In order to provide protection against corruption of messages, it is known for symmetrical cryptography to be used to form a signature by means of which the receiver can check, with very high probability, whether the message has been transmitted without corruption and originates from the predetermined sender. However, one precondition is that the sender and receiver have a common, secret key, which must be stored in secure form. One such method is described, for example, in U.S. Pat. No. 4,549,075.
Symmetrical cryptography, in particular the DES method, is frequently used in smart cards, because this method can be programmed very efficiently. The smart cards furthermore have a read only memory in which a main key is stored in secure and secret form, and this main key is also stored in secure form in a control center.
If it is now intended to send a message, protected against corruption, from a sender to the receiver, in this case the smart card, then, until now, the sender has had to have the message signed by the control center, since the control center cannot provide the sender with the secret main key without weakening the entire system. Furthermore, measures are required to ensure that the message is protected against corruption and imitation of a legitimate sender during transmission from the sender to the main center.
The object of the invention is thus to specify a method for corruption protection of messages by means of a signature which can be formed by a sender and can be sent to a receiver without the sender having the secret main key, which is shared by the receiver and a control center, or without the message having to be sent in advance to the control center, for signature formation.