Data exchange system comprising a plurality of user terminals each containing a chip card reading device

US 4,951,247 A
Filed: 03/04/1988
Issued: 08/21/1990
Est. Priority Date: 03/04/1987
Status: Expired due to Term

First Claim

Patent Images

1. A data exchange system comprising a plurality of terminals each containing a chip card reading device, a security module for storing a secret key, which key is identical for all terminals, said secret key (Ki) being formed of two sub-components (KTi, KT'"'"'i);

said security module having an erasable programmable read-only memory (EEPROM) for storing one sub-component (KTi);

a decoder means (DEC) provided in the security module;

said decoder means having an input for receiving an enciphered data block (E(Kt'"'"'i)) for the second sub-component (KT'"'"'i) from outside said security module;

said security module having a write-read memory (RAM), for receiving and storing the decoded output signals from said decoder means as a second subcomponent (KT'"'"'i) in a first sub-area of said write-read memory (RAM); and

said security module having means for operating on said two sub-components (KTi, KT'"'"'i) to form a result which is deposited in a second sub-area of the read-write memory (RAM) as an overall key (Ki).

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secret cipher (Ki) that is the same for all user terminals is formed of two sub-components (KTi, KT'"'"'i) whereof the one sub-component (KTi) is deposited in an erasable, programmable read-only memory (EEPROM). For the second sub-component (KT'"'"'i), an encoded data block (E(KT'"'"'i)) is transmitted from the outside to a decoder means (DEC) provided in the security module, the decoded output signal thereof being deposited as second sub-component (KT'"'"'i) in a first sub-area of a write-read memory (RAM) present in the security module of the user terminal. An overall cipher (Ki) is calculated from the two sub-components (KTi, KT'"'"'i) and the result is deposited in a second sub-area of the write-read memory (RAM).

18 Citations

View as Search Results

5 Claims

1. A data exchange system comprising a plurality of terminals each containing a chip card reading device, a security module for storing a secret key, which key is identical for all terminals, said secret key (Ki) being formed of two sub-components (KTi, KT'"'"'i);
- said security module having an erasable programmable read-only memory (EEPROM) for storing one sub-component (KTi);
  
  a decoder means (DEC) provided in the security module;
  
  said decoder means having an input for receiving an enciphered data block (E(Kt'"'"'i)) for the second sub-component (KT'"'"'i) from outside said security module;
  
  said security module having a write-read memory (RAM), for receiving and storing the decoded output signals from said decoder means as a second subcomponent (KT'"'"'i) in a first sub-area of said write-read memory (RAM); and
  
  said security module having means for operating on said two sub-components (KTi, KT'"'"'i) to form a result which is deposited in a second sub-area of the read-write memory (RAM) as an overall key (Ki).
- View Dependent Claims (2, 3)
- - 2. The data exchange system according to claim 1, including means for storing a randomly chosen auxiliary key (KO) in said security module, an initialization card (IK) for storing a pre-key (KTi+KO) which has been computed before from said auxiliary key (KO) and from the first subcomponent (KTi);
    - means for calculating said first sub-component (KTi) from the pre-key (KTi+KO) and from the auxiliary key (KO) and storing the said component in said erasable, programmable read-only memory (EEPROM), after mutual authentication between the security module and the initialization card (IK) and after transmission of the prekey into the security module.
  - 3. The data exchange system according to claim 1 or 2, wherein said security module is fashioned as a plug-in security card (SK).

4. A method of protecting access to a data exchange system for which use of a secret key is necessary, comprising the steps of:
- dividing said secret key into two components (KTi and KT'"'"'i), storing one of said components in a security module;
  
  maintaining the other component outside of said security module; and
  
  supplying said other component to logic means in said security module for generating the complete secret key.
- View Dependent Claims (5)
- - 5. The method according to claim 4, including the steps of:
    - using an initialization card to store a pre-key calculated from said one component and from an auxiliary key;
      
      calculating said one component from said pre-key and from said auxiliary key, stored in said security module; and
      
      storing said one component in the security module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Kersten, Annette-Gabriele, Beutelspacher, Albrecht, Kruse, Dietrich
Primary Examiner(s)
Heckler, Thomas M.

Application Number

US07/164,480
Time in Patent Office

900 Days
Field of Search

364/200 MS File, 364/900 MS File, 235/380
US Class Current

235/382
CPC Class Codes

G06Q 20/229   Hierarchy of users of accounts

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/0877   using additional device, e....

Data exchange system comprising a plurality of user terminals each containing a chip card reading device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Data exchange system comprising a plurality of user terminals each containing a chip card reading device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links