System and method for secure communication of components inside self-service automats
First Claim
Patent Images
1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:
- encrypting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) by a first computing unit including memory and configured to process data;
transmitting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) from the transmitter to the receiver on a transport layer of the bus system;
receiving data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) at the receiver; and
decrypting data received as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) with the first computing unit or a second computing unit including memory and configured to process data;
wherein;
C are message data M encrypted with an encryption key;
A are message data M authenticated with an authentication key;
R represents a participant role of a component on the bus system of active or passive participants;
N represents a message counter;
Z represents a session counter;
{circumflex over (N)} is a message counter for Δ
-last messages N;
{circumflex over (Z)} is a last session counter for Δ
-last messages;
the session counters Z and {circumflex over (Z)} are configured to change the encryption key for different sessions; and
for each session the session counter {circumflex over (Z)} for Δ
-last messages is transmitted and considered and the session counter Z is transmitted and not considered;
the method further comprising;
allowing Δ
-last messages to be lost during exchange of the data without informing an application layer;
transmitting from the transmitter to the receiver a pair ({circumflex over (Z)}, {circumflex over (N)}) as a current session counter; and
checking the received data for accuracy at the receiver.
9 Assignments
0 Petitions
Accused Products
Abstract
Method to secure the communication of components within self-service automats that are linked to each other by a bus system, having a transmitter and a receiver, characterized in that data are exchanged as tupels (C,A,R,N,Z) on the transport layer of the bus system where
- C are the message data M encrypted with an encryption key,
- A are the message data M authenticated with an authentication key,
- R represents the role of a component on the bus system of active or passive participants,
- N represents a message counter,
- Z represents a session counter.
-
Citations
21 Claims
-
1. A method for securing communication of components inside a self-service automat that are connected to each other by a bus system, with a transmitter and a receiver, comprising:
-
encrypting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) by a first computing unit including memory and configured to process data; transmitting data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) from the transmitter to the receiver on a transport layer of the bus system; receiving data as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) at the receiver; and decrypting data received as tuples (C,A,R,N,Z, {circumflex over (N)}, {circumflex over (Z)}) with the first computing unit or a second computing unit including memory and configured to process data; wherein; C are message data M encrypted with an encryption key; A are message data M authenticated with an authentication key; R represents a participant role of a component on the bus system of active or passive participants; N represents a message counter; Z represents a session counter; {circumflex over (N)} is a message counter for Δ
-last messages N;{circumflex over (Z)} is a last session counter for Δ
-last messages;the session counters Z and {circumflex over (Z)} are configured to change the encryption key for different sessions; and for each session the session counter {circumflex over (Z)} for Δ
-last messages is transmitted and considered and the session counter Z is transmitted and not considered;the method further comprising; allowing Δ
-last messages to be lost during exchange of the data without informing an application layer;transmitting from the transmitter to the receiver a pair ({circumflex over (Z)}, {circumflex over (N)}) as a current session counter; and checking the received data for accuracy at the receiver. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
-
-
11. A system for securing communication of components inside self-service automats comprising:
-
a plurality of components, inside a self-service automat, including a first component and a second component, the first component being a transmitter in communication with the second component, being a receiver, wherein the first and second components are on a bus system having a transport layer; a plurality of configured computing units, including a first computing unit in communication with the first component and a second computing unit in communication with the second component, the first and the second computing units each including memory and configured to process data; wherein; the first computing unit encrypts data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)}); the transmitter transmits data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)}) to the receiver on the bus having the transport layer; the receiver receives the data as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)}); the first computing unit or the second computing unit decrypt data received as tuples (C,A,R,N, {circumflex over (N)}, {circumflex over (Z)}); {circumflex over (N)}, {circumflex over (Z)} C are message data M encrypted with an encryption key; A are message data M authenticated with an authentication key; R represents a participant role of a component on the bus system, R includes active and passive; N represents a message counter; Z represents a session counter; {circumflex over (N)}is a message counter for Δ
last messages N;{circumflex over (Z)}is a last session counter for Δ
last messages;the session counters Z and {circumflex over (Z)}are configured to change the encryption key for different sessions; and for each session the session counter {circumflex over (Z)}for Δ
-last messages is transmitted and considered and the session counter Z is transmitted and not consideredthe system further comprising a means for allowing the Δ
-last messages to be lost in a transmission, from the first component to the second component, without informing an application layer above, wherein the first component transmits a current session counter pair (N, Z) and a pair ({circumflex over (N)}, {circumflex over (Z)}) so that a check is enabled at the receiver. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 21)
-
Specification