[go: up one dir, main page]

WO2007035970A2 - Cryptographic key management system - Google Patents

Cryptographic key management system Download PDF

Info

Publication number
WO2007035970A2
WO2007035970A2 PCT/ZA2006/000112 ZA2006000112W WO2007035970A2 WO 2007035970 A2 WO2007035970 A2 WO 2007035970A2 ZA 2006000112 W ZA2006000112 W ZA 2006000112W WO 2007035970 A2 WO2007035970 A2 WO 2007035970A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
controlled device
management system
access
cdkda
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/ZA2006/000112
Other languages
French (fr)
Other versions
WO2007035970A3 (en
Inventor
Roderick Mark Dyson
Benjamin Nortjie
Frederick Peter Eek
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2007035970A2 publication Critical patent/WO2007035970A2/en
Anticipated expiration legal-status Critical
Priority to ZA200803730A priority Critical patent/ZA200803730B/en
Publication of WO2007035970A3 publication Critical patent/WO2007035970A3/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Definitions

  • This invention relates to a cryptographic key management system.
  • the invention finds particular application as a key management system in a cash in transit system and it will be described with reference to such an application. It will be appreciated, however, that this is done purely for illustration and it is not intended to limit the scope of the invention to such a particular example.
  • the typical cash in transit system makes use of a plurality of secure cash containers or boxes that are used to transport cash and other valuable documents, all of which will, for convenience, be referred to in this specification as "cash” where appropriate.
  • the term “cash” will include a reference to any valuable transaction document, including money and any document other than money normally used in commerce to initiate, conclude or record a transaction. Examples of such other transaction documents include cheques, credit card clips, deposit slips, withdrawal slips and printouts of electronic payment records. Since cash in transit systems must deal with coin money, the term “cash” will, where the context allows, include a reference to coin money as well.
  • the cash containers used in these systems are constituted by secure boxes or containers with one or more compartments that are accessible via electronically controlled doors or hatches.
  • Cash is deposited into one or more of the compartments in the cash container by means of dedicated cash acceptance terminals and removed by means of dedicated opening jigs located at one or more cash processing centres, both of which will be described below.
  • the cash container is provided with an onboard processor with sufficient computing power and memory to store a record of the transactions involving the cash container, including data detailing deposits, merchant details and a breakdown of the denominations of notes and documents contained within the cash container.
  • the cash container processor records and stores the operational history of the container and a record of any mishandling of the container.
  • the cash container is protected by means of a dye mechanism that can be activated to release a document staining dye into the interior of the container, thereby to stain the transaction documents securely contained within the container.
  • the cash container is adapted to interface and dock with one or more secure cash acceptance terminals.
  • These terminals are essentially docking stations and are located at a cash acceptance point (normally the premises of retailers or other organisations that receive cash and need to have the cash transported to and from their premises).
  • Cash acceptance terminals can be static or mobile, the latter being mounted on castors so that they can be wheeled around between tills and cash collection points with one or more cash containers docked and securely stored within the cash acceptance terminal.
  • the cash acceptance terminal is provided with a feed chute through which the cash is fed into the cash acceptance terminal and from there into the cash container docked within the cash acceptance terminal.
  • the document travel path within the cash acceptance terminal typically includes a note validator with a note reject facility.
  • the cash acceptance terminal may have magnetic stripe, card or tag readers, a receipt printer and sufficient onboard processing power to record and store the transactions undertaken with the use of the cash acceptance terminal.
  • the cash processing centre is typically constituted by a cash handling facility that contains one or more secure container processing jigs, each of which is either networked or provided with onboard or processing power interfaced with the cash centre reconciliation system.
  • the emptying jigs are used to open the cash containers and empty the contents to allow the cash and transaction documents contained in the cash containers to be counted, reconciled and transferred into bulk document sorting and storage systems.
  • a reciprocal authentication procedure takes place to verify the component identities and the authorisation of the components to engage in the various processes permitted within the system, such as opening the cash container, depositing cash into the cash container and discharging cash from the cash container at the cash processing centre. This is done with the use of digital cryptographic techniques.
  • This invention seeks to provide such a key management system in which the keys will be used to control access to functions on an electronically controlled device such as a cash container, a cash acceptance terminal or a processing jig at the cash processing centre.
  • this invention seeks to provide a system that can be used to securely control access to functions on multiple such devices for more than one user group, each group having access to a pre-determined set of functions on the device or a set of devices.
  • a typical system using the key management system of this invention comprises two types of devices.
  • the first type is an electronically controlled device (herein referred to as a "controlled device") with functionalities that need to be accessed by users using the second type of device (herein referred to as an "access device").
  • a specific device can be used in a functional hierarchy where it acts as an access device in the one functional group and as a controlled device in another functional group.
  • An access device can have access to the full functionality of the controlled device or limited access to a subset of the controlled device's functions.
  • the term "user group” will be used in this specification to refer to a system containing controlled and access devices which are adapted to interact with each other. Devices in a user group will normally be owned by the same entity. Multiple user groups can exist, but they will be limited in that devices in one user group will be restricted from interacting with devices in a different user group unless specific key sharing has been implemented.
  • the term "function set” will be used in this specification as referring to a set of controlled device functions that are grouped together according to accessibility. The functions in a function set all have the same accessibility requirements.
  • each controlled device and access device will have a means for bidirectional communication and the access device either contains a secure key storage mechanism or has access to a secure key storage mechanism.
  • the secure key storage mechanism is located within a distinct, physical security module that is installed in the access device.
  • KDA key derivation algorithm
  • CDKDA controlled device key derivation algorithm
  • the key derivation algorithm may conveniently allow the controlled device to derive a block of new keys from at least one current key or from a block of current keys and where appropriate, references to a "key" in this specification, should be interpreted to refer to a block of keys.
  • the preferred method for key derivation is triple DES DUKPT, but persons skilled in the art can use any similar key derivation algorithm.
  • the DUKPT (Derived Unique Key Per Transaction) system is in use around the world to encrypt Personal Identification Number (PIN) information and to authenticate messages. To date, the DUKPT system has not been used to manage and control access to function sets on electronically controlled devices in a system.
  • the controlled device is preferably provided with data storage means for storing an encryption key for every user function set that can be accessed separately by the access device, the controlled device being programmed, when in use the access device requires access to a specific function set of the controlled device, to require the transmission, to the controlled device, of data demonstrating knowledge of the controlled device encryption key for that function set.
  • the controlled device is programmed for all or some of the encryption keys of the controlled device to be single use keys, the controlled device being programmed to allow access to the functions of the controlled device related to that key only once, to calculate the next key using the key derivation algorithm and to destroy the used key.
  • CDKDA controlled device key derivation algorithm
  • CDKDA controlled device key derivation algorithm
  • K n+I CDKDA(K n )
  • ADKDA access device key derivation algorithm
  • the preferred method for key derivation is triple DES DUKPT, but persons skilled in the art can use any similar key derivation algorithm.
  • An access device that is allowed to use a specific function set on controlled devices in a user group with key series CD x , therefore needs to either securely store the initial key for those devices, or alternatively securely store the BDKKIMX and be equipped with the initial key derivation algorithm (IKDA) to allow it to calculate the initial key.
  • the access device can therefore calculate a specific active key U ⁇ F N CD ⁇ K n for a function set UKF N , for any controlled device with key series CDx as long as it has the key serial number n, and the base derivation key BDK ⁇ N ⁇ .
  • Any agreed authentication method using the key can be used to gain access to the specific function set from an access device to a controlled device.
  • the specific mechanism to use is dependent on the functionality and implementation of the controlled device and two examples are given below.
  • Mechanism 1 provides access to a function set for predetermined conditions without the ability to detect rogue controlled devices using one-way authentication of the access device.
  • Mechanism 2 provides access to a function set for predetermined conditions with the ability to detect rogue controlled devices using two-way authentication.
  • the predetermined conditions on which access is granted or refused and the extent to which such is granted are implementation dependent and do not form part of this patent application. These conditions could be time based, usage based or condition based. For example, once access is granted, the controlled device may allow use of only one function in the function set before the access device needs to apply an access mechanism again, or the controlled device may allow access to the function set for a limited time, or the controlled device may allow access to the functions until a specific condition (i.e. power loss or communications broken) is detected.
  • a specific condition i.e. power loss or communications broken
  • the access sequence consists of four steps:
  • the controlled device employs the same hash function and uses its current key to encrypt the code and compares it to received result. If these are the same and all other system specified requirements are met, access to the function set is granted by the controlled device. Alternatively the controlled device could decrypt the received hash code and compare it to the clear hash code it calculated itself.
  • the access sequence consists of five steps:
  • the access device initiates the sequence by generating a challenge consisting of a random number and identification of the function set it wants to use.
  • This challenge is sent to the controlled device; the controlled device employs a hash function H(m) using the random challenge received from the access device and any other information which the system might want to use (including additional random data) to generate a hash code - the hash code is encrypted using the controlled device's active key for the indicated function set - the encrypted hash code is sent to the access device together with the key identification for its active key for the function set to the access device.
  • Key identification includes at a minimum the key series identification (CD x ) and the key serial number (K n ).
  • the challenge may also include additional information identifying the BDKF N to which the key and key series belong.
  • the controlled device employs the same hash function and uses its new current key to encrypt the hash code and compares it to received result. If these are the same and all other system specified requirements are met, access to the function set is granted by the controlled device. Alternatively the controlled device could decrypt the received hash code and compare it to the clear hash code it calculated itself. Once access has been granted, the controlled device once again calculates its next key and destroys its current key.
  • the controlled device would be constituted by a cash container while an access device would be constituted by a cash acceptance terminal or a cash processing centre.
  • the key management system of this invention provides the ability for multiples of the same devices (cash containers belonging to different banks for instance) to be operated with the access devices (cash acceptance terminals and cash processing centres for instance) of various owners (banks for instance) without any owner having access to the functions on the devices owned by another party, unless specifically authorised by the other party.
  • It also provides a mechanism whereby rogue devices, such as fraudulent cash containers or cash containers that have been compromised in some way (by theft or damage for instance) and that do not form part of the user system, can be detected.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Lock And Its Accessories (AREA)

Abstract

This invention relates to a cryptographic key management system that finds particular application as a key management system in a cash in transit system. The key management system of this invention comprises a controlled device equipped with a key derivation algorithm (KDA) which allows it to derive a new key (a controlled device key derivation algorithm (CDKDA)) from a current key (Kn+i = CDKDA(Kn)). The key derivation algorithm may conveniently allow the controlled device to derive a block of new keys from at least one current key or from a block of current keys. The preferred method for key derivation is triple DES DUKPT (Derived Unique Key Per Transaction).

Description

CRYPTOGRAPHIC KEY MANAGEMENT SYSTEM
Background to the invention
This invention relates to a cryptographic key management system.
The invention finds particular application as a key management system in a cash in transit system and it will be described with reference to such an application. It will be appreciated, however, that this is done purely for illustration and it is not intended to limit the scope of the invention to such a particular example.
The typical cash in transit system makes use of a plurality of secure cash containers or boxes that are used to transport cash and other valuable documents, all of which will, for convenience, be referred to in this specification as "cash" where appropriate. When so used, the term "cash" will include a reference to any valuable transaction document, including money and any document other than money normally used in commerce to initiate, conclude or record a transaction. Examples of such other transaction documents include cheques, credit card clips, deposit slips, withdrawal slips and printouts of electronic payment records. Since cash in transit systems must deal with coin money, the term "cash" will, where the context allows, include a reference to coin money as well.
The cash containers used in these systems are constituted by secure boxes or containers with one or more compartments that are accessible via electronically controlled doors or hatches. Cash is deposited into one or more of the compartments in the cash container by means of dedicated cash acceptance terminals and removed by means of dedicated opening jigs located at one or more cash processing centres, both of which will be described below.
The cash container is provided with an onboard processor with sufficient computing power and memory to store a record of the transactions involving the cash container, including data detailing deposits, merchant details and a breakdown of the denominations of notes and documents contained within the cash container. In addition, the cash container processor records and stores the operational history of the container and a record of any mishandling of the container. The cash container is protected by means of a dye mechanism that can be activated to release a document staining dye into the interior of the container, thereby to stain the transaction documents securely contained within the container.
The cash container is adapted to interface and dock with one or more secure cash acceptance terminals. These terminals are essentially docking stations and are located at a cash acceptance point (normally the premises of retailers or other organisations that receive cash and need to have the cash transported to and from their premises).
Cash acceptance terminals can be static or mobile, the latter being mounted on castors so that they can be wheeled around between tills and cash collection points with one or more cash containers docked and securely stored within the cash acceptance terminal. The cash acceptance terminal is provided with a feed chute through which the cash is fed into the cash acceptance terminal and from there into the cash container docked within the cash acceptance terminal. The document travel path within the cash acceptance terminal typically includes a note validator with a note reject facility. In addition, the cash acceptance terminal may have magnetic stripe, card or tag readers, a receipt printer and sufficient onboard processing power to record and store the transactions undertaken with the use of the cash acceptance terminal.
When the cash container is filled to its operational capacity and the cash has to be moved from the cash acceptance point, the container is un-docked from the cash acceptance terminal and transported, with the assistance of a cash in transit service provider, to a cash processing centre where the cash container is interfaced and docked with docking stations located at the cash processing centre. The cash processing centre is typically constituted by a cash handling facility that contains one or more secure container processing jigs, each of which is either networked or provided with onboard or processing power interfaced with the cash centre reconciliation system. The emptying jigs are used to open the cash containers and empty the contents to allow the cash and transaction documents contained in the cash containers to be counted, reconciled and transferred into bulk document sorting and storage systems.
At both ends of the process, that is when the cash container is docked with a cash acceptance terminal or with a processing jig at the cash processing centre, a reciprocal authentication procedure takes place to verify the component identities and the authorisation of the components to engage in the various processes permitted within the system, such as opening the cash container, depositing cash into the cash container and discharging cash from the cash container at the cash processing centre. This is done with the use of digital cryptographic techniques.
Transaction data has long been protected by encryption techniques that use mathematical algorithms and keys to encrypt the data. It is commonly agreed however that cryptographic algorithms alone are insufficient to ensure reasonable levels of security. To achieve the necessary security, sophisticated key-management methods are required to protect the encryption keys used to encrypt and decrypt the data. Hence, secure key management (the methods used to securely inject, change and protect the identity of these keys) is at the heart of reliable data security.
This invention seeks to provide such a key management system in which the keys will be used to control access to functions on an electronically controlled device such as a cash container, a cash acceptance terminal or a processing jig at the cash processing centre.
In addition, this invention seeks to provide a system that can be used to securely control access to functions on multiple such devices for more than one user group, each group having access to a pre-determined set of functions on the device or a set of devices.
A typical system using the key management system of this invention comprises two types of devices. The first type is an electronically controlled device (herein referred to as a "controlled device") with functionalities that need to be accessed by users using the second type of device (herein referred to as an "access device"). A specific device can be used in a functional hierarchy where it acts as an access device in the one functional group and as a controlled device in another functional group. An access device can have access to the full functionality of the controlled device or limited access to a subset of the controlled device's functions.
In addition, the term "user group" will be used in this specification to refer to a system containing controlled and access devices which are adapted to interact with each other. Devices in a user group will normally be owned by the same entity. Multiple user groups can exist, but they will be limited in that devices in one user group will be restricted from interacting with devices in a different user group unless specific key sharing has been implemented. Furthermore, the term "function set" will be used in this specification as referring to a set of controlled device functions that are grouped together according to accessibility. The functions in a function set all have the same accessibility requirements.
In systems of this invention, each controlled device and access device will have a means for bidirectional communication and the access device either contains a secure key storage mechanism or has access to a secure key storage mechanism. In the preferred configuration, the secure key storage mechanism is located within a distinct, physical security module that is installed in the access device.
Summary and description of embodiments of the invention
According to this invention, a key management system is provided comprising a controlled device that is equipped with a key derivation algorithm (KDA) which allows it to derive a new key (a controlled device key derivation algorithm (CDKDA)) from a current key (Kn+i = CDKDA(Kn)).
The key derivation algorithm may conveniently allow the controlled device to derive a block of new keys from at least one current key or from a block of current keys and where appropriate, references to a "key" in this specification, should be interpreted to refer to a block of keys.
The preferred method for key derivation is triple DES DUKPT, but persons skilled in the art can use any similar key derivation algorithm. The DUKPT (Derived Unique Key Per Transaction) system is in use around the world to encrypt Personal Identification Number (PIN) information and to authenticate messages. To date, the DUKPT system has not been used to manage and control access to function sets on electronically controlled devices in a system.
The controlled device is preferably provided with data storage means for storing an encryption key for every user function set that can be accessed separately by the access device, the controlled device being programmed, when in use the access device requires access to a specific function set of the controlled device, to require the transmission, to the controlled device, of data demonstrating knowledge of the controlled device encryption key for that function set.
In this form of the invention, the controlled device is programmed for all or some of the encryption keys of the controlled device to be single use keys, the controlled device being programmed to allow access to the functions of the controlled device related to that key only once, to calculate the next key using the key derivation algorithm and to destroy the used key. The controlled device is therefore conveniently programmed to step through a specific series of keys needed to access a specific function set on that device, the controlled device being programmed with an initial key (UKFNKo) for the user group UK and the function set FN on the controlled device, in which K0 indicates the initial key (serial number 0) and to use the controlled device key derivation algorithm (CDKDA) to calculate the key (UKFNCDXKΠ+I = CDKDA(UκFNCDχKn).
In key management system with a multiplicity of controlled devices, the initial key is seeded with a key series (CDx) specific to that device which is therefore programmed with an initial key (UKFNCDXKO) - user group UK; function set FN; controlled device specific key series (CDx); and initial key (serial number 0) K0, the controlled device being programmed to use the controlled device key derivation algorithm (CDKDA) to calculate the key UκFNCDxKn+i = CDKDA(UκFNCDχKn).
For the function set FN in a user group UK, different series of keys can be allocated to each device, by deriving the initial key UKFNCDXKO using an initial key derivation algorithm (IKDA), which calculates the initial key from CDx and a base derivation key (BDKKNX) used by that user group for that function set, such that UKFNCDXK0 = IKDA(CDx,BDKKNχ).
The controlled device is equipped with a controlled device key derivation algorithm (CDKDA) which allows it to derive a new key from a current key (Kn+I = CDKDA(Kn)). The preferred method for key derivation is triple DES DUKPT, but persons skilled in the art can use any similar key derivation algorithm.
The access device is equipped with an access device key derivation algorithm (ADKDA) with which it can calculate any key in a series of keys given the initial key and the key serial number (Kn = ADKDA(K0, n)). The preferred method for key derivation is triple DES DUKPT, but persons skilled in the art can use any similar key derivation algorithm. Using the algorithm, the access device can therefore calculate UκFNCDχKn = ADKDA(UκFNCDχK0, n).
An access device that is allowed to use a specific function set on controlled devices in a user group with key series CDx, therefore needs to either securely store the initial key for those devices, or alternatively securely store the BDKKIMX and be equipped with the initial key derivation algorithm (IKDA) to allow it to calculate the initial key. The access device can therefore calculate a specific active key UκFNCDχKn for a function set UKFN, for any controlled device with key series CDx as long as it has the key serial number n, and the base derivation key BDKκNχ. Any agreed authentication method using the key can be used to gain access to the specific function set from an access device to a controlled device. The specific mechanism to use is dependent on the functionality and implementation of the controlled device and two examples are given below.
Mechanism 1 provides access to a function set for predetermined conditions without the ability to detect rogue controlled devices using one-way authentication of the access device.
Mechanism 2 provides access to a function set for predetermined conditions with the ability to detect rogue controlled devices using two-way authentication.
The predetermined conditions on which access is granted or refused and the extent to which such is granted are implementation dependent and do not form part of this patent application. These conditions could be time based, usage based or condition based. For example, once access is granted, the controlled device may allow use of only one function in the function set before the access device needs to apply an access mechanism again, or the controlled device may allow access to the function set for a limited time, or the controlled device may allow access to the functions until a specific condition (i.e. power loss or communications broken) is detected.
In the first example, when this mechanism is used, the access sequence consists of four steps:
the access device initiates the sequence by sending a message to the controlled device indicating the function set it wants to access; the controlled device generates a random challenge and sends the challenge together with the key identification for its active key for the function set to the access device - key identification includes, as a minimum, the key series identification (CDx) and the key serial number (n) - the challenge may also include additional information identifying the base derivation key (BDKKNX) to which the key and key series belong - the access device then derives the controlled device's active key using UκFNCDχKn = ADKDA(IKDA(CDX1BDKKNX), n) - the access device then employs a hash function H(m) using the random challenge received from the controlled device and such other information which the system might be programmed to require, such as additional random data, using the calculated key. The hash code is then encrypted using the calculated key to allow the controlled device to authenticate the access device. Any information not available to the controlled device yet and used in the cryptographic hash function is sent to the controlled device together with the result of the hash function;
the controlled device employs the same hash function and uses its current key to encrypt the code and compares it to received result. If these are the same and all other system specified requirements are met, access to the function set is granted by the controlled device. Alternatively the controlled device could decrypt the received hash code and compare it to the clear hash code it calculated itself.
econd mechanism, the access sequence consists of five steps:
the access device initiates the sequence by generating a challenge consisting of a random number and identification of the function set it wants to use. This challenge is sent to the controlled device; the controlled device employs a hash function H(m) using the random challenge received from the access device and any other information which the system might want to use (including additional random data) to generate a hash code - the hash code is encrypted using the controlled device's active key for the indicated function set - the encrypted hash code is sent to the access device together with the key identification for its active key for the function set to the access device. Key identification includes at a minimum the key series identification (CDx) and the key serial number (Kn). The challenge may also include additional information identifying the BDKFN to which the key and key series belong. The controlled device calculates a new active key for the function set UκFNCDχKn+i = CDKDA(UκFNCDχKn), and destroys its current active key UKFNCDXK,-,, deleting it from memory;
the access device derives the controlled device's active key using UκFNCDxKn = ADKDA(IKDA(CDX,BDKKNX), n). The access device then employs the same hash function and uses its calculated key to encrypt the hash code and compares it to received result. If these are the same and all other system specified requirements are met, the controlled device belongs to the system. Alternatively the access device could decrypt the received hash code and compare it to the clear hash code it calculated itself;
the access device derives the controlled device's next active key using UκFNCDχKn+i = ADKDA(IKDA(CDχ,BDKKNχ), n+1 ). It encrypts the hash code with new derived key and sends the encrypted hash code to the controlled device;
the controlled device employs the same hash function and uses its new current key to encrypt the hash code and compares it to received result. If these are the same and all other system specified requirements are met, access to the function set is granted by the controlled device. Alternatively the controlled device could decrypt the received hash code and compare it to the clear hash code it calculated itself. Once access has been granted, the controlled device once again calculates its next key and destroys its current key.
Applying the invention summarised above to a cash in transit system, the controlled device would be constituted by a cash container while an access device would be constituted by a cash acceptance terminal or a cash processing centre.
The key management system of this invention provides the ability for multiples of the same devices (cash containers belonging to different banks for instance) to be operated with the access devices (cash acceptance terminals and cash processing centres for instance) of various owners (banks for instance) without any owner having access to the functions on the devices owned by another party, unless specifically authorised by the other party.
It also provides a mechanism whereby rogue devices, such as fraudulent cash containers or cash containers that have been compromised in some way (by theft or damage for instance) and that do not form part of the user system, can be detected.

Claims

Claims
1. A key management system comprising a controlled device that is equipped with a key derivation algorithm (KDA) which allows the controlled device to derive at least one new key (a controlled device key derivation algorithm (CDKDA)) from at least one current key (Kn+i = CDKDA(Kn)).
2. A key management system according to claim 1 in which the key derivation algorithm (KDA) allows the controlled device to derive a block of new keys from at least one current key.
3. A key management system according to claim 2 in which the key derivation algorithm (KDA) allows the controlled device to derive a block of new keys from a block of current keys.
4. A key management system according to any one of the preceding claims in which the controlled device is equipped with a controlled device key derivation algorithm (CDKDA) which allows it to derive a new key from a current key (Kn+1 = CDKDA(Kn)).
5. A key management system according to any one of the preceding claims in which the access device is equipped with an access device key derivation algorithm (ADKDA) with which it can calculate any key in a series of keys given the initial key and the key serial number (Kn = ADKDA(K0, n)).
6. A key management system according to any one of the preceding claims in which the method for key derivation is triple DES DUKPT (Derived Unique Key Per Transaction).
7. A key management system according to any one of the preceding claims in which the controlled device is provided with data storage means for storing an encryption key for every user function set that can be accessed separately by the access device, the controlled device being programmed, when in use the access device requires access to a specific function set of the controlled device, to require the transmission, to the controlled device, of data demonstrating knowledge of the controlled device encryption key for that function set.
8. A key management system according to claim 7 in which the controlled device is programmed for all or some of the encryption keys of the controlled device to be single use keys, the controlled device being programmed to allow access to the functions of the controlled device related to that key only once, to calculate the next key using the key derivation algorithm and to destroy the used key.
9. A key management system according to claim 8 in which the controlled device is programmed to step through a specific series of keys needed to access a specific function set on that device, the controlled device being programmed with an initial key (UKFNKO) for the user group UK and the function set FN on the controlled device, in which Ko indicates the initial key (serial number 0) and to use the controlled device key derivation algorithm (CDKDA) to calculate the key (UKFNCDXKΠ+I = CDKDA(UκFNCDχKn).
10. A key management system according to claim 9 for a key management system with a multiplicity of controlled devices, the initial key being seeded with a key series (CDx) specific to a device and each device being programmed with: an initial key (UKFNCDXKO) - user group UK;
function set FN;
controlled device specific key series (CDx); and
initial key (serial number 0) K0
the controlled device being programmed to use the controlled device key derivation algorithm (CDKDA) to calculate the key UKFNCDXK11+I = CDKDA(UKFNCDxKn).
11. A key management system according to claim 10 in which, for the function set FN in a user group UK, different series of keys can be allocated to each device, by deriving the initial key UKFNCDXKO using an initial key derivation algorithm (IKDA)1 which calculates the initial key from CDx and a base derivation key (BDKKNX) used by that user group for that function set, such that UκFNCDχK0 = IKDA(CDx,BDKKNχ).
PCT/ZA2006/000112 2005-09-21 2006-09-21 Cryptographic key management system Ceased WO2007035970A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
ZA200803730A ZA200803730B (en) 2006-09-21 2008-04-30 Cryptographic Key Management System

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2005/07682 2005-09-21
ZA200507682 2005-09-21

Publications (2)

Publication Number Publication Date
WO2007035970A2 true WO2007035970A2 (en) 2007-03-29
WO2007035970A3 WO2007035970A3 (en) 2009-05-07

Family

ID=37889591

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ZA2006/000112 Ceased WO2007035970A2 (en) 2005-09-21 2006-09-21 Cryptographic key management system

Country Status (1)

Country Link
WO (1) WO2007035970A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2921778A1 (en) * 2007-09-28 2009-04-03 Dhimyotis Sarl User authenticating system for accessing service on e.g. Internet portal, has data processing unit comprising locking module for closing access to service when movable device is not situated in perimeter of data processing unit
WO2009145773A1 (en) * 2008-05-29 2009-12-03 Hewlett-Packard Development Company, L.P. Providing authenticated communications to a replaceable printer component
CN102055586A (en) * 2010-12-28 2011-05-11 北京握奇数据系统有限公司 Method for exporting key and device thereof
US12301706B1 (en) 2021-12-22 2025-05-13 Wells Fargo Bank, N.A. Translate random unique method for passcode encryption technology

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5745576A (en) * 1996-05-17 1998-04-28 Visa International Service Association Method and apparatus for initialization of cryptographic terminal
KR100345235B1 (en) * 1998-11-08 2005-07-29 엘지전자 주식회사 Method and apparatus for re-cording digital data streams

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2921778A1 (en) * 2007-09-28 2009-04-03 Dhimyotis Sarl User authenticating system for accessing service on e.g. Internet portal, has data processing unit comprising locking module for closing access to service when movable device is not situated in perimeter of data processing unit
WO2009145773A1 (en) * 2008-05-29 2009-12-03 Hewlett-Packard Development Company, L.P. Providing authenticated communications to a replaceable printer component
US9875365B2 (en) 2008-05-29 2018-01-23 Hewlett-Packard Development Company, L.P. Providing authenticated communications to a replaceable printer component
CN102055586A (en) * 2010-12-28 2011-05-11 北京握奇数据系统有限公司 Method for exporting key and device thereof
US12301706B1 (en) 2021-12-22 2025-05-13 Wells Fargo Bank, N.A. Translate random unique method for passcode encryption technology

Also Published As

Publication number Publication date
WO2007035970A3 (en) 2009-05-07

Similar Documents

Publication Publication Date Title
AU615832B2 (en) Multilevel security apparatus and method with personal key
US8737623B2 (en) Systems and methods for remotely loading encryption keys in a card reader systems
RU2637746C2 (en) Method and system for reducing risk of banknote robbery/theft
US7000829B1 (en) Automated banking machine key loading system and method
US20170032341A1 (en) Traceable Deposit Container
JP2001260580A (en) Bills and securities on which IC chips are mounted and methods for preventing unauthorized use thereof
CN101095144A (en) Presentation instrument security arrangement and methods
CN111275411B (en) Off-line transaction method and system for digital currency wallet and user identity identification card
UA55469C2 (en) Method for verifying the authenticity of a data medium
AU2007224797B2 (en) Method and apparatus for the secure processing of sensitive information
US20180211253A1 (en) Automatic transaction device and control method thereof
EP0138320B1 (en) Cryptographic key management system
EP1096450B1 (en) Automated teller machine and method therof
US6662151B1 (en) System for secured reading and processing of data on intelligent data carriers
Berkman et al. The unbearable lightness of PIN cracking
US11170614B1 (en) System and method of authentication using a re-writable security value of a transaction card
WO2007035970A2 (en) Cryptographic key management system
US6430689B1 (en) System for securely transporting objects in a tamper-proof container, wherein at least one recipient station is mobile and portable
HUP0104875A2 (en) Method for the secure handling of money or units of value with pre-paid data carriers
Gopavaram et al. Cloud Based Credit Card Fraud Detection System in Banking Using Machine Learning and Deep Learning algorithms
JPH0620117A (en) IC card
JPH0619945A (en) Data transfer system portable terminal equipment
JP2000507380A (en) Safety module
Tan et al. A robust and secure RFID-based pedigree system (short paper)
CN119694026A (en) Value document processing device and method for operating a value document processing device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06804324

Country of ref document: EP

Kind code of ref document: A2