WO1998059327A1 - Safety module - Google Patents

Safety module Download PDF

Info

Publication number
WO1998059327A1
WO1998059327A1 PCT/SE1998/001019 SE9801019W WO9859327A1 WO 1998059327 A1 WO1998059327 A1 WO 1998059327A1 SE 9801019 W SE9801019 W SE 9801019W WO 9859327 A1 WO9859327 A1 WO 9859327A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
transaction station
transaction
central computer
cryptographic
Prior art date
Application number
PCT/SE1998/001019
Other languages
French (fr)
Inventor
Bengt Hedin
Kjell Jansson
Bo Molander
Original Assignee
Digital Equipment Bcfi Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Equipment Bcfi Ab filed Critical Digital Equipment Bcfi Ab
Priority to AU80447/98A priority Critical patent/AU8044798A/en
Priority to JP11503383A priority patent/JP2000507380A/en
Publication of WO1998059327A1 publication Critical patent/WO1998059327A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor

Definitions

  • the present invention relates to cryptographic processing of the communication between a transaction station and a central computer in connection with financial transactions.
  • a transaction station which is in communication with a central computer, for carrying out various types of financial transactions through the central computer.
  • So-called ATMs Automatic Teller Machines
  • PIN code PIN - Personal Identification Number
  • the PIN code is usually entered with the aid of a keypad located on the ATM. Subsequently, the user indicates the transaction he wishes to carry out, usually a desired withdrawal amount. Next, the ATM transmits this information (account number, PIN code, withdrawal amount) to a central computer which contains information about the accounts of various cardholders. The communication between the ATM and the central computer often takes place by the intermediary of a telephone connection. The central computer verifies that the PIN code entered is the correct one for the account number provided and, if so, transmits an enabling signal to the ATM, which enabling signal indicates that the transaction has been approved. Upon receipt of the approval, the ATM dispenses notes corresponding to the desired withdrawal amount from a note dispenser to the user.
  • the central computer determines that the PIN code entered is incorrect for the account number provid- ed, it transmits an error signal to the ATM, in which case the latter either allows the user to make another attempt to enter the correct PIN code, returns the card to the user without dispensing any cash, or withholds the card.
  • the verification of the PIN code and the like can also take place in the transaction station itself, so-called off-line verification.
  • transaction stations are equipped with a so-called safety module, in which cryptographic keys and algorithms for the communication between the transaction station and the central computer are provided and executed.
  • the safety module is essentially fixedly or stationarily connected to the transaction station. In the case of ATMs, the safety module is generally fixedly con-, nected inside a safety cabinet in the machine. Since one wishes to ensure that unauthorised individuals do not gain access to the information in the safety module, i.e.
  • the safety module is protected by embedding the electronic circuitry inside a physically protective shell and by providing the module with a destruct function which, by utilising various sensor members, e.g. an enclosing metal layer, is intended to destroy the cryptographic keys and other essential software in the event that someone tries to break open the safety module.
  • a destruct function which, by utilising various sensor members, e.g. an enclosing metal layer, is intended to destroy the cryptographic keys and other essential software in the event that someone tries to break open the safety module.
  • the safety module is usually equipped with a battery which ensures that the cryptographic keys are retained in the memory even if the power supply to the safety module is temporarily cut off or is lacking, for example in connection with a power cut or when an ATM is temporarily shut off for maintenance, repairs, updating or the like.
  • the battery is also active from the time when the safety module is provided with the cryptographic keys until the safety module has been arranged inside or adjacent to the transaction station and the latter has been connected to mains current. In some cases, the battery may also be necessary for maintaining the above-mentioned destruct function in a situation where the safety module has been disconnected.
  • a problem associated with these types of safety modules is that the need to protect the contents from unauthorised access, and therefore the necessity of safety arrangements and destruct functions, results in additional difficulties and costs in connection with the manufacture and design of the safety module.
  • a further problem is that a malfunction of the safety module cannot be easily dealt with. Often, service staff must go to the malfunctioning transaction station to replace or repair the malfunctioning part of the safe- ty module. Naturally, this results in undesired costs and time periods when the transaction station is not usable.
  • Another object of the invention is to provide a solution which avoids the problems connected with the limited life of the battery.
  • Yet another object is to provide a solution which enables easier and quicker repair, maintenance and updating of the safety module.
  • an IC card designed to be essentially sta- tionarily arranged in a card reader inside, or adjacent to, a transaction station for cryptographic processing of data which is to be transmitted from the transaction sta- tion to a central computer and/or data which is received by the transaction station from a central computer, said IC card being utilised in connection with the serving of several different users of said transaction station, which IC card comprises: means for storing one or more cryptographic keys; means for receiving input signals to the card; means for executing one or more cryptographic .
  • the invention is thus based upon the idea of replacing the conventional safety module with an IC card reader provided with an IC card according to the invention, which supplies the keys and algorithms required for cryptographic processing of the communication between the transaction station and the central computer.
  • the IC card is utilised for e.g. encryption, decryption and authentication of messages. Accordingly, the IC card advantageously stores master keys as well as session keys and authentication keys.
  • the preferred algorithm for cryptographic processing is the so-called DES algorithm (DES - Data Encryption Standard) .
  • IC cards are physical structures such that cryptogra- phic keys stored therein normally cannot be read from the card, considering what is practicable using existing technology. Consequently, the utilisation of an IC card according to the invention, as a replacement for the conventional safety module, results in inherent protection against the risk of an unauthorised individual gaining access to the secret keys. Even if the IC card itself were to fall into the wrong hands, this individual will still not gain access to the keys. Consequently, the IC cards themselves can be handled without any special safe- ty arrangements. If an IC card were to malfunction in a transaction station, a new card could easily be sent by mail to the persons responsible for the ongoing operation of the transaction station.
  • the memory used in the IC card consists of a non-volatile memory, usually of the EEPROM type, in which the information in the memory cells is changed with the aid of elec- trical signals but is physically preserved without any holding current being required, the need for providing a separate auxiliary current feed for the memory part of the IC card is eliminated, which is an advantageous difference in comparison with the known safety module.
  • IC cards according to the invention are not restricted to a specific card size.
  • IC cards of the following size types: ID-1, ID-00 (mini- cards), and ID-000 (plug-in cards).
  • ID-1 size types
  • ID-00 mini- cards
  • ID-000 plug-in cards
  • the IC card according to the invention should not be equated with the various types of cards, such as magnetic cards or IC cards, which a user of a transaction station sometimes carries to gain access to and utilise the station, such as ATM cards, credit cards or the like normally issued for personal use. Those types of cards are utilised only very temporarily in the transaction station when the specific cardholder is being served.
  • the IC card according to the invention is intended to be gene- rally stationarily arranged in, or adjacent to, the transaction station.
  • the IC card according to the inven- . tion is thus utilised essentially continuously in the transaction station in connection with the serving of several different users visiting the transaction station, usually one at a time.
  • the term generally stationarily means that the IC card according to the invention is permanently arranged in the transaction station during on-going operation, but that, obviously, the card can be replaced when required, for example in connection with a malfunction, when replac- ing or updating keys, or at regular intervals as a pure upgrading measure.
  • the invention relates to a transaction station, intended to communicate with a central computer and to serve a user in connection with the carrying out of desired financial transactions through the central computer, which transaction station comprises: a user interface for data inputting by a user; and means for cryptographic processing of data which is to be transmitted to and/or be received from the central computer; the transaction station according to the invention being characterised in that said means for cryptographic processing comprise a card reader intended to receive an IC card according to the above-mentioned first aspect of the pre- sent invention.
  • the transaction station according to the invention consists of an ATM ("Automatic Teller Machine"), for example of the types which in Sweden are provided in public places, in banks, etc., under the brand names "Bankomat” and “Minuten” .
  • ATM Automatic Teller Machine
  • said card reader is adapted to receive said IC card in such a way that it is inaccessible to a user. This reduces the risk of a user deliberately or inadvertently removing the IC card according to the invention, something which is not of great importance from the point of view of safety, as discussed above, but which nevertheless would mean that the encrypting function of the transaction station would be put out of order.
  • One way of achieving this is for the transaction station to be designed in such a way that the user only has access to a certain interface, while the card reader for the IC card according to the invention does not form part of this interface but is instead located elsewhere.
  • said card reader for the IC card according to the invention is arranged in a safety cabinet, for example inside the transaction station or adjacent to the transaction station.
  • a user interface as stated above advantageously comprises means for inputting a user identity, such as an additional card reader for reading an account number which is magnetically stored in the user's credit card; means for inputting a desired financial transaction, such as a keypad, and means for inputting an access code, such as a PIN code.
  • said additional card reader for reading, for example, an account number stored in the user' s credit card does not constitute the same card reader as the one employed for receiving the IC card according to the invention.
  • the user interface comprises a personal computer with an associated monitor, keyboard, mouse or like pointing device.
  • the transaction station according to the invention advantageously comprises means for providing control information, such as information concerning the desired type of cryptographic processing as well as information or data required for this processing, to said IC card according to the invention, as well as means for receiving said output signals from the IC card.
  • control information such as information concerning the desired type of cryptographic processing as well as information or data required for this processing
  • a transaction station can, for example, be designed as a so-called payment terminal which, for example, is located adjacent to cash registers in supermarkets, shops, and the like, where the customer can pay for goods or services purchased by, for example, entering an account number, usually also by means of a magnetic card, and confirming that he is an authorised user by inputting the correct PIN code.
  • one or more payment terminals are connected to a personal computer which in turn communicates with a central computer at a bank or the like.
  • a further example of transaction stations according to the invention comprise personal computer terminals which are configured to enable the user to request various financial transactions in a similar way through a central computer.
  • Such personal computer terminals can, for example, be made available to the public in public places, in banks, in companies as a service offered to employees, or explicitly for the accounting functions of the company.
  • the technique of providing this type of opportunity to carry out financial transactions at home with the aid of computers is also more or less a reality already.
  • FIG. 1 schematically shows a perspective view of a transaction station in the form of an ATM according to the present invention
  • Fig. 2 is a schematic block diagram of the transaction station in Fig. 1;
  • Fig. 3 is a schematic block diagram of the integrated circuit on the IC card in Fig. 2;
  • Fig. 4 is a flowchart for the control computer in Fig. 2;
  • Fig. 5 shows the structure of an example of a mes- sage being transmitted from the transaction station to the central computer in Fig. 2;
  • Fig. 6 is a flowchart for the integrated circuit in Fig. 3.
  • Fig. 1 is a perspective view of a transaction station 100 in the form of an ATM according to a preferred embodiment of the invention.
  • the transaction station 100 in Fig. 1 comprises a first card reader 110 (only the insertion slot is shown) , a keypad 120, a monitor 130, and a printer 140 (only the output slot is shown)
  • the transaction station further comprises a note box with a note dispenser 160.
  • the note box together with other electronic circuitry which is preferably kept at a higher level of safety, see Fig. 2 below, is contained in a safety cabinet 105 of the transaction station.
  • Fig. 2 is a schematic block diagram of the transaction station in Fig. 1.
  • the parts and components in Fig. 1 which are also shown in Fig. 2 are referred to by the same reference numerals.
  • Fig. 2 shows the transaction station 100 comprising the card reader 110, the keypad 120, the monitor 130, and the printer 140, all of which are arranged in an upper space in the transaction station 100.
  • the card reader 110 is designed to receive and read a magne- tic card 115 which the visitor or user, i.e. the cardholder, brings with him.
  • the transaction station 100 comprises a note box 160, a safety module in the form of a second card reader 170 in which an IC card 300 exhibiting an integrated circuit 310 is arranged, a control computer
  • the transaction station 100 Since extra high access protection is desired for these types of components, they are arranged in the safety cabinet 105 in the lower space of the transaction station 100.
  • the operation of the transaction station 100 is generally controlled by the control computer 180, which communicates with the first card reader 110, the keypad 120, the monitor 130, the printer 140, the note box/dispenser 160, and the second card reader 170 by the inter- mediary of a shared communication bus 150.
  • the transaction computer can be connected to a telephone network 197 and can thus communicate with a central computer 200 from a distance.
  • the integrated circuit 310 on the IC card 300 which in itself or together with the second card reader 170 can be said to form a safety module for the transaction station 100, provides the cryptographic algorithms and keys utilised in connection with the transmission of messages between the transaction station 100 and the central com- puter 200.
  • Fig. 3 is a schematic block diagram of the integrat- ed circuit 310 of the IC card 300.
  • the circuit 310 is thus formed on the IC card with the aid of conventional technology and can communicate with the control computer 180 when the IC card 300 is inserted into the second card reader 300.
  • the basic structure of the IC card 300 and the integrated circuit 310 such as connections and arrangements for transferring data between the card reader 170 and the integrated circuit 310 and like functions, are well known in the technical field relating to IC cards and, consequently, a more detailed description thereof will not be provided in this application.
  • the integrated circuit 310 of the IC card 300 generally comprises a microprocessor 315 and a non-volatile, writable memory 320, 330, usually of the EEPROM type.
  • the EEPROM memory comprises, inter alia, a first set of memory fields 320 which store the cryptographic keys employed in connection with cryptographic processing of messages transmitted between the transaction station 100 and the central computer 200.
  • a first set of memory fields 320 which store the cryptographic keys employed in connection with cryptographic processing of messages transmitted between the transaction station 100 and the central computer 200.
  • cryptographic keys stored in the memory fields 320.
  • MACs message authentication codes
  • session keys which are used in connection with encryption/decryption of PIN codes and other sensitive information transmitted between the transaction station and the central computer
  • one or more master keys which are used, inter alia, when new keys are transmitted, i.e. when old session or authentication keys are to be replaced by new keys by the intermediary of the telephone network 197.
  • the central computer 200 has access to such corresponding keys as are necessary for the central station to handle the cryptographically processed communication
  • each memory field 320 i.e. each key
  • each memory field 320 is associated with a corresponding field of a second set of memory fields 330.
  • the memory fields 330 store infor-. mation setting out the applications or functions for which the associated key may be utilised, since each specific key may usually only be used for a certain type of cryptographic processing or for cryptographic processing of only a certain type of information.
  • the processing m the integrated circuit 310 is carried out in the microprocessor 315.
  • the microprocessor 315 is configured to carry out various types of cryptographic processing by executing various program routines 340-370, which are schematically illustrated separated by dashed lines in Fig. 3, by employing various selected keys from the memory field 320.
  • the program routines in the microprocessor comprise a receiving/addressing routine which is configured to receive control information from the transaction station, preferably from the control computer 180.
  • control information comprises, for example, information about the type of cryptographic processing requested, the cryptographic key to be used, data which is to be processed, etc.
  • DES Data Encryption Standard
  • the DES algorithm in block 360 is thus used in the preferred embodiment in connection with encryption as well as decryption and authentication.
  • one of several different preparatory program routines 351-353 are used, which prepare and configure the information required in the subsequent DES algorithm 360 in order for the latter to provide the type of cryptographic processing desired.
  • the program routine 351 is addressed when encryption is requested, the program routine 352 when decryption is desired, and the program routine 353 when authentication is desired.
  • the respective program routine 351-353 fetches the keys to be utilised and structures the data to be processed in a suitable way, after which the actual cryp-_ tographic algorithm is carried out m the routine 360. Furthermore, one or more subsequent program routines 370 are included which assemble the processed information in a suitable manner and feed it back to the control computer 180 of the transaction station by the intermediary of the card reader.
  • the operation and structure of the integrated circuit 310 and the microprocessor 315 can be readily implemented in many different ways and that the invention is not restricted to the program routines and memory fields described above by way of example.
  • the different program routines can be more or less integrated with one another.
  • the actual program routines can be stored in a memory, similar to the way the information in the memory fields 320 and 330 is stored and, in this case, can be read into the microprocessor when requested.
  • it is an important characteristic of the integrated circuit 310 that the cryptographic keys are stored in such a way that, in view of what is reasonable and technically possible, they cannot be read from the card and thereby become accessible to unauthorised individuals .
  • the microprocessor 315 can, for example, also comprise program routines which are executed in connection with the replacement or updating of keys, initialising of cards, etc.
  • FIG. 4 schematically illustrates a flowchart for the control computer 180 in Fig. 2.
  • step S10 The routine shown in Fig. 4 is initiated in step S10 by the user inserting his magnetic card 115 into the card reader 110.
  • the card reader 110 reads the cardholder's account number, which is magnetically stored on the magnetic strip of the magnetic card 115, and feeds. it to the control computer 180 by the intermediary of the bus 150.
  • step S14 with the aid of the monitor 130, the control computer subsequently instructs the user to enter his PIN code with the aid of the keypad 120, after which the PIN code entered by the user is fed from the keypad 120 the control computer 180 by the intermediary of the bus 150.
  • step S16 with the aid of the monitor 130, the control computer 180 subsequently instructs the user to enter the desired withdrawal amount with the aid of the keypad 120, after which the amount entered by the user is fed from the keypad 120 to the control computer 180 by the intermediary of the bus 150.
  • the control computer sends an instruction, in step S18, to the IC card 310 which is essentially stationarily arrang- ed in the transaction station and which constitutes the safety module of the transaction station, instructing it to carry out the encryption of the PIN code utilising a specified encryption key.
  • the instruction to the IC card comprises control information in the form of details as to the operation requested (encryption) , data which is to be processed (the PIN code entered) , as well as details as to the key to be used for the processing. If desired, the account number, for example, could also be included in the information to be encrypted.
  • step S20 when the IC card has returned the encrypted PIN code, the control computer puts together the account number of the user, the encrypted PIN code, and the amount requested into a single connected message. Subsequently, in step S22, the control computer sends this message to the IC card 310 instructing it to calculate an authentication code (MAC) for the message.
  • the instruction to the IC card thus comprises control information in the form of details as to the operation requested (calculation of authentication code) , data to be processed (the message consisting of the account number, the encrypted PIN code, and the amount) , as well as details as to the key to be used. Subsequently, the finished message is sent, e.g.
  • a finished message is schematically shown in Fig. 5, in which the message comprises a first field 400 for the user's account number, a second field 410 for the encrypted PIN code, a third field 420 for the desired withdrawal amount 420, and a fourth field for the authentication code 430.
  • step 26 a reply is received from the central computer 200.
  • the control com- puter instructs the IC card 300, step S28, to authenticate the reply message.
  • the instruction to the IC card comprises control information in the form of details as to the operation requested (authentication) , data to be processed (the reply mes- sage) , as well as details as to the key to be used.
  • step S28 if the result of the authentication in the IC card is that the reply message is incorrect for some reason, the control computer proceeds to a program routine which is not shown in Fig. 4, which may, for example, involve the transaction station 100 awaiting a new reply message from the central computer 200 or the transaction station 100 interrupting the current transaction and returning the magnetic card 115 to the user. If the reply message from the central computer is correct, but states that the transaction requested is not approved, for example because the PIN code entered is incorrect or because the amount requested exceeds the balance available in the user's account, subsequent to step S28, the control computer 180 proceeds to a program routine which is not shown in Fig. 4, which, for example, may involve the transaction station 100 interrupting the .
  • the transaction station instructing the user to make a new attempt to enter the correct PIN code since the previous one was incorrect, or the transaction station withholding the user' s magnetic card and interrupt- ing the transaction without returning the card to the user .
  • the transaction station 100 in step S30, dispenses the amount requested from the note box/ dispenser 160 to the user, writes a transaction report to the user in the form of a transaction slip with the aid of the printer 140 in step S32, and returns the magnetic card 115 from the magnetic card reader to the user in step S34. Subsequently, in step S36, the transaction station returns to an idle position while waiting for a new magnetic card to be inserted into the card reader 110.
  • FIG. 6 shows a schematic flowchart for the microprocessor in Fig. 3.
  • the routine shown in Fig. 6 is initiated in steps B10 and B12 by the microprocessor 315, utilising the program routine 340 in Fig. 3, receiving an instruction by the intermediary of the bus 150 from the control computer 180 of the transaction station 100.
  • the instruction may, for example, be the instruction sent from the control computer 180 to the IC card 300 in step S18 (request for encryption) , step S22 (request for calculation of authentication code) , or step S28 (request for authentication of reply) in the flowchart described with reference to Fig. 4 above.
  • the microprocessor 315 establishes the type of function requested, i.e. the desired type of cryptographic processing, as well as the key to be used for this function, in steps B14 and B16, respectively, by deriving this information from the instruction received. Subsequently, the microprocessor 315 verifies, in step B18, that the information in the field 330 associated with the memory field 320 for the key indicated states that the key may be utilised for the function requested.
  • routine is interrupted and the IC card 300 informs the control computer 180 that the task will not be carried out.
  • this and similar kinds of preparatory obtaining, verifying, and formatting of information which is to be utilised in the actual cryptographic algorithm can be carried out in different ways, as indicated by the different rou- tines 315-353 in Fig. 3.
  • step B20 the cryptographic processing is executed, in the preferred case by using the DES algorithm in routine 360 in Fig. 3, depending on the desired cryptographic function and key as stated above.
  • step B22 program routine 370 in Fig. 6
  • the result of the cryptographic processing in step B20 is put together the preferred way according to the function requested, after which the result is sent back to the control computer (PC) 180 in step B24.
  • step B26 the IC card returns to an idle position awaiting new instructions.
  • the design of both the transaction station as a whole and the IC card according to the invention can vary depending on the application in question.
  • the invention has been described in connection with cash withdrawals from an ATM, it will be appreciated- that the invention can also be utilised for carrying out other types of financial transactions through the central computer.
  • the user interface can comprise other types of members than the ones described above.
  • the user interface can comprise a PC with a key- board, a mouse, and a monitor or the like.
  • the communication between the central computer and the transaction station according to the invention can take place over different types of communication networks.
  • the IC card according to the invention is arranged out of reach of the user, preferably in a safety cabinet, it can also be arranged in such a way that it is both accessible to the user and unprotected, since the keys are stored in such a way that they still cannot be accessed by unauthorised individuals.

Abstract

The present invention relates to an IC card, a transaction station as well as uses thereof. According to the invention, a cryptographic IC card, which is essentially stationarily arranged in a card reader in connection with a transaction station, such as an ATM or the like, is utilised for cryptographic processing of data which is to be transmitted between the transaction station and a central computer. The IC card replaces conventional safety modules and is thus arranged essentially stationarily in the card reader and is consequently used in connection with the serving of several different users of the transaction station.

Description

SAFETY MODULE
Technical Field
The present invention relates to cryptographic processing of the communication between a transaction station and a central computer in connection with financial transactions.
Background of the Invention and Prior Art
Presently, there are various examples of systems where different users or visitors utilise a transaction station, which is in communication with a central computer, for carrying out various types of financial transactions through the central computer.
So-called ATMs (Automatic Teller Machines) are probably the most common example of such transaction sta- tions. With the aid of an ATM, a customer in a bank or a like user can withdraw money from his own bank account or carry out similar financial transactions. Usually, the user identifies himself with the aid of a magnetic card or the like, which is read by a card reader in the ATM and thus provides the ATM with information about the user's account number, bank, or the like. Subsequently, the user confirms that he is an authorised user of the card, i.e. the account, by entering a so-called PIN code (PIN - Personal Identification Number) , which usually consists of a combination of four numbers and which is known only by the cardholder (user) . The PIN code is usually entered with the aid of a keypad located on the ATM. Subsequently, the user indicates the transaction he wishes to carry out, usually a desired withdrawal amount. Next, the ATM transmits this information (account number, PIN code, withdrawal amount) to a central computer which contains information about the accounts of various cardholders. The communication between the ATM and the central computer often takes place by the intermediary of a telephone connection. The central computer verifies that the PIN code entered is the correct one for the account number provided and, if so, transmits an enabling signal to the ATM, which enabling signal indicates that the transaction has been approved. Upon receipt of the approval, the ATM dispenses notes corresponding to the desired withdrawal amount from a note dispenser to the user. If the central computer determines that the PIN code entered is incorrect for the account number provid- ed, it transmits an error signal to the ATM, in which case the latter either allows the user to make another attempt to enter the correct PIN code, returns the card to the user without dispensing any cash, or withholds the card. In some cases, the verification of the PIN code and the like can also take place in the transaction station itself, so-called off-line verification.
In connection with the transmission of transaction messages of the above kind between the transaction station and the central computer, it is necessary or desir- able for at least certain types of information to be transmitted in encrypted form and for the messages to be provided with authentication in the form of MAC sums (Message Authentication Codes) or the like. This ensures both that the information cannot be accessed or listened in on by unauthorised individuals and that messages received have not been distorted or altered during the transmission .
In order to provide the above-mentioned and similar cryptographic functions, such as encrypting, decrypting, authentication, etc., transaction stations are equipped with a so-called safety module, in which cryptographic keys and algorithms for the communication between the transaction station and the central computer are provided and executed. The safety module is essentially fixedly or stationarily connected to the transaction station. In the case of ATMs, the safety module is generally fixedly con-, nected inside a safety cabinet in the machine. Since one wishes to ensure that unauthorised individuals do not gain access to the information in the safety module, i.e. primarily the cryptographic keys, the safety module is protected by embedding the electronic circuitry inside a physically protective shell and by providing the module with a destruct function which, by utilising various sensor members, e.g. an enclosing metal layer, is intended to destroy the cryptographic keys and other essential software in the event that someone tries to break open the safety module.
Moreover, the safety module is usually equipped with a battery which ensures that the cryptographic keys are retained in the memory even if the power supply to the safety module is temporarily cut off or is lacking, for example in connection with a power cut or when an ATM is temporarily shut off for maintenance, repairs, updating or the like. The battery is also active from the time when the safety module is provided with the cryptographic keys until the safety module has been arranged inside or adjacent to the transaction station and the latter has been connected to mains current. In some cases, the battery may also be necessary for maintaining the above-mentioned destruct function in a situation where the safety module has been disconnected. A problem associated with these types of safety modules is that the need to protect the contents from unauthorised access, and therefore the necessity of safety arrangements and destruct functions, results in additional difficulties and costs in connection with the manufacture and design of the safety module.
Another problem is that the battery which is usually required exhibits a limited guaranteed functional life, e.g. 5 years, whether it be rechargeable or not. This means that the safety module, or the battery therein, must be replaced at regular intervals, which is not an entirely uncomplicated process in the case of many types of safety modules. Consequently, this puts demands on the manufacturer's service organisation. It also means that there are limited possibilities for stocking safety modules. In addition, used batteries must be disposed of, something which must be carried out according to proper environmental procedures.
A further problem is that a malfunction of the safety module cannot be easily dealt with. Often, service staff must go to the malfunctioning transaction station to replace or repair the malfunctioning part of the safe- ty module. Naturally, this results in undesired costs and time periods when the transaction station is not usable.
It is thus an object of the present invention to provide a simpler solution which reduces the risk of unauthorised individuals reading the contents of the safety module, primarily the cryptographic keys.
Another object of the invention is to provide a solution which avoids the problems connected with the limited life of the battery.
Yet another object is to provide a solution which enables easier and quicker repair, maintenance and updating of the safety module.
Summary of the Invention
According to a first aspect of the present inven- tion, the above-mentioned as well as other objects are achieved by an IC card designed to be essentially sta- tionarily arranged in a card reader inside, or adjacent to, a transaction station for cryptographic processing of data which is to be transmitted from the transaction sta- tion to a central computer and/or data which is received by the transaction station from a central computer, said IC card being utilised in connection with the serving of several different users of said transaction station, which IC card comprises: means for storing one or more cryptographic keys; means for receiving input signals to the card; means for executing one or more cryptographic . algorithms utilising one or more of said cryptographic keys depending on the control information received in said input signals to the card; and means for outputting output signals, comprising the result of said execution, from the card. The invention is thus based upon the idea of replacing the conventional safety module with an IC card reader provided with an IC card according to the invention, which supplies the keys and algorithms required for cryptographic processing of the communication between the transaction station and the central computer.
According to preferred embodiments, the IC card is utilised for e.g. encryption, decryption and authentication of messages. Accordingly, the IC card advantageously stores master keys as well as session keys and authentication keys. The preferred algorithm for cryptographic processing is the so-called DES algorithm (DES - Data Encryption Standard) .
An inherent advantageous characteristic of IC cards is that their physical structure is such that cryptogra- phic keys stored therein normally cannot be read from the card, considering what is practicable using existing technology. Consequently, the utilisation of an IC card according to the invention, as a replacement for the conventional safety module, results in inherent protection against the risk of an unauthorised individual gaining access to the secret keys. Even if the IC card itself were to fall into the wrong hands, this individual will still not gain access to the keys. Consequently, the IC cards themselves can be handled without any special safe- ty arrangements. If an IC card were to malfunction in a transaction station, a new card could easily be sent by mail to the persons responsible for the ongoing operation of the transaction station. Moreover, service staff responsible for maintenance of transaction stations would not need to take pains to employ special safety arrangements for safekeeping the IC cards; in principle the cards could be handled in the same manner as other compo- nents of the device. However, it should be noted that according to a possible embodiment, the invention is not restricted to the non-readability of the keys from the card, although, in practice, this is a very essential feature.
Since, according to a preferred embodiment, the memory used in the IC card consists of a non-volatile memory, usually of the EEPROM type, in which the information in the memory cells is changed with the aid of elec- trical signals but is physically preserved without any holding current being required, the need for providing a separate auxiliary current feed for the memory part of the IC card is eliminated, which is an advantageous difference in comparison with the known safety module. Nor is a current feed required for maintaining an active safety function in the card when it is not located in the card reader, in comparison with the conventional safety module, since there is an inherent safety function in the structure of the IC card, as discussed above. IC cards according to the invention are not restricted to a specific card size. Accordingly, different embodiments of the invention comprise, for example, IC cards of the following size types: ID-1, ID-00 (mini- cards), and ID-000 (plug-in cards). In this connection, it should be noted that the IC card according to the invention should not be equated with the various types of cards, such as magnetic cards or IC cards, which a user of a transaction station sometimes carries to gain access to and utilise the station, such as ATM cards, credit cards or the like normally issued for personal use. Those types of cards are utilised only very temporarily in the transaction station when the specific cardholder is being served. Instead, the IC card according to the invention is intended to be gene- rally stationarily arranged in, or adjacent to, the transaction station. The IC card according to the inven- . tion is thus utilised essentially continuously in the transaction station in connection with the serving of several different users visiting the transaction station, usually one at a time.
Furthermore, it will be appreciated that the term generally stationarily means that the IC card according to the invention is permanently arranged in the transaction station during on-going operation, but that, obviously, the card can be replaced when required, for example in connection with a malfunction, when replac- ing or updating keys, or at regular intervals as a pure upgrading measure.
According to a second aspect of the present invention, the invention relates to a transaction station, intended to communicate with a central computer and to serve a user in connection with the carrying out of desired financial transactions through the central computer, which transaction station comprises: a user interface for data inputting by a user; and means for cryptographic processing of data which is to be transmitted to and/or be received from the central computer; the transaction station according to the invention being characterised in that said means for cryptographic processing comprise a card reader intended to receive an IC card according to the above-mentioned first aspect of the pre- sent invention.
According to a particularly preferred embodiment, the transaction station according to the invention consists of an ATM ("Automatic Teller Machine"), for example of the types which in Sweden are provided in public places, in banks, etc., under the brand names "Bankomat" and "Minuten" .
According to yet another preferred embodiment said card reader is adapted to receive said IC card in such a way that it is inaccessible to a user. This reduces the risk of a user deliberately or inadvertently removing the IC card according to the invention, something which is not of great importance from the point of view of safety, as discussed above, but which nevertheless would mean that the encrypting function of the transaction station would be put out of order. One way of achieving this is for the transaction station to be designed in such a way that the user only has access to a certain interface, while the card reader for the IC card according to the invention does not form part of this interface but is instead located elsewhere. For example, according to a further preferred embodiment, said card reader for the IC card according to the invention is arranged in a safety cabinet, for example inside the transaction station or adjacent to the transaction station.
A user interface as stated above advantageously comprises means for inputting a user identity, such as an additional card reader for reading an account number which is magnetically stored in the user's credit card; means for inputting a desired financial transaction, such as a keypad, and means for inputting an access code, such as a PIN code. In this context, it should be noted that said additional card reader for reading, for example, an account number stored in the user' s credit card does not constitute the same card reader as the one employed for receiving the IC card according to the invention. According to another alternative, the user interface comprises a personal computer with an associated monitor, keyboard, mouse or like pointing device.
The transaction station according to the invention advantageously comprises means for providing control information, such as information concerning the desired type of cryptographic processing as well as information or data required for this processing, to said IC card according to the invention, as well as means for receiving said output signals from the IC card.
Although ATMs constitute a preferred embodiment of the invention, a transaction station according to the invention can, for example, be designed as a so-called payment terminal which, for example, is located adjacent to cash registers in supermarkets, shops, and the like, where the customer can pay for goods or services purchased by, for example, entering an account number, usually also by means of a magnetic card, and confirming that he is an authorised user by inputting the correct PIN code. According to one variant, one or more payment terminals are connected to a personal computer which in turn communicates with a central computer at a bank or the like. A further example of transaction stations according to the invention comprise personal computer terminals which are configured to enable the user to request various financial transactions in a similar way through a central computer. Such personal computer terminals can, for example, be made available to the public in public places, in banks, in companies as a service offered to employees, or explicitly for the accounting functions of the company. The technique of providing this type of opportunity to carry out financial transactions at home with the aid of computers is also more or less a reality already.
Other types of financial transactions and functions can also be carried out by means of transaction stations according to the invention, such as transfers between different bank accounts, balance information, payment orders, securities transactions, etc. Depending on the application and the system in question, there are also many different possible ways of obtaining information from the user, e.g. by utilising magnetic cards, IC cards, keyboards or keypads, touch screens, etc. In the case of payment terminals, personal computers and the like, the IC card reader according to an embodiment is connected to an external port thereto and consequently constitutes an external unit.
Further aspects, objects, advantages, and features with respect to the present invention will appear from the appended claims and the description below. Brief Description of the Drawings
An embodiment of the present invention will now be described by way of example with reference to the accompanying drawings, in which: Fig. 1 schematically shows a perspective view of a transaction station in the form of an ATM according to the present invention;
Fig. 2 is a schematic block diagram of the transaction station in Fig. 1; Fig. 3 is a schematic block diagram of the integrated circuit on the IC card in Fig. 2;
Fig. 4 is a flowchart for the control computer in Fig. 2;
Fig. 5 shows the structure of an example of a mes- sage being transmitted from the transaction station to the central computer in Fig. 2; and
Fig. 6 is a flowchart for the integrated circuit in Fig. 3.
Detailed Description of a Preferred Embodiment
Fig. 1 is a perspective view of a transaction station 100 in the form of an ATM according to a preferred embodiment of the invention.
The transaction station 100 in Fig. 1 comprises a first card reader 110 (only the insertion slot is shown) , a keypad 120, a monitor 130, and a printer 140 (only the output slot is shown) The transaction station further comprises a note box with a note dispenser 160. The note box, together with other electronic circuitry which is preferably kept at a higher level of safety, see Fig. 2 below, is contained in a safety cabinet 105 of the transaction station.
Fig. 2 is a schematic block diagram of the transaction station in Fig. 1. The parts and components in Fig. 1 which are also shown in Fig. 2 are referred to by the same reference numerals. Thus, Fig. 2 shows the transaction station 100 comprising the card reader 110, the keypad 120, the monitor 130, and the printer 140, all of which are arranged in an upper space in the transaction station 100. According to this embodiment, the card reader 110 is designed to receive and read a magne- tic card 115 which the visitor or user, i.e. the cardholder, brings with him.
Moreover, the transaction station 100 comprises a note box 160, a safety module in the form of a second card reader 170 in which an IC card 300 exhibiting an integrated circuit 310 is arranged, a control computer
180 and a communication unit 190. Since extra high access protection is desired for these types of components, they are arranged in the safety cabinet 105 in the lower space of the transaction station 100. The operation of the transaction station 100 is generally controlled by the control computer 180, which communicates with the first card reader 110, the keypad 120, the monitor 130, the printer 140, the note box/dispenser 160, and the second card reader 170 by the inter- mediary of a shared communication bus 150. With the aid of a modem 195, the transaction computer can be connected to a telephone network 197 and can thus communicate with a central computer 200 from a distance.
The integrated circuit 310 on the IC card 300, which in itself or together with the second card reader 170 can be said to form a safety module for the transaction station 100, provides the cryptographic algorithms and keys utilised in connection with the transmission of messages between the transaction station 100 and the central com- puter 200.
Examples of operational routines for the transaction computer in Figs 1 and 2 will be described below with reference to Figs 4, 5, and 6.
Fig. 3 is a schematic block diagram of the integrat- ed circuit 310 of the IC card 300. The circuit 310 is thus formed on the IC card with the aid of conventional technology and can communicate with the control computer 180 when the IC card 300 is inserted into the second card reader 300.
The basic structure of the IC card 300 and the integrated circuit 310, such as connections and arrangements for transferring data between the card reader 170 and the integrated circuit 310 and like functions, are well known in the technical field relating to IC cards and, consequently, a more detailed description thereof will not be provided in this application. The integrated circuit 310 of the IC card 300 generally comprises a microprocessor 315 and a non-volatile, writable memory 320, 330, usually of the EEPROM type.
The EEPROM memory comprises, inter alia, a first set of memory fields 320 which store the cryptographic keys employed in connection with cryptographic processing of messages transmitted between the transaction station 100 and the central computer 200. Usually, there are three different types of cryptographic keys stored in the memory fields 320. First, so-called authentication keys which are used in connection with the authentication of messages, e.g. for calculating so-called message authentication codes ("MACs"), second, so-called session keys which are used in connection with encryption/decryption of PIN codes and other sensitive information transmitted between the transaction station and the central computer, and, third, one or more master keys which are used, inter alia, when new keys are transmitted, i.e. when old session or authentication keys are to be replaced by new keys by the intermediary of the telephone network 197. Obviously, the central computer 200 has access to such corresponding keys as are necessary for the central station to handle the cryptographically processed communication with the transaction station.
Furthermore, each memory field 320, i.e. each key, is associated with a corresponding field of a second set of memory fields 330. The memory fields 330 store infor-. mation setting out the applications or functions for which the associated key may be utilised, since each specific key may usually only be used for a certain type of cryptographic processing or for cryptographic processing of only a certain type of information. The processing m the integrated circuit 310 is carried out in the microprocessor 315. The microprocessor 315 is configured to carry out various types of cryptographic processing by executing various program routines 340-370, which are schematically illustrated separated by dashed lines in Fig. 3, by employing various selected keys from the memory field 320. The program routines in the microprocessor comprise a receiving/addressing routine which is configured to receive control information from the transaction station, preferably from the control computer 180. Such control information comprises, for example, information about the type of cryptographic processing requested, the cryptographic key to be used, data which is to be processed, etc.
In the preferred embodiment, essentially all types of cryptographic processing are carried out with the aid of a DES algorithm (DES - "Data Encryption Standard") in a program routine 360. The DES algorithm in block 360 is thus used in the preferred embodiment in connection with encryption as well as decryption and authentication. Depending on the type of cryptographic processing desired, one of several different preparatory program routines 351-353 are used, which prepare and configure the information required in the subsequent DES algorithm 360 in order for the latter to provide the type of cryptographic processing desired. For example, the program routine 351 is addressed when encryption is requested, the program routine 352 when decryption is desired, and the program routine 353 when authentication is desired. In this connection, the respective program routine 351-353 fetches the keys to be utilised and structures the data to be processed in a suitable way, after which the actual cryp-_ tographic algorithm is carried out m the routine 360. Furthermore, one or more subsequent program routines 370 are included which assemble the processed information in a suitable manner and feed it back to the control computer 180 of the transaction station by the intermediary of the card reader.
The person skilled in the art will appreciate that the operation and structure of the integrated circuit 310 and the microprocessor 315 can be readily implemented in many different ways and that the invention is not restricted to the program routines and memory fields described above by way of example. For example, the different program routines can be more or less integrated with one another. The actual program routines can be stored in a memory, similar to the way the information in the memory fields 320 and 330 is stored and, in this case, can be read into the microprocessor when requested. However, it is an important characteristic of the integrated circuit 310 that the cryptographic keys are stored in such a way that, in view of what is reasonable and technically possible, they cannot be read from the card and thereby become accessible to unauthorised individuals .
The microprocessor 315 can, for example, also comprise program routines which are executed in connection with the replacement or updating of keys, initialising of cards, etc.
An example of the mode of operation of the transaction station when serving a user or visitor will now be described with reference to Fig. 4, which schematically illustrates a flowchart for the control computer 180 in Fig. 2.
The routine shown in Fig. 4 is initiated in step S10 by the user inserting his magnetic card 115 into the card reader 110. In step S12, the card reader 110 reads the cardholder's account number, which is magnetically stored on the magnetic strip of the magnetic card 115, and feeds. it to the control computer 180 by the intermediary of the bus 150. In step S14, with the aid of the monitor 130, the control computer subsequently instructs the user to enter his PIN code with the aid of the keypad 120, after which the PIN code entered by the user is fed from the keypad 120 the control computer 180 by the intermediary of the bus 150. In step S16, with the aid of the monitor 130, the control computer 180 subsequently instructs the user to enter the desired withdrawal amount with the aid of the keypad 120, after which the amount entered by the user is fed from the keypad 120 to the control computer 180 by the intermediary of the bus 150.
Subsequent to obtaining the above information, the control computer sends an instruction, in step S18, to the IC card 310 which is essentially stationarily arrang- ed in the transaction station and which constitutes the safety module of the transaction station, instructing it to carry out the encryption of the PIN code utilising a specified encryption key. Accordingly, in this case, the instruction to the IC card comprises control information in the form of details as to the operation requested (encryption) , data which is to be processed (the PIN code entered) , as well as details as to the key to be used for the processing. If desired, the account number, for example, could also be included in the information to be encrypted.
In step S20, when the IC card has returned the encrypted PIN code, the control computer puts together the account number of the user, the encrypted PIN code, and the amount requested into a single connected message. Subsequently, in step S22, the control computer sends this message to the IC card 310 instructing it to calculate an authentication code (MAC) for the message. In this case, the instruction to the IC card thus comprises control information in the form of details as to the operation requested (calculation of authentication code) , data to be processed (the message consisting of the account number, the encrypted PIN code, and the amount) , as well as details as to the key to be used. Subsequently, the finished message is sent, e.g. by the intermediary of the telephone network 195, to the central computer 200 in step S24. An example of such a finished message is schematically shown in Fig. 5, in which the message comprises a first field 400 for the user's account number, a second field 410 for the encrypted PIN code, a third field 420 for the desired withdrawal amount 420, and a fourth field for the authentication code 430.
Next, in step 26, a reply is received from the central computer 200. In the case where the reply is expected to comprise an authentication code, the control com- puter instructs the IC card 300, step S28, to authenticate the reply message. Accordingly, in this case, the instruction to the IC card comprises control information in the form of details as to the operation requested (authentication) , data to be processed (the reply mes- sage) , as well as details as to the key to be used.
After step S28, if the result of the authentication in the IC card is that the reply message is incorrect for some reason, the control computer proceeds to a program routine which is not shown in Fig. 4, which may, for example, involve the transaction station 100 awaiting a new reply message from the central computer 200 or the transaction station 100 interrupting the current transaction and returning the magnetic card 115 to the user. If the reply message from the central computer is correct, but states that the transaction requested is not approved, for example because the PIN code entered is incorrect or because the amount requested exceeds the balance available in the user's account, subsequent to step S28, the control computer 180 proceeds to a program routine which is not shown in Fig. 4, which, for example, may involve the transaction station 100 interrupting the . current transaction and returning the magnetic card 115 to the user, the transaction station instructing the user to make a new attempt to enter the correct PIN code since the previous one was incorrect, or the transaction station withholding the user' s magnetic card and interrupt- ing the transaction without returning the card to the user .
However, if the reply message is authenticated as being correct and if, in addition, it contains a transaction approval, the transaction station 100, in step S30, dispenses the amount requested from the note box/ dispenser 160 to the user, writes a transaction report to the user in the form of a transaction slip with the aid of the printer 140 in step S32, and returns the magnetic card 115 from the magnetic card reader to the user in step S34. Subsequently, in step S36, the transaction station returns to an idle position while waiting for a new magnetic card to be inserted into the card reader 110.
An example of the mode of operation of the IC card 300, i.e. the integrated circuit 310, in relation to the control computer 180 in the transaction station 100 will now be described with reference to Fig. 6, which shows a schematic flowchart for the microprocessor in Fig. 3. The routine shown in Fig. 6 is initiated in steps B10 and B12 by the microprocessor 315, utilising the program routine 340 in Fig. 3, receiving an instruction by the intermediary of the bus 150 from the control computer 180 of the transaction station 100. The instruction may, for example, be the instruction sent from the control computer 180 to the IC card 300 in step S18 (request for encryption) , step S22 (request for calculation of authentication code) , or step S28 (request for authentication of reply) in the flowchart described with reference to Fig. 4 above. Next, the microprocessor 315 establishes the type of function requested, i.e. the desired type of cryptographic processing, as well as the key to be used for this function, in steps B14 and B16, respectively, by deriving this information from the instruction received. Subsequently, the microprocessor 315 verifies, in step B18, that the information in the field 330 associated with the memory field 320 for the key indicated states that the key may be utilised for the function requested. If not, the routine is interrupted and the IC card 300 informs the control computer 180 that the task will not be carried out. Depending on the type of function to be carried out, this and similar kinds of preparatory obtaining, verifying, and formatting of information which is to be utilised in the actual cryptographic algorithm can be carried out in different ways, as indicated by the different rou- tines 315-353 in Fig. 3.
Subsequently, in step B20, the cryptographic processing is executed, in the preferred case by using the DES algorithm in routine 360 in Fig. 3, depending on the desired cryptographic function and key as stated above. Subsequently, in step B22 (program routine 370 in Fig. 6), the result of the cryptographic processing in step B20 is put together the preferred way according to the function requested, after which the result is sent back to the control computer (PC) 180 in step B24. Sub- sequently, in step B26, the IC card returns to an idle position awaiting new instructions.
Although the invention has been described above by way of example with reference to an embodiment thereof, it will be appreciated that various modifications and changes can be made within the scope of the invention, which is defined in the appended claims. For example, the design of both the transaction station as a whole and the IC card according to the invention can vary depending on the application in question. Although in the above embo- diment, the invention has been described in connection with cash withdrawals from an ATM, it will be appreciated- that the invention can also be utilised for carrying out other types of financial transactions through the central computer. Moreover, the user interface can comprise other types of members than the ones described above. For example, the user interface can comprise a PC with a key- board, a mouse, and a monitor or the like. The communication between the central computer and the transaction station according to the invention can take place over different types of communication networks. Although it is preferred that the IC card according to the invention is arranged out of reach of the user, preferably in a safety cabinet, it can also be arranged in such a way that it is both accessible to the user and unprotected, since the keys are stored in such a way that they still cannot be accessed by unauthorised individuals.

Claims

1. An IC card designed to be essentially station- arily arranged in a card reader in, or adjacent to, a transaction station in order to cryptographically process data which is to be transmitted from the transaction station to a central computer and/or data which is received by the transaction station from a central computer, said IC card being utilised in connection with the serving of several users of said transaction station, which IC card comprises : means for storing one or more cryptographic keys; means for receiving input signals to the card; means for executing one or more cryptographic algorithms utilising one or more of said cryptographic keys depending upon control information received in said input signals to the card; and means for outputting output signals, comprising results of said execution, from the card.
2. An IC card according to claim 1, wherein said cryptographic keys comprise one or more master keys utilised in connection with encrypted transmission of other cryptographic keys, such as session keys and authentication keys, from the central computer to said IC card, or alternatively from the IC card to the central computer.
3. An IC card according to claim 1 or 2, wherein said cryptographic keys comprise one or more session keys utilised in connection with encryption/decryption of transaction data transmitted between the transaction station and the central computer, in addition to which said cryptographic algorithms comprise one or more algorithms for encrypting/decrypting said transaction data.
4. An IC card according to claim 1, 2, or 3, wherein, said cryptographic keys comprise one or more authentica- tion keys utilised in connection with the authentication of messages between the transaction station and the central computer, in addition to which said cryptographic algorithms comprise one or more algorithms for authenti- eating said messages.
5. A transaction station, intended to communicate with a central computer and to serve users in connection with the carrying out of desired financial transactions through the central computer, comprising a user interface for the inputting of data by a user; and means for cryptographic processing of data which is to be transmitted to/or be received from the central com- puter; c h a r a c t e r i s e d in that said means for cryptographic processing comprise a card reader intended to receive an IC card according to any one of the preceding claims.
6. A transaction station according to claim 5, wherein said card reader is adapted to receive said IC card so that the latter is kept inaccessible to a user.
7. A transaction station according to claim 6, wherein said card reader is arranged in a safety cabinet.
8. A transaction station according to any one of claims 5-7, wherein said user interface comprises means for inputting a user identity; means for inputting a desired financial transaction and means for inputting an access code.
9. A transaction station according to claim 8, wherein said means for inputting a user identity comprise an additional card reader.
10. A transaction station according to any one of claims 5-9, further comprising means for providing control information, including information about the type of cryptographic processing desired as well as the informa- tion required therefor, to said IC card, as well as means for receiving said output signals from the IC card.
11. A transaction station according to any one of claims 5-10 in the form of an ATM.
12. A transaction station according to any one of claims 5-10 in the form of a computer terminal unit, such as a personal computer, configured to enable a user thereof to carry out financial transactions through said central computer.
13. Use of an IC card according to any one of claims 1-4 for cryptographic processing of data which is to be transmitted from a transaction station to a central com- puter and/or data received by the transaction station from a central computer.
14. Use of an IC card according to claim 13, specifically for encrypting PIN codes.
15. Use of a transaction station according to any one of claims 5-12 for communication with a central computer for the purpose of serving several users in connection with the carrying out of desired financial trans- actions through the central computer.
PCT/SE1998/001019 1997-06-10 1998-05-28 Safety module WO1998059327A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU80447/98A AU8044798A (en) 1997-06-10 1998-05-28 Safety module
JP11503383A JP2000507380A (en) 1997-06-10 1998-05-28 Safety module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE9702216A SE511507C2 (en) 1997-06-10 1997-06-10 Security module for transaction station and transaction station
SE9702216-4 1997-06-10

Publications (1)

Publication Number Publication Date
WO1998059327A1 true WO1998059327A1 (en) 1998-12-30

Family

ID=20407326

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1998/001019 WO1998059327A1 (en) 1997-06-10 1998-05-28 Safety module

Country Status (4)

Country Link
JP (1) JP2000507380A (en)
AU (1) AU8044798A (en)
SE (1) SE511507C2 (en)
WO (1) WO1998059327A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1152377A2 (en) * 2000-03-28 2001-11-07 Giesecke & Devrient GmbH Method and terminal apparatus for performing transactions using a portable data carrier
WO2002001520A1 (en) * 2000-06-26 2002-01-03 Covadis S.A. Device for carrying out secure transactions in a communications network
WO2002097747A1 (en) * 2001-05-31 2002-12-05 Schlumberger Systemes Electronic payment terminal, smart card adapted to such a terminal et method for loading a secret key in such a terminal
EP1388825A2 (en) * 2002-08-02 2004-02-11 Wincor Nixdorf International GmbH Apparatus for performing secure transactions at an Automated teller machine
US7831828B2 (en) 2004-03-15 2010-11-09 Cardiac Pacemakers, Inc. System and method for securely authenticating a data exchange session with an implantable medical device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0138320A2 (en) * 1983-09-02 1985-04-24 VISA U.S.A. Inc. Cryptographic key management system
EP0151491A2 (en) * 1984-02-09 1985-08-14 Kabushiki Kaisha Toshiba Data processing terminal device
US5148481A (en) * 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
US5448638A (en) * 1991-02-28 1995-09-05 Gilbarco, Inc. Security apparatus and system for retail environments
US5572696A (en) * 1991-11-27 1996-11-05 Fujitsu Limited Secret information protection system erasing secret information upon detection of authorized user-initiated event

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0138320A2 (en) * 1983-09-02 1985-04-24 VISA U.S.A. Inc. Cryptographic key management system
EP0151491A2 (en) * 1984-02-09 1985-08-14 Kabushiki Kaisha Toshiba Data processing terminal device
US5148481A (en) * 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
US5448638A (en) * 1991-02-28 1995-09-05 Gilbarco, Inc. Security apparatus and system for retail environments
US5572696A (en) * 1991-11-27 1996-11-05 Fujitsu Limited Secret information protection system erasing secret information upon detection of authorized user-initiated event

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1152377A2 (en) * 2000-03-28 2001-11-07 Giesecke & Devrient GmbH Method and terminal apparatus for performing transactions using a portable data carrier
EP1152377A3 (en) * 2000-03-28 2004-01-07 Giesecke & Devrient GmbH Method and terminal apparatus for performing transactions using a portable data carrier
WO2002001520A1 (en) * 2000-06-26 2002-01-03 Covadis S.A. Device for carrying out secure transactions in a communications network
WO2002001522A1 (en) * 2000-06-26 2002-01-03 Covadis S.A. Computer keyboard unit for carrying out secure transactions in a communications network
WO2002097747A1 (en) * 2001-05-31 2002-12-05 Schlumberger Systemes Electronic payment terminal, smart card adapted to such a terminal et method for loading a secret key in such a terminal
FR2825495A1 (en) * 2001-05-31 2002-12-06 Schlumberger Systems & Service ELECTRONIC PAYMENT TERMINAL, CHIP CARD SUITABLE FOR A SUCH TERMINAL AND PROCESS FOR LOADING A SECRET KEY IN A SUCH TERMINAL
US7971788B2 (en) 2001-05-31 2011-07-05 Gemalto Sa Electronic payment terminal, smart card adapted to such a terminal and method for loading a secret key in such a terminal
US8690060B2 (en) 2001-05-31 2014-04-08 Gemalto Sa Electronic payment terminal
EP1388825A2 (en) * 2002-08-02 2004-02-11 Wincor Nixdorf International GmbH Apparatus for performing secure transactions at an Automated teller machine
EP1388825A3 (en) * 2002-08-02 2006-01-11 Wincor Nixdorf International GmbH Apparatus for performing secure transactions at an Automated teller machine
US7831828B2 (en) 2004-03-15 2010-11-09 Cardiac Pacemakers, Inc. System and method for securely authenticating a data exchange session with an implantable medical device

Also Published As

Publication number Publication date
AU8044798A (en) 1999-01-04
JP2000507380A (en) 2000-06-13
SE9702216L (en) 1998-12-11
SE511507C2 (en) 1999-10-11
SE9702216D0 (en) 1997-06-10

Similar Documents

Publication Publication Date Title
US5036461A (en) Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
US4961142A (en) Multi-issuer transaction device with individual identification verification plug-in application modules for each issuer
US4962531A (en) Transaction system comprising one or more host exchanges and a number of distributed terminal stations
US5892211A (en) Transaction system comprising a first transportable integrated circuit device, a terminal, and a security device
JP3722751B2 (en) Parameter distribution method in offline chip card terminal, chip card terminal and user chip card suitable for it
US5917168A (en) System and method for revaluation of stored tokens in IC cards
US6078888A (en) Cryptography security for remote dispenser transactions
US5185798A (en) Ic card system having a function of authenticating destroyed data
EP0219880B1 (en) Data processing terminal device
US5923759A (en) System for securely exchanging data with smart cards
EP0668580A1 (en) Method of authenticating a terminal in a transaction execution system
EP1271427B1 (en) Transaction terminal apparatus
KR20000016729A (en) Security procedure for controlling the transfer of value units in a chip card gaming system
JPH0670818B2 (en) Verification card and its authentication method
AU6188201A (en) Enabling use of smart cards by consumer devices for internet commerce
CN101095162A (en) System and method for a secure transaction module
CN103282923A (en) Integration of verification tokens with portable computing devices
US20020046186A1 (en) Electronic purse system having a double-structured purse, ic card applicable to the electronic purse system, ic card transaction apparatus having a double-structured purse, ic card transaction system having a double-structured purse, and ic card applicable to the
WO1997010560A1 (en) Stored value transaction system and method using anonymous account numbers
EP3105727A1 (en) Management of indentities in a transaction infrastructure
US20020013904A1 (en) Remote authentication for secure system access and payment systems
EP2854087A1 (en) Method for processing a payment
CN100392589C (en) System for executing transaction
WO1998059327A1 (en) Safety module
US20150106925A1 (en) Security system and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)

Free format text: (EXCEPT JP)

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA