DATA HANDLING ASSEMBLY AND METHOD OF AUTHENTICATING DATA PROCESSING ENTITIES
The invention relates to a method of determining that two interconnected data processing entities are authenticated to operate together, and to a data handling assembly for carrying out such a method. The data processing entities may comprise a peripheral device and its device driver, a device driver and a higher level operating system or indeed any two hardware or software data processing entities which communicate with each other.
The established arrangement by which peripheral devices that are slaves to host computers are controlled is via a device specific piece of software usually called a "device driver" . The device driver provides the link between the application program using the peripheral and the peripheral device itself. It usually operates in conjunction with the operating system of the host computer. Device drivers are always bespoke to the peripheral device and operating system and are usually unaware of the top- level application.
As a result of this layered system, it is possible for someone with nefarious intent to subvert the intentions of the application by changing (hacking etc.) the device driver. For example, a device driver controlling a cash dispensing mechanism attached to a PC could be hacked to change the amount of money being requested thereby allowing money to be "stolen" from the application layer where the overall accountancy was being tracked. GB-A-2164181 describes a system for authenticating genuine use of an IC card in which a POS terminal encrypts a test message using a public key obtained from the IC card, the encrypted test message then being supplied to the IC card which can decrypt it using the corresponding private key. The decrypted message is then returned to the POS terminal where it is compared with the original test message. An optional on-line identification is also
described in which the POS terminal extracts information from the IC card which is then used to encrypt a test message which is sent to a host. The host decrypts the test message and compares this with previously stored data to determine whether or not they are the same. If they are, an acceptance message is encrypted and returned to the POS terminal .
The problem with these techniques is that by monitoring the data transfers, it might be possible for a fraudster to learn how to generate an "authentic" message. EP-A-0089087 describes a communication system comprising a central data processing device and a number of access stations which are coupled thereto. Also provided are a number of external stations which can be selectively coupled to the access stations. An external station is validated in that encoded data is applied to the access station. After decoding and a further encoding operation, the data is returned to the access station. Therein, the data is decoded again and compared with the data originally formed for encoding.
EP-A-0817420 also describes an authentication method based on the use of a random number.
EP-A-0403656 describes a method of authenticating communication between an IC card and a card terminal, the IC card being provided with first encipher means and the card terminal being provided with second encipher means. The communication signals are enciphered in both directions, and the algorithm of random numbers or function computations is never decoded. Therefore, a forgery device is prevented from being formed, and the data can be correctly exchanged.
In accordance with a first aspect of the present invention, a method of determining that two interconnected data processing entities are authenticated to cooperate together comprises:
(1) causing one of the entities to encrypt test data according to a first encryption scheme, and to
transmit the encrypted data to the other entity, the test data being different on each occurrence of step (1) ; (2) causing the other entity to decrypt the received encrypted test data, to encrypt the decrypted test data according to a second, different encryption scheme, and to transmit the data encrypted by the second entity to the first entity; and, (3) causing the first entity to decrypt the received, encrypted data, to compare the decrypted data with the original test data, and to authenticate that the two entities can cooperate together if the decrypted data is the same as the original test data, characterized in that the test data are obtained from a message received by the one entity.
In accordance with a second aspect of the present invention, a data handling assembly comprises two data processing entities coupled together for data exchange, the data processing entities being adapted to carry out a method according to the first aspect of the invention.
In accordance with a third aspect of the present invention, a method of controlling a data processing entity intended to cooperate with another data processing entity to confirm that they are authenticated to cooperate together comprises:
(a) encrypting test data in accordance with a first encryption scheme and sending the encrypted test data to the other data processing entity, wherein the test data is different on each occurrence of this step;
(b) receiving a message from the other data processing entity and decrypting the received message in accordance with a second encryption scheme; and,
(c) comparing the decrypted data with the original test data and authenticating that the two data processing entities can cooperate together if the decrypted data and the test data are the same, characterized in that the test data are obtained from a message received by the one entity.
In accordance with a fourth aspect of the present invention, a data processing entity is provided for carrying out a method according to the third aspect of the invention.
In this invention, the entities make use of two different encryption schemes which significantly enhances the security of the transmissions between them and in addition use different test data on each iteration of step
(1) or step (a) .
The invention avoids the need to generate the test data locally by using a message obtained by the one entity. For example, the test data could comprise a portion of the message, such as a sequence of data bits or bits chosen from predetermined or random sections of the message.
The encryption schemes could be symmetric or asymmetric, or indeed one could be symmetric and the other asymmetric. In a symmetric scheme, the same key is used to encrypt and decrypt the data. In an asymmetric scheme, different keys are required for encryption and decryption respectively, typically known as a private key and a public key. Asymmetric schemes are preferred for the present invention in view of .their inherent, additional security. The invention is particularly applicable where the entities comprise a peripheral device and its device driver respectively. However, the invention is equally applicable to a similar link and exchange between the device driver and its operating system or even a higher level application and all these scenarios are embraced within the invention. The invention may also be applied to any number of entities with equal measure .
Examples of peripheral devices to which this invention is applicable include cash dispensers, security (e.g. banknote) document counters, sorters or recirculators, modems, printers, plotters, scanners and the like, in all of which the peripheral device needs to confirm the legitimacy of the device driver. In the case of security document handling, these may be banknotes, cheques, postal orders, giro cheques, cheque credit slips and the like.
The invention has a number of advantages. For example, the same communications links used by the entities for normal communication can also be used to achieve authentication and no extra physical links are required. In addition, extra hardware is not necessary. This means that existing hardware can be upgraded to implement the invention via a software upgrade.
The method does not have to be carried out on each occasion when data is transferred from one entity to the other. Implementation of the method will typically be controlled by the entity which encrypts the test data, typically the peripheral device, and this will determine the frequency as a result of pre-programmed control data, in accordance with the importance, type and length of the data exchange and the like.
An example of a method and apparatus according to the invention will now be described with reference to the accompanying drawings, in which: -
Figure 1 is a block diagram of a peripheral device and its device driver; and,
Figure 2 is a flow diagram illustrating operation of the apparatus shown in Figure 1.
Figure 1 illustrates a peripheral device such as a cash dispenser or printer 1 connected via a communication link 2 such as a data cable or the like with a device driver 3. Typically, the device driver will be constituted by a software program loaded into a host system such as a PC. The peripheral device 1 includes a device controller 4 to which data for controlling the peripheral device is
routed and which can transmit responses to the device driver. The peripheral device also includes validation software 5. The validation software includes encryption software 6 and decryption software 7 together with comparison software 8.
The device driver 3 includes device data and control software 10 which responds to instructions and data received from the host to generate data in a required format which is supplied to the peripheral device to enable the peripheral device to carry out its normal function. In addition, the device driver includes validation software 11 including decryption software 12 and encryption software 13.
The data exchange sequence that will be described will take place at the beginning of all new activation sequences, e.g. dispense of currency, and for longer data exchange cycles, e.g. data download, will also take place at additional pseudo-random intervals. The peripheral device 1 starts all verification cycles. Initially, the device data and control software 10 in the device driver 3 generates control and other data in a conventional manner in response to instructions from the host and sends this to the device controller 4. A controlling microprocessor (not shown) within the peripheral device 1 then extracts a portion of the data received by the device controller 4 and routes this to the validation software 5 (step 20, Figure 2) . This data portion will constitute a sequence related to and extracted from the message. The encryption software 6 will then encrypt the data using a private key of a public/private key encryption system (step 21) , the encrypted data then being transmitted to validation module 11 of the device driver 3. The private key is stored in a secure memory
(not shown) within the peripheral device 1. The corresponding public key is stored in a memory (not shown) in the device driver 3 so that the decryption software 12 can use this to decrypt the transmitted,
encrypted data (step 22) . The decrypted data (which in normal circumstances will be identical with the randomly sampled data supplied to the software 6) is then supplied to the encryption software 13 where it is encrypted using a private key of another private/public key encryption system and transmitted back to the peripheral device 1
(step 23) . The private key is stored in a secure memory
(not shown) in the device driver 3. The decryption software 7 then decrypts the received message using the public key corresponding to the private key (which it stores) used by the software 13 (step 24) and the decrypted data is fed to the comparison software 8 (step 24) .
The comparison software 8 then compares (step 26) the data received from the encryption software 7 with the original data supplied to the encryption software 6 (step 25) . If they are the same, then the device driver and peripheral device are authenticated as a genuine pair (step 27) . If they do not agree then the device driver 3 is considered faulty or non-authentic (step 28) . In these circumstances, the peripheral device 1 may be taken offline or some other corrective measure applied, for example an error message can be sent to the application or function limits applied that restrict the operational status of a dispenser but no banknotes can be dispensed in the case of a cash dispenser.
By using the data received from the software module 10, the authentication exchange appears to be random so that attempts to monitor the data exchanges do not allow counterfeiters to gain access. The preferred encryption techniques are PGP and RSA.
Although software modules have been described, their functions could be performed by hardware or firmware.