Method and system for real-time registration of transactions with a security module
First Claim
1. A method for real-time registration of transactions with security against tampering using a security module, comprising the steps of:
- providing a security module and a translog file accessible by said security module and in communication with a translog file analyzer;
generating at least one encrypted, initial security value as ciphered text in said security module and subsequently forming a current security value from said initial security value according to a first mathematical function that is also employed by said translog file analyzer, that allows derivation of a plurality of subsequent security values for securing and verifying subsequently occurring unencrypted real-time entries respectively representing subsequently occurring transactions;
listing said real time entries, identified by a flag, in said translog file dependent on a sequence counter reading;
for each of said real-time entries, generating an authentication code with said security module by inserting said real-time entry and said current security value into an algorithm operating with a second mathematical function for said authentication code, also employed by said translog file analyzer;
securing each of said real-time entries by appending said authentication code generated for that real-time entry to that real-time entry; and
registering each real-time entry, secured with said authentication code, as a dataset.
1 Assignment
0 Petitions
Accused Products
Abstract
In a method for real-time registration having high protection against tampering by means of a security module, an encrypted initial security value for translog file analyzers is made available an unencrypted real-time message is secured by appending an authentication code that the security module generates by inserting a current security value into an algorithm for authentication code for each real-time message that is likewise employed by each translog file analyzer. The first security value is formed according to a first mathematical function known to the translog file analyzer that allows a derivation of following security values. The authentication code is formed according to a second mathematical function known to the translog analyzer that is applied to the real-time message and to the current security value and that serves for the verification of the real-time message. A system for real-time registration has at least one client system and at least one translog analyzer for monitoring the authenticity of a translog file that had been generated by the security module.
-
Citations
19 Claims
-
1. A method for real-time registration of transactions with security against tampering using a security module, comprising the steps of:
-
providing a security module and a translog file accessible by said security module and in communication with a translog file analyzer; generating at least one encrypted, initial security value as ciphered text in said security module and subsequently forming a current security value from said initial security value according to a first mathematical function that is also employed by said translog file analyzer, that allows derivation of a plurality of subsequent security values for securing and verifying subsequently occurring unencrypted real-time entries respectively representing subsequently occurring transactions; listing said real time entries, identified by a flag, in said translog file dependent on a sequence counter reading; for each of said real-time entries, generating an authentication code with said security module by inserting said real-time entry and said current security value into an algorithm operating with a second mathematical function for said authentication code, also employed by said translog file analyzer; securing each of said real-time entries by appending said authentication code generated for that real-time entry to that real-time entry; and registering each real-time entry, secured with said authentication code, as a dataset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system having a security module for real-time registration with high security against forgery, said security module comprising a memory for the non-volatile storing of intermediate results and keys, and a processor for implementation of a non-real-time operation with generation of a first dataset and for implementation of a realtime operation with generation of a second dataset, said memory non-volatilely storing a current security value and an algorithm that is employed by a translog file analyzer and that has first and second mathematical functions, said processor being programmed to generate the current security value from a preceding security value according to the algorithm with the first mathematical function and to generate an authentication code from the real-time entry and the respectively current security value belonging to a real-time entry according to the algorithm with the second mathematical function;
- and said security module comprises a communication interface for offering the datasets for transmission to at least one translog file analyzers, said security module being a component of a client system that is connected via a communication connection to a plurality of authorized translog file analyzers, and said security module being equipped with a public encryption key with which an initial security value is encrypted; and
said the security module being programmed, as a result of at least one non-real-time operation, to transmit a non-real-time entry in the form of said first dataset to a translog file analyzer, the non-real-time entry containing the initial security value in encrypted form. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- and said security module comprises a communication interface for offering the datasets for transmission to at least one translog file analyzers, said security module being a component of a client system that is connected via a communication connection to a plurality of authorized translog file analyzers, and said security module being equipped with a public encryption key with which an initial security value is encrypted; and
Specification