System and method for secure communication of components inside self-service automats

US 9,331,850 B2
Filed: 03/10/2014
Issued: 05/03/2016
Est. Priority Date: 12/09/2008
Status: Active Grant

First Claim

Patent Images

1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:

encrypting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) by a first computing unit including memory and configured to process data;

transmitting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) from the transmitter to the receiver on a transport layer of the bus system;

receiving data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) at the receiver; and

decrypting data received as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) with the first computing unit or a second computing unit including memory and configured to process data;

wherein;

C are message data M encrypted with an encryption key;

A are message data M authenticated with an authentication key;

R represents a participant role of a component on the bus system of active or passive participants;

N represents a message counter;

Z represents a session counter;

{circumflex over (N)} is a message counter for Δ

-last messages N;

{circumflex over (Z)} is a last session counter for Δ

-last messages;

the session counters Z and {circumflex over (Z)} are configured to change the encryption key for different sessions; and

for each session the session counter {circumflex over (Z)} for Δ

-last messages is transmitted and considered and the session counter Z is transmitted and not considered;

the method further comprising;

allowing Δ

-last messages to be lost during exchange of the data without informing an application layer;

transmitting from the transmitter to the receiver a pair ({circumflex over (Z)}, {circumflex over (N)}) as a current session counter; and

checking the received data for accuracy at the receiver.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tupels (C,A,R,N,Z) on the transport layer of the bus system where

- C are the message data M encrypted with an encryption key,
- A are the message data M authenticated with an authentication key,
- R represents the role of a component on the bus system of active or passive participants,
- N represents a message counter,
- Z represents a session counter.

Citations

21 Claims

1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:
- encrypting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) by a first computing unit including memory and configured to process data;
  
  transmitting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) from the transmitter to the receiver on a transport layer of the bus system;
  
  receiving data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) at the receiver; and
  
  decrypting data received as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) with the first computing unit or a second computing unit including memory and configured to process data;
  
  wherein;
  
  C are message data M encrypted with an encryption key;
  
  A are message data M authenticated with an authentication key;
  
  R represents a participant role of a component on the bus system of active or passive participants;
  
  N represents a message counter;
  
  Z represents a session counter;
  
  {circumflex over (N)} is a message counter for Δ
  
  -last messages N;
  
  {circumflex over (Z)} is a last session counter for Δ
  
  -last messages;
  
  the session counters Z and {circumflex over (Z)} are configured to change the encryption key for different sessions; and
  
  for each session the session counter {circumflex over (Z)} for Δ
  
  -last messages is transmitted and considered and the session counter Z is transmitted and not considered;
  
  the method further comprising;
  
  allowing Δ
  
  -last messages to be lost during exchange of the data without informing an application layer;
  
  transmitting from the transmitter to the receiver a pair ({circumflex over (Z)}, {circumflex over (N)}) as a current session counter; and
  
  checking the received data for accuracy at the receiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
- - 2. The method of claim 1, wherein the encryption key and the authentication key are a common key K, securely filed in the components, that was generated at the time of production and assembly of the self-service automat on a basis of certificates from a public key infrastructure (PKI).
  - 3. The method of claim 2, wherein the common key K is stored in a Trusted Platform Module (TPM).
  - 4. The method of claim 1, wherein A:
    - =Auth[K_auth^R,N,M,|M|], where K^R_authis the result of a key generation procedure using a common key K.
  - 5. The method of claim 1, further comprising:
    - determining, while transmitting from the transmitter to the receiver, whether the message counter N is less than a maximum message counter N_max; and
      
      upon the determining whether N is less than N_max, if N is less than N_max, setting N;
      
      =N+1.
  - 6. The method of claim 1, further comprising:
    - determining while transmitting from the transmitter to the receiver, whether Z is less than a maximum session number Z_max;
      
      determining whether N is less than a maximum message number N_max;
      
      comparing a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z, N), wherein {circumflex over (Z)} is a session is a session number for Δ
      
      -last messages, {circumflex over (N)} is a message number for Δ
      
      -last messages, {circumflex over (Z)} is a last session counter, and N is a last message counter;
      
      generating, based on the comparing, an error if more than Δ
      
      messages have been lost;
      
      decrypting message data, based on the comparing, if not more than Δ
      
      messages have been lost; and
      
      upon decrypting the message data, authenticating the message data.
  - 7. The method of claim 6, further comprising:
    - decrypting the message data based on a K_dec^Rand C, wherein K_dec^Ris a result of a key generation procedure using a common key K;
      
      comparing A to an authentication value A′
      
      at the receiver, wherein A′
      
      is determined based on K_ver^R, N, the decrypted message data, and |C|, wherein K_ver^Ris a result of a key generation procedure using a common key K; and
      
      authenticating the decrypted message data, based on the comparing of A to A′
      
      , if A is equal to A′
      
      .
  - 8. The method of claim 1, wherein the self-service automat is an automated banking machine.
  - 9. The method of claim 1, wherein C C:
    - =ENC[K_enc^R,Z,N,M], where K_enc^Ris the result of a key generation procedure using a common key K.
  - 10. The method of claim 1, wherein the bus system is a universal serial bus (USB).
  - 20. The system of claim 10, wherein the bus system is a universal serial bus (USB) with wired or wireless operation.

11. A system for securing communication of components inside self-service automats comprising:
- a plurality of components, inside a self-service automat, including a first component and a second component, the first component being a transmitter in communication with the second component, being a receiver, wherein the first and second components are on a bus system having a transport layer;
  
  a plurality of configured computing units, including a first computing unit in communication with the first component and a second computing unit in communication with the second component, the first and the second computing units each including memory and configured to process data;
  
  wherein;
  
  the first computing unit encrypts data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)});
  
  the transmitter transmits data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)}) to the receiver on the bus having the transport layer;
  
  the receiver receives the data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)});
  
  the first computing unit or the second computing unit decrypt data received as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)});
  
  {circumflex over (N)}, {circumflex over (Z)}C are message data M encrypted with an encryption key;
  
  A are message data M authenticated with an authentication key;
  
  R represents a participant role of a component on the bus system, R includes active and passive;
  
  N represents a message counter;
  
  Z represents a session counter;
  
  {circumflex over (N)}is a message counter for Δ
  
  last messages N;
  
  {circumflex over (Z)}is a last session counter for Δ
  
  last messages;
  
  the session counters Z and {circumflex over (Z)}are configured to change the encryption key for different sessions; and
  
  for each session the session counter {circumflex over (Z)}for Δ
  
  -last messages is transmitted and considered and the session counter Z is transmitted and not consideredthe system further comprising a means for allowing the Δ
  
  -last messages to be lost in a transmission, from the first component to the second component, without informing an application layer above, wherein the first component transmits a current session counter pair (N, Z) and a pair ({circumflex over (N)}, {circumflex over (Z)}) so that a check is enabled at the receiver.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 21)
- - 12. The system of Claim 11, further comprising:
    - a means for generating and securely filing a common key K during the production and assembly of the self-service automat on the basis of certificates from a public key infrastructure (PKI), wherein a calculating unit uses the common key K for at least one of authentication and encryption.
  - 13. The system of claim 12, further comprising a Trusted Platform Module (TPM) in which the common key K is filed.
  - 14. The system of claim 12, wherein the calculating unit determines at least one of A and C;
    - andwherein A;
      
      =Auth[K_auth^R,N,M,|M|], where K_auth^Ris a result of a secure authentication calculation using the common key K, and C;
      
      =ENC[K_enc^R,Z,N,M] where K_enc^R, is a result of a secure encryption calculation using the common key K.
  - 15. The system of claim 11, wherein the first computing unit determines whether the message counter N is less than a maximum message counter N_max, and upon determining whether N is less than N_max, the first computing unit sets N:
    - =N+1.
  - 16. The system of claim 11, wherein the second computing unit:
    - determines whether Z is less than a maximum session counter Z_max;
      
      determines whether N is less than a maximum message counter N_max;
      
      compares a tuple ({circumflex over (Z)},{circumflex over (N)}) to a tuple ( Z, N), wherein {circumflex over (Z)} is the session counter for Δ
      
      -last messages, {circumflex over (N)} is the message counter for Δ
      
      -last messages, Z is a last session counter, and N is a last message counter;
      
      generates, based on the comparison, an error if more than Δ
      
      messages have been lost;
      
      decrypts message data, based on the comparison, if not more than Δ
      
      messages have been lost; and
      
      upon the decryption of the message data, authenticates the decrypted message data.
  - 17. The system of claim 16, wherein the second computing unit decrypts the message data based on K_dec^Rand C, where K_dec^Ris a result of a key generation procedure using a common key K.
  - 18. The system of claim 17, wherein the second computing unit authenticates the decrypted message data, based on a comparison of A and A′
    - , if A is equal to A′
      
      , wherein A′
      
      is determined based on K_ver^R, N, the decrypted message data, and |C|, wherein K_ver^Ris a result of a key generation procedure using a common key K.
  - 19. The system of claim 11, wherein the self-service automat is an automated teller machine (ATM).
  - 21. The system of claim 11, further comprising means for exchanging data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)}) between the first component and the second component on the transport layer of the bus system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Diebold Nixdorf Systems GmbH (Diebold Nixdorf, Incorporated)
Original Assignee
Wincor Nixdorf International GmbH (Diebold Nixdorf, Incorporated)
Inventors
Krummel, Volker, Runowski, Matthias, Bloemer, Johannes, Nolte, Michael
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US14/202,664
Publication Number

US 20140192978A1
Time in Patent Office

785 Days
Field of Search

713/176, 713/184, 709/233, 380 40- 44, 235/379
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G07F 19/20   Automatic teller machines [...

H04L 9/0861   Generation of secret inform...

System and method for secure communication of components inside self-service automats

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure communication of components inside self-service automats

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links