The invention relates to a value transfer system in which value is transferred between electronic purses. One such system is described, for example, in patent application WO 91/16691.
In the system described in the above-mentioned patent specification integrated circuit cards (ICC""s) or xe2x80x9cSmart Cardsxe2x80x9d are used as application carrier devices (ACD""s) to carry electronic purses. An electronic purse is a program application which controls the storage in memory on the ACD of a value record which represents xe2x80x9celectronic cashxe2x80x9d. By coupling two ACD""s together via interface devices (IFD""s) the respective purses are coupled together and exchange a series of messages which results in the transfer of value from one purse to the other.
It is clear that security against fraud is vital in a value transfer system. The manufacturing process of ICC""s and increasingly sophisticated security measures included in their manufacture and programming make it virtually impossible to counterfeit the smart cards. Interception and duplication of the value transfer messages is prevented by cryptographically encoding messages exchanged in a transaction. In spite of the extremely high security levels achieved by modern cryptography there is a theoretical risk that a particular cryptographic system could be compromised, if not by crypto-analysis then perhaps by a breach of physical security which leads to leakage of algorithms or keys.
An object of the present invention is to provide a value transfer system in which the cryptographic system currently in use may be changed. Administratively, change may be effected as a regular precautionary measure or in response to an attack on the system currently in use.
According to one aspect of the invention there is provided a value transfer system comprising a multiplicity of electronic programmed microprocessor application carrier devices (ACD""s) each comprising an electronic purse having a value store, the ACD""s being adapted to be coupled together in pairs so as to couple the purses and enable value to be exchanged in transactions between the purses, said value exchange being effected by exchanges of messages secured by a cryptographic security scheme, the system further comprising a sequential series of cryptographic security schemes ranging from old to new and each purse being programmed with at least two schemes in said series, the purses being further programmed to identify and use, when coupled in a pair to exchange value between electronic purses, the older or oldest usable common cryptographic security scheme of the purse pair and to inhibit thereafter as superceded any older cryptographic security scheme of the series in either purse. With this arrangement a first purse can be automatically switched from an old cryptographic system to a new one on encountering a second purse which has the new system but not the old. On being switched, the first purse Will then have no usable old system and then can itself cause other purses to switch to the new system. Thus, by seeding the population of purses with new purses which omit the old cryptographic system, the new cryptographic system will migrate through the population of purses in a chain reaction.
Preferably each purse has a memory region in which is stored an identifier for the cryptographic security scheme currently in use by the purse, the scheme identifiers being exchanged between a coupled pair of purses as a preliminary in a value exchange transaction.
Whilst it is envisaged that the purses may have three or more cryptographic systems to which to be switched in sequence, in a preferred embodiment of the invention each purse is programmed with two successive cryptographic security schemes in the sequential series.
Preferably each cryptographic security scheme comprises at least one cryptographic algorithm and at least one cryptographic key and members of the series differ in respect of their algorithms and/or their keys. The above-mentioned patent application describes use of the RSA encryption system, which is an asymmetric public/private key system. Also there is described exchange of keys by means of the DES system. The encryption schemes of the present invention may differ from each other because they employ different single encryption algorithms such as RSA or DES or because they combine the algorithms of different systems or because the keys are different.
Successive cryptographic schemes in the series are not necessarily different. It may be desirable to force current smart cards towards obsolescence by making them switch to a new cryptographic scheme even though it is the same as the old one. Thus, in one embodiment of the invention successive members of the series of cryptographic security schemes are the same except that they are associated with different scheme identifiers, the scheme identifiers being stored in the purses and being used to identify the oldest common cryptographic scheme of a pair of coupled purses and to control the inhibition of any older cryptographic security scheme of the series in either purse.
Furthermore, selected ACD""s may be provided with two electronic purses programmed with respective and different cryptographic security schemes, said selected ACD""s being programmed, on being coupled to another ACD, to select a purse so as to allow a transaction between the purse of the said other ACD and the selected purse according to compatibility of the purse cryptographic security systems.
According to another aspect of the invention there is provided a value transfer system comprising a multiplicity of electronic programmed microprocessor application carrier devices (ACD""s) each comprising an electronic purse having a value store, the ACD""s being adapted to be coupled together in pairs so as to couple the purses and enable value to be exchanged in transactions between the purses, said value exchange being effected by exchange of messages secured by a cryptographic security scheme, wherein selected ACD""s are provided with two electronic purses programmed with respective and different cryptographic security schemes, said selected ACD""s being programmed, on being coupled to another ACD to select a purse so as to allow a transaction between the purse of the said other ACD and the selected purse according to compatibility of the purse cryptographic security systems. With this arrangement it is possible to provide a cut-off strategy for a particular cryptographic scheme or set of schemes. By providing selected purses, for example retailers and banks, with dual purse smart cards (ACD""s), one purse having the old schemes and the other purse having new schemes, it is possible to isolate xe2x80x9cold moneyxe2x80x9d from xe2x80x9cnew moneyxe2x80x9d while allowing transactions with the old schemes to continue, perhaps for a limited time.