1. Field of the Invention
The present invention relates to a method and apparatus for establishing online a shared key that is required to perform a security communication between an automatic teller machine (ATM) and a host. More particularly, the present invention relates to a method of performing a mutual authentication between an ATM and a host, a method of generating a shared key to be used based on the mutual authentication, and a system for performing the methods.
2. Description of the Related Art
In order to perform a security communication between an automatic teller machine (ATM) and a host, a shared key such as a terminal master key (TMK) may need to be established. In a conventional art, the simplest scheme of establishing the TMK is that a manager directly visits the ATM and the host to input and store the TMK in the ATM and the host. For example, when establishing the TMK in the ATM, a reliable manager may visit the ATM in person to thereby input and store the TMK in the ATM. However, in the above conventional offline scheme, the manager may need to visit each ATM in order to input and store the TMK. Accordingly, it may be very inconvenient and the shared key may be easily leaked by the manager.
Diebold Inc. disclosed a method of establishing online a shared key between an ATM and a host. The above method may further include a certificate authority.
FIG. 1 illustrates a relationship among a host 10, an ATM 20, and a certificate authority 30 in the disclosed shared key establishing method of Diebold Inc.
As shown in FIG. 1, before starting an online shared key establishing process, necessary keys may need to be pre-stored in the host 10 and the ATM 20. A secret key sA of the ATM 20, a public key eA corresponding to the secret key sA, and an identification number (ID) IDA of the ATM 20 may be installed and be stored in the ATM 20. Also, a certificate eA* that is signed at the certificate authority 30 with respect to the public key eA of the ATM 20 may be installed and stored be in a safe environment. The certificate eA* may be generated by encrypting the public key eA of the ATM 20 using a secret key of the certificate authority 30. In this instance, the ID IDA of the ATM 20 may also be encrypted and be included in the certificate eA*.
Also, a secret key sH of the host 10 and a public key eH corresponding to the secret key sH may be installed and be stored in the host 10, in a safe environment. Also, a certificate eH* that is signed at the certificate authority 30 with respect to the public key eH of the host 10 may be installed and be stored in the safe environment. The certificate eH* may be generated by encrypting the public key eH of the host 10 using the secret key of the certificate authority 30. In this instance, the ID IDH of the host 10 may also be encrypted and be included in the certificate eH*.
FIG. 2 illustrates a shared key establishing process of Diebold Inc.
In a state where the secret keys sA, and sH, the public keys eA and eH, the certificates eA* and eH*, and the like of FIG. 1 are installed and are stored in a host 10 and an ATM 20, the process of FIG. 2 may be performed.
In operation S11, the ATM 20 may transmit, to the host 10, the public key eA, the certificate eA*, the ID IDA, and a signature value IDA*. As described above, the public key eA, the certificate eA*, and the ID IDA are installed and stored in the ATM 20 in advance. The signature value IDA* may be generated by encrypting, at the ATM 20, the ID IDA using the secret key sA.
In operation S12, the host 10 may verify and store the public key eA and the ID IDA of the ATM 20. The host 10 may obtain the public key eA and the ID IDA of the ATM 20 by decrypting the certificate eA* using a public key of a certificate authority (not shown). Through the decryption, the host 10 may verify the relationship between the ID IDA and the public key eA of the ATM 20. The host 10 may decrypt the signature value IDA* using the public key eA of the ATM 20. When the ID IDA generated by decrypting the signature value IDA* is the same as the ID IDA received from the ATM 20, the host 10 may determine, as a right ATM with IDA, the ATM that has transmitted the public key eA, the certificate eA*, the ID IDA, and the signature value IDA*. This is because only the ATM 20 with the secret key sA corresponding to the public key eA of the ATM 20 may generate the signature value IDA* that can be decrypted using the public key eA of the ATM 20.
In operation S13, the host 10 may transmit, to the ATM 20, the public key eH and the certificate eH* of the host 10. In operation S14, the ATM 20 may verify and store the public key eH of the host 10.
In operation S15, the host 10 may generate a shared key, for example, a terminal master key (TMK). In operation S16, the host 10 may transmit, to the ATM 20, a value EeA(TMK) that is obtained by encrypting the TMK using the public key eA of ATM 20, and a signature value EsH[EeA(TMK)] that is obtained by signing the value EeA(TMK) using the secret key sH of the host 10.
In operation S17, the ATM 20 may verify and decrypt EeA(TMK) to thereby obtain the TMK. Specifically, the ATM 20 may obtain EeA(TMK) by decrypting EsA[EeA(TMK)] using the public key eH of the host 10, and may determine whether the obtained EeA(TMK) is the same as the received EeA(TMK). When they are the same, the ATM 20 may determine the received EeA(TMK) is transmitted by a right host. The ATM 20 may obtain the TMK by decrypting EeA(TMK) using the secret key sA of the ATM 20.
The shared key establishing process disclosed by Diebold may be performed through the aforementioned procedures. In the case of the above shared key establishing process, a third party, for example, a certificate authority may be required in addition to the host 10 and the ATM 20. As described above, the ATM 20 may need to be assigned in advance with the certificate eA* from the certificate authority and to store the assigned certificate eA*. The host 10 may also need to be assigned with the certificate eH* from the certificate authority and to store the assigned certificate eH*. Accordingly, in the case of the above shared key establishing process of Diebold Inc., overhead may occur in a process of assigning a corresponding certificate. Also, the TMK corresponding to the shared key may be uni-directionally transmitted from the host 10 to the ATM 20. Accordingly, once the secret key sA of the ATM 20 is leaked, the TMK may also be immediately known.