System and method for secure communication of components inside self-service automats
First Claim
Patent Images
1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:
- exchanging data as tuples (C, A, R, N, Z) between the transmitter and the receiver on a transport layer of the bus system, whereinC are message data M encrypted with an encryption key,A are message data M authenticated with an authentication key,R represents a participant role of a component on the bus system of active or passive participants,N represents a message counter, andZ represents a session counter,determining while transmitting from the transmitter to the receiver, whether Z is less than a maximum session number Zmax;
determining whether N is less than a maximum message number Nmax;
comparing a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z, N), wherein {circumflex over (Z)} is a session number for Δ
-last messages, {circumflex over (N)} is a message number for Δ
-last messages, {circumflex over (Z)} is a last session counter, and N is a last message counter;
generating, based on the comparing, an error if more than Δ
messages have been lost;
decrypting message data, based on the comparing, if not more than Δ
messages have been lost;
upon decrypting the message data, authenticating the message data;
decrypting the message data based on a KdecR and C, wherein KdecR is a result of a key generation procedure using a common key K;
comparing A to an authentication value A′
at the receiver, wherein A′
is determined based on KverR, N, the decrypted message data, and |C|, wherein KverR is a result of a key generation procedure using a common key K; and
authenticating the decrypted message data, based on the comparing of A to A′
, if A is equal to A′
.
10 Assignments
0 Petitions
Accused Products
Abstract
Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tuples (C, A, R, N, Z) on the transport layer of the bus system where
- C are the message data M encrypted with an encryption key,
- A are the message data M authenticated with an authentication key,
- R represents the role of a component on the bus system of active or passive participants,
- N represents a message counter,
- Z represents a session counter.
29 Citations
19 Claims
-
1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:
-
exchanging data as tuples (C, A, R, N, Z) between the transmitter and the receiver on a transport layer of the bus system, wherein C are message data M encrypted with an encryption key, A are message data M authenticated with an authentication key, R represents a participant role of a component on the bus system of active or passive participants, N represents a message counter, and Z represents a session counter, determining while transmitting from the transmitter to the receiver, whether Z is less than a maximum session number Zmax; determining whether N is less than a maximum message number Nmax; comparing a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z ,N ), wherein {circumflex over (Z)} is a session number for Δ
-last messages, {circumflex over (N)} is a message number for Δ
-last messages, {circumflex over (Z)} is a last session counter, andN is a last message counter;generating, based on the comparing, an error if more than Δ
messages have been lost;decrypting message data, based on the comparing, if not more than Δ
messages have been lost;upon decrypting the message data, authenticating the message data; decrypting the message data based on a KdecR and C, wherein KdecR is a result of a key generation procedure using a common key K; comparing A to an authentication value A′
at the receiver, wherein A′
is determined based on KverR, N, the decrypted message data, and |C|, wherein KverR is a result of a key generation procedure using a common key K; andauthenticating the decrypted message data, based on the comparing of A to A′
, if A is equal to A′
. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for securing communication of components inside self-service automats comprising:
-
a plurality of components, inside a self-service automat, including a first component and a second component, the first component being a transmitter in communication with the second component, being a receiver, wherein the first and second components are on a bus system; a plurality of configured computing units, including a first computing unit in communication with the first component and a second computing unit in communication with the second component; and the bus system having a transport layer, wherein data are exchanged between the first component and the second component as tuples, wherein C are message data M encrypted with an encryption key, A are message data M authenticated with an authentication key, R represents a participant role of a component on the bus system, wherein R includes active and passive, N represents a message counter, and Z represents a session counter, wherein the second computing unit; determines whether Z is less than a maximum session counter Zmax; determines whether N is less than a maximum message counter Nmax; compares a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z ,N ), wherein {circumflex over (Z)} is a session counter for Δ
-last messages, {circumflex over (N)} is a message counter for Δ
-last messages,Z is a last session counter, andN is a last message counter;generates, based on the comparison, an error if more than Δ
messages have been lost;decrypts message data, based on the comparison, if not more than Δ
messages have been lost; andupon the decryption of the message data, authenticates the decrypted message data; wherein the second computing unit decrypts the message data based on KdecR and C, where KdecR is a result of a key generation procedure using a common key K; and wherein the second computing unit authenticates the decrypted message data, based on a comparison of A and A′
, if A is equal to A′
, wherein A′
is determined based on KverR, N, the decrypted message data, and |C|, wherein KverR is a result of a key generation procedure using a common key K. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification