1. Field of the Invention
This invention concerns a system for protecting documents or valuables and in particular, means of payment, such as banknotes, checks or bank cards, enclosed in a physically tamper-proof container, which also goes through a series of logical states, authenticated in small numbers.
2. Discussion of Background and Relevant Information
Conventional systems for protecting documents or valuables, such as means of payment, are well known and most of them are widely based on the principle of a safe with armored plated walls, the access to which is reserved for the sole owners of a key, with a material or immaterial support (such as a code), and wherein the safe is located in a controlled environment made safe for example by means of several armored plating.
An alternative to these conventional devices, which are often heavy and cumbersome, is offered in several French patents in Applicants' name. In patent FR-A-2 550 364, the documents to be protected, hereinafter referred to as funds, are enclosed in a small box, the physical state of which is checked by means of sensors that continuously give out signals, which should comply with the signals resulting from a compulsory and ineluctable process, when a sensor detects a fault, the funds are destroyed or marked.
The destructive device used for this purpose can be, for example, that described in patent FR-A-2 574 845 in Applicants' name.
In the case of valuables to be transported, such as, for example, dangerous drugs (narcotics, poisons) or which have a considerable added value, the destructive device is very much different; the man of the trade is aware of the known, specific means in this field.
The object of the above mentioned patents consists in making useless or in destroying, in the event of an attack, the funds contained in a box and whose important fiduciary value is far lower than their real value, (which is the case for banknotes, cards and checks); the desirability for these funds thus becomes nil, since they are destroyed before they can be reached.
The sensors associated with these systems, and which in particular enable the detection of a physical attack on the small box, can be of a very light structure; an appropriate wall integrity sensor being described, for example, in French patent FR-A-2 615 987 in Applicants' name.
A certain number of inconveniences are linked with the systems of protection offered by the above-noted that patents endanger the very reliability of protection, both when the small box containing the funds to be protected is mobile and when the small box is stationary, and especially during transactions connected to changes in the state of the small box, such as, for example, when the small box is removed, is delivered, is opened or closed.
Indeed, in compliance with patent FR-A-2 550 364, the protection of a box is closely linked in itself to the protection of other small boxes that are transported by an armored vehicle in which they are placed. In such a case, the small boxes are protected as a whole, thanks to the existence of a secret and permanent signal, circulating between them. Any unexpected interruption of the signal causes damage to the funds to be protected. Such a device has a problem, that is difficult to resolve, of managing this signal, and the complexity thus involved leads to expensive, slow solutions that are not reliable.
Moreover, it appears that an individual protection of the small boxes can be realized and would even be preferable, since it would have the benefit of a flexible protective system and avoid destroying a large quantity of funds contained in numerous boxes, when the security of just one box is breached.
In addition, in the event of a small box and the funds contained in it are destroyed, the described systems of protection do not enable to determine the people responsible for the attack that caused the destruction; indeed, when it is destroyed, it is desirable and even necessary for the box to mark or destroy not only the funds, but also to erase any information that may be confidential and which it requires for its operation, such as, for example, supervision algorithms of its physical states, coding and decoding algorithms of messages exchanged with the outside, the nature and content of these messages such as secret codes, destination and addressees of the transported funds.
The destruction of all this information makes it impossible to identify, with any amount of certainty, the last person to have handled a destroyed box, who might just as well be an attacker from outside the system, an employee responsible for handling or transporting the small boxes and wanting to steal the funds or other people authorized for various reasons to approach the small boxes or to open them at their final destination.
Another major inconvenience of the system described in the FR-A-2 550 364 patent resides in the strict inexorability of the process governing the "history" of a small box during its transport. Any unexpected event is considered by the box to be an attack, leading to its destruction; thus, there is no possibility of grading the response when an unexpected event occurs. For example, when traffic is held up along a route an armored vehicle carrying the boxes should follow, the delay in delivery caused by the traffic jam will lead to destruction of the box, which could prove to be an expensive error and lead the client whose funds are being transported to question the reliability of the system.
It is not possible at the present time to give an immediate answer to this problem since the inexorability of certain phases of the transport described in this patent is compulsory with regard to security.
From the above, it is easy to understand that the use of a sole decision center to manage the whole security system leads to unavoidable dead-ends.
French patent FR-A-2 594 14 in the name of the Applicant is an improvement to the FR-A-2 550 364 patent. In this patent, small boxes are considered as being in a stationary vehicle, and are therefore used as bank compartments. Their protection is always collective, with the above mentioned problems, but access to the strongroom where the small boxes are stored is controlled from the outside by a computer that enters into contact with an electronic case dedicated to the supervision of the strongroom, which communicates in a secret and continuous way with all the small boxes. The communication of each of the small boxes with the outside computer enables the computer to generate a "history" of a box and to control the initiation which is carried out after various checkings, including those of the secret codes known to the persons having valid access to the boxes (i.e. a banker or a client).
The system described in this last document has several inconveniences. In addition, it is possible to design a clone computer that carries out the same functions as the original computer. Thus, the safety of the funds enclosed in the boxes is not entirely ensured, since there is no means of enabling the boxes to recognize the supervisor computer and the clone computer with any certainty.
When reading the above mentioned patent, one notes that the source of information giving the process data to the various electronic elements of the system is not necessarily the only one, which is a risk factor for the confidentiality of this data.