The present relates to a system for the secure reading and processing of data on intelligent data carriers, as well as to processes executable in this system.
A system for the secure reading and processing of data on intelligent data carriers is described, for example, in xe2x80x9cKryptologiexe2x80x9d(Cryptology) by A. Beutelspacher, 5th edition, Chapter 4, published in 1997 by Vieweg-Verlag (Vieweg Publishing House), Braunschweig/Wiesbaden, and is assumed as known. In particular, the challenge and response process described therein in connection with FIG. 4.12 on p. 93 and FIG. 4.16 on p. 101, and based on symmetrical encryption is suitable for the authentication of intelligent data carriers vis-xc3xa1-vis computers or their input terminals.
Some conventional systems are also already known which employ asymmetrical key processes or a plurality of symmetrical or asymmetrical key processes in succession (see, e.g., xe2x80x9cFunkschauxe2x80x9d 1996, No. 25, pp. 60-63). However, asymmetrical key processes,.such as the RSA algorithm described in the krytologie, have the disadvantage as compared with symmetrical processes that, because of the need to carry out arithmetic operations with very large numbers, they are relatively slow and, if used for the authentication of the individual data carriers, require many keys to be stored in each terminal or, in the case of an existing data link to a central storage, to be stored in that storage.
The intelligent data carriers used in such systems, e.g., IC cards equipped with processors and storage devices, today usually referred to as chipcards, which often contain highly sensitive data, such as access authorizations to secure areas or the permission to withdraw amounts of money from an account, are largely secure against unpermitted use, unauthorized readout and intentional falsification of the stored data thanks to the use of the aforementioned cryptographic processes. The same is also true of the reloadable xe2x80x9celectronic pursesxe2x80x9d(e.g., paycards, cashcards), increasingly used nowadays, from which amounts of money can be debited to pay for goods or services, at least if the terminals at which the withdrawals are made have a link to a computer center through which it is possible to retrieve a key that is stored therein and is required for the authentication of a data carrier, or if a cryptogram, transmitted from a data carrier for authentication, can be forwarded to the computer center for verification.
However, the latter is not always the case, because data links for public cardphones, transport-ticket machines, carpark ticket machines or vending machines are too costly. In such cases, a key required for security-critical operations is usually stored in the terminal, inside a so-called security module. This key is normally a master key which is used to calculate the key that is required for the respective data carrier to be processed and that matches its individual key, this involving the use of information, such as the chipcard number, which is specific to the data carrier and is transmitted from the data carrier.
The fact that this master key is located in a terminal in an insecure environment compromises the security of the entire system, because, if it became known to a criminal, that criminal would then be able to make unauthorized duplicates of all the data carriers used in the system.
An object of the present invention is to exclude or at least to reduce such a risk and thereby to increase the security of the system.
By storing on the data carrier a second key pair satisfying an asymmetrical key algorithm, it is possible at the end of a data readout or processing operation to confirm the operation by an xe2x80x9celectronic signature.xe2x80x9d The calculation and verification of the electronic signature require the key pair stored on the data carrier, and cannot be achieved simply by a key derived from the master key of a terminal and reproduced on the data carrier.
One example embodiment of the present invention makes it possible to verify that the individual data carriers belong to the system using an asymmetrical key process, without, however, having the disadvantages of an asymmetrical key process, as would result, for example, if secret keys for all data carriers were stored at a central location. Furthermore, in this case, the correctness of the key pair stored on the data carrier and used for generating the electronic signature is co-certified by the system. The secret key used for generating the certificate remains in the computer center and is therefore safe from outside access.
Other example embodiments of the present invention use of a key process employing a symmetrical key algorithm for the authentication of the data carriers vis-xc3xa1-vis a terminal. The derivation of the keys, used for the authentication of the individual data carriers, from a master key dispenses with the need for the online connection of all terminals to the computer center or for the storage of extensive key lists in the terminals. In another example embodiment of the present invention, the storage and/or calculation on the data carrier of the key used for authentication permit adaptation of the authentication operation to the technical possibilities (computing and storage capacity) of the data carriers used.
In yet another example embodiment of the present invention, a further key usable in a symmetrical key process is provided.
In another example embodiment of the present invention, relate to measures aimed at better monitoring of monetary transactions in the case of data carriers used as electronic purses are provided.