WO1998039743A2 - Method for carrying out modifications in authorization data sets - Google Patents

Method for carrying out modifications in authorization data sets Download PDF

Info

Publication number
WO1998039743A2
WO1998039743A2 PCT/EP1998/001270 EP9801270W WO9839743A2 WO 1998039743 A2 WO1998039743 A2 WO 1998039743A2 EP 9801270 W EP9801270 W EP 9801270W WO 9839743 A2 WO9839743 A2 WO 9839743A2
Authority
WO
WIPO (PCT)
Prior art keywords
data
authorization
security module
authorization data
terminal
Prior art date
Application number
PCT/EP1998/001270
Other languages
German (de)
French (fr)
Other versions
WO1998039743A3 (en
Inventor
Siegfried Hartleif
Frank Schaefer-Lorinser
Original Assignee
Deutsche Telekom Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Deutsche Telekom Ag filed Critical Deutsche Telekom Ag
Priority to HU0001506A priority Critical patent/HUP0001506A3/en
Priority to EP98914870A priority patent/EP0970446A2/en
Publication of WO1998039743A2 publication Critical patent/WO1998039743A2/en
Publication of WO1998039743A3 publication Critical patent/WO1998039743A3/en
Priority to NO19994236A priority patent/NO326478B1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor

Definitions

  • the invention relates to a method for carrying out changes in authorization data records which are stored on data carriers, in particular on chip cards, the data carrier being connected to a terminal and a security module for exchanging data.
  • Permissions are often acquired in daily life and are documented on paper. Examples of this are the authorization to use means of transport in the form of tickets and season tickets, the use of parking spaces in the form of parking tickets. In this context, tickets for cultural or sporting events, swimming pools, museums and other facilities should also be mentioned. In most cases, such a receipt is only used for control purposes and is discarded by the customer after use. Some of these documents are so small that they can easily be lost. On some occasions, for example when traveling, various receipts are carried so that the search for the correct receipt can be difficult when checking.
  • authorization data records are stored within the memory architecture of chip cards in the variable memory area, for example the EEPROM area.
  • the memory areas are processed or managed using the chip card operating system.
  • Corresponding specifications are part of international standardization (CEN prEN 726-3, ISO 7816-4). In accordance with this standard, a data record that characterizes authorizations would - in the following
  • access conditions are set for the entire EF, but not for individual data fields.
  • the access conditions regulate the security-related conditions under which the EF can be accessed.
  • the operating system of the chip card monitors compliance with the access conditions, i.e. if changes are made to an authorization data record, they can be made at any point in the Authorization data contained EF can be made.
  • this possibility is not necessary and, on the other hand, it is questionable in terms of safety. In most cases, an entry in a validation field or a change in a text field is sufficient. A corresponding limitation of the change options is not provided for in the standardization.
  • defining different access conditions for individual data fields would require a considerable increase in storage space.
  • the invention has for its object to provide a method that allows secure changes to authorizations.
  • the known storage space or security architecture should preferably be retained.
  • Authorization data record is transmitted to the data carrier in cryptographically secured form and that the changed authorization data record is stored in the data carrier after checking the authenticity.
  • the possibility of changing not only can be restricted to one or more data fields within the respective authorization data record, but the type of change can also be restricted.
  • FIG. 1 shows the structure of an EF, namely a data field EF_BER provided for the storage of authorizations,
  • FIG. 2 shows the structure of an authorization data record within the EF shown in FIG. 1,
  • Fig. 3 is a schematic representation of a terminal with a security module and a smart card and
  • Fig. 4 is a schematic representation of the processes when changing an authorization record.
  • the structure of an EF_BER is shown in table form in FIG. 1.
  • the EF_BER initially contains an identifier at 1, which identifies this file as EF_BER.
  • the access conditions for reading, writing, deleting, etc. are then stored.
  • the actual data content consists of data records which represent authorizations 1 to n.
  • a first data record for authorization 1 requires bytes 1-X
  • a second data record for authorization 2 requires bytes XY etc.
  • FIG. 2 several data fields are provided, of which only four data fields are explained by way of example.
  • data fields A and B are created for X bytes each, which are coded in any way (xx) and contain, for example, names for the type of authorization.
  • the type of multiple use is stored in binary form in a further data field with a length of one byte.
  • a code field with a length of three bytes is also in binary stored information in the data record.
  • the block diagram according to FIG. 3 comprises a terminal 31, which contains a processor 32, a security module 33 and a card writing and reading device 34. Furthermore, a keyboard 35 is provided for inputs by a user, if necessary.
  • the security module 33 is designed such that data and program changes and reading programs and data are not possible.
  • the individual modules of the terminal 31 are connected to one another by data lines 36.
  • a chip card 37 can be inserted into the writing and reading device 34.
  • FIG. 4 shows the data exchange between the terminal and the security module on the one hand and the chip card on the other. Since it is not necessary to constantly distinguish between the terminal and the security module to explain the invention, these have been summarized in FIG. 4. In the case of processes in which processing of data in the security module is important for the invention, this is pointed out in connection with FIG. 4.
  • the commands Select EF_INFO and Read EF_INFO are sent from the terminal to the chip card.
  • This turns data out read the chip card, which are stored at 42 in the terminal or in the security module.
  • the card-specific key is calculated using the data and the system key stored in the security module. With this key, cryptograms of the chip card are recalculated or checked for authenticity.
  • the terminal then sends the commands Select EF_BER and Read EF_BER with the addition secure.
  • the authorization data record is then read from the memory in the chip card and transmitted to the terminal in unencrypted form together with a MAC (Message Authentication Code), which is calculated in the chip card via the authorization data record BER.
  • the security module then also calculates a MAC at 44 from the transmitted authorization data record and compares this at 45 with the MAC transmitted by the chip card.
  • the authorization data record is changed by the terminal via the security module at 46, for example one of several multiple authorizations is deleted.
  • the changed authorization data record BER ' is transmitted together with a MAC' formed from BER 'and the card-specific key and with the Write EF_BER secure command to the chip card, whereupon the transmitted changed authorization data record BER' is checked in the chip card at 47 by recalculating the MAC 'and at 48 is saved. Then there is a feedback "O.K.” to the terminal.

Abstract

The invention relates to a method for carrying out modifications in authorization data records which are stored on data carriers, especially chip cards, wherein said data carrier is connected to a terminal and a security module for data exchange. The data record which is to be modified is read out in cryptographically secure form by the security module from the data carrier. After authenticating the authorization data, said data is modified in the security module according to instructions issued by the terminal. The modified authorization data is transmitted to the data carrier in cryptographically secure form and is stored in the data carrier after authentication.

Description

Verfahren zur Durchführung von Veränderungen in BerechtigungsdatensätzenProcedure for making changes in authorization data records
Die Erfindung betrifft ein Verfahren zur Durchführung von Veränderungen in Berechtigungsdatensätzen, die auf Datenträgern, insbesondere auf Chipkarten, gespeichert sind, wobei der Datenträger zum Austausch von Daten mit einem Terminal und einem Sicherheitsmodul verbunden ist.The invention relates to a method for carrying out changes in authorization data records which are stored on data carriers, in particular on chip cards, the data carrier being connected to a terminal and a security module for exchanging data.
Im täglichen Leben werden häufig Berechtigungen erworben, die in Papierform dokumentiert werden. Beispiele dafür sind die Berechtigung zur Benutzung von Verkehrsmitteln in Form von Fahrscheinen und Zeitkarten, die Benutzung von Parkplätzen in Form von Parkscheinen. Ferner sind in diesem Zusammenhang Eintrittskarten für kulturelle oder sportliche Veranstaltungen, Schwimmbäder, Museen und andere Einrichtungen zu nennen. In den meisten Fällen wird ein solcher Beleg lediglich zu Kontrollzwecken verwendet, der vom Kunden nach Gebrauch fortgeworfen wird. Einige dieser Belege sind so klein, daß sie leicht verlorengehen können. Bei manchen Gelegenheiten, beispielsweise auf Reisen, werden verschiedene Belege mitgeführt, so daß bei einer Kontrolle die Suche nach dem richtigen Beleg Schwierigkeiten bereiten kann .Permissions are often acquired in daily life and are documented on paper. Examples of this are the authorization to use means of transport in the form of tickets and season tickets, the use of parking spaces in the form of parking tickets. In this context, tickets for cultural or sporting events, swimming pools, museums and other facilities should also be mentioned. In most cases, such a receipt is only used for control purposes and is discarded by the customer after use. Some of these documents are so small that they can easily be lost. On some occasions, for example when traveling, various receipts are carried so that the search for the correct receipt can be difficult when checking.
Zur Vermeidung dieser Nachteile sind Verfahren zum Erwerb sowie zum Abspeichern von Berechtigungen auf Chipkarten bekanntgeworden, beispielsweise aus DE 195 22 050 A1 und EP 0 713 188 A1. Dabei hat es sich herausgestellt, daß für eine sinnvolle Nutzung von auf Chipkarten abgespeicherten Berechtigungen auch nachträgliche Veränderungen einzelner Datenfelder möglich sein müssen. Derartige Veränderungen sind beispielsweise erforderlich, um jeweils eine einzelne Berechtigung einer Zehnerkarte entwerten zu können. Die Möglichkeit, Veränderungen durchführen zu können, kann jedoch auch mißbräuchlich benutzt werden, um beispielsweise aus einem Tagesausweis eine Monatskarte zu machen.To avoid these disadvantages, methods for acquiring and storing authorizations on chip cards have become known, for example from DE 195 22 050 A1 and EP 0 713 188 A1. It has been found that for the meaningful use of authorizations stored on chip cards, subsequent changes to individual data fields must also be possible. Such changes are necessary, for example, in order to be able to validate a single authorization for a tens card. However, the possibility of being able to make changes can also be misused, for example to turn a day pass into a monthly pass.
Der Grund für derartige Manipulationsmöglichkeiten liegt in der Speicher- bzw. Sicherheitsarchitektur der Chipkarten. Berechtigungsdatensätze werden nämlich dem Stand der Technik entsprechend innerhalb der Speicherplatzarchitektur von Chipkarten im variablen Speicherbereich, beispielsweise EEPROM-Bereich, abgelegt. Die Speicherbereiche werden über das Betriebssystem der Chipkarte bearbeitet bzw. verwaltet. Entsprechende Spezifikationen sind Bestandteil internationaler Normung (CEN prEN 726-3, ISO 7816-4). Entsprechend dieser Norm würde ein Berechtigungen kennzeichnender Datensatz - im folgendenThe reason for such manipulation possibilities lies in the memory or security architecture of the chip cards. According to the state of the art, authorization data records are stored within the memory architecture of chip cards in the variable memory area, for example the EEPROM area. The memory areas are processed or managed using the chip card operating system. Corresponding specifications are part of international standardization (CEN prEN 726-3, ISO 7816-4). In accordance with this standard, a data record that characterizes authorizations would - in the following
Berechtigungsdatensatz genannt - in einem EF ( = elementary file) abgelegt, wobei ein EF mehrere Berechtigungsdatensätze aufnehmen kann. Innerhalb eines Datensatzes sind mehrere Datenfelder vorhanden, in denen die Dateninhalte der Berechtigungen gespeichert sind.Authorization record called - stored in an EF (= elementary file), where an EF can hold multiple authorization records. There are several data fields within a data record in which the data content of the authorizations is stored.
In den bekannten Chipkarten nach der obengenannten Normung sind jeweils Zugangsbedingungen (access conditions) für das gesamte EF, nicht jedoch für einzelne Datenfelder festgelegt. Die Zugangsbedingungen regeln unter welchen sicherheitstechnischen Bedingungen auf das EF zugegriffen werden kann. Über die Einhaltung der Zugangsbedingungen wacht das Betriebssystem der Chipkarte, das heißt: werden Änderungen in einem Berechtigungsdatensatz zugelassen, können diese an jeder beliebigen Stelle des die Berechtigungsdaten enthaltenen EF vorgenommen werden. Diese Möglichkeit ist einerseits nicht erforderlich und andererseits sicherheitstechnisch bedenklich. In den meisten Fällen reicht ein Eintrag in einem Entwerterfeld oder eine Änderung in einem Textfeld aus . Eine entsprechende Begrenzung der Änderungsmöglichkeiten ist jedoch in der Normung nicht vorgesehen. Außerdem würde eine Definition unterschiedlicher Zugangsbedingungen für einzelne Datenfelder einen erheblichen Mehrbedarf an Speicherplatz erfordern.In the known chip cards according to the above-mentioned standardization, access conditions are set for the entire EF, but not for individual data fields. The access conditions regulate the security-related conditions under which the EF can be accessed. The operating system of the chip card monitors compliance with the access conditions, i.e. if changes are made to an authorization data record, they can be made at any point in the Authorization data contained EF can be made. On the one hand, this possibility is not necessary and, on the other hand, it is questionable in terms of safety. In most cases, an entry in a validation field or a change in a text field is sufficient. A corresponding limitation of the change options is not provided for in the standardization. In addition, defining different access conditions for individual data fields would require a considerable increase in storage space.
Der Erfindung liegt die Aufgabe zugrunde, ein Verfahren anzugeben, das ein gesichertes Verändern von Berechtigungen ermöglicht. Vorzugsweise soll dabei die bekannte Speicherplatz- bzw. Sicherheitsarchitektur beibehalten werden .The invention has for its object to provide a method that allows secure changes to authorizations. The known storage space or security architecture should preferably be retained.
Diese Aufgabe wird erfindungsgemäß dadurch gelöst, daß der jeweils zu verändernde Datensatz in kryptographisch gesicherter Form vom Sicherheitsmodul aus dem Datenträger ausgelesen wird, daß im Sicherheitsmodul nach Prüfung der Echtheit des Berechtigungsdatensatzes der Berechtigungsdatensatz nach von dem Terminal zugeführten Vorgaben geändert wird, daß der veränderteThis object is achieved in that the data record to be changed in each case is read from the data carrier in a cryptographically secured form by the security module, that in the security module, after checking the authenticity of the authorization data record, the authorization data record is changed according to specifications supplied by the terminal, that the changed one
Berechtigungsdatensatz in kryptographisch gesicherter Form an den Datenträger übertragen wird und daß im Datenträger nach Prüfung der Echtheit der veränderte Berechtigungsdatensatz gespeichert wird.Authorization data record is transmitted to the data carrier in cryptographically secured form and that the changed authorization data record is stored in the data carrier after checking the authenticity.
Dieses Verfahren hat den Vorteil, daß ein Angreifer erst die üblichen Sicherheitsvorkehrungen durchbrechen muß, um eine Änderung vornehmen zu können. Um jedoch die Änderungen auf die jeweils wirklich zur Änderung vorgesehenen Datenfelder einschränken zu können, ist bei einer Weiterbildung des Verfahrens vorgesehen, daß die vom Terminal dem Sicherheitsmodul zugeführten Vorgaben nur unter Einhaltung von im Sicherheitsmodul abgelegten Regeln zu Veränderungen der Berechtigungsdatensätze führen.The advantage of this method is that an attacker would first have to break through the usual security precautions to be able to make a change. However, in order to be able to restrict the changes to the data fields actually intended for the change, in a further development of the method it is provided that the specifications supplied by the terminal to the security module are only observed lead to changes in the authorization data records from rules stored in the security module.
Mit dieser Weiterbildung kann die Änderungsmöglichkeit nicht nur auf eines oder mehrere Datenfelder innerhalb des jeweiligen Berechtigungsdatensatzes eingeschränkt werden, sondern es kann auch die Art der Änderung eingeschränkt werden.With this development, the possibility of changing not only can be restricted to one or more data fields within the respective authorization data record, but the type of change can also be restricted.
Ausführungsbeispiele der Erfindung sind in der Zeichnung anhand mehrerer Figuren dargestellt und in der nachfolgenden Beschreibung näher erläutert. Es zeigt:Exemplary embodiments of the invention are shown in the drawing using several figures and are explained in more detail in the following description. It shows:
Fig. 1 den Aufbau eines EF, nämlich eines für die Speicherung von Berechtigungen vorgesehenen Datenfeldes EF_BER,1 shows the structure of an EF, namely a data field EF_BER provided for the storage of authorizations,
Fig. 2 den Aufbau eines Berechtigungsdatensatzes innerhalb des in Fig. 1 dargestellten EF,2 shows the structure of an authorization data record within the EF shown in FIG. 1,
Fig. 3 eine schematische Darstellung eines Terminals mit einem Sicherheitsmodul und einer Chipkarte undFig. 3 is a schematic representation of a terminal with a security module and a smart card and
Fig. 4 eine schematische Darstellung der Vorgänge beim Ändern eines Berechtigungsdatensatzes.Fig. 4 is a schematic representation of the processes when changing an authorization record.
Der Aufbau eines EF_BER ist in Fig. 1 in Tabellenform dargestellt. Das EF_BER enthält zunächst bei 1 einen Identifizierer, der diese Datei als EF_BER identifiziert. Im Anschluß daran sind die Zugangsbedingungen für Lesen, Schreiben, Löschen usw. abgelegt. Der eigentliche Dateninhalt besteht aus Datensätzen, welche Berechtigungen 1 bis n darstellen. Dabei benötigt ein erster Datensatz für die Berechtigung 1 die Bytes 1-X, ein zweiter Datensatz für die Berechtigung 2 die Bytes X-Y usw. Bei dem in Fig. 2 dargestellten Berechtigungsdatensatz sind mehrere Datenfelder vorgesehen, von denen lediglich vier Datenfelder beispielhaft erläutert sind. Und zwar sind für jeweils X Bytes Datenfelder A und B angelegt, die beliebig (xx) codiert sind und beispielsweise Bezeichnungen für die Art der Berechtigungen enthalten. In einem weiteren Datenfeld mit einer Länge von einem Byte wird die Art der Mehrfachnutzung in binärer Form gespeichert. Außerdem befindet sich mit einer Länge von drei Byte ein Codefeld in ebenfalls binär gespeicherter Information in dem Datensatz .The structure of an EF_BER is shown in table form in FIG. 1. The EF_BER initially contains an identifier at 1, which identifies this file as EF_BER. The access conditions for reading, writing, deleting, etc. are then stored. The actual data content consists of data records which represent authorizations 1 to n. A first data record for authorization 1 requires bytes 1-X, a second data record for authorization 2 requires bytes XY etc. In the authorization data record shown in FIG. 2, several data fields are provided, of which only four data fields are explained by way of example. Specifically, data fields A and B are created for X bytes each, which are coded in any way (xx) and contain, for example, names for the type of authorization. The type of multiple use is stored in binary form in a further data field with a length of one byte. In addition, a code field with a length of three bytes is also in binary stored information in the data record.
Das Blockschaltbild gemäß Fig. 3 umfaßt ein Terminal 31, das einen Prozessor 32, ein Sicherheitsmodul 33 und ein Karten-Schreib- und Lesegerät 34 enthält. Ferner ist eine Tastatur 35 vorgesehen für Eingaben durch einen Benutzer, falls solche erforderlich sind. Das Sicherheitsmodul 33 ist derart gestaltet, daß Daten- und Programmänderungen sowie ein Auslesen von Programmen und Daten nicht möglich sind. Die einzelnen Baugruppen des Terminals 31 sind durch Datenleitungen 36 miteinander verbunden. In das Schreib- und Lesegerät 34 kann eine Chipkarte 37 eingeführt werden.The block diagram according to FIG. 3 comprises a terminal 31, which contains a processor 32, a security module 33 and a card writing and reading device 34. Furthermore, a keyboard 35 is provided for inputs by a user, if necessary. The security module 33 is designed such that data and program changes and reading programs and data are not possible. The individual modules of the terminal 31 are connected to one another by data lines 36. A chip card 37 can be inserted into the writing and reading device 34.
Fig. 4 zeigt den Datenaustausch zwischen dem Terminal und dem Sicherheitsmodul einerseits und der Chipkarte andererseits . Da es zur Erläuterung der Erfindung nicht erforderlich ist, ständig zwischen dem Terminal und dem Sicherheitsmodul zu unterscheiden, wurden diese in Fig. 4 zusammengefaßt. Bei Vorgängen, bei denen eine Verarbeitung von Daten im Sicherheitsmodul für die Erfindung von Bedeutung ist, wird darauf im Zusammenhang mit Fig. 4 hingewiesen.4 shows the data exchange between the terminal and the security module on the one hand and the chip card on the other. Since it is not necessary to constantly distinguish between the terminal and the security module to explain the invention, these have been summarized in FIG. 4. In the case of processes in which processing of data in the security module is important for the invention, this is pointed out in connection with FIG. 4.
Nachdem bei 41 die Chipkarte eingesteckt wurde und die Synchronisationsvorgänge mit dem Terminal erfolgt sind, werden vom Terminal die Kommandos Select EF_INFO und Read EF_INFO an die Chipkarte gesendet. Damit werden Daten aus der Chipkarte ausgelesen, die bei 42 im Terminal bzw. im Sicherheitsmodul gespeichert werden. Mit den Daten und dem im Sicherheitsmodul abgelegten Systemschlüssel wird der kartenindividuelle Schlüssel berechnet. Mit diesem Schlüssel werden Kryptogramme der Chipkarte nachgerechnet bzw. auf Echtheit überprüft. Das Terminal sendet dann die Kommandos Select EF_BER und Read EF_BER mit dem Zusatz secure. Bei 43 wird dann in der Chipkarte aus dem Speicher der Berechtigungsdatensatz ausgelesen und in unverschlüsselter Form zusammen mit einem MAC (Message Authentification Code), der in der Chipkarte über dem Berechtigungsdatensatz BER berechnet wird, an das Terminal übertragen. Das Sicherheitsmodul berechnet dann bei 44 aus dem übertragenen Berechtigungsdatensatz ebenfalls einen MAC und vergleicht diesen bei 45 mit dem von der Chipkarte übertragenen MAC.After the chip card has been inserted at 41 and the synchronization processes with the terminal have taken place, the commands Select EF_INFO and Read EF_INFO are sent from the terminal to the chip card. This turns data out read the chip card, which are stored at 42 in the terminal or in the security module. The card-specific key is calculated using the data and the system key stored in the security module. With this key, cryptograms of the chip card are recalculated or checked for authenticity. The terminal then sends the commands Select EF_BER and Read EF_BER with the addition secure. At 43, the authorization data record is then read from the memory in the chip card and transmitted to the terminal in unencrypted form together with a MAC (Message Authentication Code), which is calculated in the chip card via the authorization data record BER. The security module then also calculates a MAC at 44 from the transmitted authorization data record and compares this at 45 with the MAC transmitted by the chip card.
Bei Übereinstimmung wird entsprechend den Vorgaben durch das Terminal über das Sicherheitsmodul bei 46 der Berechtigungsdatensatz geändert, beispielsweise eine von mehreren Mehrfachberechtigungen gestrichen. Der geänderte Berechtigungsdatensatz BER' wird zusammen mit einem aus BER' und dem kartenindividuellen Schlüssel gebildeten MAC' und mit dem Kommando Write EF_BER secure zur Chipkarte übertragen, worauf in der Chipkarte bei 47 der übertragene geänderte Berechtigungsdatensatz BER' durch Nachrechnen von MAC' überprüft und bei 48 abgespeichert wird. Anschließend erfolgt noch eine Rückmeldung "O.K." an das Terminal. If there is a match, the authorization data record is changed by the terminal via the security module at 46, for example one of several multiple authorizations is deleted. The changed authorization data record BER 'is transmitted together with a MAC' formed from BER 'and the card-specific key and with the Write EF_BER secure command to the chip card, whereupon the transmitted changed authorization data record BER' is checked in the chip card at 47 by recalculating the MAC 'and at 48 is saved. Then there is a feedback "O.K." to the terminal.

Claims

Ansprüche Expectations
1. Verfahren zur Durchführung von Veränderungen in Berechtigungsdatensätzen, die auf Datenträgern, insbesondere auf Chipkarten, gespeichert sind, wobei der Datenträger zum Austausch von Daten mit einem Terminal und einem Sicherheitsmodul verbunden ist, dadurch gekennzeichnet, daß der jeweils zu verändernde Datensatz in kryptographisch gesicherter Form vom Sicherheitsmodul aus dem Datenträger ausgelesen wird, daß im Sicherheitsmodul nach Prüfung der Echtheit des Berechtigungsdatensatzes der Berechtigungsdatensatz nach von dem Terminal zugeführten Vorgaben geändert wird, daß der veränderte1. A method for carrying out changes in authorization data records, which are stored on data carriers, in particular on chip cards, the data carrier being connected to a terminal and a security module for the exchange of data, characterized in that the data record to be changed in each case is in a cryptographically secured form the security module reads from the data carrier that in the security module, after checking the authenticity of the authorization data record, the authorization data record is changed according to specifications supplied by the terminal, that the changed one
Berechtigungsdatensatz in kryptographisch gesicherter Form an den Datenträger übertragen wird und daß im Datenträger nach Prüfung der Echtheit der veränderte Berechtigungsdatensatz gespeichert wird.Authorization data record is transmitted to the data carrier in cryptographically secured form and that the changed authorization data record is stored in the data carrier after checking the authenticity.
2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, daß die vom Terminal dem Sicherheitsmodul zugeführten Vorgaben nur unter Einhaltung von im Sicherheitsmodul abgelegten Regeln zu Veränderungen der Berechtigungsdatensätze führen. 2. The method according to claim 1, characterized in that the specifications supplied by the terminal to the security module lead to changes in the authorization data records only in compliance with rules stored in the security module.
PCT/EP1998/001270 1997-03-06 1998-03-05 Method for carrying out modifications in authorization data sets WO1998039743A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
HU0001506A HUP0001506A3 (en) 1997-03-06 1998-03-05 Method for carrying out modifications in authorization data sets
EP98914870A EP0970446A2 (en) 1997-03-06 1998-03-05 Method for carrying out modifications in authorization data sets
NO19994236A NO326478B1 (en) 1997-03-06 1999-09-01 Procedure for Implementing Changes in Authorization Data Records

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19709275.6 1997-03-06
DE19709275 1997-03-06

Publications (2)

Publication Number Publication Date
WO1998039743A2 true WO1998039743A2 (en) 1998-09-11
WO1998039743A3 WO1998039743A3 (en) 1999-01-21

Family

ID=7822498

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1998/001270 WO1998039743A2 (en) 1997-03-06 1998-03-05 Method for carrying out modifications in authorization data sets

Country Status (4)

Country Link
EP (1) EP0970446A2 (en)
HU (1) HUP0001506A3 (en)
NO (1) NO326478B1 (en)
WO (1) WO1998039743A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002069290A2 (en) * 2000-10-23 2002-09-06 Works Operating Company Dynamic payment cards and related management systems and associated methods
WO2004079672A1 (en) * 2003-03-03 2004-09-16 Nagracard Sa Method for deactivating and reactivating security modules
US7319986B2 (en) 1999-09-28 2008-01-15 Bank Of America Corporation Dynamic payment cards and related management systems and associated methods
US7895119B2 (en) 2003-05-13 2011-02-22 Bank Of America Corporation Method and system for pushing credit payments as buyer initiated transactions

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009094609A1 (en) 2008-01-25 2009-07-30 Sharma Virender K Device and implantation system for electrical stimulation of biological systems

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0713188A2 (en) 1994-11-18 1996-05-22 Deutsche Telekom AG Method and smart card for acquired authorization documentation
DE19522050A1 (en) 1995-06-17 1996-12-19 Uestra Hannoversche Verkehrsbe Memory card with memory element for storing data sets

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2698588B2 (en) * 1987-11-13 1998-01-19 株式会社東芝 Portable electronic devices
DE4119924C3 (en) * 1991-06-17 1996-06-20 Siemens Ag Process for securing loadable credit in chip cards
GB2267626A (en) * 1992-05-12 1993-12-08 Westinghouse Cubic Limited Ticket
FR2697929B1 (en) * 1992-11-10 1995-01-13 Innovatron Sa Secure protocol for data exchange between a transfer device and a portable object.
FR2704081B1 (en) * 1993-04-16 1995-05-19 France Telecom Method for updating a memory card and memory card for implementing this method.

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0713188A2 (en) 1994-11-18 1996-05-22 Deutsche Telekom AG Method and smart card for acquired authorization documentation
DE19522050A1 (en) 1995-06-17 1996-12-19 Uestra Hannoversche Verkehrsbe Memory card with memory element for storing data sets

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7319986B2 (en) 1999-09-28 2008-01-15 Bank Of America Corporation Dynamic payment cards and related management systems and associated methods
WO2002069290A2 (en) * 2000-10-23 2002-09-06 Works Operating Company Dynamic payment cards and related management systems and associated methods
WO2002069290A3 (en) * 2000-10-23 2003-02-06 Works Operating Company Dynamic payment cards and related management systems and associated methods
WO2004079672A1 (en) * 2003-03-03 2004-09-16 Nagracard Sa Method for deactivating and reactivating security modules
CN100350799C (en) * 2003-03-03 2007-11-21 纳格拉卡德股份有限公司 Method for deactivating and reactivating security modules.
US7890770B2 (en) 2003-03-03 2011-02-15 Nagravision S.A. Method for deactivating and reactivating security modules
US7895119B2 (en) 2003-05-13 2011-02-22 Bank Of America Corporation Method and system for pushing credit payments as buyer initiated transactions

Also Published As

Publication number Publication date
NO994236L (en) 1999-10-29
WO1998039743A3 (en) 1999-01-21
HUP0001506A2 (en) 2000-09-28
EP0970446A2 (en) 2000-01-12
NO326478B1 (en) 2008-12-15
NO994236D0 (en) 1999-09-01
HUP0001506A3 (en) 2001-01-29

Similar Documents

Publication Publication Date Title
DE3811378C3 (en) Information recording system
EP0355372B1 (en) Data carrier controlled terminal for a data exchange system
DE69320900T3 (en) IC card with hierarchical file structure
DE69730712T2 (en) COMMUNICATION SYSTEM WITH SECURE, INDEPENDENT MANAGEMENT OF SEVERAL APPLICATIONS PER USER CARD, USER CARD AND ADMINISTRATIVE PROCEDURE THEREFOR
DE69823649T2 (en) MULTI-APPLICATION IC CARD SYSTEM
DE69927643T2 (en) Information processing and data storage
EP0805607B1 (en) Method for accessing at least a part of the data of a microprocessor card
DE19839847A1 (en) Storage of data objects in the memory of a chip card
DE3103514A1 (en) METHOD AND DEVICE FOR CONTROLLING A SECURED TRANSACTION
EP1188151A1 (en) Devices and methods for biometric authentication
EP0811204B1 (en) Processing of long messages in a chip card
DE3636703A1 (en) PORTABLE ELECTRONIC DEVICE
WO1998039743A2 (en) Method for carrying out modifications in authorization data sets
DE3804618A1 (en) Programmable smart card
EP1185960A2 (en) Method and device for saving and retrieving pin codes
EP0713188A2 (en) Method and smart card for acquired authorization documentation
DE19626339A1 (en) Secure loading of applications and data on chip cards
DE19716015A1 (en) Introducing information on a chip card
EP2093720A2 (en) Terminal for chip cards
EP0970449B1 (en) Portable data carrier and method for cryptographically secure use thereof with interchangeable keys
EP0203543B1 (en) Method and device for verifying ic cards
DE69738548T2 (en) DYNAMIC DATA INTERPRETATION PROCESS FOR A CHIP CARD
DE60213375T2 (en) Contactless electronic identification system
DE19705620C2 (en) Arrangement and method for decentralized chip card identification
EP1008966A2 (en) Data exchange system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): HU NO

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1998914870

Country of ref document: EP

AK Designated states

Kind code of ref document: A3

Designated state(s): HU NO

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 1998914870

Country of ref document: EP