Method of transferring data, between computer systems using electronic cards

- Kommunedata I/S

When transferring data, an electronic document or the like from a first computer system (100) to a second computer system (200) via a data transmission line (300), e.g. a public data transmission line, a first output and input station (122) comprising a first electronic card (124) and a second output and input station (222) comprising a second electronic card (224) are used. The data is transferred to the first electronic card (124) from the first computer system (100) via the first station (122) and is encrypted in the first electronic card (124), whereupon the data is output from the first electronic card (124) in encrypted form and transferred via the first station (122) to the first computer system (100) and therefrom to the data transmission line (300). The data is received by the other computer system (200) in encrypted form and is transferred to the second electronic card (224) via the second station (222), whereupon the data is decrypted in the second electronic card (224) and is output from the second electronic card via the second station (222) to the second computer system (200). As the data transfer between the first and the second computer system is carried out between the first and the second electronic card, no third parties have neither authorized or unauthorized possibility of interfering with the data transmission and possibly changing the data or the electronic document. The first and second electronic card (124, 224) constitute a coherent set of cards comprising coherent encryption/decryption keys input into the internal storages of the cards.

Skip to:  ·  Claims  ·  References Cited  · Patent History  ·  Patent History

Claims

2. A method according to claim 1, further comprising the steps of making a verification of the authenticity of said first electronic card relative to said second electronic card and vice versa prior to said transfer of said data from said first computer system to said second computer system.

3. A method according to claim 1, further comprising the step of making a verification of the integrity of said data at said transfer of said data from said first computer system to said second computer system.

4. A method according to claim 1, wherein said inputting into, said outputting from, said encryption and said decryption and possibly said authenticity and integrity verification is controlled autonomously by said central data processing unit of said individual card.

5. A method according to claim 4, wherein said transfer of said data is made in accordance with the LECAM protocol.

6. A method according to claim 2, said authenticity verification comprising the steps of:

generating a first set of data in said first electronic card, inputting and storing said first set of data in said internal storage of said first electronic card, and encrypting said first set of data in said first electronic card by means of said encryption/decryption means of said first electronic card and said encryption key(s) stored in said internal storage of said first electronic card,
outputting said first set of data from said first electronic card in encrypted form via said input/output gate of said first electronic card, transferring said first set of data via said first station to said first computer system and therefrom via said interfacing means of said first computer system to said data transmission line,
receiving said first set of data by said second computer system in encrypted form via said interfacing means of said second computer system, transferring said encrypted first set of data to said second electronic card via said second station and via said input/output gate of said second electronic card, and inputting and temporarily storing said encrypted first set of data in said internal storage of said second electronic card,
outputting said first set of data received by said second computer system in encrypted form from said internal storage of said second electronic card, and decrypting said encrypted first set of data in said second electronic card by means of said encryption/decryption means of said second electronic card and said decryption key(s) stored in said internal storage of said second electronic card,
inputting and storing, in said internal storage of said second electronic card, said first set of data received by said second computer system in encrypted form and decrypted in said second electronic card,
generating a second set of data in said second electronic card, and inputting and storing said second set of data in said internal storage of said second electronic card,
generating, in said second electronic card, a first combination of said first set of data received by said second computer system in encrypted form, decrypted and stored in said internal storage of said second electronic card and said second set of data stored in said internal storage of said second electronic card, and inputting and storing said first combination in said internal storage of said second electronic card,
encrypting said first combination in said second electronic card by means of said encryption/decryption means of said second electronic card and said encryption key(s) stored in said internal storage of said second electronic card,
outputting said first combination from said second electronic card in encrypted form via said input/output gate of said second electronic card, and transferring said encrypted first combination via said second station to said second computer system and therefrom via said interfacing means of said second computer system to said data transmission line,
receiving said first combination by said first computer system in encrypted form via said interfacing means of said first computer system, transferring said encrypted first combination to said first electronic card via said first station and via said input/output gate of said first electronic card, and inputting and temporarily storing said encrypted first combination in said internal storage of said first electronic card,
outputting, from said internal storage of said first electronic card, said first combination received by said first computer system in encrypted form, and decrypting said encrypted first combination in said first electronic card by means of encryption/decryption means of said first electronic card and said decryption key(s) stored in said internal storage of said first electronic card,
inputting and storing, in said internal storage of said first electronic card, said first combination received by said first computer system in encrypted form and decrypted in said first electronic card,
decombining said first combination stored in said internal storage of said first electronic card for producing a first set of data retransmitted to said first electronic card and a second set of data transferred to said first electronic card,
inputting and storing, in said internal storage of said first electronic card, said first set of data retransmitted to said first electronic card and said second set of data transferred to said first electronic card,
comparing said first set of data stored in said internal storage of said first electronic card to said first set of data retransmitted to said first electronic card and stored in said internal storage of said first electronic card for verification of identity between these sets of data for verification of the authenticity of said second electronic card relative to said first electronic card,
generating a third set of data in said first electronic card, inputting and storing said third set of data in said internal storage of said first electronic card,
generating, in said first electronic card, a second combination of said second set of data received in encrypted form by said first computer system, decrypted and stored in said internal storage of said first electronic card and said third set of data stored in said internal storage of said first electronic card, and inputting and storing said second combination in said internal storage of said first electronic card,
encrypting said second combination in said first electronic card by means of said encryption/decryption means of said first electronic card and said encryption key(s) stored in said internal storage of said first electronic card,
outputting said second combination from said first electronic card in encrypted form via said input/output gate of said first electronic card, and transferring said second combination via said first station to said first computer system and therefrom via said interfacing means of said first computer system to said data transmission line,
receiving said second combination by said second computer system in encrypted form via said interfacing means of said second computer system, transferring said encrypted second combination to said second electronic card via said second station and via said input/output gate of said second electronic card, and inputting and temporarily storing said encrypted second combination in said internal storage of said second electronic card,
outputting, from said internal storage of said second electronic card, said second combination received by said second computer system in encrypted form, and decrypting said encrypted second combination in said second electronic card by means of said encryption/decryption means of said second electronic card and said decryption key(s) stored in said internal storage of said second electronic card,
inputting and storing, in said internal storage of said second electronic card, said second combination received by said second computer system in encrypted form and decrypted,
decombining said second combination stored in said internal storage of said second electronic card for producing a second set of data retransmitted to said second electronic card and a third set of data transferred to said second electronic card,
inputting and storing, in said internal storage of said second electronic card, said second set of data retransmitted to said second electronic card and said third set of data transferred to said second electronic card, and
comparing said second set of data stored in said internal storage of said second electronic card to said second set of data retransmitted to said second electronic card and stored in said internal storage of said second electronic card for verification of identity between these sets of data for verification of the authenticity of said first electronic card relative to said second electronic card.

7. A method according to claim 3, said integrity verification comprising the steps of:

generating a compacted version of said data in said first computer system or said first electronic card, and inputting and storing said compacted version in said internal storage of said first electronic card,
generating, in said second computer system or in said second electronic card, a compacted version of said data transferred to said second computer system, and inputting and storing said compacted version in said internal storage of said second electronic card,
outputting, from said internal storage of said first electronic card, said compacted data version stored in said internal storage of said first electronic card, and encrypting said compacted data version in said first electronic card by means of said encryption/decryption means of said first electronic card and said encryption key(s) stored in said internal storage of said first electronic card,
outputting, from said first electronic card via said input/output gate of said first electronic card, said compacted data version encrypted by said encryption/decryption means of said first electronic card, and transferring said encrypted and compacted data version via said first station to said first computer system and therefrom via said interfacing means of said first computer system to said data transmission line,
receiving, by said second computer system via said interfacing means of said second computer system, said encrypted and compacted data version transferred from said first computer system, transferring said encrypted and compacted data version to said second electronic card via said second station and via said input/output gate of said second electronic card, and inputting and temporarily storing said encrypted and compacted data version in said internal storage of said second electronic card,
outputting, from said internal storage of said second electronic card, said compacted data version received by said second computer system in encrypted form, and decrypting said compacted data version in said second electronic card by means of said encryption/decryption means of said second electronic card and said decryption key(s) stored in said internal storage of said second electronic card,
inputting and storing, in said internal storage of said second electronic card, said decrypted, compacted data version received by said second computer system in encrypted form and decrypted by said second electronic card, and
comparing, in said second electronic card for verification of the integrity of or identity between said data transferred from said first computer system and said data received by said second computer system, said compacted data version stored in said second electronic card to said decrypted, compacted data version received by said second computer system in encrypted form and decrypted in said second electronic card.

8. A method according to claim 3, said integrity verification comprising the steps of:

generating a compacted version of said data in said first computer system or in said first electronic card, and inputting and storing said compacted version in said internal storage of said first electronic card,
generating, in said second computer system or in said second electronic card, a compacted version of said data transferred to said second computer system, and inputting and storing said compacted version in said internal storage of said second electronic card,
outputting, from said internal storage of said second electronic card, said compacted version stored in said internal storage of said second electronic card, and encrypting said compacted version in said second electronic card by means of said encryption/decryption means of said second electronic card and said encryption key(s) stored in said internal storage of said second electronic card,
outputting, from said second electronic card via said input/output gate of said second electronic card, said compacted data version encrypted by said encryption/decryption means of said second electronic card, and transferring said encrypted and compacted data version via said second station to said second computer system and therefrom via said interfacing means of said second computer system to said data transmission line,
receiving, by said first computer system via said interfacing means of said first computer system, said encrypted and compacted data version transferred from said second computer system, transferring said encrypted and compacted data version to said first electronic card via said first station and via said input/output gate of said first electronic card, and inputting and temporarily storing said encrypted and compacted data version in said internal storage of said first electronic card,
outputting, from said internal storage of said first electronic card, said compacted data version received by said first computer system in encrypted form, and decrypting said encrypted and compacted data version in said first electronic card by means of said encryption/decryption means of said first electronic card and said decryption key(s) stored in said internal storage of said first electronic card,
inputting and storing, in said internal storage of said first electronic card, said decrypted, compacted data version received by said first computer system in encrypted form and decrypted by said first electronic card, and
comparing, in said first electronic card for verification of the integrity of or identity between said data transferred from said first computer system and said data received by said second computer system, said compacted data version stored in said first electronic card to said decrypted, compacted data version received by said first computer system in encrypted form and decrypted in said first electronic card.

9. A method according to claim 7, wherein said transfer of said compacted data version generated in said first computer system or in said first electronic card from said first electronic card to said second electronic card is made simultaneously with said transfer of said data itself, and said data and said compacted data version are combined and encrypted as a whole before said transfer.

10. A method according to claim 8, wherein said transfer of said compacted data version generated in said second computer system or in said second electronic card from said second electronic card to said first electronic card is made simultaneously with a retransmission of said data received from said first electronic card from said second electronic card to said first electronic card, and said data to be retransmitted and said compacted data version are combined and encrypted as a whole before said transfer.

11. A method according to claim 8, wherein

said transfer of said compacted data version generated in said second computer system or in said second electronic card from said second electronic card to said first electronic card is made simultaneously with a retransmission of said compacted data version received by said second electronic card from said second electronic card to said first electronic card,
said transfer and retransmission of compacted data versions are made simultaneously with a retransmission of said data received by said second electronic card from said second electronic card to said first electronic card, and
said data to be retransmitted and both compacted data versions are combined and encrypted as a whole before said transfer.

12. A system for said transfer of data from a first computer system to a second computer system, which second computer system is autonomous in relation to said first computer system via a data transmission line, according to the method of claim 1, said system comprising a first station and a second station, which are connected to and communicate with said first and said second computer system, respectively, and which furthermore via said first and said second computer system, respectively, and corresponding interfacing means are connected to said data transmission line, as well as a first and a second electronic card, which constitute a coherent set of cards comprising coherent encryption/decryption keys input into said internal storages of said cards in such a way that the cards are able to communicate with each other and encrypt and decrypt data transferred from the first card to the second card and vice versa.

13. A system according to claim 12, said first and said second electronic card being of the type DES Smart Card (Philips), Super Smart Card (Bull) or CP8 Smart Card (Bull).

14. A method according to claim 2, further comprising the step of making a verification of the integrity of said data at said transfer of said data from said first computer system to said second computer system.

15. A method according to claim 6, wherein

the encryption key used for encrypting the first set of data and the second combination is made by use of a first signature key stored in the first electronic card,
the decryption key used for decrypting the encrypted form of the first set of data and the encrypted form of the second combination is made by use of a second verification key stored in the second electronic card and a publicly known identification of the first electronic card,
the encryption key used for encrypting the first combination is made by use of a second signature key stored in the second electronic card, and
the decryption key used for decrypting the encrypted form of the first combination is made by use of a first verification key stored in the first electronic card and a publicly known identification of the second electronic card.

16. A method according to claim 1, wherein the encryption and decryption keys used for encrypting and decrypting the transferred data are generated from a first set of data generated in an authenticity verification which is made prior to the transfer of the data as described in claim 6.

17. A method according to claim 16, wherein the authenticity verification further comprises the method of claim 16.

18. A method according to claim 7, wherein the integrity verification further comprises the steps of:

outputting, from said internal storage of said second electronic card, said compacted version stored in said internal storage of said second electronic card, and encrypting said compacted version in said second electronic card by means of said encryption/decryption means of said second electronic card and said encryption key(s) stored in said internal storage of said second electronic card,
outputting, from said second electronic card via said input/output gate of said second electronic card, said compacted data version encrypted by said encryption/decryption means of said second electronic card, and transferring said encrypted and compacted data version via said second station to said second computer system and therefrom via said interfacing means of said second computer system to said data transmission line,
receiving, by said first computer system via said interfacing means of said first computer system, said encrypted and compacted data version transferred from said second computer system, transferring said encrypted and compacted data version to said first electronic card via said first station and via said input/output gate of said first electronic card, and inputting and temporarily storing said encrypted and compacted data version in said internal storage of said first electronic card,
outputting, from said internal storage of said first electronic card, said compacted data version received by said first computer system in encrypted form, and decrypting said encrypted and compacted data version in said first electronic card by means of said encryption/decryption means of said first electronic card and said decryption key(s) stored in said internal storage of said first electronic card,
inputting and storing, in said internal storage of said first electronic card, said decrypted, compacted data version received by said first computer system in encrypted form and decrypted by said first electronic card, and
comparing, in said first electronic card for verification of the integrity of or identity between said data transferred from said first computer system and said data received by said second computer system, said compacted data version stored in said first electronic card to said decrypted, compacted data version received by said first computer system in encrypted form and decrypted in said first electronic card.

19. A method according to claim 9, wherein the compacted data is generated by use of a common compression key prestored in the electronic cards.

20. A method according to claim 9, wherein

the compacted data version is encrypted by use of a first signature key, which is stored in the first electronic card, before being combined with the data and further encrypted as a whole, and
the encrypted compacted data version is decrypted by use of a second verification key stored in the second electronic card and a publicly known identification of the first electronic card after the combination of the data and the compacted data version has been transferred and decrypted as a whole.

21. A method according to claim 9, wherein the encryption and decryption keys used for encrypting and decrypting the combination of the data and the compacted data version are generated from a first set of data generated in an authenticity verification which is made prior to the transfer of the data as described in claim 6.

22. A method according to claim 21, wherein the authenticity verification further comprises the method of claim 15.

23. A method according to claim 10, wherein the compacted data is generated by use of a common compression key prestored in the electronic cards.

24. A method according to claim 10, wherein

the compacted data version is encrypted by use of a second signature key, which is stored in the second electronic card, before being combined with the data to be retransmitted and further encrypted as a whole, and
the encrypted compacted data is decrypted by use of a first verification key stored in the first electronic card and a publicly known identification of the second electronic card after the combination of the data to be retransmitted and the compacted data version has been transferred and decrypted as a whole.

25. A method according to claim 10, wherein the encryption and decryption keys used for encrypting and decrypting the combination of the data to be retransmitted and the compacted data version are generated from a first set of data generated in an authenticity verification which is made prior to the transfer of the data as described in claim 6.

26. A method according to claim 25, wherein the authenticity verification further comprises the method of claim 15.

27. A method according to claim 7, wherein the compacted data is generated by use of a common compression key prestored in the electronic cards.

28. A method according to claim 8, wherein the compacted data is generated by use of a common compression key prestored in the electronic cards.

29. A method according to claim 18, wherein

said transfer of said compacted data version generated in said first computer system or in said first electronic card from said first electronic card to said second electronic card being made simultaneously with said transfer of said data itself, said data and said compacted data version being combined and encrypted as a whole before said transfer,
said transfer of said compacted data version generated in said second computer system or in said second electronic card from said second electronic card to said first electronic card being made simultaneously with a retransmission of said compacted data version received by said second electronic card from said second electronic card to said first electronic card, said transfer and retransmission of said compacted data versions also being made simultaneously with a retransmission of said data received by said second electronic card from said second electronic card to said first electronic card, said data to be retransmitted and both compacted data versions being combined and encrypted as a whole before said transfer.

30. A method according to claim 29, wherein the compacted data is generated by use of a common compression key prestored in the electronic cards.

31. A method according to claim 2, wherein

the encryption key(s) stored in the internal storage of the first electronic card include(s) a first encryption key made by use of a first signature key stored in the first electronic card,
the decryption key(s) stored in the internal storage of the second electronic card include(s) a second decryption key made by use of a second verification key stored in the second electronic card and a publicly known identification of the first electronic card,
the encryption key(s) stored in the internal storage of the second electronic card include(s) a second encryption key made by use of a second signature key stored in the second electronic card,
the decryption key(s) stored in the internal storage of the first electronic card include(s) a first decryption key made by use of a first verification key stored in the first electronic card and a publicly known identification of the second electronic card, and
the authenticity verification comprises the steps of:
a) generating a first random number in the transmitter,
b) encrypting the first random number by use of the first encryption key to obtain a first authenticity message within the first electronic card,
c) transmitting the first authenticity message to the second electronic card,
d) decrypting the first authenticity message within the second electronic card by use of the second decryption key to obtain the first random number within the second electronic card,
e) generating a second random number in the receiver,
f) combining the received first random number with the second random number to obtain a first combination within the second electronic card,
g) encrypting the first combination by use of the second encryption key to obtain a second authenticity message within the second electronic card,
h) transmitting the second authenticity message to the first electronic card,
i) decrypting the second authenticity message within the first electronic card by use of the first decryption key to obtain the first combination within the first electronic card,
j) separating the received first combination within the first electronic card,
k) comparing the value of the first random number generated in the transmitter with the value of the first random number received from the second electronic card and stored in the first electronic card, and in case the two values are equal verifying the authenticity of the identity of the second electronic card,
l) generating a third random number within the transmitter,
m) combining the received second random number with the third random number to obtain a second combination within the first electronic card,
n) encrypting the second combination by use of the first encryption key to obtain a third authenticity message within the first electronic card,
o) transmitting the third authenticity message to the second electronic card,
p) decrypting the third authenticity message within the second electronic card by use of the second decryption key to obtain the second combination within the second electronic card,
q) separating the received second combination within the second electronic card,
r) comparing the value of the second random number generated in the receiver with the value of the second random number received from the first electronic card and stored in the second electronic card, and in case the two values are equal verifying the authenticity of the identity of the first electronic card.

32. A method according to claim 3, wherein

the encryption key(s) stored in the internal storage of the first electronic card include(s) a first encryption key made by use of a first signature key stored in the first electronic card,
the decryption key(s) stored in the internal storage of the second electronic card include(s) a second decryption key made by use of a second verification key stored in the second electronic card and a publicly known identification of the first electronic card,
the encryption key(s) stored in the internal storage of the second electronic card include(s) a second encryption key made by use of a second signature key stored in the second electronic card,
the decryption key(s) stored in the internal storage of the first electronic card include(s) a first decryption key made by use of a first verification key stored in the first electronic card and a publicly known identification of the second electronic card,
a common compression key is stored in the internal storage of the first electronic card and in the internal storage of the second electronic card,
the encryption key(s) stored in the internal storage of the first electronic card and in the internal storage of the second electronic card include(s) a random encryption key made by use of a previously exchanged random number,
the decryption key(s) stored in the internal storage of the second electronic card and in the internal storage of the second electronic card include(s) a random decryption key made by use of a previously exchanged random number, and
the integrity verification comprises the steps of:
a) generating a first compacted document of the data within the transmitter by use of the common compression key,
b) encrypting the first compacted document by use of the first encryption key to obtain an encrypted first compacted document within the first electronic card,
c) combining the data and the encrypted first compacted document to a first combination and encrypting this first combination by use of the random encryption key to obtain a first integrity message within the first electronic card,
d) transmitting the first integrity message to the second electronic card,
e) decrypting the first integrity message within the second electronic card by use of the random decryption key to obtain the first combination within the second electronic card,
f) separating the first combination within the second electronic card,
g) generating within the receiver a second version of the first compacted document of the received data by use of the common compression key,
h) decrypting the received encrypted first compacted document within the second electronic card by use of the second decryption key to obtain a first version of the first compacted document,
i) comparing the obtained results of the first and second version of the first compacted document, and in case the two versions are equal verifying the integrity of the transmission of the data from the first electronic card to the second electronic card,
j) generating within the receiver a second compacted document of the first combination by use of the common compression key,
k) encrypting the second compacted document by use of the second encryption key to obtain an encrypted second compacted document within the second electronic card,
l) combining the first combination and the encrypted second compacted document to a second combination and encrypting this second combination by use of the random encryption key to obtain a second integrity message within the second electronic card,
m) transmitting the second integrity message to the first electronic card,
n) decrypting the second integrity message within the first electronic card by use of the random decryption key to obtain the second combination within the first electronic card,
o) separating the second combination within the first electronic card,
p) generating within the transmitter a second version of the second compacted document of the received second combination by use of the common compression key,
q) decrypting the received encrypted second compacted document within the first electronic card by use of the first decryption key to obtain a first version of the second compacted document,
r) comparing the obtained results of the first and second versions of the second compacted document, and in case the two versions are equal verifying the integrity of the transmission of the data from the first electronic card to the second electronic card.

33. A method according to claim 32, wherein the previously exchanged random number has been exchanged in an authenticity verification as described in claim 31.

Referenced Cited
U.S. Patent Documents
4176246 November 27, 1979 Gaetzli
4467139 August 21, 1984 Mollier
4549075 October 22, 1985 Saada et al.
4656474 April 7, 1987 Mollier
4677670 June 30, 1987 Henderson, Jr.
4807288 February 21, 1989 Ugon et al.
4823388 April 18, 1989 Mitzutani et al.
4882779 November 21, 1989 Rahtgen
4907272 March 6, 1990 Hazard et al.
4910773 March 20, 1990 Hazard et al.
4926480 May 15, 1990 Chaum
4935962 June 19, 1990 Austin
4974193 November 27, 1990 Beutelspacher et al.
4989244 January 29, 1991 Naruse et al.
Foreign Patent Documents
0114368 August 1984 EPX
0147716 July 1985 EPX
0194839 April 1986 EPX
0277247 August 1988 EPX
0285520 October 1988 EPX
0396894 November 1990 EPX
166541B1 March 1991 EPX
2526977 June 1988 FRX
3681797 March 1988 DEX
1399020 June 1975 GBX
Other references
  • "Smart Credit Cards: The answer to cashless shopping" IEEE Spectrum pp. 43-49, Feb. 1984.
Patent History
Patent number: RE36310
Type: Grant
Filed: May 10, 1996
Date of Patent: Sep 21, 1999
Assignee: Kommunedata I/S (Copenhagen)
Inventors: Jorgen Bjerrum (Oure), Steen Ottosen (Odense So), Sven Kjaer Nielsen (Albertslund)
Primary Examiner: Salvatore Cangialosi
Law Firm: Merchant Gould Smith Edell Welter & Schmidt
Application Number: 8/644,286
Classifications
Current U.S. Class: 380/25; 380/23
International Classification: H04L 912;