1. Field of the Invention
The present invention is directed to a method for the secure distribution of security modules, particularly for postage meter machines, from a manufacturing location via a distribution location and a user location. The invention also is directed to a distribution system for the secure distribution of security modules.
2. Description of the Prior Art
Like microprocessors and memory modules, security modules, particularly embedded systems can be manufactured in large numbers at central locations that are especially suited for mass production. Such security modules are utilized in various devices, particularly in those devices wherein specific values of their users are stored. Examples are postage meter machines, cash registers, electronic purses, PCs, notebooks, palmtops and mobile telephones. When these devices are likewise mass-produced goods, then the customer—the later user—is most comfortable acquiring these together with the appertaining security module directly by mail order or retail sales, usually without any further contact with the manufacturer of the security modules.
In order to assure a dependable cryptographic initialization and an efficient distribution of the security modules, the initialization should ensue at the production location. This would require central or decentralized initialization centers, that would be cost-intensive. In general, the production locations for mass products, and the locations of their subsequent operators that would be liable to damage due to compromised keys are in different countries, and thus, in different jurisdictions. Legal-based assertions between producers and operators of security modules are thus made more difficult from the very outset, however, it would be desirable to make them as rare as possible, or to avoid them entirely on the basis of measures that instill technical confidence. If there were manufacturing sources that the user does not trust, then there would be a security problem. To allow the subsequent operator to inspect the production process would be impractical and costly.
Various models of postage meter machines currently in the marketplace are equipped with a postal security device having a security module. This essentially serves for storing and accounting electronic postage fees and for generating electronic signatures for generating valid franking imprints (indicia). The security module must, obviously be protected against any and all type of manipulation during production, during transport and when used. This usually currently ensues with mechanical protective measures such as a closed housing around the security module. Moreover, every produced security module is cryptographically initialized and registered (certified) before it can be placed into use. Since, however, this preferably ensues at the location at which the security module is produced, the security demands of national postal authorities such as the U.S. Postal Service are not met. These demand an assurance for the security of security modules during transport as well and before initialization, particularly a registration at the final user of the postage meter machine or at a national service center. This, however, requires the establishment of national service centers and means an increased outlay for time, equipment, packaging and other handling.
An object of the present invention is to provide a method and a distribution system for the distribution of cryptographically initialized security modules with which, for protection against manipulation under the supervision of the later operator of the security module, it should be assured under all circumstances, i.e. even given a comprehensive compromise of the cryptographic initialization at the production location, for example given large-scale bribery of the personnel, that only devices with security modules whose cryptographic keys have not been compromised can be placed in operation by the customer.
This object is inventively achieved by a method operating on the basis that a successful protection against manipulation with fraudulent intent can be achieved by producing and checking specific markings, possibly in combination with corresponding certificates. A first marking ensues at the location of the manufacturer in a manufacturer's center following a first cryptographic initialization of the security module. The first marking is preferably a public key printed on a first label, and the label is preferably applied to the shipping packaging of the security module, or of a device having an integrated security module. The first marking can contain the electronic key to be sent in unencrypted or encrypted form, dependent on whether the key to be sent is a public key or a private (secret) key. The encryption can, for example, ensue by means of a hash algorithm.
A second marking ensues remote from the place of manufacture at a distribution center in a distribution location, or a facility referred to as an import point that is provided for a specific region or a specific country. The second marking ensues upon import and registration of the packaging with the security module. This enables an identification of the packaging during later registration of the security module, triggered by the user situated at the place of employment before requested data can be loaded onto the security module, or before the postage meter machine and before the postage meter machine can be used. The identification code generated at the distribution location is stored for this purpose in a remote, central data bank.
The verification inventively ensues with a verification code that is generated from the identification code and from the electronic key stored in the security module. A digital signature or an authentification code, for example a MAC (message authentification code), is preferably employed.
The inventive method and the inventive distribution system assure a dependable distribution of security modules, whereby the devices, for example postage meter machines, packaged customized and including the already-installed security modules, or the separately distributed and/or separately packaged security modules, need not be unpacked at the distribution location or at the import point. It is thereby especially economical to have a single, central import point in a country or in a region through which all packaged devices or security modules are imported. This import point can be regularly inspected by the operator with justifiable outlay or even can be operated by the operator. Unpacking and inspecting all incoming devices or security modules at this import point, which would be very complicated, inventively is no longer required.
Preferably the manufacturing center applies a label to the packaging of the security module, an electronic key being printed thereon in encrypted or unencrypted form, for example as a bar code. This machine-readable marking is then read by the distribution center or at the import point and is employed for identification, whereupon a second label with the identification code is applied to the packaging. This is either glued over the first label or the first label is removed, so that it can no longer be read subsequently in any case, particularly by a user. The identification code also can be applied on the label encrypted or unencrypted as a bar code. Instead of labels with bar codes, other possibilities for sending or applying the electronic key and/or the identification code to the packaging or to the security module itself are conceivable, such as, for example, chip cards, magnetic strip cards or ID tags. It is again preferred that the electronic key stored by the manufacture is erased by the distribution center or at the import point and is replaced by the identification code.
In a further embodiment of the invention, the use of an authentification algorithm and a single electronic key is provided at the manufacturer. Such an authentification algorithm can be part of a MAC (message authentification code). Additionally, this electronic key can be stored in the security module and sent simultaneously with the security module in a form capable of being read from the outside, on the basis of a single key known only to the manufacturer or to a manufacturer's center and a service center in the region of the user. The electronic key, which is then stored on the security module, is likewise known to the user and can be employed later for encryption of further information, for example, between the user and the service center.
Alternatively, an electronic key pair having a private and a public key is employed in a further embodiment. This is generated with a digital signature algorithm such as, for example, a RSA (Rivest Shamir, Adleman), a DSA (digital signature algorithm) or a ECDSA (elliptic curve DSA). The public key is preferably stored in the central data bank which the distribution center and the service center also can access and is sent in externally readable form with the security module, whereas the private key is stored only in the security module and is shipped together with it. An electronic key pair composed of a private key and a public key can likewise be employed for producing certificates with which the security module can be identified and that enhance the protection against manipulation. A separate electronic key pair can be provided at the manufacturer's center as well as in the distribution center.
Alternatively to a central data bank wherein specific electronic keys, the identification code and possibly generated certificates are stored in encrypted or unencrypted form, these can be communicated from the manufacturer's center to the distribution center and/or the regional service center via a separate network, stored in the security module or in some other way, for example with a data carrier that is mailed. This has the advantage that the central data bank, which preferably contains the data of all globally utilized security modules, only has to meet lower security demands, or can be fashioned smaller or can be entirely eliminated.
The invention, of course, also can be used when there are separate manufacturers or manufacturer's centers for the security module and the application device, for example the postage meter machine. The security modules are then sent to the manufacturer of the postage mater machine in the described way, where the security module can be identified and registered and can be subsequently installed into the postage meter machine. The inventive method also can be used when shipping the postage meter machine equipped with the security module.
The inventive distribution system shown in
Further, there can be a regional operator in each region who operates all devices with security modules in this region, whereby this can also be a postal authority. The regional operator is the operator who is liable for damages that result from the compromise of a security module that is registered in this region. It is assumed due to this liability that the regional operator trusts the distribution center of his region, i.e. that, for example, the regional operator regularly inspects it, or has it inspected.
The inventive method is explained in greater detail below. The manufacturing center 1, i addition to manufacturing the security module 7, operates a local manufacturer server (manufacturing service center) 6 in the immediate proximity of the production end point of the factory. First, the manufacturer server 6 generates an electronic manufacturer key pair (sk1, vk1) (Step 20 in
The distribution center 2, which serves as the import point for all security modules to be operated in a specific region, also initially generates a distributor key pair (sk2, vk2) with a private key sk2 and a public key vk2 (Step 21). Items referred to as entry certificates thus can be generated for th security modules as digital signatures that can be stored in the central data bank 4. The various distributor centers of the different regions or countries do not know the public distribution keys of the other distribution centers. Each distribution center need only be in the position of being able to check its own entries in the central data bank 4. It is also fundamentally possible to provide a number of distribution centers 2 or import points for a country or a region.
After a security module 7 has been manufactured and provided with the mechanical protection devices, it is connected to the manufacturer server 6, for example via an intervening registration PC (not shown). This requests a public key from the security module 7, whereby the request contains the public manufacturer key vk1 and the request to produce a transport key pair (Step 22). The security module 7 stores the key vk1 in a non-volatile memory and generates the requested transport key pair (stk, vtk) that contains a signing transport key stk and a verifying transport key vtk (Step 23). Whereas the private key stk is kept private by the security module 7 and is only stored thereat, the security module 7 forwards a unique serial number S, that was assigned during manufacture, and the verifying transport key vtk to the manufacturer server 6 via the registration PC (Step 24). This subsequently generates a public key certificate c1 (Step 25) with the assistance of a private key sk1 and a signing algorithm cert, this being subsequently stored in the public, remote central data bank 4 (Step 26) together with the serial number S and the verifying transport key vtk. After this initial registration, the security module 7 will never again output its verifying transport key vtk; thus a storing thereof is also not required.
There are suitable products such as, for example, a client-server architecture on the basis of Windows NT that are available for the realization of the registration PC.
Subsequently, the security module 7 is packaged in a transport packaging 8. The security module 7 can be contained in a separate packaging or together with a user device 71, for example a postage meter machine, in a common packaging 8. In the latter instance, the security module 7, as shown in
The packagings are subsequently sent from the manufacturer center 1 directly to the distribution center 2 in the respective regions wherein the postage meter machines 71 or the security modules 7 are then to be sold and used. The bar codes of every incoming packaging 9 are read at the distribution center 2 with a scanner 10 that is connected to a corresponding computer 11 with a connected printer 12. An identification code ID is subsequently randomly selected for each serial number s and each verifying transport key vtk, even when the ultimate consumer of the product is neither known already or identified. The number of customer numbers must thereby be large enough so that conflicts (duplications) of the identification codes are extremely rare and it is practically impossible to guess which identification code has been assigned to a specific security module. The use of identification codes having a length between 32 and 64 bits is therefore preferable.
Subsequently, the distribution center 2 operates the new identification code ID with the serial number s and the verifying transport key vtk on the packaging, in that the identification code ID is printed onto a new label 13 that is glued over the first label 9 on the packaging 8, so that the bar code of the first label 9 can no longer be read. To that end, the first label 9 alternatively can be removed before the label 13 is glued on. If the label or the bar code is attached to accompanying papers, the new label 13 is applied at this location. Preferably, the identification code ID is applied on the label 13 in normally readable form, whereby the exact format should take the properties of the input unit of the postage meter machine to be equipped with the security module into consideration. When, for example, the input unit has a number field, then the identification code ID can also be printed in decimal numbers. If, however, the input unit has only a number of specific, for example differently colored keys, then the identification code should be encoded in a corresponding way. Moreover, the distribution center 2 generates an entry certificate c2 from the serial number s, the verifying transport vtk and the identification code ID with the assistance of a private distributor code sk2 using a signing algorithm cert (Step 28). This, finally, is stored together with the identification code ID in the central data bank 4 and is allocated thereat to the already-stored data of the security module (Step 29).
In terms of concept, the central data bank is a large distributed list that centrally administers all public verifying keys of security modules for postage meter machines in all countries. Access to this global data bank 4 is strictly limited, with read and write accesses being limited to the service center 5, 6 and the distributor centers 2. The distributor centers 2 and the service centers of each region thus have access only to the keys that relate to the security modules operated in their region.
All packagings 8 with security modules processed in this way are subsequently directly marketed by the distribution centers 2 or distributed via retail merchants. In general, the distribution centers 2 do not know who the final consumer ultimately is, what product the consumer will receive nor when the consumer will receive it.
After a customer 3 has received a package 18 and removed the security module 7, it will be installed into the postage meter machine 71 insofar, as shown, it is not already installed, the interrupt operation will cease, and the machine 71 is connected to the telephone network. The postage meter machine 71 is then connected to a regional service center 5 of its region in order to be registered thereat. To that end, the security module 7 first generates a verification code sig from the private key stk stored in the security module 7 and from the identification code ID contained on the label 13 (Step 30). This verification code sig together with the identification code ID is then transmitted to the regional service center 5, which subsequently searches in the central data bank 4 to determine whether the transmitted identification code ID has been generated by the distributor 2 of this region and whether a valid entry certificate c2 is present (Steps 31, 32). Insofar as this is the case, the regional service center 5 receives a verification key vtk back from the central data bank 4 (Step 33), this then being used for the verification of the security module on the basis of the verification algorithm ver with reference to the generated verification code sig and the identification code ID (Step 34).
When this test is successful, the security module 7 and the appertaining postage meter machine 71 have been registered and released for use, whereupon the country-specific software, initialization and authorization can be downloaded. Subsequently, the security module is recognized as postal security device (PSD), so that the postage meter machine can be placed into operation, can download fee units and can generate frankings. As is apparent from the above explanation, it is not necessary in the invention that the packaging 8 of the security module 7 be opened on the route from the manufacturer to the ultimate consumer. Accordingly, seals can be attached to the packaging 8, so that an unauthorized opening of the packaging during transport can be easily detected by the user. As a result of employing in the described certificates and the described labels, extensive protection against manipulation with fraudulent intent is also achieved. Further, the security module 7 only can be placed into operation when the verification and registration at the end of the described method proceeds successfully.
Fundamentally, a distribution system must meet a number of security demands and offer protection against various manipulations. These are described in brief below:
The inventive method and the inventive distribution system can withstand all of these described misuses other than having the security module stolen from the customer and having the mechanical security devices broken open or the public transport key thereby becoming available to the tamperer. Given the inventive solution, a tamperer must obtain not only a registered key pair of transport keys but also an appertaining identification code. If a tamperer only obtains the registered transport key pair and, possibly, a security module, it is still necessary that the tamperer have an identification code therefor produced at the distributor. Otherwise, no identification code is entered into the central data bank and a registration or use will not ensue properly. After the distribution center generates an identification code and has stored it in the central data bank, a tamperer could also attempt to read this out from the central data bank or to intercept the security module on its transport path to the user in order to get the identification code. It should be noted that only authorized persons can order a packaging 8 with a security module 7 and a label with identification code.
The described, inventive distribution system has a distributed data bank with the highest security level that must be adequately protected against unauthorized access. This is assured because the infrastructure is a closed system without access possibility via the Internet.
Intercepting a packaging with a label on the distribution routes is generally considered adequately difficult. The number of shipments of security modules is relatively slight and it is also not possible to read a public transport key from a label without a bar code scanner. It is even more difficult when the label with the identification code is glued over the first label.
The most serious form of attempted fraud is probably the compromising of a large number of private transport keys at the manufacturer and comparing their public transport keys to the same number of packages that are placed on the store shelves in order to find at least a single coincidence. This type of fraud only functions when the tamperer can somehow recognize which packages on the store shelves coincide with which packages coming from the manufacturer. This could ensue in that a tamperer reads out the public transport key stored on the first label at the distribution center in some way or other before the second label is glued thereover. Another possibility would be the secret marking of packages at the manufacturer in order to be able to relocate the same packages later.
All of the described possible misuses, however, are suppressed or largely avoided given the inventive distribution system and method, so that the security measures that are provided can be evaded only given extremely great outlay.
A second embodiment of the inventive distribution system and of the inventive method shall be explained on the basis of
At the distribution center 2, the hash value h is read from the label 9 with the scanner 10, an identification code ID is generated and printed onto the second label 13, which is then applied over the label 9 on the packaging 8 (Step 48). The identification code ID is likewise stored in the central data bank 4 and is allocated therein to the hash value h (Step 49).
At the user location 3, the security module 7, after it arrives, generates a verification code M, also referred to as MAC (message authentication code), from the transport key tk that is stored in the security module and from the identification code ID of the label 13 with an authentification algorithm (Step 50). This verification code m together with the identification code ID and the certificate c1 is transmitted to the regional service center 5 (Step 51). Thereat, the certificate c1 is decrypted with the assistance of a private key k1 using a decryption algorithm dec, the transport key tk deriving therefrom, a hash value h being subsequently calculated therefrom (Step 52). Subsequently, the regional service center 5 checks whether the identification code ID and the hash value h are contained in the central data bank 4 (Step 53). Insofar as this is the case, finally, the verification ensues with the verification algorithm ver with the assistance of the transport key tk, of the identification code ID and of the verification code m (Step 54). Given successful verification, the registration can then ensue whereupon the security module can be employed as intended.
Although modifications and changes may be suggested by those skilled in the art, it is the intention of the inventor to embody within the patent warranted hereon all changes and modifications as reasonably and properly come within the scope of his contribution to the art.
Number | Date | Country | Kind |
---|---|---|---|
100 20 904 | Apr 2000 | DE | national |
Number | Name | Date | Kind |
---|---|---|---|
5153842 | Dlugos, Sr. et al. | Oct 1992 | A |
5636277 | Nagahama | Jun 1997 | A |
5786587 | Colgate, Jr. | Jul 1998 | A |
6289452 | Arnold et al. | Sep 2001 | B1 |
Number | Date | Country |
---|---|---|
19507044 | Jan 1995 | DK |
0 735 722 | Oct 1996 | EP |
0 845 762 | Jun 1998 | EP |
0 948 158 | Oct 1999 | EP |
WO 9857302 | Dec 1998 | WO |
Number | Date | Country | |
---|---|---|---|
20020046175 A1 | Apr 2002 | US |