System and method for secure communication of components inside self-service automats

US 8,787,569 B2
Filed: 10/22/2009
Issued: 07/22/2014
Est. Priority Date: 12/09/2008
Status: Active Grant

First Claim

Patent Images

1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:

exchanging data as tuples (C, A, R, N, Z) between the transmitter and the receiver on a transport layer of the bus system, whereinC are message data M encrypted with an encryption key,A are message data M authenticated with an authentication key,R represents a participant role of a component on the bus system of active or passive participants,N represents a message counter, andZ represents a session counter,determining while transmitting from the transmitter to the receiver, whether Z is less than a maximum session number Z_max;

determining whether N is less than a maximum message number N_max;

comparing a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z, N), wherein {circumflex over (Z)} is a session number for Δ

-last messages, {circumflex over (N)} is a message number for Δ

-last messages, {circumflex over (Z)} is a last session counter, and N is a last message counter;

generating, based on the comparing, an error if more than Δ

messages have been lost;

decrypting message data, based on the comparing, if not more than Δ

messages have been lost;

upon decrypting the message data, authenticating the message data;

decrypting the message data based on a K_dec^Rand C, wherein K_dec^Ris a result of a key generation procedure using a common key K;

comparing A to an authentication value A′

at the receiver, wherein A′

is determined based on K_ver^R, N, the decrypted message data, and |C|, wherein K_ver^Ris a result of a key generation procedure using a common key K; and

authenticating the decrypted message data, based on the comparing of A to A′

, if A is equal to A′

.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tuples (C, A, R, N, Z) on the transport layer of the bus system where

- C are the message data M encrypted with an encryption key,
- A are the message data M authenticated with an authentication key,
- R represents the role of a component on the bus system of active or passive participants,
- N represents a message counter,
- Z represents a session counter.

29 Citations

View as Search Results

19 Claims

1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:
- exchanging data as tuples (C, A, R, N, Z) between the transmitter and the receiver on a transport layer of the bus system, whereinC are message data M encrypted with an encryption key,A are message data M authenticated with an authentication key,R represents a participant role of a component on the bus system of active or passive participants,N represents a message counter, andZ represents a session counter,determining while transmitting from the transmitter to the receiver, whether Z is less than a maximum session number Z_max;
  
  determining whether N is less than a maximum message number N_max;
  
  comparing a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z, N), wherein {circumflex over (Z)} is a session number for Δ
  
  -last messages, {circumflex over (N)} is a message number for Δ
  
  -last messages, {circumflex over (Z)} is a last session counter, and N is a last message counter;
  
  generating, based on the comparing, an error if more than Δ
  
  messages have been lost;
  
  decrypting message data, based on the comparing, if not more than Δ
  
  messages have been lost;
  
  upon decrypting the message data, authenticating the message data;
  
  decrypting the message data based on a K_dec^Rand C, wherein K_dec^Ris a result of a key generation procedure using a common key K;
  
  comparing A to an authentication value A′
  
  at the receiver, wherein A′
  
  is determined based on K_ver^R, N, the decrypted message data, and |C|, wherein K_ver^Ris a result of a key generation procedure using a common key K; and
  
  authenticating the decrypted message data, based on the comparing of A to A′
  
  , if A is equal to A′
  
  .
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - exchanging data as a tuple (C, A, R, N, Z, {circumflex over (N)}, {circumflex over (Z)}) between the transmitter and the receiver on the transport layer of the bus system, where {circumflex over (N)} is a message counter for Δ
      
      -last messages N and {circumflex over (Z)} is a last session counter for Δ
      
      -last messages.
  - 3. The method of claim 2, further comprising:
    - allowing Δ
      
      -last messages to be lost during the exchanging the data without informing an application layer;
      
      transmitting from the transmitter to the receiver, a pair ({circumflex over (Z)},{circumflex over (N)}) as a current session counter; and
      
      upon the exchanging the data, enabling a check at the receiver.
  - 4. The method of claim 1, wherein the encryption key and the authentication key are a common key K, securely filed in the components, that was generated at the time of production and assembly of the self-service automat on a basis of certificates from a public key infrastructure (PKI).
  - 5. The method of claim 4, wherein the common key K is stored in a Trusted Platform Module (TPM).
  - 6. The method of claim 1, wherein A:
    - =AUTH[K_auth^R, N, M, |M|], where K^R_authis the result of a key generation procedure using a common key K.
  - 7. The method from one or more of the preceding claims, further comprising:
    - determining, while transmitting from the transmitter to the receiver, whether the message counter N is less than a maximum message counter N_max;
      
      and upon the determining whether N is less than N_MAX, IF N is less than N_MAX, setting N;
      
      =N+1.
  - 8. The method of claim 1, wherein the self-service automat is an automated banking machine.
  - 9. The method of claim 1 or 6, wherein C:
    - =ENC[K_enc^R, Z, N, M], where K_enc^Ris the result of a key generation procedure using a common key K.
  - 10. The method of claim 1, wherein the bus system is a universal serial bus (USB).

11. A system for securing communication of components inside self-service automats comprising:
- a plurality of components, inside a self-service automat, including a first component and a second component, the first component being a transmitter in communication with the second component, being a receiver, wherein the first and second components are on a bus system;
  
  a plurality of configured computing units, including a first computing unit in communication with the first component and a second computing unit in communication with the second component; and
  
  the bus system having a transport layer, wherein data are exchanged between the first component and the second component as tuples, whereinC are message data M encrypted with an encryption key,A are message data M authenticated with an authentication key,R represents a participant role of a component on the bus system, wherein R includes active and passive,N represents a message counter, andZ represents a session counter,wherein the second computing unit;
  
  determines whether Z is less than a maximum session counter Z_max;
  
  determines whether N is less than a maximum message counter N_max;
  
  compares a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z, N), wherein {circumflex over (Z)} is a session counter for Δ
  
  -last messages, {circumflex over (N)} is a message counter for Δ
  
  -last messages, Z is a last session counter, and N is a last message counter;
  
  generates, based on the comparison, an error if more than Δ
  
  messages have been lost;
  
  decrypts message data, based on the comparison, if not more than Δ
  
  messages have been lost; and
  
  upon the decryption of the message data, authenticates the decrypted message data;
  
  wherein the second computing unit decrypts the message data based on K_dec^Rand C, where K_dec^Ris a result of a key generation procedure using a common key K; and
  
  wherein the second computing unit authenticates the decrypted message data, based on a comparison of A and A′
  
  , if A is equal to A′
  
  , wherein A′
  
  is determined based on K_ver^R, N, the decrypted message data, and |C|, wherein K_ver^Ris a result of a key generation procedure using a common key K.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, further comprising:
    - a means for exchanging a tuple (C, A, R, N, {circumflex over (N)}, {circumflex over (Z)}), between the first component and the second component, on the transport layer of the bus system, where {circumflex over (N)} is a message counter for Δ
      
      -last messages, and {circumflex over (Z)} is a last session counter for Δ
      
      -last messages.
  - 13. The system of claim 12, further comprising:
    - a means for allowing the Δ
      
      -last messages to be lost in a transmission, from the first component to the second component, without informing an application layer above, wherein the first component transmits a current session counter pair (N, Z) and a pair ({circumflex over (N)},{circumflex over (Z)}) so that a check is enabled at the receiver.
  - 14. The system of claim 13, further comprising:
    - a means for generating and securely filing a common key K during the production and assembly of the self-service automat on the basis of certificates from a public key infrastructure (PKI), wherein a calculating unit uses the common key K for at least one of authentication and encryption.
  - 15. The system of claim 14, further comprising:
    - a Trusted Platform Module (TPM) in which the common key K is filed.
  - 16. The system of claim 14, wherein the calculating unit determines at least one of A and C, wherein A:
    - =AUTH[K_auth^R, N, M, |M|], where K_auth^Ris a result of a secure authentication calculation using the common key K, and C;
      
      =ENC[K_enc^R, Z, N, M] where K_enc^Ris a result of a secure encryption calculation using the common key K.
  - 17. The system of claim 11, wherein the first computing unit determines whether the message counter N is less than a maximum message counter N_max, and upon determining whether N is less than N_max, the first computing unit sets N:
    - =N+1.
  - 18. The system of claim 11, wherein the self-service automat is an automated teller machine (ATM).
  - 19. The system of claim 11, wherein the bus system is a universal serial bus (USB) with wired or wireless operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Diebold Nixdorf Systems GmbH (Diebold Nixdorf, Incorporated)
Original Assignee
Wincor Nixdorf International GmbH (Diebold Nixdorf, Incorporated)
Inventors
Krummel, Volker, Nolte, Michael, Runowski, Matthias, Bloemer, Johannes
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US12/603,836
Publication Number

US 20100310069A1
Time in Patent Office

1,734 Days
Field of Search

713/176, 713/184, 713/171, 713/183, 705 40- 43, 705/8, 235/379, 380/30, 380 40- 44, 380/284, 380/285, 709/233
US Class Current

380/44
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 19/20   Automatic teller machines [...

H04L 9/0861   Generation of secret inform...

System and method for secure communication of components inside self-service automats

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure communication of components inside self-service automats

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links