WO2004054208A1 - Transferring secret information - Google Patents

Transferring secret information Download PDF

Info

Publication number
WO2004054208A1
WO2004054208A1 PCT/AU2003/000840 AU0300840W WO2004054208A1 WO 2004054208 A1 WO2004054208 A1 WO 2004054208A1 AU 0300840 W AU0300840 W AU 0300840W WO 2004054208 A1 WO2004054208 A1 WO 2004054208A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
secret information
injection device
secret
terminal
Prior art date
Application number
PCT/AU2003/000840
Other languages
French (fr)
Inventor
Nambi Vasudeva
Burnnet Or
Raman Sethuraman
Original Assignee
Australia And New Zealand Banking Group Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2002953260A external-priority patent/AU2002953260A0/en
Priority claimed from AU2003900950A external-priority patent/AU2003900950A0/en
Application filed by Australia And New Zealand Banking Group Limited filed Critical Australia And New Zealand Banking Group Limited
Priority to AU2003236567A priority Critical patent/AU2003236567A1/en
Publication of WO2004054208A1 publication Critical patent/WO2004054208A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • This invention relates to transferring secret information. It relates particularly but not exclusively to a method of injecting secret information such as encryption keys into terminals, particularly terminals which are configured for use with smart cards.
  • PKI Public key infrastructure
  • a private key is distributed to the requesting party only, while the corresponding public key is made available for use by anyone with access to the communications network.
  • a requesting party uses the private key to decrypt data which has been sent by a sending party who has encrypted the data using the corresponding public key.
  • the requesting party can also use the private key to authenticate its identity to a message recipient by using the private key to encrypt a digital certificate.
  • the recipient can then authenticate the origin of the message by decrypting the encrypted digital certificate using the public key.
  • PKI provides one of the safest methods of facilitating secure communication
  • the security of the system is dependent on the secure distribution of private keys. If a private key is intercepted or discovered by someone other than the intended recipient, messages which were intended for the recipient can be decrypted easily. Accordingly, the private key should never be shared with another party or sent in a non-secure manner over a communications network such as the Internet.
  • PKI is also used in conjunction with smart card technology, to provide portable security to smart card holders. This enables smart card users to verify the identity of partners with which the smart card is used to communicate.
  • the use of PKI in combination with smart cards has many applications, particularly in the fields of finance and economics, health, education, wireless communications and in governments.
  • the terminals which are used in conjunction with the smart cards it is necessary for the terminals which are used in conjunction with the smart cards to be configured appropriately, with the necessary codes installed to enable authentication and communication between the terminal and the card. Further, cryptographic keys must be installed on the terminal which are peculiar to the application or organisation to which the communication relates.
  • SAM Security Access Module
  • a method of storing secret information on a secret information injection device including the following steps: (a) generating a transport key;
  • the secret information may be injected into any kind of device which is capable of storing and using such information, particularly when the information is of a confidential nature and must be copied or inserted into the device without the possibility of the secret information being known by an unauthorised party. Accordingly, the secret information may be any kind of information which is of a confidential nature, such as encryption keys or codes.
  • the secret information may be generated by any suitable device.
  • the secret information is an encryption key
  • it is preferred that the encryption key is randomly generated and at least 128 bits in length so that significant processing power is required before a third party is able to intercept and decrypt data which has been encrypted using the encryption key.
  • the encryption key is generated by a hardware security module (HSM).
  • the transport key may be any key which is capable of encrypting data, and which, in a preferred embodiment, is also able to decrypt data which has been encrypted using the transport key.
  • the key transport key is at least 128 bits in length.
  • the data storage and processing device may be any device capable of storing data including the transport key and the encrypted secret information.
  • the data storage and processing device is a personal computer (PC).
  • PC personal computer
  • a card with a microprocessor on it commonly known as a chip card or a smart card, may be used.
  • the smart card should have both RSA cryptographic and RSA key pair generating functionality. In such an instance the private key generated will in effect never leave the smart card and hence achieve an even higher level of security.
  • the data storage and processing device is a chip card
  • a processor having HSM-equivalent capability may be resident on the chip to generate the encryption key pair.
  • any other processor which is capable of producing such an encryption key pair may be used.
  • the transport key is encrypted by the processor which is resident on the chip card using the secret key. The chip card can then be used to transfer the encrypted transport key to the secret information injection device.
  • the data storage and processing device is a chip card
  • the chip card transfers the encrypted transport key and the encrypted information onto the secret information injection device, or that the data storage and processing device contains instructions for the production of the secret information injection device which has those encryption keys stored upon it.
  • the secret information injection device is also a chip card, or a card or other portable device with a microprocessor and storage capability built into it. This enables the secret information injection device to be transported to a terminal where the secret information can be injected, and wherein the terminal itself contains keys which are necessary to extract the secret information from the injection device.
  • a method of injecting secret information into a security module of a terminal including:
  • the external public encryption key pair consisting of external public key and external secret key may be generated by any processor which is capable of generating encryption key pairs, particularly pairs with keys which are more than 128 bits in length. Preferably, encryption key pairs of at least 512 bits are generated. It is preferred that the external public and secret key pair are generated by the manufacturer of the terminal and that the terminal manufacturer is responsible for providing the custodian of the data storage and processing device with the external public key. Similarly, it is preferred that the terminal manufacturer provides the terminal with external secret key.
  • transport key is a combination of three key portions which are usually maintained by three separate parties. This has the effect of increasing the secure nature of the injection method.
  • the injection device key pair is generated by a processor which includes a hardware security module or other suitable device capable of generating RSA encryption key pairs which are longer than 128 bits and preferably 480 bits long.
  • the terminal encrypts internal public key using the external secret key which is preferably provided by the terminal manufacturer who has provided the corresponding external public key to the custodian of the data storage and processing device. The terminal may then provide the data storage and processing device with the encrypted internal public key. In such an embodiment, the terminal is then equipped to determine the transport key since the terminal is in possession of the external secret key and the internal secret key. Accordingly, the terminal is equipped to decrypt the secret information using the transport key.
  • the secret information is an encryption key.
  • the secret information may also be a plurality of keys, identifiable by a key index which is sent preferably as part of the secret information.
  • Such a method may also be used to alter or add to keys which have previously been injected into a terminal using an existing method, or to inject new encryption keys.
  • Figure 1 is a flow diagram illustrating creation of an injection card according to an embodiment of the invention.
  • FIG. 2 is a flow diagram illustrating injection of secret information into a terminal according to an embodiment of the invention. Detailed Description
  • FIG. 1 components of an embodiment of the invention are shown. Each of these components makes contributions to the production of a device which is equipped to inject secret information, such as an encryption key, into a terminal.
  • the data storage and processing device and the secret information injection device are chip cards shown as keycard 5 and injection card 6 respectively. Using a chip card is advantageous, as it is small and portable and can be easily destroyed should a breach of security occur.
  • terminal vendor 1 generates public encryption pair PKMAN and SK MA N- Terminal vendor 1 then distributes public key PK MAN to the party which generates the secret information, in this case, bank 2.
  • HSM hardware security module
  • Key custodians 4a, 4b and 4c each hold a portion of the key transport key, KTK.
  • custodians 4a, 4b and 4c provide the respective portions of key transport key, KTK, and the complete key transport key, KTK, is reconstructed and provided to hardware security module 3 and keycard 5.
  • Hardware security module 3 then encrypts secret information Ksi using the key transport key, KTK, resulting in KTK(K S ⁇ ).
  • KTK(K S ⁇ ) is then stored on keycard 5.
  • keycard 5 is a chip card which is capable of generating cryptographic keys of more than 128 bits in length. Further, keycard 5 is preferably produced in a secure environment administered by bank 2.
  • Keycard 5 generates a public key encryption pair consisting of public key PKKC and secret key SK K c- Keycard 5 is also provided with a copy of the public key supplied by terminal manufacturer 1 , PKMAN- Keycard 5 has an application stored upon it which contains instructions for the production of injection card 6.
  • injection card 6 is also a chip card which has PKMAN copied onto it, along with encrypted secret information denoted by KTK(Ks ⁇ ). Accordingly, it is also preferred that injection card 6 is a chip card or device with 128 bit key generation and processing capabilities. In the production process, injection card 6, is produced with an encrypted version of the key transport key, KTK, which has been encrypted using the secret key of keycard 5, SKKC, resulting in SK KC (KTK).
  • keycard 5 is unique and used to produce a limited number of injection cards 6, which are subsequently distributed to terminal vendors 1. This enables terminal vendors 1 (or terminal manufacturers) to securely inject the secret information, Ksi, into the terminals before they are deployed in retail and other sites. Keycard 5 can then be destroyed once a sufficient quantity of injection cards 6 have been produced resulting in the destruction of secret key SK «c- Accordingly, upon destruction of keycard 5, no further injection cards can be produced. As an alternative, a personal computer or other device with sufficient processing capacity could be used to perform the function of keycard 5.
  • injection card 6 is distributed to parties who are responsible for the injection of the secret information Ksi into security module 8 of terminal 7. In most cases, these parties will be terminal vendors 1 (or terminal manufacturers).
  • bank 2 provides terminal vendor 1 with public key PK «c generated by keycard 6 and encrypted using PKMAN- Distribution of encrypted PKKC nnay occur by email, facsimile, courier or any other secure method of delivery.
  • Terminal 7 has an associated smartcard reader (not shown) which can read from and write to injection card 6.
  • the smart card reader is the only communication channel between injection card 6 and terminal 7.
  • terminal security module 8 When injection card 6 is read by terminal 7, authentication takes place to ensure the security of terminal 7, associated card reader and terminal security module 8.
  • terminal security module 8 generates an encryption key pair consisting of public key PKTCU and secret key SK T cu-
  • Terminal security module 8 provides terminal 7 with PKT C U and terminal 7 encrypts PKTCU with the secret key of terminal vendor 1 , SKMAN, resulting in SKMAN(PKTCU)- SKMAN(PKTCU) is then forwarded to terminal security module 8, authenticating the identity of terminal 7.
  • terminal 7 and terminal security module 8 communicate with injection card 6 as a single entity.
  • Terminal 7 provides injection card 6 with the encrypted public key of terminal security module 8, denoted as SKMAN(PKTCU)- Since injection card 6 is in possession of PKMA N , it is able to determine PKTCU, which it subsequently uses to encrypt previously encrypted key transport key denoted by SK ⁇ c(KTK). This results in a double-encrypted key transport key which is denoted by PK T cu(SK K c(KTK)). PK ⁇ cu(SK ⁇ c (KTK)) is then received by terminal 7, and terminal 7 deciphers KTK using SKTCU and PKKC where PKKC has been provided to terminal vendor 1 and copied to terminal 7 during terminal production.
  • Terminal 7 then receives encrypted secret information denoted by KTK(Ks ⁇ ) and decrypts it using the derived KTK.
  • the secret information is then stored in secure memory of terminal security module 8 where it is available for use in future transactions.
  • the encryption keys may be used to enable downloading of new applications to smart cards or other microprocessor devices.
  • the secret information when in the form of an encryption key, may also be used to enable smart card custodians to synchronise their smart card with their own Personal identification Number (PIN). This is useful when, say, a customer has an existing card with a magnetic stripe and is issued a replacement card with a magnetic stripe and a chip.
  • PIN Personal identification Number
  • the injected key can be used to securely copy the pin verification value (PVV) which has been stored on the magnetic stripe onto the smart card resulting in synchronisation of the PINs for the chip and the magnetic stripe.
  • PVV pin verification value

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A method of storing secret information on a secret information injection device includes generating a transport key and encrypting the secret information using the transport key. The transport key and the encrypted secret information are received at a data storage and processing device. The data storage and processing device is used to generate an encryption key pair which consists of a secret key and a public key. The encrypted secret information is transferred from the data storage and processing device to the secret information injection device. The transport key is encrypted using the secret key and is then transferred to the secret information injection device.

Description

TRANSFERRING SECRET INFORMATION
Field of the Invention
This invention relates to transferring secret information. It relates particularly but not exclusively to a method of injecting secret information such as encryption keys into terminals, particularly terminals which are configured for use with smart cards.
Background to the Invention Public key infrastructure (PKI) enables users of non-secure communications networks to participate in secure and private exchanges of data. PKI facilitates this through the use of public and private cryptographic key pairs which are distributed by a trusted authority. A private key is distributed to the requesting party only, while the corresponding public key is made available for use by anyone with access to the communications network. A requesting party then uses the private key to decrypt data which has been sent by a sending party who has encrypted the data using the corresponding public key. The requesting party can also use the private key to authenticate its identity to a message recipient by using the private key to encrypt a digital certificate. The recipient can then authenticate the origin of the message by decrypting the encrypted digital certificate using the public key.
Although PKI provides one of the safest methods of facilitating secure communication, the security of the system is dependent on the secure distribution of private keys. If a private key is intercepted or discovered by someone other than the intended recipient, messages which were intended for the recipient can be decrypted easily. Accordingly, the private key should never be shared with another party or sent in a non-secure manner over a communications network such as the Internet.
PKI is also used in conjunction with smart card technology, to provide portable security to smart card holders. This enables smart card users to verify the identity of partners with which the smart card is used to communicate. The use of PKI in combination with smart cards has many applications, particularly in the fields of finance and economics, health, education, wireless communications and in governments. In order for smart cards to be used in a secure PKI, it is necessary for the terminals which are used in conjunction with the smart cards to be configured appropriately, with the necessary codes installed to enable authentication and communication between the terminal and the card. Further, cryptographic keys must be installed on the terminal which are peculiar to the application or organisation to which the communication relates.
Existing methods for injecting these specific cryptographic keys into terminals usually require the terminals to be physically located in a secure environment. For terminals which are intended for use in financial transactions, the terminal will usually be taken to a secure room or vault in a bank where one or more cryptographic keys are injected into the terminals by the bank or the bank's trusted representative. This is inconvenient, time consuming and expensive and results in a delay in the deployment of the terminals in retail and other environments once they have been manufactured. In another method, cryptographic keys are injected into the terminals over a computer network using RSA cryptography. However, some systems do not support this cryptographic standard. Accordingly, there is a need for different manufacturing and key injection techniques for terminals which are deployed for use with various systems. Other methods of injecting keys into terminals involve the use of a
Security Access Module (SAM). A SAM usually takes the form of a chip such as that which is found on a chip card and which has a cryptographic key loaded onto it. The SAM, with the key stored on it, is then installed the terminal itself. However, the SAM can be removed relatively easily, after which time a party may tamper with the terminal without first having to authenticate itself. Further, SAMs require replacement after approximately 100,000 read/write operations. While regularly changing the SAMs in service has the effect of slightly increasing security, their continual replacement also results in an expense which is difficult to justify in consideration of the questionable security they provide. Summary of the Invention
According to a first aspect of the present invention, there is provided a method of storing secret information on a secret information injection device including the following steps: (a) generating a transport key;
(b) encrypting the secret information using the transport key;
(c) receiving at a data storage and processing device the transport key and the encrypted secret information;
(d) using the data storage and processing device to generate an encryption key pair consisting of a secret key and a public key;
(e) transferring the encrypted secret information from the data storage and processing device to the secret information injection device;
(f) encrypting the transport key using the secret key; and
(g) transferring the encrypted transport key to the secret information injection device.
The secret information may be injected into any kind of device which is capable of storing and using such information, particularly when the information is of a confidential nature and must be copied or inserted into the device without the possibility of the secret information being known by an unauthorised party. Accordingly, the secret information may be any kind of information which is of a confidential nature, such as encryption keys or codes.
The secret information may be generated by any suitable device. In an embodiment where the secret information is an encryption key, it is preferred that the encryption key is randomly generated and at least 128 bits in length so that significant processing power is required before a third party is able to intercept and decrypt data which has been encrypted using the encryption key. It is also preferred that the encryption key is generated by a hardware security module (HSM).
The transport key may be any key which is capable of encrypting data, and which, in a preferred embodiment, is also able to decrypt data which has been encrypted using the transport key. For a more secure method, it is preferred that the key transport key is at least 128 bits in length.
The data storage and processing device may be any device capable of storing data including the transport key and the encrypted secret information. In one embodiment, the data storage and processing device is a personal computer (PC). Alternatively, a card with a microprocessor on it, commonly known as a chip card or a smart card, may be used. In such an embodiment, the smart card should have both RSA cryptographic and RSA key pair generating functionality. In such an instance the private key generated will in effect never leave the smart card and hence achieve an even higher level of security.
In an embodiment where the data storage and processing device is a chip card, a processor having HSM-equivalent capability may be resident on the chip to generate the encryption key pair. Alternatively, any other processor which is capable of producing such an encryption key pair may be used. It is preferred that in the embodiment where the data storage and processing device is a chip card, the transport key is encrypted by the processor which is resident on the chip card using the secret key. The chip card can then be used to transfer the encrypted transport key to the secret information injection device.
In an embodiment where the data storage and processing device is a chip card, it is preferred that the chip card transfers the encrypted transport key and the encrypted information onto the secret information injection device, or that the data storage and processing device contains instructions for the production of the secret information injection device which has those encryption keys stored upon it.
In a preferred embodiment, the secret information injection device is also a chip card, or a card or other portable device with a microprocessor and storage capability built into it. This enables the secret information injection device to be transported to a terminal where the secret information can be injected, and wherein the terminal itself contains keys which are necessary to extract the secret information from the injection device.
In a second aspect of the present invention, there is provided a method of injecting secret information into a security module of a terminal, the method including:
(a) generating an external public encryption key pair associated with the terminal, the pair comprising an external public key and an external secret key;
(b) generating an internal public encryption key pair associated with the terminal, the pair comprising an internal public key and an internal secret key; (c) generating an injection device public encryption key pair associated with a secret information injection device, the pair comprising an injection device public key and an injection device secret key;
(d) storing on the secret information injection device the following: (i) the external public key;
(ii) a transport key which has been encrypted using the injection device secret key;
(iii) the secret information which has been encrypted using the transport key; (e) encrypting the internal public key within the terminal using the external secret key;
(f) bringing the secret information injection device into communication with the terminal, and transmitting the encrypted internal public key to the secret information injection device; (g) within the secret information injection device, applying the external public key to the encrypted internal public key to decrypt the internal public key; (h) within the secret information injection device using the decrypted internal public key to further encrypt the transport key (which has already been encrypted using the injection device secret key), and transmitting the result to the terminal;
(i) within the terminal, deciphering the transport key using firstly the internal secret key and secondly the injection device public key; (j) transmitting from the secret information injection device to the terminal the secret information (which has been encrypted using the transport key); and (k) within the terminal deciphering the secret information using the transport key.
The external public encryption key pair consisting of external public key and external secret key may be generated by any processor which is capable of generating encryption key pairs, particularly pairs with keys which are more than 128 bits in length. Preferably, encryption key pairs of at least 512 bits are generated. It is preferred that the external public and secret key pair are generated by the manufacturer of the terminal and that the terminal manufacturer is responsible for providing the custodian of the data storage and processing device with the external public key. Similarly, it is preferred that the terminal manufacturer provides the terminal with external secret key.
In a preferred embodiment, transport key is a combination of three key portions which are usually maintained by three separate parties. This has the effect of increasing the secure nature of the injection method. It is preferred that the injection device key pair is generated by a processor which includes a hardware security module or other suitable device capable of generating RSA encryption key pairs which are longer than 128 bits and preferably 480 bits long. It is preferred that the terminal encrypts internal public key using the external secret key which is preferably provided by the terminal manufacturer who has provided the corresponding external public key to the custodian of the data storage and processing device. The terminal may then provide the data storage and processing device with the encrypted internal public key. In such an embodiment, the terminal is then equipped to determine the transport key since the terminal is in possession of the external secret key and the internal secret key. Accordingly, the terminal is equipped to decrypt the secret information using the transport key.
In a preferred embodiment, the secret information is an encryption key. However, the secret information may also be a plurality of keys, identifiable by a key index which is sent preferably as part of the secret information. Such a method may also be used to alter or add to keys which have previously been injected into a terminal using an existing method, or to inject new encryption keys.
Brief Description of the Drawings
The invention will herein after be described in greater detail by reference to the attached drawings. It is to be understood that the particularity of the drawings does not supersede the generality of the preceding description of the invention. Figure 1 is a flow diagram illustrating creation of an injection card according to an embodiment of the invention.
Figure 2 is a flow diagram illustrating injection of secret information into a terminal according to an embodiment of the invention. Detailed Description
Referring firstly to Figure 1 , components of an embodiment of the invention are shown. Each of these components makes contributions to the production of a device which is equipped to inject secret information, such as an encryption key, into a terminal. In the example shown in Figure 1 , the data storage and processing device and the secret information injection device are chip cards shown as keycard 5 and injection card 6 respectively. Using a chip card is advantageous, as it is small and portable and can be easily destroyed should a breach of security occur. In the example illustrated in Figure 1 , terminal vendor 1 generates public encryption pair PKMAN and SKMAN- Terminal vendor 1 then distributes public key PKMAN to the party which generates the secret information, in this case, bank 2. Such distribution preferably occurs via secure email, although other distribution methods such as facsimile or courier may also be used. Bank 2 is then able to distribute PKMAN to any party which requires it, as illustrated in Figure 1. At bank 2, hardware security module (HSM) 3 generates secret information, KSι which may be used as a cryptographic key once it is injected into a terminal, such as terminal 7 which is shown in Figure 2.
Key custodians 4a, 4b and 4c each hold a portion of the key transport key, KTK. When the injection device is manufactured, custodians 4a, 4b and 4c provide the respective portions of key transport key, KTK, and the complete key transport key, KTK, is reconstructed and provided to hardware security module 3 and keycard 5. Hardware security module 3 then encrypts secret information Ksi using the key transport key, KTK, resulting in KTK(KSι). KTK(KSι) is then stored on keycard 5. In this embodiment, keycard 5 is a chip card which is capable of generating cryptographic keys of more than 128 bits in length. Further, keycard 5 is preferably produced in a secure environment administered by bank 2.
Keycard 5 generates a public key encryption pair consisting of public key PKKC and secret key SKKc- Keycard 5 is also provided with a copy of the public key supplied by terminal manufacturer 1 , PKMAN- Keycard 5 has an application stored upon it which contains instructions for the production of injection card 6.
In the example of Figure 1 , injection card 6 is also a chip card which has PKMAN copied onto it, along with encrypted secret information denoted by KTK(Ksι). Accordingly, it is also preferred that injection card 6 is a chip card or device with 128 bit key generation and processing capabilities. In the production process, injection card 6, is produced with an encrypted version of the key transport key, KTK, which has been encrypted using the secret key of keycard 5, SKKC, resulting in SKKC(KTK).
In the example illustrated in Figure 1 , keycard 5 is unique and used to produce a limited number of injection cards 6, which are subsequently distributed to terminal vendors 1. This enables terminal vendors 1 (or terminal manufacturers) to securely inject the secret information, Ksi, into the terminals before they are deployed in retail and other sites. Keycard 5 can then be destroyed once a sufficient quantity of injection cards 6 have been produced resulting in the destruction of secret key SK«c- Accordingly, upon destruction of keycard 5, no further injection cards can be produced. As an alternative, a personal computer or other device with sufficient processing capacity could be used to perform the function of keycard 5.
Referring now to Figure 2, injection card 6 is distributed to parties who are responsible for the injection of the secret information Ksi into security module 8 of terminal 7. In most cases, these parties will be terminal vendors 1 (or terminal manufacturers). During the key injection process, bank 2 provides terminal vendor 1 with public key PK«c generated by keycard 6 and encrypted using PKMAN- Distribution of encrypted PKKC nnay occur by email, facsimile, courier or any other secure method of delivery.
Terminal 7 has an associated smartcard reader (not shown) which can read from and write to injection card 6. The smart card reader is the only communication channel between injection card 6 and terminal 7.
When injection card 6 is read by terminal 7, authentication takes place to ensure the security of terminal 7, associated card reader and terminal security module 8. Here, terminal security module 8 generates an encryption key pair consisting of public key PKTCU and secret key SKTcu- Terminal security module 8 provides terminal 7 with PKTCU and terminal 7 encrypts PKTCU with the secret key of terminal vendor 1 , SKMAN, resulting in SKMAN(PKTCU)- SKMAN(PKTCU) is then forwarded to terminal security module 8, authenticating the identity of terminal 7. After completion of the authentication process, terminal 7 and terminal security module 8 communicate with injection card 6 as a single entity. Terminal 7 provides injection card 6 with the encrypted public key of terminal security module 8, denoted as SKMAN(PKTCU)- Since injection card 6 is in possession of PKMAN, it is able to determine PKTCU, which it subsequently uses to encrypt previously encrypted key transport key denoted by SKκc(KTK). This results in a double-encrypted key transport key which is denoted by PKTcu(SKKc(KTK)). PKτcu(SKκc (KTK)) is then received by terminal 7, and terminal 7 deciphers KTK using SKTCU and PKKC where PKKC has been provided to terminal vendor 1 and copied to terminal 7 during terminal production.
Terminal 7 then receives encrypted secret information denoted by KTK(Ksι) and decrypts it using the derived KTK. The secret information is then stored in secure memory of terminal security module 8 where it is available for use in future transactions. Once injected, the encryption keys may be used to enable downloading of new applications to smart cards or other microprocessor devices. Once injected, the secret information, when in the form of an encryption key, may also be used to enable smart card custodians to synchronise their smart card with their own Personal identification Number (PIN). This is useful when, say, a customer has an existing card with a magnetic stripe and is issued a replacement card with a magnetic stripe and a chip. It is an annoyance for the customer to remember two separate PINs; one for use with the card's magnetic stripe and one for use with the card's chip. In such a scenario, the injected key can be used to securely copy the pin verification value (PVV) which has been stored on the magnetic stripe onto the smart card resulting in synchronisation of the PINs for the chip and the magnetic stripe. It is to be understood that various authentication procedures should be conducted prior to the PVV being synchronised to authenticate the smart card holder as that of the magnetic stripe card holder so that malicious PIN synchronisations do not occur. Synchronisation of the PINs obviates the need for a user of a magnetic stripe card which is equipped with a chip to remember two separate PINS when conducting transactions using the card. It is to be understood that various alterations, additions and/or modifications may be made to the parts previously described without departing from the ambit of the present invention.

Claims

1. A method of storing secret information on a secret information injection device including the following steps: (a) generating a transport key;
(b) encrypting the secret information using the transport key;
(c) receiving at a data storage and processing device the transport key and the encrypted secret information;
(d) using the data storage and processing device to generate an encryption key pair consisting of a secret key and a public key;
(e) transferring the encrypted secret information from the data storage and processing device to the secret information injection device;
(f) encrypting the transport key using the secret key; and
(g) transferring the encrypted transport key to the secret information injection device.
2. A method of storing secret information on a secret information injection device according to claim 1 wherein the data storage and processing device is a chip card.
3. A method of storing secret information on a secret information injection device according to claim 1 wherein the secret information injection device is a chip card.
4. A method of storing secret information on a secret information injection device according to claim 1 wherein the secret information is an encryption key which is generated by a hardware security module.
5. A method of storing secret information on a secret information injection device according to claim 4 wherein the data storage and processing device has hardware security module capabilities.
6. A method of injecting secret information into a security module of a terminal, the method including: (a) generating an external public encryption key pair associated with the terminal, the pair comprising an external public key and an external secret key;
(b) generating an internal public encryption key pair associated with the terminal, the pair comprising an internal public key and an internal secret key; (c) generating an injection device public encryption key pair associated with a secret information injection device, the pair comprising an injection device public key and an injection device secret key;
(d) storing on the secret information injection device the following: (i) the external public key; (ii) a transport key which has been encrypted using the injection device secret key;
(iii) the secret information which has been encrypted using the transport key;
(e) encrypting the internal public key within the terminal using the external secret key;
(f) bringing the secret information injection device into communication with the terminal, and transmitting the encrypted internal public key to the secret information injection device;
(g) within the secret information injection device, applying the external public key to the encrypted internal public key to decrypt the internal public key;
(h) within the secret information injection device using the decrypted internal public key to further encrypt the transport key (which has already been encrypted using the injection device secret key), and transmitting the result to the terminal; (i) within the terminal, deciphering the transport key using firstly the internal secret key and secondly the injection device public key; (j) transmitting from the secret information injection device to the terminal the secret information (which has been encrypted using the transport key); and (k) within the terminal deciphering the secret information using the transport key.
7. A method of injecting secret information according to claim 6 wherein the secret information is an encryption key.
8. A method of injecting secret information according to claim 6 wherein the data processing and storage device is a chip card.
9. A method of injecting secret information according to claim 8 wherein the chip card is capable of generating encryption keys of more than 128 bits in length.
10. A method of injecting secret information according to claim 6 wherein the secret information on the secret information injection device has been stored using the method of any one of claims 1 to 5.
PCT/AU2003/000840 2002-12-06 2003-07-01 Transferring secret information WO2004054208A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003236567A AU2003236567A1 (en) 2002-12-06 2003-07-01 Transferring secret information

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2002953260A AU2002953260A0 (en) 2002-12-06 2002-12-06 Transferring secret information
AU2002953260 2002-12-06
AU2003900950 2003-02-14
AU2003900950A AU2003900950A0 (en) 2003-02-14 2003-02-14 Transferring secret information

Publications (1)

Publication Number Publication Date
WO2004054208A1 true WO2004054208A1 (en) 2004-06-24

Family

ID=32509147

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2003/000840 WO2004054208A1 (en) 2002-12-06 2003-07-01 Transferring secret information

Country Status (1)

Country Link
WO (1) WO2004054208A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009005437A1 (en) * 2007-06-29 2009-01-08 Oniteo Ab Method and system for secure hardware provisioning
US8024582B2 (en) * 2000-05-24 2011-09-20 Deutsche Telekom Ag Encryption of data to be stored in an information processing system
EP2602956A1 (en) * 2011-12-08 2013-06-12 Gemalto SA Method for customising a security element engaging with a telecommunications terminal and corresponding system
CN104539419A (en) * 2014-12-11 2015-04-22 第一美卡科技(苏州)有限公司 Card secret key management method and system thereof
CN107657452A (en) * 2017-09-20 2018-02-02 深圳怡化电脑股份有限公司 A kind of processing method and processing device of trading instruction

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5923759A (en) * 1995-04-20 1999-07-13 Lee; Philip S. System for securely exchanging data with smart cards
WO2002045336A1 (en) * 2000-11-28 2002-06-06 Nagravision Sa Transaction certification
US6460138B1 (en) * 1998-10-05 2002-10-01 Flashpoint Technology, Inc. User authentication for portable electronic devices using asymmetrical cryptography

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5923759A (en) * 1995-04-20 1999-07-13 Lee; Philip S. System for securely exchanging data with smart cards
US6460138B1 (en) * 1998-10-05 2002-10-01 Flashpoint Technology, Inc. User authentication for portable electronic devices using asymmetrical cryptography
WO2002045336A1 (en) * 2000-11-28 2002-06-06 Nagravision Sa Transaction certification

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8024582B2 (en) * 2000-05-24 2011-09-20 Deutsche Telekom Ag Encryption of data to be stored in an information processing system
WO2009005437A1 (en) * 2007-06-29 2009-01-08 Oniteo Ab Method and system for secure hardware provisioning
US8762737B2 (en) 2007-06-29 2014-06-24 Oniteo Ab Method and system for secure hardware provisioning
EP2602956A1 (en) * 2011-12-08 2013-06-12 Gemalto SA Method for customising a security element engaging with a telecommunications terminal and corresponding system
WO2013083770A1 (en) * 2011-12-08 2013-06-13 Gemalto Sa Method of personalizing a security element cooperating with a telecommunications terminal and corresponding system
CN104539419A (en) * 2014-12-11 2015-04-22 第一美卡科技(苏州)有限公司 Card secret key management method and system thereof
CN107657452A (en) * 2017-09-20 2018-02-02 深圳怡化电脑股份有限公司 A kind of processing method and processing device of trading instruction

Similar Documents

Publication Publication Date Title
US10565400B2 (en) Implementation of an integrity-protected secure storage
JP4638990B2 (en) Secure distribution and protection of cryptographic key information
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
US7421079B2 (en) Method and apparatus for secure key replacement
US8644516B1 (en) Universal secure messaging for cryptographic modules
US6073237A (en) Tamper resistant method and apparatus
CN109981255B (en) Method and system for updating key pool
US20080260156A1 (en) Management Service Device, Backup Service Device, Communication Terminal Device, and Storage Medium
US6988198B1 (en) System and method for initializing operation for an information security operation
MXPA06010776A (en) Authentication between device and portable storage.
CN111971929B (en) Secure distributed key management system
WO1997023972A1 (en) Application level security system and method
JP2012044670A (en) User authentication method based on utilization of biometric identification techniques, and related architecture
JP2000357156A (en) System and method for authentication sheet distribution
WO1998045975A9 (en) Bilateral authentication and information encryption token system and method
JP2022542095A (en) Hardened secure encryption and decryption system
TWI476629B (en) Data security and security systems and methods
JP2010231404A (en) System, method, and program for managing secret information
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data
JPH09200194A (en) Device and method for security communication
WO2004054208A1 (en) Transferring secret information
JPH11143359A (en) Enciphering device, decoding device, information sharing device, enciphering method, decoding method, information processing method, and recording medium
CN115412236A (en) Method for key management and password calculation, encryption method and device
TWI430643B (en) Secure key recovery system and method
JP2001358706A (en) Copyright protection system, enciphering device, decoding device and recording medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)