[go: up one dir, main page]

EP1039422B1 - Checking the authenticity of a portable data carrier - Google Patents

Checking the authenticity of a portable data carrier Download PDF

Info

Publication number
EP1039422B1
EP1039422B1 EP00104583A EP00104583A EP1039422B1 EP 1039422 B1 EP1039422 B1 EP 1039422B1 EP 00104583 A EP00104583 A EP 00104583A EP 00104583 A EP00104583 A EP 00104583A EP 1039422 B1 EP1039422 B1 EP 1039422B1
Authority
EP
European Patent Office
Prior art keywords
intermediate unit
authenticity
data carrier
unit according
portable data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP00104583A
Other languages
German (de)
French (fr)
Other versions
EP1039422A2 (en
EP1039422A3 (en
Inventor
Yahya Haghiri
Michael Lamla
Dieter Weiss
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP1039422A2 publication Critical patent/EP1039422A2/en
Publication of EP1039422A3 publication Critical patent/EP1039422A3/en
Application granted granted Critical
Publication of EP1039422B1 publication Critical patent/EP1039422B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification

Definitions

  • the invention relates to an intermediate unit for use in connection with a device for testing the authenticity of a portable data carrier according to the preamble of the main claim
  • a device for checking the authenticity is known eg from the DE-A-44 19 805 .
  • a portable data carrier is equipped with a hardware feature, which preferably has the form of a logic circuit and allows the defined generation of a response data set from an input data set.
  • the response data record generation is carried out at such a high speed that an equally fast replication of the changes made by a program, ie in software form is not possible.
  • the testing unit has an evaluation circuit adapted to the hardware feature and is connected to the hardware feature via a separate, fast data transmission channel.
  • the concept described in the DE-A-197 39 448 also proposed to perform the authenticity check using special additional devices and a special transmission channel.
  • the known concept substantially improves the security of data carriers by effectively suppressing a simple duplication of the hardware structure.
  • it requires the provision of a test circuit and a sufficiently fast data transmission channel to the disk-side hardware feature. Therefore, the concept is usually not suitable for existing, accessing to a disk arrays that do not have these prerequisites.
  • a two-part electronic device which consists of a conventional chip card on the one hand and a receiving the chip card receiving unit on the other.
  • the recording unit adds additional features such as operating and display elements to the chip card, so that an overall "smart card device" is created.
  • a function of the expanded chip card device is inter alia the checking of the authentication of a chip card in relation to the receiving unit.
  • US-A-5,599,231 discloses a solution based on the use of ID cards to secure a data processing system against unauthorized use.
  • the security is achieved by means of special integrated circuits which are present on the ID card on the one hand and in the data processing device to be secured on the other hand and which perform an authentication algorithm.
  • US 5,811,770 further discloses a solution for securing a financial transaction executed at a terminal by means of a smart card. Core of the proposed solution is also the implementation of an authentication of a presented smart card.
  • the invention has the object of developing the concept of authentication of portable data carriers so that it can be used in a simple manner even if a device accessing a portable data carrier does not have a test module and a sufficiently fast data channel.
  • the test module and the fast data transmission channel are realized in an intermediate unit, which is placed in the manner of an adapter between the portable data carrier and the device accessing it.
  • the intermediate unit has a first interface for data exchange with the portable data carrier and a second interface for establishing a connection to the device accessing the data carrier.
  • the second interface is mechanically configured to be connectable to the device without the need for further adjustments.
  • a preferred application for the inventive concept are chip cards and devices accessing them, for example in the form of terminals.
  • the second interface of the intermediate entity itself is particularly advantageous, like a chip card designed so that the intermediate state can be connected to an existing conventional chip card reading device of a terminal.
  • FIG. 1 shows in block structure representation of a portable data carrier 10, which is connected via an intermediate unit 20 to prove its authenticity with a device 30, which accesses a realized in the disk 10 function.
  • a portable data carrier 10 based on a smart card, which provides, for example, an exchange function.
  • a payment terminal short terminal, is used to carry out monetary transactions.
  • Main functional component of the chip card 10 is a microprocessor circuit 11. It implements a utility function set up on the chip card 10, for example an exchange function. Furthermore, there is a hardware element 12 in the form of a fast, a defined operation exporting logic circuit on the chip card 10.
  • the intermediate unit 20 has a test module 24, which is designed to verify the authenticity of the hardware element 12.
  • Test module 24 and hardware element 12 are connected to each other via a high-speed data channel 13.
  • the high-speed data channel 13 is physically designed as an independent structure tailored specifically to the proof of authenticity.
  • Another component of the intermediate unit 20 is a controllable data bus 22 with an interface for connecting the chip card 10 and an interface to the terminal 30.
  • the data bus 22 is also connected via a data link 25 to the test module 24.
  • a conventional serial or parallel data transmission path 21 which is routed to the processor circuit 11 on the one hand and to the data bus 22 on the other hand, is formed parallel to the high-speed data channel 13.
  • the intermediate unit 20 is connected to the terminal 30.
  • the data transmission path 23 forms a data transmission path between the terminal 30 and the portable data carrier 10.
  • the terminal 30 has a central processing unit 31 for its intended operation. In addition to terminal operating functions, it realizes in particular functions which can only be carried out with the integration of the chip card 10, e.g. Posting operations, and physically have the change of an existing in the integrated circuit 11 of the smart card 10 memory contents result.
  • the terminal 30 is designed for reading and writing a chip card 10 for this purpose.
  • the verification of the authenticity of a chip card 10 takes place via the high-speed data channel 13.
  • the test module 24 sends a check information to the chip card 10 located in the hardware element 12, which derives a response signal from it at high speed and sends back to the test module 24 without delay.
  • This first checks the timely receipt of the response signal in a given time window, then its substantive correctness.
  • For the authenticity check use is made of the fact that the total time required for generation and return of the response signal is shorter than the shortest possible time for a simulation of the same process by software.
  • the smart card 10 as real done on the data transmission path 21, 22, 23 expediently further, software-based security checks between smart card 10 and terminal 30, for example, a check of the user authorization by checking a PIN.
  • the test module 24 causes the deposition of a corresponding error signal to the terminal 30.
  • it blocks the controllable data bus 22, so that a data exchange between terminal 30 and portable data carrier 10 is not possible.
  • the terminal 30 makes an irreversible change in the chip card, which is also recognized by other terminals.
  • Fig. 2 illustrates an implementation of the in Fig. 1 reproduced functional structure.
  • the intermediate unit 20 has to receive a chip card 10 a receiving slot 201, wherein connections for the production of the high-speed data channel 13 and the regular data transmission path 21 are located.
  • a smart card 10 is inserted so that both high-speed data channel 13 as regular data transmission path 21 are established.
  • the intermediate unit 20 is in turn inserted into a receiving slot 301 formed in the terminal 30, such that the data transmission path 23 is set up to the central processor unit 31 of the terminal 30.
  • the intermediate unit 20 Preferably lies in the endlage, as in Fig. 2 indicated, only part of the structure of the intermediate unit 20, here called insertion portion 203, within the receiving shaft 301.
  • the other part of the building, referred to here as the head part 204, is outside the building of the terminal 30th
  • the receiving shaft 201 of the intermediate unit 20 for receiving the chip card 10 and the realization of the regular data transmission path 21 and the high-speed data channel 13 are formed in the manner of a conventional card reading unit for writing / reading a smart card.
  • the receiving shaft 201 of the intermediate unit 20 is designed as a conventional chip card write / read unit, which produces a contactless and / or contact-type data connection to corresponding contact means on the chip card 10, depending on the type of chip card 10.
  • the read / write unit 201 is connected to the test module 24. This is expediently likewise arranged in the head part 204 of the intermediate unit 20 directly on or in the read / write unit 201.
  • the read / write unit 201 is further guided on contact means 206, which are formed on the insertion section 203 and serve to establish the data transmission path 23 to the terminal 30.
  • the data transmission path 23 between the terminal 30 and the intermediate unit 20 in smart card technology is formed.
  • the Receiving shaft 301 of the terminal 30 is designed for this purpose in the manner of a conventional card reading unit.
  • the insertion section 203 of the intermediate unit 20 has correspondingly a flat, the geometry of a smart card having shape, are formed in the contact means 206 to the contacting and / or a coil for contactless data transmission.
  • Tuned to the terminal 30 is a read / write unit 302 for reading or writing chip cards. It forms the data transmission path 23 with the contact means 206.
  • the read / write unit 302 is connected to the central processor unit 31 via a data line 303.
  • the terminal 30 can, as in Fig. 2 implied to have the shape of a conventional payment terminal.
  • additional functional elements 207 are advantageously arranged to increase the application security of the chip card 10.
  • Possible additional elements 207 are, for example, sensors for detecting biometric features of a user in order to check the user authorization thereof. Equally suitable are fingerprint sensors, face recognition sensors and / or voice recognition sensors. The evaluation of the signals supplied by such sensors is expediently carried out directly in the intermediate unit 20.
  • the establishment of a user dialog can be provided by means of a display / input device designed for this purpose on the intermediate unit 20. A dialogue to be carried out with this can take place under control of the intermediate unit 20 alone, or else with the involvement of the central processor unit 31 of the terminal 30.
  • the formation of authenticity features for proving the authenticity of the intermediate unit 20, for example in the form of holograms mounted on a surface of the head part 204.
  • the intermediate unit 20 is equipped with means which support a fixed connection to the terminal 30. As in in Fig. 2 indicated, this can be arranged on the support surface between the head portion 204 of the intermediate unit 20 and the upper surface 304 of the terminal 30, a pressure-sensitive adhesive layer 34. Such is inexpensive and allows convenient handling, for example, covered with silicone paper, which is withdrawn immediately before the insertion of the intermediate unit 20 into the terminal 30. Also possible to support a durable connection between the intermediate unit 20 and terminal 30 also known mechanical means such as screws or staplers
  • intermediate unit 20 can be designed in construction and design while maintaining their basic functionality in a wide range.
  • a possible design variant to increase the mechanical stability of the transition between head 204 and insertion portion 203 is to create the receiving shaft 201 completely within the head part 204, so that the portable data carrier 10 is in theêtkekend position outside the terminal building.
  • the test module 24 can furthermore be covered with a protective layer which, in the case of attempting to manipulate the test module, causes the destruction of safety-relevant data in the test module 24, on the chip card 10 and / or in the terminal 30.
  • FIG. 3 illustrates an embodiment in which the intermediate unit 20 is almost completely in a correspondingly large-sized receiving shaft 301 of the terminal 30. Outside the terminal building is located as a head portion 204 only a propagated end surface, which serves to fix the intermediate unit 20 and carries any additional functional elements 207 as sensors for biometric feature detection.
  • Write / read unit 201 and test module 24 are formed in the insertion portion 203, ie they are in the insert end position within the receiving shaft 301.
  • the in Fig. 3 embodiment shown facilitated by the larger available space, the realization of the data transmission path 23 between the intermediate unit 20 and write / read unit 302 of the terminal 30.
  • the terminal 30 is provided with a specially adapted to the design of the intermediate unit 20 receiving shaft 301.
  • Fig. 4 shows a further embodiment of the intermediate unit 20. It has, in contrast to those in the Fig. 2 and 3 Variants shown no own receiving slot 201 for receiving a chip card 10. Instead, the terminal 30 has a large recess 40 in which the intermediate unit 20 and chip card 10 are placed against each other such that the inter-unit read / write unit 201 opposes the contact means of the smart card 10 and data transmission paths 21 and high-speed data channel 13 are established. Together, the intermediate unit 20 and the recess 40 of the terminal 30 form a receiving well 401, three sides of which are part of the terminal 30, the fourth being defined by the intermediate unit 20. For the chip card 10, the receiving shaft 401 with inserted intermediate unit 20 again forms a common reading device.
  • the remaining design of the intermediate unit 20 is expedient to the embodiment Fig. 3 ajar, ie the head part 204 is designed as a common end face on which any additional functional elements 207 are located, the test module 24 is arranged in the insertion portion 203.
  • the variant allows very much small intermediate units 20, but in turn requires that the terminal 30 for receiving the intermediate unit 20 is specially designed.
  • the intermediate unit 20 maintains the basic inventive concept, a variety of other variations of the intermediate unit 20 and its interaction with a terminal 30 are possible.
  • the proposed concept is not limited to the use of smart cards as a portable data carrier. Rather, it is also suitable for data carriers in other embodiments.
  • other concepts can be used besides the mentioned test by means of a high-speed data channel. In particular, all test methods whose security effect is based on an unabated, direct interaction between the data medium to be tested and the intermediate unit can be used particularly advantageously.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Credit Cards Or The Like (AREA)
  • Inspection Of Paper Currency And Valuable Securities (AREA)
  • Fittings On The Vehicle Exterior For Carrying Loads, And Devices For Holding Or Mounting Articles (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The device is connected to the data medium (10) via a data communications path (22-24) that is implemented with the use of an intermediate unit (20) with a test module (24) that automatically conducts communications with the portable data medium and checks the authenticity of the data medium. An Independent claim is also included for an intermediate unit for use with a device for checking the authenticity of a portable data medium.

Description

Die Erfindung betrifft eine Zwischeneinheit zur Verwendung in Verbindung mit einer Vorrichtung, zur Prüfung der Echtheit eines tragbaren Datenträgers nach der Gattung des HauptanspruchsThe invention relates to an intermediate unit for use in connection with a device for testing the authenticity of a portable data carrier according to the preamble of the main claim

Eine Vorrichtung zur Echtheitsprüfung ist bekannt z.B. aus der DE-A-44 19 805 . Danach ist ein tragbarer Datenträger mit einem Hardware-Merkmal ausgestattet, das vorzugsweise die Form einer logischen Schaltung hat und die definierte Erzeugung eines Antwortdatensatzes aus einem Eingangsdatensatz erlaubt. Die Antwortdatensatzerzeugung erfolgt dabei mit so hoher Geschwindigkeit, daß eine gleichschnelle Nachbildung der vorgenommenen Veränderungen durch ein Programm, d.h in Softwareform nicht möglich ist. Durch Prüfung, ob ein Datenträger in einem vorgegebenen Zeitfenster eine definierte Datenveränderung vornimmt, läßt sich deshalb feststellen, ob der Datenträger echt ist. Zur Durchführung der Prüfung besitzt die prüfende Einheit eine auf das Hardware-Merkmal abgestimmte Auswerteschaltung und ist über einen gesonderten, schnellen Datenübertragungskanal mit dem Hardware-Merkmal verbunden. Anknüpfend an das in der DE-A-44 19 805 beschriebene Konzept wird in der DE-A-197 39 448 zudem vorgeschlagen, die Echtheitsprüfung mit Hilfe spezieller Zusatzvorrichtungen sowie eines speziellen Übertragungskanales durchzuführen. Das bekannte Konzept verbessert wesentlich die Sicherheit von Datenträgern, indem es ein einfaches Duplizieren der Hardwarestruktur wirkungsvoll unterdrückt. Allerdings bedingt es die Bereitstellung einer Prüfschaltung sowie eines ausreichend schnellen Datenübertragungskanales zu dem datenträgerseitigen Hardware-Merkmal. Das Konzept eignet sich deshalb in der Regel nicht für bestehende, auf einen Datenträger zugreifende Anordnungen, die über diese Voraussetzungen nicht verfügen.A device for checking the authenticity is known eg from the DE-A-44 19 805 , Thereafter, a portable data carrier is equipped with a hardware feature, which preferably has the form of a logic circuit and allows the defined generation of a response data set from an input data set. The response data record generation is carried out at such a high speed that an equally fast replication of the changes made by a program, ie in software form is not possible. By checking whether a data carrier makes a defined data change in a given time window, it is therefore possible to determine whether the data carrier is genuine. To carry out the test, the testing unit has an evaluation circuit adapted to the hardware feature and is connected to the hardware feature via a separate, fast data transmission channel. Following on in the DE-A-44 19 805 The concept described in the DE-A-197 39 448 also proposed to perform the authenticity check using special additional devices and a special transmission channel. The known concept substantially improves the security of data carriers by effectively suppressing a simple duplication of the hardware structure. However, it requires the provision of a test circuit and a sufficiently fast data transmission channel to the disk-side hardware feature. Therefore, the concept is usually not suitable for existing, accessing to a disk arrays that do not have these prerequisites.

Aus der EP-A-790569 ist eine zweiteilige elektronische Einrichtung bekannt, die aus einer üblichen Chipkarte einerseits und einer die Chipkarte aufnehmenden Aufnahmeeinheit andererseits besteht. Die Aufnahmeeinheit fügt der Chipkarte dabei zusätzliche Funktionalitäten wie etwa Bedien- und Anzeigeelemente hinzu, so daß insgesamt eine erweiterte "Chipkarteneinrichtung" entsteht. Eine Funktion der erweiterten Chipkarteneinrichtung ist u. a. die Prüfung der Authentisierung einer Chipkarte gegenüber der Aufnahmeeinheit.From the EP-A-790 569 a two-part electronic device is known which consists of a conventional chip card on the one hand and a receiving the chip card receiving unit on the other. The recording unit adds additional features such as operating and display elements to the chip card, so that an overall "smart card device" is created. A function of the expanded chip card device is inter alia the checking of the authentication of a chip card in relation to the receiving unit.

US-A-5,599,231 offenbart eine auf der Verwendung von ID-Karten beruhende Lösung zur Sicherung einer Datenverarbeitungsanlage gegen unbefugte Nutzung. Die Sicherheit wird mittels besonderer integrierter Schaltkreise erreicht, die auf der ID-Karte einerseits und in der zu sichernden Datenverarbeitungseinrichtung andererseits vorhanden sind und die einen Authentisierungsalgorithmus durchführen. US-A-5,599,231 discloses a solution based on the use of ID cards to secure a data processing system against unauthorized use. The security is achieved by means of special integrated circuits which are present on the ID card on the one hand and in the data processing device to be secured on the other hand and which perform an authentication algorithm.

US 5,811,770 offenbart weiterhin eine Lösung zur Sicherung einer an einem Terminal ausgeführten Finanztransaktion mit Hilfe einer Chipkarte. Kern der vorgeschlagenen Lösung bildet ebenfalls die Durchführung einer Authentisierung einer präsentierten Chipkarte. US 5,811,770 further discloses a solution for securing a financial transaction executed at a terminal by means of a smart card. Core of the proposed solution is also the implementation of an authentication of a presented smart card.

Allen drei zuletzt genannten Dokumenten ist gemein, daß sie eine hardwarebasierte Prüfung eines tragbaren Datenträgers auf Echtheit nicht vorsehen. Allgemein richten sich die bekannten Lösungen ferner durchweg auf neu herzustellende Einrichtungen, in denen eine Sicherung von Anfang an berücksichtigt werden kann; keines der Dokumente offenbart eine nachrüstbare Lösung.All three last mentioned documents have in common that they do not provide a hardware-based check of a portable data carrier for authenticity. Generally, the known solutions are also consistently directed to new devices in which a fuse can be considered from the beginning; none of the documents discloses a retrofittable solution.

Der Erfindung liegt die Aufgabe zugrunde, das Konzept der Echtheitsprüfung von tragbaren Datenträgern so weiterzubilden, daß es in einfacher Weise auch dann einsetzbar ist, wenn ein auf einen tragbaren Datenträger zugreifende Vorrichtung nicht über ein Prüfmodul und einen hinreichend schnellen Datenkanal verfügt.The invention has the object of developing the concept of authentication of portable data carriers so that it can be used in a simple manner even if a device accessing a portable data carrier does not have a test module and a sufficiently fast data channel.

Diese Aufgabe wird gelöst durch eine Vorrichtung mit den Merkmalen des Hauptanspruchs.This object is achieved by a device having the features of the main claim.

Erfindungsgemäß sind Prüfmodul und schneller Datenübertragungskanal in einer Zwischeneinheit realisiert, welche nach Art eines Adapters zwischen dem tragbaren Datenträger und der darauf zugreifenden Vorrichtung plaziert ist. Die Zwischeneinheit besitzt eine erste Schnittstelle für einen Datenaustausch mit dem tragbaren Datenträger sowie eine zweite Schnittstelle zur Herstellung einer Verbindung zu der auf den Datenträger zugreifenden Vorrichtung. Die zweite Schnittstelle ist mechanisch so gestaltet, daß sie ohne Notwendigkeit zur Vornahme weiterer Anpassungen an die Vorrichtung anschließbar ist. Das ermöglicht in vorteilhafter Weise, auch ursprünglich dafür nicht vorgesehene Vorrichtungen mit Echtheitsprüfeinrichtungen auszustatten. Die Ausführung der Echtheitsnachweiseinrichtung als eigenständige Einheit gestattet dabei in vorteilhafter Weise die einfache Anpassung einer Vorrichtung an neu eingeführte Sicherheitsmerkmale durch Austausch der gesamten Echtheitsprüfeinrichtung. Jederzeit lassen sich auch vorhandene Echtheitsprüfeinrichtungen durch aktualisierte, z.B. mit weiteren Funktionen versehene Einrichtungen ersetzen. Eine bevorzugte Anwendung für das erfindungsgemäße Konzept bilden Chipkarten und darauf zugreifende Vorrichtungen, etwa in Form von Terminals. Besonders vorteilhaft ist dabei die zweite Schnittstelle der Zwischenheit selbst wiederum wie eine Chipkarte gestaltet, so daß die Zwischenheit an eine vorhandene übliche Chipkartenleseinrichtung eines Terminals anschließbar ist.According to the invention, the test module and the fast data transmission channel are realized in an intermediate unit, which is placed in the manner of an adapter between the portable data carrier and the device accessing it. The intermediate unit has a first interface for data exchange with the portable data carrier and a second interface for establishing a connection to the device accessing the data carrier. The second interface is mechanically configured to be connectable to the device without the need for further adjustments. This advantageously makes it possible to equip devices not originally provided for this purpose with authenticity checking devices. The execution of the authenticity verification device as an independent unit thereby allows advantageously the simple adaptation of a device to newly introduced security features by replacing the entire authenticity checking device. At any time existing authenticity testing devices can also be replaced by updated devices, eg with additional functions. A preferred application for the inventive concept are chip cards and devices accessing them, for example in the form of terminals. In this case, the second interface of the intermediate entity itself is particularly advantageous, like a chip card designed so that the intermediate state can be connected to an existing conventional chip card reading device of a terminal.

Nachfolgend wird ein Ausführungsbeispiel der Erfindung unter Bezugnahme auf die Zeichnung näher erläutert.An embodiment of the invention will be explained in more detail with reference to the drawing.

Es zeigen:

Fig. 1
das der vorgeschlagenen Anordnung zugrundeliegende Sicherheitskonzept,
Fig. 2
ein Terminal mit einer Zwischeneinheit in Seitenansicht,
Fig. 3
ein Terminal mit einer ersten abgewandelten Zwischeneinheit, und
Fig. 4
ein Terminal mit einer zweiten abgewandelten Zwischeneinheit.
Show it:
Fig. 1
the security concept underlying the proposed arrangement,
Fig. 2
a terminal with an intermediate unit in side view,
Fig. 3
a terminal with a first modified intermediate unit, and
Fig. 4
a terminal with a second modified intermediate unit.

Figur 1 zeigt in Blockstrukturdarstellung einen tragbaren Datenträger 10, welcher über eine Zwischeneinheit 20 zum Nachweis seiner Echtheit mit einem Gerät 30 verbunden ist, das auf eine in dem Datenträger 10 realisierte Funktion zugreift. Nachfolgend wird als Ausführungsform für einen tragbaren Datenträger 10 eine Chipkarte zugrundgelegt, welche beispielsweise eine Börsenfunktion bereitstellt. Als Gerät 30 wird ein Zahlungsverkehrsterminal, kurz Terminal, zur Durchführung von Geldwerttransaktionen angesetzt. FIG. 1 shows in block structure representation of a portable data carrier 10, which is connected via an intermediate unit 20 to prove its authenticity with a device 30, which accesses a realized in the disk 10 function. Hereinafter, an embodiment of a portable data carrier 10 based on a smart card, which provides, for example, an exchange function. As device 30, a payment terminal, short terminal, is used to carry out monetary transactions.

Hauptfunktionsbestandteil der Chipkarte 10 ist eine Mikroprozessorschaltung 11. Sie realisiert eine auf der Chipkarte 10 eingerichtete Nutzfunktion, z.B. eine Börsenfunktion. Weiterhin befindet sich auf der Chipkarte 10 ein Hardware-Element 12 in Form einer schnellen, eine definierte Operation ausführenden logischen Schaltung.Main functional component of the chip card 10 is a microprocessor circuit 11. It implements a utility function set up on the chip card 10, for example an exchange function. Furthermore, there is a hardware element 12 in the form of a fast, a defined operation exporting logic circuit on the chip card 10.

Als Gegenstück zu dem Hardware-Element 12 weist die Zwischeneinheit 20 ein Prüfmodul 24 auf, welches dazu ausgebildet ist, die Echtheit des Hardware-Elementes 12 zu verifizieren. Prüfmodul 24 und Hardware-Element 12 sind hierzu über einen Hochgeschwindigkeitsdatenkanal 13 miteinander verbunden.As a counterpart to the hardware element 12, the intermediate unit 20 has a test module 24, which is designed to verify the authenticity of the hardware element 12. Test module 24 and hardware element 12 are connected to each other via a high-speed data channel 13.

Zweckmäßig ist der Hochgeschwindigkeitsdatenkanal 13 physikalisch als eigenständige, speziell auf den Echtheitsnachweis zugeschnittene Struktur ausgebildet.Expediently, the high-speed data channel 13 is physically designed as an independent structure tailored specifically to the proof of authenticity.

Weiterer Bestandteil der Zwischeneinheit 20 ist ein steuerbarer Datenbus 22 mit einer Schnittstelle zum Anschluß der Chipkarte 10 sowie einer Schnittstelle zum Terminal 30. Der Datenbus 22 ist zudem über eine Datenverbindung 25 mit dem Prüfmodul 24 verbunden.Another component of the intermediate unit 20 is a controllable data bus 22 with an interface for connecting the chip card 10 and an interface to the terminal 30. The data bus 22 is also connected via a data link 25 to the test module 24.

Zwischen Prozessorschaltung 11 der Chipkarte 10 und Zwischeneinheit 20 ist parallel zu dem Hochgeschwindigkeitsdatenkanal 13 desweiteren eine übliche serielle oder parallele Datenübertragungsstrecke 21 ausgebildet, die an die Prozessorschaltung 11 einerseits sowie an den Datenbus 22 andererseits geführt ist.Between the processor circuit 11 of the chip card 10 and intermediate unit 20, a conventional serial or parallel data transmission path 21, which is routed to the processor circuit 11 on the one hand and to the data bus 22 on the other hand, is formed parallel to the high-speed data channel 13.

Über eine weitere reguläre, serielle oder parallele Datenübertragungsstrecke 23 ist die Zwischeneinheit 20 mit dem Terminal 30 verbunden. Zusammen mit der Datenübertragungsstrecke 21 und dem Bus 22 bildet die Datenübertragungsstrecke 23 eine Datenübertragungsstrecke zwischen dem Terminal 30 und dem tragbaren Datenträger 10.Via another regular, serial or parallel data transmission link 23, the intermediate unit 20 is connected to the terminal 30. Together with the data transmission path 21 and the bus 22, the data transmission path 23 forms a data transmission path between the terminal 30 and the portable data carrier 10.

Das Terminal 30 besitzt für seinen bestimmungsgemäßen Betrieb eine zentrale Prozessoreinheit 31. Sie realisiert neben Terminalbetriebsfunktionen insbesondere Funktionen, welche nur unter Einbindung der Chipkarte 10 ausführbar sind, z.B. Buchungsvorgänge, und physikalisch die Änderung eines im Integrierten Schaltkreis 11 der Chipkarte 10 vorhandenen Speicherinhaltes zur Folge haben. Das Terminal 30 ist hierfür zum Lesen und Beschreiben einer Chipkarte 10 ausgebildet.The terminal 30 has a central processing unit 31 for its intended operation. In addition to terminal operating functions, it realizes in particular functions which can only be carried out with the integration of the chip card 10, e.g. Posting operations, and physically have the change of an existing in the integrated circuit 11 of the smart card 10 memory contents result. The terminal 30 is designed for reading and writing a chip card 10 for this purpose.

Der Nachweis der Echtheit einer Chipkarte 10 erfolgt über den Hochgeschwindigkeitsdatenkanal 13. Dabei sendet das Prüfmodul 24 eine Prüfinformation an das in der Chipkarte 10 befindliche Hardware-Element 12, welches daraus mit hoher Geschwindigkeit ein Antwortsignal ableitet und unverzögert an das Prüfmodul 24 zurücksendet. Dieses prüft zunächst den fristgerechten Eingang des Antwortsignales in einem vorgegebenen Zeitfenster, anschließend seine inhaltliche Richtigkeit. Für die Echtheitsprüfung wird ausgenutzt, daß die für Erzeugung und die Rücksendung des Antwortsignales benötigte Gesamtzeit kürzer ist als die für eine Nachbildung desselben Vorganges durch Software kürzeste mögliche Zeit. Erweist sich danach die Chipkarte 10 als echt erfolgen über die Datenübertragungsstrecke 21, 22, 23 zweckmäßig weitere, softwarebasierte Sicherheitsprüfungen zwischen Chipkarte 10 und Terminal 30, z.B. eine Prüfung der Benutzungsberechtigung durch Prüfen einer PIN. Ist das Ergebnis der Echtheitsprüfung negativ, veranlaßt das Prüfmodul 24 die Absetzung eines entsprechenden Fehlersignales an das Terminal 30. Zudem blockiert es den steuerbaren Datenbus 22, so daß ein Datenaustausch zwischen Terminal 30 und tragbarem Datenträger 10 nicht möglich ist. Desweiteren kann vorgesehen sein, daß das Terminal 30 in der Chipkarte eine irreversible Änderung vornimmt, welche auch von anderen Terminals erkannt wird.The verification of the authenticity of a chip card 10 takes place via the high-speed data channel 13. In this case, the test module 24 sends a check information to the chip card 10 located in the hardware element 12, which derives a response signal from it at high speed and sends back to the test module 24 without delay. This first checks the timely receipt of the response signal in a given time window, then its substantive correctness. For the authenticity check, use is made of the fact that the total time required for generation and return of the response signal is shorter than the shortest possible time for a simulation of the same process by software. Proves then the smart card 10 as real done on the data transmission path 21, 22, 23 expediently further, software-based security checks between smart card 10 and terminal 30, for example, a check of the user authorization by checking a PIN. If the result of the authentication is negative, the test module 24 causes the deposition of a corresponding error signal to the terminal 30. In addition, it blocks the controllable data bus 22, so that a data exchange between terminal 30 and portable data carrier 10 is not possible. Furthermore, it can be provided that the terminal 30 makes an irreversible change in the chip card, which is also recognized by other terminals.

Fig. 2 veranschaulicht eine Realisierungsform der in Fig. 1 wiedergegebenen Funktionsstruktur. Die Zwischeneinheit 20 besitzt dabei zur Aufnahme einer Chipkarte 10 einen Aufnahmeschacht 201, worin sich Anschlüsse zur Herstellung des Hochgeschwindigkeitsdatenkanales 13 und der regulären Datenübertragungsstrecke 21 befinden. In den Aufnahmeschacht 201 ist eine Chipkarte 10 so eingesetzt, daß sowohl Hochgeschwindigkeitsdatenkanal 13 wie reguläre Datenübertragungsstrecke 21 eingerichtet sind. Fig. 2 illustrates an implementation of the in Fig. 1 reproduced functional structure. The intermediate unit 20 has to receive a chip card 10 a receiving slot 201, wherein connections for the production of the high-speed data channel 13 and the regular data transmission path 21 are located. In the receiving slot 201, a smart card 10 is inserted so that both high-speed data channel 13 as regular data transmission path 21 are established.

Die Zwischeneinheit 20 ist ihrerseits in einen in dem Terminal 30 ausgebildeten Aufnahmeschacht 301 eingesetzt, derart daß die Datenübertragungsstrecke 23 zur zentralen Prozessoreinheit 31 des Terminals 30 eingerichtet ist. Vorzugsweise liegt dabei in der Einsatzendlage, wie in Fig. 2 angedeutet, nur ein Teil des Baukörpers der Zwischeneinheit 20, hier Einschubabschnitt 203 genannt, innerhalb des Aufnahmeschachtes 301. Der andere Teil des Baukörpers, hier als Kopfteil 204 bezeichnet, liegt außerhalb des Baukörpers des Terminals 30.The intermediate unit 20 is in turn inserted into a receiving slot 301 formed in the terminal 30, such that the data transmission path 23 is set up to the central processor unit 31 of the terminal 30. Preferably lies in the Einsatzendlage, as in Fig. 2 indicated, only part of the structure of the intermediate unit 20, here called insertion portion 203, within the receiving shaft 301. The other part of the building, referred to here as the head part 204, is outside the building of the terminal 30th

Zweckmäßig sind der Aufnahmeschacht 201 der Zwischeneinheit 20 zur Aufnahme der Chipkarte 10 sowie die Realisierung der regulären Datenübertragungsstrecke 21 und des Hochgeschwindigkeitesdatenkanal 13 nach Art einer üblichen Kartenleseeinheit zum Beschreiben/Lesen einer Chipkarte ausgebildet. Zur Realisierung der Schnittstellen ist der Aufnahmeschacht 201 der Zwischeneinheit 20 entsprechend als übliche Chipkarten-Schreib/Leseeinheit ausgeführt, welche je nach Typ der Chipkarte 10 eine kontaktlose und/oder eine kontaktbehaftete Datenverbindung zu entsprechenden Kontaktmitteln auf der Chipkarte 10 herstellt. Über eine Datenleitung 205 ist die Schreib/Leseeinheit 201 mit dem Prüfmodul 24 verbunden. Das ist zweckmäßig ebenfalls im Kopfteil 204 der Zwischeneinheit 20 unmittelbar an oder in der Schreib/Leseeinheit 201 angeordnet. Für diese Anordnungsart läßt sich durch entsprechende Gestaltung des Kopfteiles 204 auf einfache Weise ausreichend Bauraum bereitstellen. Über eine weitere Datenleitung 208 ist die Schreib/Leseeinheit 201 desweitweren auf Kontaktmittel 206 geführt, welche auf dem Einschubabschnitt 203 ausgebildet sind und zur Herstellung der Datenübertragungsstreke 23 zum Terminal 30 dienen.Suitably, the receiving shaft 201 of the intermediate unit 20 for receiving the chip card 10 and the realization of the regular data transmission path 21 and the high-speed data channel 13 are formed in the manner of a conventional card reading unit for writing / reading a smart card. In order to realize the interfaces, the receiving shaft 201 of the intermediate unit 20 is designed as a conventional chip card write / read unit, which produces a contactless and / or contact-type data connection to corresponding contact means on the chip card 10, depending on the type of chip card 10. Via a data line 205, the read / write unit 201 is connected to the test module 24. This is expediently likewise arranged in the head part 204 of the intermediate unit 20 directly on or in the read / write unit 201. For this type of arrangement can be provided by appropriate design of the head portion 204 in a simple manner sufficient space. Via a further data line 208, the read / write unit 201 is further guided on contact means 206, which are formed on the insertion section 203 and serve to establish the data transmission path 23 to the terminal 30.

Zweckmäßig ist ferner auch die Datenübertragungsstrecke 23 zwischen Terminal 30 und Zwischeneinheit 20 in Chipkartentechnik ausgebildet. Der Aufnahmeschacht 301 des Terminals 30 ist dazu nach Art einer üblichen Kartenleseeinheit ausgeführt. Der Einschubabschnitt 203 der Zwischeneinheit 20 besitzt entsprechend eine flache, die Geometrie einer Chipkarte aufweisende Gestalt, in der Kontaktmittel 206 zur kontaktierenden und/oder eine Spule zur kontaktlosen Datenübertragung ausgebildet sind. Darauf abgestimmt befindet sich im Terminal 30 eine Schreib/Leseeinheit 302 zum Lesen bzw. Beschreiben von Chipkarten. Mit den Kontaktmitteln 206 bildet sie die Datenübertragungsstrecke 23. Über eine Datenleitung 303 ist die Schreib/Leseeinheit 302 mit der zentralen Prozessoreinheit 31 verbunden. Das Terminal 30 kann, wie in Fig. 2 angedeutet, die Gestalt eines üblichen Zahlungsverkehrsterminals haben.Expediently, furthermore, the data transmission path 23 between the terminal 30 and the intermediate unit 20 in smart card technology is formed. Of the Receiving shaft 301 of the terminal 30 is designed for this purpose in the manner of a conventional card reading unit. The insertion section 203 of the intermediate unit 20 has correspondingly a flat, the geometry of a smart card having shape, are formed in the contact means 206 to the contacting and / or a coil for contactless data transmission. Tuned to the terminal 30 is a read / write unit 302 for reading or writing chip cards. It forms the data transmission path 23 with the contact means 206. The read / write unit 302 is connected to the central processor unit 31 via a data line 303. The terminal 30 can, as in Fig. 2 implied to have the shape of a conventional payment terminal.

In der Zwischeneinheit 20 sind zur Erhöhung der Anwendungssicherheit der Chipkarte 10 vorteilhaft zusätzliche Funktionselemente 207 angeordnet. Mögliche Zusatzelemente 207 sind beispielsweise Sensoren zur Erfassung biometrischer Merkmale eines Benutzers, um damit dessen Benutzungsautorisierung zu prüfen. Gleichermaßen geeignet sind dabei Fingerabdrucksensoren, Gesichtserkennungssensoren und/oder Stimmerkennungssensoren. Die Auswertung der von solchen Sensoren gelieferten Signale erfolgt zweckmäßig unmittelbar in der Zwischeneinheit 20. Desweiteren kann, alternativ oder ergänzend zur Erfassung biometrischer Merkmale, die Einrichtung eines Benutzerdialoges mittels einer dazu auf der Zwischeneinheit 20 ausgebildeten Anzeige/Eingabeeinrichtung vorgesehen sein. Ein damit durchzuführender Dialog kann unter Steuerung alleine der Zwischeneinheit 20, oder auch unter Einbeziehung der zentralen Prozessoreinheit 31 des Terminals 30 erfolgen. Zweckmäßig ist desweiteren die Ausbildung von Echtheitsmerkmalen zum Nachweis der Echtheit der Zwischeneinheit 20, etwa in Form von auf einer Oberfläche des Kopfteiles 204 angebrachten Hologrammen.In the intermediate unit 20, additional functional elements 207 are advantageously arranged to increase the application security of the chip card 10. Possible additional elements 207 are, for example, sensors for detecting biometric features of a user in order to check the user authorization thereof. Equally suitable are fingerprint sensors, face recognition sensors and / or voice recognition sensors. The evaluation of the signals supplied by such sensors is expediently carried out directly in the intermediate unit 20. Furthermore, alternatively or additionally to the detection of biometric features, the establishment of a user dialog can be provided by means of a display / input device designed for this purpose on the intermediate unit 20. A dialogue to be carried out with this can take place under control of the intermediate unit 20 alone, or else with the involvement of the central processor unit 31 of the terminal 30. Expediently, furthermore, is the formation of authenticity features for proving the authenticity of the intermediate unit 20, for example in the form of holograms mounted on a surface of the head part 204.

Vorteilhaft ist die Zwischeneinheit 20 mit Mitteln ausgerüstet, welche eine feste Verbindung zum Terminal 30 unterstützen. Wie in in Fig. 2 angedeutet, kann hierzu an der Auflagefläche zwischen dem Kopfteil 204 des Zwischeneinheit 20 und der Oberseite 304 des Terminals 30 eine Haftklebeschicht 34 angeordnet sein. Eine solche ist kostengünstig und erlaubt eine bequeme Handhabung, indem sie z.B. mit Silikonpapier bedeckt ist, das unmittelbar vor dem Einsetzen der Zwischeneinheit 20 in das Terminal 30 abgezogen wird. Ebenso möglich sind zur Unterstützung einer haltbaren Verbindung zwischen Zwischeneinheit 20 und Terminal 30 daneben auch bekannte mechanische Mittel wie Schrauben oder KlammervorrichtungenAdvantageously, the intermediate unit 20 is equipped with means which support a fixed connection to the terminal 30. As in in Fig. 2 indicated, this can be arranged on the support surface between the head portion 204 of the intermediate unit 20 and the upper surface 304 of the terminal 30, a pressure-sensitive adhesive layer 34. Such is inexpensive and allows convenient handling, for example, covered with silicone paper, which is withdrawn immediately before the insertion of the intermediate unit 20 into the terminal 30. Also possible to support a durable connection between the intermediate unit 20 and terminal 30 also known mechanical means such as screws or staplers

Die in Fig. 2 gezeigte Zwischeneinheit 20 ist in Aufbau und Gestaltung unter Beibehaltung ihrer grundsätzlichen Funktionalität in weitem Rahmen gestaltbar. So besteht eine mögliche Gestaltungsvariante zur Erhöhung der mechanischen Stabilität des Überganges zwischen Kopfteil 204 und Einschubabschnitt 203 darin, den Aufnahmeschacht 201 vollständig innerhalb des Kopfteiles 204 anzulegen, so daß der tragbare Datenträger 10 in der Einstekkendlage außerhalb des Terminalbaukörpers liegt. Zur Erhöhung der Sicherheit kann ferner das Prüfmodul 24 mit einer Schutzschicht bedeckt sein, welche im Falle des Versuches einer Manipulation an dem Prüfmodul die Zerstörung sicherheitsrelevanter Daten im Prüfmodul 24, auf der Chipkarte 10 und/oder im Terminal 30 bewirkt.In the Fig. 2 shown intermediate unit 20 can be designed in construction and design while maintaining their basic functionality in a wide range. Thus, a possible design variant to increase the mechanical stability of the transition between head 204 and insertion portion 203 is to create the receiving shaft 201 completely within the head part 204, so that the portable data carrier 10 is in the Einekekend position outside the terminal building. To increase the security, the test module 24 can furthermore be covered with a protective layer which, in the case of attempting to manipulate the test module, causes the destruction of safety-relevant data in the test module 24, on the chip card 10 and / or in the terminal 30.

Nicht zwingend ist weiter die Gestaltung des in den Terminalaufnahmeschacht 301 eingreifenden Einschubabschnittes 203 in Form einer Chipkarte. Fig. 3 veranschaulicht eine Ausführungsvariante, bei der die Zwischeneinheit 20 sich nahezu vollständig in einem entsprechend groß dimensionierten Aufnahmeschacht 301 des Terminals 30 befindet. Außerhalb des Terminalbaukörpers liegt als Kopfteil 204 nur eine verbreiteterte Endfläche, die zur Fixierung der Zwischeneinheit 20 dient und die gegebenenfalls vorhandenen zusätzlichen Funktionselemente 207 wie Sensoren zur biometrischen Merkmalserfassung trägt. Schreib/Leseeinheit 201 und Prüfmodul 24 sind im Einschubabschnitt 203 ausgebildet, d.h. sie liegen in der Einsatzendlage innerhalb des Aufnahmeschachtes 301. Die in Fig. 3 dargestellte Ausführungsvariante erleichtert durch den größeren zur Verfügung stehenden Bauraum die Realisierung der Datenübertragungsstrecke 23 zwischen Zwischeneinheit 20 und Schreib/Leseeinheit 302 des Terminals 30. Allerdings bedingt sie, daß das Terminal 30 mit einem speziell auf die Bauform der Zwischeneinheit 20 angepaßten Aufnahmeschacht 301 versehen ist.Not necessarily further is the design of the engaging in the terminal receiving slot 301 insertion portion 203 in the form of a smart card. Fig. 3 illustrates an embodiment in which the intermediate unit 20 is almost completely in a correspondingly large-sized receiving shaft 301 of the terminal 30. Outside the terminal building is located as a head portion 204 only a propagated end surface, which serves to fix the intermediate unit 20 and carries any additional functional elements 207 as sensors for biometric feature detection. Write / read unit 201 and test module 24 are formed in the insertion portion 203, ie they are in the insert end position within the receiving shaft 301. The in Fig. 3 embodiment shown facilitated by the larger available space, the realization of the data transmission path 23 between the intermediate unit 20 and write / read unit 302 of the terminal 30. However, it requires that the terminal 30 is provided with a specially adapted to the design of the intermediate unit 20 receiving shaft 301.

Fig. 4 zeigt eine weitere Ausführungsvariante der Zwischeneinheit 20. Sie weist im Unterschied zu den in den Fig. 2 und 3 gezeigten Varianten keinen eigenen Aufnahmeschacht 201 zur Aufnahme einer Chipkarte 10 auf. Das Terminal 30 besitzt stattdessen eine große Ausnehmung 40, in der Zwischeneinheit 20 und Chipkarte 10 so aneinander plaziert werden, daß die zwischeneinheitsseitige Schreib/Leseinheit 201 den Kontaktmitteln der Chipkarte 10 gegenüberliegt und Datenübertragungsstrecken 21 sowie Hochgeschwindigkeitesdatenkanal 13 eingerichtet sind. Zusammen formen Zwischeneinheit 20 und die Ausnehmung 40 des Terminals 30 einen Aufnahmeschacht 401, von dem drei Seiten Teil des Terminals 30 sind, die vierte durch die Zwischeneinheit 20 definiert wird. Für die Chipkarte 10 bildet der Aufnahmeschacht 401 mit eingesetzter Zwischeneinheit 20 wiederum ein übliches Lesegerät. Die übrige Gestaltung der Zwischeneinheit 20 ist zweckmäßig an die Ausführungsvariante Fig. 3 angelehnt, d.h. der Kopfteil 204 ist als verbreitete Endfläche ausgeführt, auf der sich gegebenenfalls vorhandene zusätzliche Funktionselemente 207 befinden, das Prüfmodul 24 ist im Einschubabschnitt 203 angeordnet. Die Ausführungsvariante erlaubt sehr klein bauende Zwischeneinheiten 20, bedingt aber wiederum, daß das Terminal 30 zur Aufnahme der Zwischeneinheit 20 speziell ausgebildet ist. Fig. 4 shows a further embodiment of the intermediate unit 20. It has, in contrast to those in the Fig. 2 and 3 Variants shown no own receiving slot 201 for receiving a chip card 10. Instead, the terminal 30 has a large recess 40 in which the intermediate unit 20 and chip card 10 are placed against each other such that the inter-unit read / write unit 201 opposes the contact means of the smart card 10 and data transmission paths 21 and high-speed data channel 13 are established. Together, the intermediate unit 20 and the recess 40 of the terminal 30 form a receiving well 401, three sides of which are part of the terminal 30, the fourth being defined by the intermediate unit 20. For the chip card 10, the receiving shaft 401 with inserted intermediate unit 20 again forms a common reading device. The remaining design of the intermediate unit 20 is expedient to the embodiment Fig. 3 ajar, ie the head part 204 is designed as a common end face on which any additional functional elements 207 are located, the test module 24 is arranged in the insertion portion 203. The variant allows very much small intermediate units 20, but in turn requires that the terminal 30 for receiving the intermediate unit 20 is specially designed.

Unter Beibehaltung des grundlegenden erfinderischen Gedankens ist eine Vielzahl weiterer Abwandlungen der Zwischeneinheit 20 und ihres Zusammenwirkens mit einem Terminal 30 möglich. So beschränkt sich das vorgeschlagene Konzept nicht auf die Verwendung von Chipkarten als tragbarem Datenträger. Es eignet sich vielmehr ebenso für Datenträger in anderen Ausgestaltungen. Zum Echtheitsnachweis lassen sich außer der genannten Prüfung mittels eines Hochgeschwindigkeitesdatenkanales auch andere Konzepte einsetzen. Besonders vorteilhaft einsetzbar sind insbesondere alle Prüfverfahren, deren Sicherheitswirkung auf einer unabgängigen, direkten Wechselwirkung zwischen zu prüfendem Datenträger und Zwischeneinheit beruht.Maintaining the basic inventive concept, a variety of other variations of the intermediate unit 20 and its interaction with a terminal 30 are possible. Thus, the proposed concept is not limited to the use of smart cards as a portable data carrier. Rather, it is also suitable for data carriers in other embodiments. For proof of authenticity other concepts can be used besides the mentioned test by means of a high-speed data channel. In particular, all test methods whose security effect is based on an unabated, direct interaction between the data medium to be tested and the intermediate unit can be used particularly advantageously.

Claims (10)

  1. An intermediate unit for use in connection with a device for checking the authenticity of a portable data carrier connectable to the device via a data communication path, characterized in that the intermediate unit is designed in the form of an adapter device (20) connectable to the device (30) in a detachable fashion, the adapter device having means for establishing the data communication path (21, 22, 23) and carrying a check module (24) designed to carry out independent communication with the portable data carrier (10), wherein within the framework of the communication it carries out a check to determine the authenticity of the portable data carrier (10).
  2. The intermediate unit according to claim 1, characterized in that the check module (24) checks a property of an authenticity feature present on the portable data carrier (10).
  3. The intermediate unit according to claim 2, characterized in that the authenticity feature is a hardware element.
  4. The intermediate unit according to claim 1, characterized in that a separate data communication path (13) is provided between the portable data carrier (10) and the intermediate unit (20) for the check module (24) to communicate with the portable data carrier (10).
  5. The intermediate unit according to claim 1, characterized by a controllable data bus (22) forming part of the data communication path between the terminal (30) and the portable data carrier (10).
  6. The intermediate unit according to claim 5, characterized in that the controllable data bus (22) is connected to the check module (24).
  7. The intermediate unit according to claim 1, characterized in that the check module (24) determines the authenticity by emitting a check signal and subsequently monitoring the timely receipt of a predetermined response signal.
  8. The intermediate unit according to claim 1, characterized in that the data communication path (21) between the portable data carrier (10) and the intermediate unit (20) is constructionally implemented as a device for contacting a chip card.
  9. The intermediate unit according to claim 1, characterized in that the data communication path (23) between the device (30) and the intermediate unit (20) is constructionally implemented as a device for contacting a chip card.
  10. The intermediate unit according to claim 1, characterized in that the check module (24) is covered by a protective layer which, in the case of a tampering attempt, triggers a destruction of security-relevant data.
EP00104583A 1999-03-24 2000-03-14 Checking the authenticity of a portable data carrier Expired - Lifetime EP1039422B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19913326 1999-03-24
DE19913326A DE19913326A1 (en) 1999-03-24 1999-03-24 Device for checking the authenticity of a portable data carrier

Publications (3)

Publication Number Publication Date
EP1039422A2 EP1039422A2 (en) 2000-09-27
EP1039422A3 EP1039422A3 (en) 2002-07-17
EP1039422B1 true EP1039422B1 (en) 2008-06-25

Family

ID=7902234

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00104583A Expired - Lifetime EP1039422B1 (en) 1999-03-24 2000-03-14 Checking the authenticity of a portable data carrier

Country Status (3)

Country Link
EP (1) EP1039422B1 (en)
AT (1) ATE399355T1 (en)
DE (2) DE19913326A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10041669A1 (en) * 2000-08-10 2002-02-21 Deutsche Telekom Ag Authentication method for chip card, involves determining authenticity of chip card by comparing time dependent output signals of chip card with predetermined time dependent reference signals
DE20117644U1 (en) 2001-10-31 2002-12-05 Siemens AG, 80333 München Reader for electronic data carriers with access authorization

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3736882C2 (en) * 1987-10-30 1997-04-30 Gao Ges Automation Org Method for checking the authenticity of a data carrier with an integrated circuit
FR2650097B1 (en) * 1989-07-19 1992-12-31 Pailles Jean Claude CABLE MICROCIRCUIT CARD AND TRANSACTION METHOD BETWEEN A CORRESPONDING CABLE MICROCIRCUIT CARD AND A TERMINAL
EP0447686B1 (en) * 1990-02-06 1995-10-11 ALCATEL BELL Naamloze Vennootschap Electronic fraud detector
CZ287295B6 (en) * 1992-03-17 2000-10-11 Ip-Tpg Holdco S.A.R.L. Apparatus and method for detection of fraud attempts on reading and writing device of chip card memory
DE4219739A1 (en) * 1992-06-17 1993-12-23 Philips Patentverwaltung Method and circuit arrangement for checking a prepaid card
FR2696032B1 (en) * 1992-09-21 1994-12-23 Oberthur Ckd Device for carrying out transactions with microprocessor cards, and method for carrying out a transaction with such a device.
DE4242579C2 (en) * 1992-12-16 1997-08-21 Siemens Ag Procedure for authenticity detection of data carriers
DE4407173A1 (en) * 1994-03-04 1995-09-14 Arnulf Jost Mobile radio telephone adaptor card
DE4419805A1 (en) * 1994-06-06 1995-12-07 Giesecke & Devrient Gmbh Method for checking the authenticity of a data carrier
US5500517A (en) * 1994-09-02 1996-03-19 Gemplus Card International Apparatus and method for data transfer between stand alone integrated circuit smart card terminal and remote computer of system operator
US5599231A (en) * 1994-10-31 1997-02-04 Nintendo Co., Ltd. Security systems and methods for a videographics and authentication game/program fabricating device
DE19541290A1 (en) * 1995-11-06 1997-05-07 Orga Kartensysteme Gmbh Chip card telephone with monitoring unit
AT405337B (en) * 1995-11-08 1999-07-26 Siemens Ag Oesterreich DEVICE FOR CHECKING SECURITY-RELEVANT DATA OF A CHIP CARD
ES2134652T3 (en) * 1995-12-14 1999-10-01 Landis & Gyr Tech Innovat ADDITIONAL SECURITY FEATURE FOR ELECTRONIC CARDS.
DE29602609U1 (en) * 1996-02-15 1997-06-12 Robert Bosch Gmbh, 70469 Stuttgart Advanced electronic smart card facility
EP1012799A2 (en) * 1996-04-30 2000-06-28 Electrowatt Technology Innovation AG Arrangement for preventing a second chip to be applied on a chip card without this being noticed by a card reader
US5861662A (en) * 1997-02-24 1999-01-19 General Instrument Corporation Anti-tamper bond wire shield for an integrated circuit
DE19810817A1 (en) * 1997-03-14 1998-10-01 Giesecke & Devrient Gmbh Access authorisation test system
DE19734507C2 (en) * 1997-08-08 2000-04-27 Siemens Ag Method for checking the authenticity of a data carrier
DE19739448A1 (en) * 1997-09-09 1999-03-11 Giesecke & Devrient Gmbh Method for checking the authenticity of a data carrier

Also Published As

Publication number Publication date
ATE399355T1 (en) 2008-07-15
EP1039422A2 (en) 2000-09-27
EP1039422A3 (en) 2002-07-17
DE19913326A1 (en) 2000-10-05
DE50015221D1 (en) 2008-08-07

Similar Documents

Publication Publication Date Title
EP0355372B1 (en) Data carrier controlled terminal for a data exchange system
DE3809170C2 (en)
DE69522998T2 (en) SECURE APPLICATION CARD FOR SHARING APPLICATION DATA AND PROCEDURES BETWEEN SEVERAL MICROPROCESSORS
DE3700663C2 (en)
DE2837201C2 (en)
EP1188151B1 (en) Devices and methods for biometric authentication
EP0128362A1 (en) Circuit arrangement comprising a memory and an access control unit
EP0570924A2 (en) Authentication method of one system-participant by another system-participant in an information transfer system composed of a terminal and of a portable data carrier
DE19718547C2 (en) System for secure reading and changing of data on intelligent data carriers
DE112018007132T5 (en) In-vehicle function access control system, in-vehicle device and in-vehicle function access control method
EP1039422B1 (en) Checking the authenticity of a portable data carrier
DE19932149A1 (en) System for executing transactions
DE19535968C2 (en) I / O device in a smart card and data communication method therefor
DE102007041370A1 (en) Chip card, electronic device, method for producing a chip card and method for using a chip card
DE29804510U1 (en) Terminal for chip cards
EP0321728B1 (en) Method and data carrier assembly for validating memory chips
DE10035598A1 (en) Data carrier with a data storage
WO2006039958A1 (en) Electronic module for programming chip cards comprising and/or without contacts
EP2430582B1 (en) Electronic key for authentication
EP1365363B1 (en) Method for carrying out a data transaction by means of a transaction device which consists of a main- and a separable auxiliary component
EP0607950B1 (en) Method and data carrier for checking the authenticity of chip memories
EP1604326A1 (en) Portable data carrier that can be used as an entrance ticket and method for managing the same
EP0570828A2 (en) Method and data carrier assembly for validating memory chips
DE10153620A1 (en) Safe exchange of notes or coins into electronic value units on the cash deposit machine
DE102004029104A1 (en) Method for operating a portable data carrier

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20000314

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

AKX Designation fees paid

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20051215

RTI1 Title (correction)

Free format text: CHECKING THE AUTHENTICITY OF A PORTABLE DATA CARRIER

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REF Corresponds to:

Ref document number: 50015221

Country of ref document: DE

Date of ref document: 20080807

Kind code of ref document: P

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

Free format text: LANGUAGE OF EP DOCUMENT: GERMAN

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080625

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080625

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20081125

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080925

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20081006

REG Reference to a national code

Ref country code: IE

Ref legal event code: FD4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080625

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080625

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20090326

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080625

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20090528

Year of fee payment: 10

BERE Be: lapsed

Owner name: GIESECKE & DEVRIENT G.M.B.H.

Effective date: 20090331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090331

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20090318

Year of fee payment: 10

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20090314

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090331

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090314

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090314

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080926

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20101130

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20100331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20101001

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20090314

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20080625