled in a single total MSG T message. All this is shown clearly in FIG 3. If desired, this total message can be in turn encrypted in accordance with known techniques.
- the message is also associated with a username ID owne r unique for each possible owner of the message to be transmitted. For example, in case of a transaction by credit card said IDowner can be the card number.
- This ID owne r can be produced or extracted by means 14, for example a programmed electronic memory, manual input means or reading means of owner data contained on a card used in the transaction. This ID owner can also be used to control correct encoding in the encoding device 12.
- FIG 2 shows the part designated as a whole by reference number 16 of the system in accordance with the present invention present on the message receiving side.
- said receiving part 16 comprises a control device 18 to recognize whether an ID Msg associated with a received message has not been received previously. For recognition, the device 18 manages an archive of previously used IDs 19.
- the device checks in the archive 19 whether it has already been memorized and issues a corresponding ID acceptable or unacceptable signal 20. If the ID has not been used yet the associated message is considered new and the ID is memorized in the archive to prevent future new use.
- the receiving part 16 also comprises a decoding device 21 which receives the control identifier of the owner ID R associated with the received message and applies to it a decoding associated with a supposed owner of the received message. At outlet from the decoder an identifier ID DCR is thus obtained.
- the decoding is realized in such a manner that there is a predetermined agreement between ID Msg and ID DCR if the ID CR had been obtained for encoding of the ID Msg by the method associated with the message owner.
- Verification means 22 receive the ID Msg and ID DCR and ascertain and signal with a signal 23 the existence or not of said predetermined agreement. If there is agreement the message can be considered as belonging to its legitimate owner. If both the conditions at the outlets 20 and 23 are verified positively the device 16 emits a positive verification signal 24 and the message Msg associated with the usernames received can be considered acceptable on the basis of the security verification in accordance with the present invention.
- the agreement signal 23 can also be sent to the sole ID recognizer 18 so as to inhibit memorization of the message ID among the IDs already used in case agreement between ID Msg and ID CR is not found. This avoids useless memorization of 'false' IDs among the IDs already used.
- the decoding device 21 will usually operate in reverse of the encoding device 12 in such a manner that if the encoder 12 obtains a certain ID CR from a specific ID Msg the decoder will again obtain the same ID Msg starting form the ID R . In this case the agreement verification made by the device 22 will be a verification of sameness among received ID Msg and decoded ID CR .
- the decoder will make a corresponding key decryption.
- the keys associated with the owners will be memorized in a purposeful key archive 25.
- the decoder will perform a decryption as called for by said known system by using the appropriate key corresponding to the owner associated with the message.
- the decoding to be applied can advantageously be selected from among a plurality of possible decodings on the basis of the owner identifier associated with the received message.
- the device 10 can also be realized in portable form (for example a smart card) to be supplied for example to a credit card owner who can thus generate an ID T or SUPER KEY to be supplied together with the other data (amount to be debited thereto, card number et cetera) for payment by card.
- portable form for example a smart card
- the other data amount to be debited thereto, card number et cetera
- These data can be considered the message MSG and if necessary encrypted in accordance with a known system.
- the device could be kept at the store where the purchase is made and the card owner could input therein in a reserved manner the encoding key for production of the RIGHT KEY part of the SUPER KEY which would thus be generated by the apparatus .
- the security of the system in accordance with the present invention is evident from the above description.
- the SUPER KEYs are to be considered public as they are transmitted over channels which are intrinsically unsafe but which conceal within them in protected mode the univocity of both the message and the owner.
- An organization supplying the above mentioned service could supply to the customer an adequate hardware and/or software support (even directly integrated in an 'intelligent' credit card) and by means of this support the customer would be able to send the SUPER KEY generated through either a private or a public position.
- the SUPER KEY can cover (in the example of the monetary transaction) the same steps covered by the information of the normal credit or debit card.
- the SUPER KEY once used is recorded in the database of the organization and thus becomes inactive.
- the SUPER KEY can also be understood as 'single use' identification. A dishonest user could refuse to use his own unique key generator but steal one of the keys already produced by another user and create a twin thereof. The key would however be unusable because each time a user makes a transaction by using the generator of unique keys, the key generated is added to the list present in the organization's database.
- the database contains the list of all the LEFT KEYs produced over time and only LEFT KEYs, not RIGHT or SUPER KEYs, and ensures that the keys already produced are unusable.
- the predetermined biunivocal agreement between the user and the corresponding algorithm or encoding/decoding key with the corresponding archive of keys and/or algorithms with the organization ensures the possibility for the organization to really distinguish two users and reject counterfeit requests or messages. Since the message uniqueness identifier reaches the organization both in clear and encoded form it is impossible to falsify only the message uniqueness identifier within a SUPER KEY.
- the message MSG can be of any known type, even encrypted, to be decrypted upon arrival in accordance with any known method.
- the message identifier can also be assembled with the message before encoding and the encoding can then be performed on the result of the assembly to have an identifier ID CR incorporated in encrypted form in the transmitted message to then be decoded and extracted on the receiving side.
- the owner identifier can be a specific identifier assigned by the manager of the service or a unique already existing identifier chosen conventionally. For example in the case of a natural person owner, his taxpayer's code number, driving license number, credit card number et cetera may be used.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
- Air Bags (AREA)
- Computer And Data Communications (AREA)
- Manipulator (AREA)
- Emergency Alarm Devices (AREA)
Abstract
Description
Claims
Priority Applications (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004548712A JP2006505198A (en) | 2002-11-05 | 2003-08-14 | Method and apparatus for implementing security management in electronic message exchange |
CA002502194A CA2502194A1 (en) | 2002-11-05 | 2003-08-14 | Method and devices for performing security control in electronic message exchanges |
DE60328032T DE60328032D1 (en) | 2002-11-05 | 2003-08-14 | METHOD AND DEVICES FOR CARRYING OUT A SAFETY CHECK IN ELECTRONIC MESSAGING |
AU2003260422A AU2003260422B2 (en) | 2002-11-05 | 2003-08-14 | Method and devices for performing security control in electronic message exchanges |
AT03810390T ATE434306T1 (en) | 2002-11-05 | 2003-08-14 | METHOD AND DEVICES FOR PERFORMING SECURITY CHECKS IN ELECTRONIC MESSAGES |
US10/531,444 US20060064586A1 (en) | 2002-11-05 | 2003-08-14 | Method and devices for performing security control in electronic message exchanges |
EP03810390A EP1559239B1 (en) | 2002-11-05 | 2003-08-14 | Method and devices for performing security control in electronic message exchanges |
MXPA05004700A MXPA05004700A (en) | 2002-11-05 | 2003-08-14 | Method and devices for performing security control in electronic message exchanges. |
IL168007A IL168007A (en) | 2002-11-05 | 2005-04-13 | Method and devices for performing security control in electronic message exchanges |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ITMI2002A002339 | 2002-11-05 | ||
IT002339A ITMI20022339A1 (en) | 2002-11-05 | 2002-11-05 | METHOD AND DEVICES TO PERFORM SAFETY CHECKS |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004042997A1 true WO2004042997A1 (en) | 2004-05-21 |
Family
ID=32310148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2003/009063 WO2004042997A1 (en) | 2002-11-05 | 2003-08-14 | Method and devices for performing security control in electronic message exchanges |
Country Status (14)
Country | Link |
---|---|
US (1) | US20060064586A1 (en) |
EP (1) | EP1559239B1 (en) |
JP (1) | JP2006505198A (en) |
CN (1) | CN100514905C (en) |
AT (1) | ATE434306T1 (en) |
AU (1) | AU2003260422B2 (en) |
CA (1) | CA2502194A1 (en) |
DE (1) | DE60328032D1 (en) |
ES (1) | ES2328689T3 (en) |
IL (1) | IL168007A (en) |
IT (1) | ITMI20022339A1 (en) |
MX (1) | MXPA05004700A (en) |
RU (1) | RU2316122C2 (en) |
WO (1) | WO2004042997A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4609683B2 (en) * | 2000-11-30 | 2011-01-12 | ソニー株式会社 | Information processing apparatus and method, and program storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5475763A (en) * | 1993-07-01 | 1995-12-12 | Digital Equipment Corp., Patent Law Group | Method of deriving a per-message signature for a DSS or El Gamal encryption system |
WO2000035143A1 (en) * | 1998-12-04 | 2000-06-15 | Virtual Business Associates Pt | Message identification with confidentiality, integrity, and source authentication |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6026165A (en) * | 1996-06-20 | 2000-02-15 | Pittway Corporation | Secure communications in a wireless system |
WO1998037655A1 (en) * | 1996-12-20 | 1998-08-27 | Financial Services Technology Consortium | Method and system for processing electronic documents |
JPH10222438A (en) * | 1997-07-15 | 1998-08-21 | Omron Corp | Method and device for managing electronic mail |
JP2000267954A (en) * | 1999-03-17 | 2000-09-29 | Ntt Data Corp | Method and system for canceling electronic mail |
US6751634B1 (en) * | 1999-08-26 | 2004-06-15 | Microsoft Corporation | Method and system for detecting object inconsistency in a loosely consistent replicated directory service |
JP2002055932A (en) * | 2000-08-14 | 2002-02-20 | Nippon Telegraph & Telephone East Corp | Method for updating electronic mail having been sent and its sender and recipient terminal, and recording medium where the same method is recorded as electronic mail sending and receiving program |
CN1283827A (en) * | 2000-08-18 | 2001-02-14 | 郝孟一 | Universal electronic information network authentication system and method |
US7203837B2 (en) * | 2001-04-12 | 2007-04-10 | Microsoft Corporation | Methods and systems for unilateral authentication of messages |
US7487354B2 (en) * | 2001-05-18 | 2009-02-03 | Microsoft Corporation | Methods and systems for using digital signatures in uniform resource locators |
US20030069967A1 (en) * | 2001-10-10 | 2003-04-10 | International Business Machines Corporation | Shared authorization data authentication method for transaction delegation in service-based computing environments |
-
2002
- 2002-11-05 IT IT002339A patent/ITMI20022339A1/en unknown
-
2003
- 2003-08-14 EP EP03810390A patent/EP1559239B1/en not_active Expired - Lifetime
- 2003-08-14 RU RU2005117150/09A patent/RU2316122C2/en not_active IP Right Cessation
- 2003-08-14 DE DE60328032T patent/DE60328032D1/en not_active Expired - Lifetime
- 2003-08-14 CN CNB038248573A patent/CN100514905C/en not_active Expired - Fee Related
- 2003-08-14 US US10/531,444 patent/US20060064586A1/en not_active Abandoned
- 2003-08-14 AU AU2003260422A patent/AU2003260422B2/en not_active Ceased
- 2003-08-14 CA CA002502194A patent/CA2502194A1/en not_active Abandoned
- 2003-08-14 JP JP2004548712A patent/JP2006505198A/en active Pending
- 2003-08-14 ES ES03810390T patent/ES2328689T3/en not_active Expired - Lifetime
- 2003-08-14 MX MXPA05004700A patent/MXPA05004700A/en active IP Right Grant
- 2003-08-14 AT AT03810390T patent/ATE434306T1/en not_active IP Right Cessation
- 2003-08-14 WO PCT/EP2003/009063 patent/WO2004042997A1/en active Application Filing
-
2005
- 2005-04-13 IL IL168007A patent/IL168007A/en not_active IP Right Cessation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5475763A (en) * | 1993-07-01 | 1995-12-12 | Digital Equipment Corp., Patent Law Group | Method of deriving a per-message signature for a DSS or El Gamal encryption system |
WO2000035143A1 (en) * | 1998-12-04 | 2000-06-15 | Virtual Business Associates Pt | Message identification with confidentiality, integrity, and source authentication |
Non-Patent Citations (2)
Title |
---|
CHRISTOFFERSSON P: "MESSAGE AUTHENTICATION AND ENCRYPTION COMBINED", COMPUTERS & SECURITY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 7, no. 1, 1 February 1988 (1988-02-01), pages 65 - 71, XP000117563, ISSN: 0167-4048 * |
W.C.MARTIN: "Message Replay Prevention Using a Previously Transmitted Random Number to Sequence the Messages", IBM TECHNICAL DISCLOSURE BULLETIN, vol. 27, no. 3, August 1984 (1984-08-01), US, pages 1758 - 1759, XP002264866 * |
Also Published As
Publication number | Publication date |
---|---|
CN100514905C (en) | 2009-07-15 |
JP2006505198A (en) | 2006-02-09 |
CN1695342A (en) | 2005-11-09 |
AU2003260422A1 (en) | 2004-06-07 |
RU2005117150A (en) | 2006-02-27 |
DE60328032D1 (en) | 2009-07-30 |
IL168007A (en) | 2010-04-29 |
AU2003260422B2 (en) | 2008-04-03 |
RU2316122C2 (en) | 2008-01-27 |
US20060064586A1 (en) | 2006-03-23 |
ATE434306T1 (en) | 2009-07-15 |
CA2502194A1 (en) | 2004-05-21 |
EP1559239A1 (en) | 2005-08-03 |
MXPA05004700A (en) | 2005-08-03 |
ES2328689T3 (en) | 2009-11-17 |
EP1559239B1 (en) | 2009-06-17 |
ITMI20022339A1 (en) | 2004-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US4825050A (en) | Security transaction system for financial data | |
EP0668580B1 (en) | Method of authenticating a terminal in a transaction execution system | |
EP1769419B1 (en) | Transaction & payment system securing remote authentication/validation of transactions from a transaction provider | |
US4315101A (en) | Method and apparatus for securing data transmissions | |
CN111275419B (en) | Block chain wallet signature right confirming method, device and system | |
CA2299294A1 (en) | Secure transaction system | |
JP2001508563A (en) | Security system and method for remote services provided by financial institutions | |
US20070074027A1 (en) | Methods of verifying, signing, encrypting, and decrypting data and file | |
CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
JP4104171B2 (en) | Security system and method for services provided by telecommunications operators | |
CN109118377B (en) | Processing method and system for claim settlement event based on block chain and electronic equipment | |
US7032109B1 (en) | Method and system for ensuring the security of service supplies broadcast on a computer network of the internet type | |
US20030038707A1 (en) | Method for secured identification of user's id | |
AU3200100A (en) | Method enabling a purchaser to ask for the execution of an obligation related to a card and enabling an emitter to recognise said obligation | |
JPH1020778A (en) | Encoding device, decoding device and ic card | |
EP1559239B1 (en) | Method and devices for performing security control in electronic message exchanges | |
EP0886248A2 (en) | Method and apparatus for registration of information with plural institutions and recording medium with registration program stored thereon | |
EP0140388B1 (en) | Pocket terminal, method and system for secured banking transactions | |
JP4148465B2 (en) | Electronic value distribution system and electronic value distribution method | |
KR20230003265A (en) | Method and system for initializing or managing an offline control device | |
EP1204080A1 (en) | Method and system for adding a service to an apparatus comprising a memory and a processor | |
KR20180089952A (en) | Method and system for processing transaction of electronic cash | |
MXPA99010425A (en) | Electronic transaction | |
JP2006128934A (en) | Accepting/ordering data authentication system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2502194 Country of ref document: CA Ref document number: 2003260422 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 168007 Country of ref document: IL |
|
ENP | Entry into the national phase |
Ref document number: 2006064586 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10531444 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003810390 Country of ref document: EP Ref document number: 2004548712 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038248573 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2005/004700 Country of ref document: MX |
|
WWE | Wipo information: entry into national phase |
Ref document number: 01059/KOLNP/2005 Country of ref document: IN Ref document number: 1059/KOLNP/2005 Country of ref document: IN |
|
ENP | Entry into the national phase |
Ref document number: 2005117150 Country of ref document: RU Kind code of ref document: A |
|
WWP | Wipo information: published in national office |
Ref document number: 2003810390 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10531444 Country of ref document: US |