1. Field of the Invention
The present invention pertains to a method for securely exchanging data between a first data processing unit and a second data processing unit, of the type wherein a secure communication channel between the first data processing unit and the second data processing unit is established in a communication configuration step, and wherein a first message is transmitted from the second data processing unit to the first data processing unit via the secure communication channel in a data transmission step. The invention also pertains to an arrangement suitable for implementing such a method.
2. Description of the Prior Art
In numerous services performed with the aid of data processing units, the most recent version of the service data required for performing the service needs to be available in the data processing unit at all times. For example, the most recent rate tables need to be utilized when calculating the postage for a letter to be metered with a postage metering machine because the correct postage for the respective item to be mailed and consequently an unproblematic transport thereof can only be ensured in this fashion. To a certain degree, this also applies to other services in which the fee to be paid or other data required for performing the service is determined based on such service data.
The most recent version of the service data is usually made available by the provider of the service or a third party. The service data are frequently stored in and available for downloading from a second data processing unit that usually is a data center. During the download, the service data is transmitted via a communications link in a data network or the like, to which both data processing units are connected. In this context, it needs to be ensured that service data, in particular, billing or security data, are not corrupted during the transmission. This is usually achieved by utilizing cryptographic means.
In this context, U.S. Pat. No. 5,448,641 discloses transmitting the rate tables for postage metering machines together with a digital signature that is generated from the fee table to be utilized. When generating the digital signature, the fee table or a predetermined part of the fee table is subjected to a so-called hash algorithm, for example, the Secure Hash Algorithm (SHA) in a data center. A so-called message digest is generated with this algorithm. This message digest is then encrypted using a secret key. The message digest encrypted this way then forms the digital signature.
In order to check in the postage-metering machine whether or not the rate table was manipulated during its transmission, the digital signature is decrypted in order to obtain the message digest. In addition, a new message digest is calculated from the transmitted rate table or the predetermined part of the rate table with the same hash algorithm, and it is checked whether the new message digest matches the message digest obtained from the digital signature. When utilizing such a hash algorithm, a very slight change of the input data already causes a significant deviation in the result of the calculation. Consequently, it has to be assumed that no manipulation has occurred and that the rate table can be utilized as intended if both message digests match.
This method provides a comparatively high security because manipulations of the service data, i.e., the rate tables, during the transmission cannot remain undetected. However, this method has the disadvantage that it is relatively complicated. First, the corresponding hash algorithm needs to be available in the postage-metering machine. Second, the integrity check requires a comparatively high computing expenditure because the signature needs to be decrypted and a new message digest needs to be generated in order to carry out the comparison.
With respect to the updating of rate tables in postage metering machines, European Application 0 969 420 discloses utilizing a so-called MAC (Message Authentication Code) for checking the integrity of the rate table transmitted by a data center. In this case, a checksum is initially generated in the postage-metering machine from the rate table with the aid of a predetermined checksum algorithm. This checksum is then encrypted with a secret key in order to obtain the MAC. This MAC is transmitted back to the data center. The data center initially generates a new checksum from the previously transmitted rate table with the same checksum algorithm. The new checksum is then encrypted with a secret key in order to obtain a new MAC′. If this new MAC′ matches the MAC transmitted by the postage metering machine, it is assumed that the transmission took place without manipulations and a corresponding message is transmitted to the postage metering machine that subsequently acknowledges the rate table.
This version is also relatively complicated because a corresponding checksum algorithm needs to be available in both data processing units. In addition, a series of communication steps is required in order to complete the updating of the service data, wherein various manipulations are possible during these communication steps such that corresponding countermeasures need to be provided.
An object of the present invention is to provide a method and an arrangement of the initially described type, which entirely or at least partially eliminate the aforementioned disadvantages and, in particular, ensure a simple, reliable and secure data exchange.