EP1150256B1 - Method for the secure distribution of security modules - Google Patents

Method for the secure distribution of security modules Download PDF

Info

Publication number
EP1150256B1
EP1150256B1 EP01104610A EP01104610A EP1150256B1 EP 1150256 B1 EP1150256 B1 EP 1150256B1 EP 01104610 A EP01104610 A EP 01104610A EP 01104610 A EP01104610 A EP 01104610A EP 1150256 B1 EP1150256 B1 EP 1150256B1
Authority
EP
European Patent Office
Prior art keywords
security module
identification code
key
electronic key
location
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP01104610A
Other languages
German (de)
French (fr)
Other versions
EP1150256A1 (en
Inventor
Gerrit Bleumer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Francotyp Postalia GmbH
Original Assignee
Francotyp Postalia GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Francotyp Postalia GmbH filed Critical Francotyp Postalia GmbH
Publication of EP1150256A1 publication Critical patent/EP1150256A1/en
Application granted granted Critical
Publication of EP1150256B1 publication Critical patent/EP1150256B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/0087Key distribution
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00959Cryptographic modules, e.g. a PC encryption board
    • G07B2017/00967PSD [Postal Security Device] as defined by the USPS [US Postal Service]

Definitions

  • the invention relates to a method for the secure distribution of security modules, in particular for franking machines, from a manufacturer via a distribution location to a user location. Moreover, the invention relates to a distribution system for the secure distribution of security modules.
  • Security modules in particular embedded systems, such as microprocessors and memory modules can be manufactured in large numbers at central locations, which are particularly suitable for mass production.
  • Such security modules are used in various devices, especially in such devices that keep certain values of their users. Examples are franking machines, cash registers, electronic purses, PCs, notebooks, palmtops and mobile phones. If these devices are also mass-produced, they are most conveniently purchased by the customer, the later user, together with the associated security module directly from the mail order company or retailer, at least in most cases without further contact with the manufacturer of the security modules.
  • EP 0 735 722 discloses a key management system for generating, distributing and managing cryptographic keys used by an information transfer system using cryptographic means for detecting information integrity.
  • the system includes a variety of functionally distinct secure boxes coupled together in operation. Each of these secure boxes performs key generation, key installation, key verification, or token validation functions. Computers coupled with secure boxes provide system control and enable communication between the secure boxes.
  • a variety of separate logical security domains provide key generation, key installation, key verification, and validation of token domain processes that have been established by transaction credentials within the domain using key management functions.
  • the secure boxes include a key generation box for generating, encrypting and signing a master key, a key installation box for receiving, verifying and decrypting the master key and for installing the master key in the transaction credential device, a key verification box for verifying the installation of the master key in the transaction credential device, a token verification box Verifying the tokens and at least one manufacturing box for creating domain keys and distributing the domain keys to the secure boxes of each domain.
  • US Pat. No. 5,153,842 discloses a system in which on the outside of packets and parcels a smartcard is applied, which can be described on submission with initial data and during transport with further data in order to document, track and secure the transport.
  • initialization should be done at the production site. Otherwise, there would have to be centralized or decentralized initialization centers that would be very costly. In general, the production sites for mass products and the seats of their later operators, who will be liable for damage from key compromises, will be located in different countries and thus in different jurisdictions. Judicial disputes between producers and operators of security modules are thus made difficult from the outset, but it would be desirable to make them by technical confidence-building measures as rare as possible or completely avoided. If there was a domain that the operator did not trust, there would be a security problem. However, having the production process regularly inspected by the later operator would be impractical and costly.
  • a postal security device with a security module.
  • This is essentially used for the storage and billing of electronic postage and for generating electronic signatures for the production of valid franking imprints (indicia).
  • the security modules must be protected against any kind of manipulation during production, during transport and during use, which currently takes place, for the most part, by means of mechanical protective measures, such as a closed housing around the security module.
  • every security module produced is cryptographically initialized and registered before it can be used. However, as this is preferred at the security module's production site, the security requirements of national postal authorities such as the US Postal Administration are not met.
  • the invention is therefore based on the object of providing a method, a distribution system and a service center of a distribution system for distributing cryptographically initialized security modules.
  • a first marking is carried out at the manufacturer's location in a manufacturer's center after a first cryptographic initialization of the security module, wherein the first marker is preferably a printed on a first label public key and the label preferably on the shipping ready packaging of the security module or a device with integrated security module is attached.
  • the first mark can contain the electronic key to be sent in encrypted or encrypted form, depending on whether the key to be sent is a public key or a private (secret) key.
  • the encryption can be done for example by means of a hash algorithm.
  • a second marking takes place away from the manufacturer location at a distribution center at a distribution point or a so-called entry point, which is provided in each case for a particular region or a specific country, when inserting and registering the packaging with the security module. This allows identification of the packaging during the later registration of the security module, triggered by the user located at the site, before requested data can be loaded onto the security module or the postage meter machine, and the franking machine can be used.
  • the identification code generated at the distribution point is stored in a remote central database.
  • the verification is carried out according to the invention by means of a verification code, which is generated from the identification code and the electronic key stored in the security module.
  • a verification code is preferably a digital signature or an authentication code, eg. B. a MAC (Message Authentication Code) use.
  • the inventive method and the distribution system according to the invention ensure safe distribution of security modules, in which the customer-packaged devices, eg. B. franking machines, including the already installed security modules or separately sold and / or separately packaged security modules need not be unpacked at the distribution or import point. It is particularly economical to have a single central entry point in a country or region through which all packaged devices or security modules are imported. This entry point can be regularly inspected by the operator with reasonable effort or even operated by the operator. Unpacking and inspecting all incoming devices or security modules in this import point, which would be very expensive, is no longer required according to the invention.
  • the customer-packaged devices eg. B. franking machines
  • a label is attached to the packaging of the security module from the manufacturer, to which an electronic key in encrypted or unencrypted form, for. B. as a barcode, is printed.
  • This machine-readable mark is then from the distribution center or at the entry point is read and used for identification, after which a second label with the identification code is attached to the packaging.
  • either the first label is pasted over or removed, so that it is no longer readable, in any case, especially for the user.
  • the ID verification code can also be encrypted or unencrypted applied as a barcode on the label.
  • an authentication algorithm and a single electronic key is provided by the manufacturer.
  • Such an authentication algorithm can be part of a so-called MAC (Message Authentication Code).
  • MAC Message Authentication Code
  • this electronic key which is stored in the security module and is sent simultaneously with the security module in externally readable form, by means of a single, only the manufacturer or a manufacturer center and a service center in the region of the user is known.
  • the electronic key, which is then stored on the security module is also known to the user and can later be used to encrypt further information, for example between the user and the service center.
  • an electronic key pair with a private and a public key is provided in a development.
  • This is generated with a digital signature algorithm, such as an RSA (Rivest, Shamir, Adleman), a DSA (Digital Signature Algorithm) or an ECDSA (Elliptic Curve DSA).
  • the public key is stored in the central database, which can also be accessed by the distribution center and the service center, and is presented in externally readable form with the Security module sent while the private key is stored only in the security module and shipped with this.
  • a private and public key electronic key pair can also be used, with a separate electronic key pair at both the manufacturer center and the distribution center ,
  • the identification code and any certificates generated are stored in encrypted or unencrypted form
  • this data can also be provided, this data via a separate network, stored in the security module or otherwise, for example by means of a sent by post to the distribution center and / or the regional service center.
  • the central database which preferably contains the data all-globally used security modules must meet lower security requirements, may be made smaller or may be omitted altogether.
  • the invention can also be used if there are separate manufacturers or manufacturer centers for the security module and the application device, for example the franking machine.
  • the security modules are then sent in the manner described to the manufacturer of the franking machine, where the security module can be identified and registered and subsequently installed in the franking machine. Also, when sending the equipped with the security module franking machine method of the invention can then be applied accordingly.
  • each region there may be a regional operator who operates all devices with security modules in that region, which may also be a postal authority.
  • Regional operator is the one liable for damages resulting from the compromise of a security module registered in that region. Because of this liability, it is assumed that the regional operator trusts the distribution center of his region, ie B. regularly inspected, inspected or self operates.
  • the manufacturer center 1 operates in addition to the production of the security modules 7 a local manufacturer server (manufacturing service center) 6 in close proximity to the production end point of the factory.
  • an electronic manufacturer key pair (sk 1 , vk 1 ) is generated by the manufacturer server 6 (step 20 in FIG. 2).
  • the private key sk 1 is used by the manufacturer server 6 to sign messages about newly produced security modules 7, while the public key vk 1 is used by the service centers 5 to verify these signatures.
  • the public key vk 1 can be transmitted from the manufacturer server 6 offline to the distribution center 2 and / or the regional service center 5.
  • one or more certifying authorities may be provided.
  • the distribution center 2 which serves as an entry point for all security modules to be operated in a certain region, first generates a distribution key pair (sk 2 , vk 2 ) with a private key sk 2 and a public key vk 2 (step 21).
  • a distribution key pair sk 2 , vk 2
  • Input certificates are generated as digital signatures that can be stored in the central database 4.
  • the various distribution centers of the different regions or countries do not know the public distribution keys of the other distribution centers.
  • Each distribution center need only be able to check its own entries in the central database 4. In principle, it is also possible to provide several distribution centers or entry points for a country or a region.
  • a security module 7 After a security module 7 is manufactured and provided with the mechanical protection devices, it is connected to the manufacturer server 6, for example via an intermediary registration PC (not shown). The latter requests a public key from the security module 7, the request containing the public manufacturer key vk 1 and the request to generate a transport key pair (step 22).
  • the security module 7 stores the key vk 1 in a non-volatile memory and generates the requested transport key pair (stk, vtk) containing a signing transport key stk (signing transport key) and verifying transport key vtk (verifying transport key) (step 23).
  • the security module 7 While the private key stk is kept private by the security module 7 and is stored there only, the security module 7 sends a unique serial number s given in the production and the verification transport key vtk to the manufacturer via the registration PC Server 6 (step 24). The latter then uses its private key sk 1 and a signing algorithm cert to generate a public key certificate c 1 (step 25), which it then stores together with the serial number s and the verification transport key vtk in the public remote central database 4 (Step 26). After this initial registration, security module 7 will never release its verify transport key vtk, nor will it need to store it.
  • the security module 7 is packed in a transport packaging 8, wherein the security module 7 in a separate package or together with a user equipment 71, e.g. a franking machine, in a common packaging 8 may be included. In the latter case, as shown in FIG. 1, the security module 7 may also already be installed in the franking machine 71.
  • a label 9 is produced on which the serial number s, the verification transport key vtk of the security module 7 and optionally further information, preferably in the form of a two-dimensional barcode, are printed (step 27).
  • This label 9 is visible and read from the outside applied to the package 9, so that the information contained with a machine, for. B. can be read easily with a barcode reader. If the labels 9 are not robust enough to survive the transport, the bar codes can also be printed directly on the package or any accompanying papers which are then placed in a corresponding envelope on the outside of the package 8.
  • the packages are then sent from the manufacturer center 1 directly to the distribution center 2 in the respective regions in which the franking machines 71 and the security modules 7 are then to be sold and used.
  • the bar codes of each incoming packaging 9 are read with a scanner 10, which is connected to a corresponding computer 11 with connected Drukker 12.
  • an identification code ID is then randomly selected, even if the end customer of the product is neither already known nor determined.
  • the number of customer numbers must be large enough, so that collisions of identification codes are extremely rare and it is virtually impossible to guess which identification code will be assigned to a particular security module.
  • the use of identification codes with a length between 32 and 64 bits is provided.
  • the distribution center 2 links the new identification code ID with the serial number s and the verification transport key vtk on the packaging, by printing the identification code ID on a new label 13, which is pasted over the first label 9 on the packaging 8, so that the barcode of the first label 9 can no longer be read.
  • the first label 9 can also be removed before the label 13 is adhered. If the label or barcode is attached to accompanying documents, the new label 13 will be attached at this point.
  • the identification code ID is applied to the label 13 in a normally readable form, wherein the exact format should take into account the characteristics of the input means of the franking machine to be equipped with the security module.
  • the identification code ID can also be printed in decimal numbers. However, if the input means have only a number of special, for example, color-different keys, then the Identifkationscode should be encoded in a similar manner.
  • the distribution center 2 generates an entry certificate c2 from the serial number s, the verification transport key vtk and the identification code ID with the aid of the private distribution key sk 2 by means of a signing algorithm cert (step 28). This is finally stored together with the identification code ID in the central database 4 and there associated with the already stored data of the security module 7 (step 29).
  • the central database is a large distributed directory that centrally manages public verification keys of security modules for postage meters in all countries.
  • the access to this global database 4 is strictly limited, with read and write accesses to the service centers 5, 6 and the distribution centers 2 being restricted.
  • the distribution centers 2 and the service centers of each region have access only to the keys concerning the security modules operated in their region.
  • a verification code sig is initially generated by the security module 7 from the private key stk stored in the security module and the identification code ID contained on the label 13 (step 30).
  • This verification code sig is then transmitted together with the identification code ID to the regional service center 5, which then checks in the central database 4 whether the transmitted identification code ID has been generated by the distributor 2 of this region and whether a valid entry certificate c 2 exists (Steps 31, 32). If so, the regional service center 5 retrieves, from the central database 4, the verification key vtk (step 33), which then verifies the verification of the security module by means of the verification algorithm ver using the generated verification code sig and the identification code ID becomes (step 34).
  • PSD Postal Security Device
  • the inventive method and the distribution system according to the invention can withstand all described abuses, except the security module is stolen from the customer and the mechanical security devices are broken or the public transport key falls into the hands of the fraudster.
  • a fraudster not only has to register a registered key pair of transport keys, but also an associated identification code. If a fraudster finds only the registered transport key pair and possibly a security module, it still requires that he must have an identification code generated at the distributor. Otherwise, no identification code will be entered in the central database and registration or use will fail. After the distribution center has generated and stored an identification code in the central database, a fraudster could also try to read it from the central database or intercept the security module on the way to the user to obtain the identification code. It should be noted that not everyone can order a packaging with a security module and a label with identification code.
  • the described distribution system comprises a distributed database with highest security level, which must be sufficiently protected against unauthorized access. This is ensured by the fact that the infrastructure is a closed system without access via the Internet.
  • Trapping a packaging with a label on the distribution channel is generally considered to be sufficiently difficult.
  • the number of shipments of security modules is relatively low and it is also not possible to read a public transport key from a label without a barcode scanner. It is even more difficult if the label with the identification code is pasted over the first label.
  • FIGS. 3 and 4 A second embodiment of the distribution system according to the invention and of the method according to the invention will be explained with reference to FIGS. 3 and 4. Unlike the distribution system shown in FIG. 1 are not key pairs with a private and a public key, but it is only one symmetric key used.
  • the manufacturer server 6 generates a private key k 1 which is arranged with the regional service center 5 (step 40).
  • the distribution center 2 likewise generates its own private key k 2 and the security module 7 generates a transport key tk (steps 41, 42).
  • the security module 7 After the security module 7 has transferred the transport key tk to the manufacturer server 6 (step 43), it encrypts the transport key tk by means of its private key k 1 by means of an encryption algorithm enc and sends the certificate c 1 back to the security module 7 (steps 44 , 45).
  • the security module 7 stores the certificate c 1 , creates a hash value h from the transport key tk and prints it on the label 9, which is then attached to the packaging 8 of the security module 7 (step 46). This hash value h is finally also entered into the central database 4 via the manufacturer server 6 (step 47).
  • the hash value h is read from the label 9 by means of the scanner 10, an identification code ID is generated and printed on the second label 13, which is then placed over the label 9 on the package 8 (step 48).
  • the identification code ID is also stored in the central database 4 and assigned there the hash value h (step 49).
  • the security module 7 At the user location 3, the security module 7 generates a verification code m, often also referred to as a MAC (Message Authentication Code), by means of an authentication algorithm from the transport key tk stored in the security module and the identification code ID of the label 13 (step 50). This is transmitted to the regional service center 5 together with the identification code ID and the certificate c 1 (step 51). There, the certificate c 1 is decrypted with the aid of the private key k 1 by means of a decryption algorithm dec, from which the transport key t k results, from which then a hash value h is subsequently calculated (step 52). Thereafter, the regional service center 5 checks whether the identification code ID and the hash value h are included in the central database 4 (step 53). If this is the case, verification is finally carried out by means of the verification algorithm ver using the transport key tk, the identification code ID and the verification code m (step 54). Upon successful verification, then the registration can be made, after which the security module can be used as intended.

Description

Die Erfindung betrifft ein Verfahren zur sicheren Distribution von Sicherheitsmodulen, insbesondere für Frankiermaschinen, von einem Herstellerort über einen Verteilerort zu einem Benutzerort. Außerdem betrifft die Erfindung ein Distibutionssystem zur sicheren Distribution von Sicherheitsmodulen.The invention relates to a method for the secure distribution of security modules, in particular for franking machines, from a manufacturer via a distribution location to a user location. Moreover, the invention relates to a distribution system for the secure distribution of security modules.

Sicherheitsmodule, insbesondere eingebettete Systeme, können wie Mikroprozessoren und Speicherbausteine in großen Stückzahlen an zentralen Orten gefertigt werden, die für Massenproduktion besonders geeignet sind. Solche Sicherheitsmodule kommen in verschiedenen Geräten zum Einsatz, insbesondere in solchen Geräten, die bestimmte Werte ihrer Benutzer verwahren. Beispiele sind Frankiermaschinen, Registrierkassen, elektronische Geldbörsen, PCs, Notebooks, Palmtops und Mobiltelefone. Wenn diese Geräte ebenfalls Massenware sind, so werden sie vom Kunden, dem späteren Benutzer, am bequemsten zusammen mit dem zugehörigen Sicherheitsmodul direkt durch den Versandhandel oder Einzelhandel bezogen, jedenfalls zumeist ohne weiteren Kontakt mit dem Hersteller der Sicherheitsmodule aufzunehmen.Security modules, in particular embedded systems, such as microprocessors and memory modules can be manufactured in large numbers at central locations, which are particularly suitable for mass production. Such security modules are used in various devices, especially in such devices that keep certain values of their users. Examples are franking machines, cash registers, electronic purses, PCs, notebooks, palmtops and mobile phones. If these devices are also mass-produced, they are most conveniently purchased by the customer, the later user, together with the associated security module directly from the mail order company or retailer, at least in most cases without further contact with the manufacturer of the security modules.

EP 0 735 722 offenbart ein Schlüssel-Management-System zur Erzeugung, Verteilung und Verwaltung von kryptographischen Schlüsseln, die von einem Informationsübermittlungssystem benutzt werden, das kryptographische Mittel zum Nachweis von Informationsintegrität verwendet. Das System umfasst eine Vielzahl von funktionell unterschiedlichen sicheren Boxen, die im Betrieb miteinander gekoppelt sind. Jede dieser sicheren Boxen führt Funktionen zur Schlüsselerzeugung, Schlüsselinstallation, Schlüsselverifikation oder Validierung von Token durch. Im Betrieb mit den sicheren Boxen gekoppelte Computer stellen die Systemsteuerung sicher und ermöglichen eine Kommunikation zwischen den sicheren Boxen. Eine Vielzahl von getrennten logischen Sicherheitsdomänen stellen Domänenprozesse zur Schlüsselerzeugung, Schlüsselinstallation, Schlüsselverifikation und Validierung von Token bereit, die von Transaktionsnachweisvorrichtungen innerhalb der Domäne unter Verwendung von Schlüssel-Managementfunktionen hergestellt wurden. Eine Vielzahl von Domänenarchiven, die sich jeweils auf eine der Sicherheitsdomänen beziehen, speichern sicher und verlässlich Schlüsselstatusdaten und Hauptschlüssel für jede Domäne. Das Schlüssel-Management-System installiert die Hauptschlüssel in den Transaktionsnachweisvorrichtungen und validiert die Token. Die sicheren Boxen schließen eine Schlüsselerzeugungsbox zur Erzeugung, Verschlüsselung und Signierung eines Hauptschlüssels, eine Schlüsselinstallationsbox zum Empfangen, Verifizieren und Entschlüsseln des signierten Hauptschlüssels und zur Installation des Hauptschlüssels in die Transaktionsnachweisvorrichtung, eine Schlüsselverifikationsbox zum Verifizieren der Installation des Hauptschlüssels in der Transaktionsnachweisvorrichtung, eine Tokenverifikationsbox zur Verifizierung der Token und zumindest eine Herstellungsbox zur Erzeugung von Domänenschlüsseln und Verteilung der Domänenschlüssel an die sicheren Boxen einer jeden Domäne ein.EP 0 735 722 discloses a key management system for generating, distributing and managing cryptographic keys used by an information transfer system using cryptographic means for detecting information integrity. The system includes a variety of functionally distinct secure boxes coupled together in operation. Each of these secure boxes performs key generation, key installation, key verification, or token validation functions. Computers coupled with secure boxes provide system control and enable communication between the secure boxes. A variety of separate logical security domains provide key generation, key installation, key verification, and validation of token domain processes that have been established by transaction credentials within the domain using key management functions. A variety of domain archives, each relating to one of the security domains, securely and reliably store key status data and master keys for each domain. The key management system installs the master keys in the transaction credentials and validates the tokens. The secure boxes include a key generation box for generating, encrypting and signing a master key, a key installation box for receiving, verifying and decrypting the master key and for installing the master key in the transaction credential device, a key verification box for verifying the installation of the master key in the transaction credential device, a token verification box Verifying the tokens and at least one manufacturing box for creating domain keys and distributing the domain keys to the secure boxes of each domain.

Aus US 5,153,842 ist ein System bekannt, in dem außen auf Päckchen und Pakete eine Smartcard aufgebracht wird, die beim Absenden mit initialen Daten und während der Beförderung mit weiteren Daten beschrieben werden kann, um die Beförderung zu dokumentieren, zu verfolgen und abzusichern.US Pat. No. 5,153,842 discloses a system in which on the outside of packets and parcels a smartcard is applied, which can be described on submission with initial data and during transport with further data in order to document, track and secure the transport.

Um eine sichere kryptographische Initialisierung und eine effiziente Distribution der Sicherheitsmodule zu gewährleisten, sollte die Initialisierung am Produktionsort erfolgen. Andernfalls müsste es zentrale oder dezentrale Initialisierungs-Center geben, die sehr kostenaufwendig wären. Im allgemeinen werden die Produktionsorte für Massenprodukte und die Sitze ihrer späteren Betreiber, die für Schäden von Schlüsselkompromittierung haften werden, in verschiedenen Ländern liegen und damit in verschiedenen Rechtsgebieten. Gerichtliche Auseinandersetzungen zwischen Produzenten und Betreibern von Sicherheitsmodulen sind damit von vornherein erschwert, wobei es jedoch wünschenswert wäre, sie durch technische vertrauensbildende Maßnahmen möglichst selten zu machen bzw. ganz zu vermeiden. Wenn es eine Domäne gäbe, welcher der Betreiber nicht vertraut, dann bestünde ein Sicherheitsproblem. Den Produktionsprozess vom späteren Betreiber jedoch regelmäßig inspizieren zu lassen, wäre unpraktisch und kostspielig.To ensure secure cryptographic initialization and efficient distribution of security modules, initialization should be done at the production site. Otherwise, there would have to be centralized or decentralized initialization centers that would be very costly. In general, the production sites for mass products and the seats of their later operators, who will be liable for damage from key compromises, will be located in different countries and thus in different jurisdictions. Judicial disputes between producers and operators of security modules are thus made difficult from the outset, but it would be desirable to make them by technical confidence-building measures as rare as possible or completely avoided. If there was a domain that the operator did not trust, there would be a security problem. However, having the production process regularly inspected by the later operator would be impractical and costly.

Verschiedene Modelle von derzeit auf dem Markt befindlichen Frankiermaschinen sind mit einer postalischen Sicherheitseinrichtung mit einem Sicherheitsmodul ausgestattet. Diese dient im wesentlichen zur Speicherung und Abrechnung elektronischer Postgebühren und zur Erzeugung elektronischer Signaturen für die Erzeugung gültiger Frankierabdrucke (Indizia). Die Sicherheitsmodule müssen bei der Produktion, beim Transport und bei der Benutzung ersichtlicherweise gegen jegliche Art von Manipulationen geschützt werden, was derzeit zumeist mittels mechanischer Schutzmaßnahmen, wie einem verschlossenen Gehäuse um das Sicherheitsmodul herum erfolgt. Außerdem wird jedes produzierte Sicherheitsmodul kryptographisch initialisiert und registriert, bevor es in Benutzung genommen werden kann. Da dies jedoch bevorzugt am Ort der Produktion des Sicherheitsmoduls erfolgt, werden die Sicherheitsanforderungen nationaler Postbehörden wie der US-Postbehörde nicht erfüllt. Diese fordern eine Gewähr für die Sicherheit von Sicherheitsmodulen auch beim Transport und vorder Inbetriebnahme, insbesondere eine Registrierung erst beim Endbenutzer der Frankiermaschine oder bei einem nationalen Service-Center. Dies erfordert jedoch die Einrichtung nationaler Service-Center und einen deutlich erhöhten Aufwand an Zeit, Ausrüstung, Verpackung und sonstiger Behandlung.Various models of franking machines currently on the market are equipped with a postal security device with a security module. This is essentially used for the storage and billing of electronic postage and for generating electronic signatures for the production of valid franking imprints (indicia). Evidently, the security modules must be protected against any kind of manipulation during production, during transport and during use, which currently takes place, for the most part, by means of mechanical protective measures, such as a closed housing around the security module. In addition, every security module produced is cryptographically initialized and registered before it can be used. However, as this is preferred at the security module's production site, the security requirements of national postal authorities such as the US Postal Administration are not met. These require a guarantee for the security of security modules also during transport and before commissioning, in particular a registration only to the end user of the franking machine or at a national service center. However, this requires the establishment of national service centers and a significant increase in the time, equipment, packaging and other treatment.

Der Erfindung liegt deshalb die Aufgabe zugrunde, ein Verfahren, ein Distributionssystem und ein Service - Center eines Distributionssystems zur Distribution kryptographisch initialisierter Sicherheitsmodule zu schaffen. Zum Schutz vor Manipulationen unter Aufsicht des späteren Betreibers des Sicherheitsmoduls soll unter allen Umständen, d. h. selbst bei umfassender Unterwanderung der kryptographischen lnitialisierung am Produktionsort, z. B. bei groß angelegter Bestechung des Personals, gewährleistet werden, dass nur Geräte mit solchen Sicherheitsmodulen vom Kunden in Betriebgenommen werden können, deren kryptographische Schlüssel nicht kompromittiert sind.The invention is therefore based on the object of providing a method, a distribution system and a service center of a distribution system for distributing cryptographically initialized security modules. To protect against manipulation under the supervision of the future operator of the security module should under all circumstances, d. H. even with extensive infiltration of the cryptographic initialization at the production site, eg. As with large-scale bribery of staff, be ensured that only devices with such security modules can be put into operation by the customer whose cryptographic keys are not compromised.

Diese Aufgabe wird erfindungsgemäß durch ein Verfahren gemäß Anspruch 1 bzw. 5, ein Distributionssystem gemäß Anspruch 14 bzw. 16 und ein Service - Center eines Distributionssystems gemäß Anspruch 18 bzw. 19 gelöst. Die Erfindung geht dabei von der Erkenntnis aus, dass durch Erzeugung und Überprüfung von speziellen Markierungen gegebenenfalls in Kombination mit entsprechenden Zertifikaten ein erfolgreicher Schutz vor Manipulationen mit Fälschungsabsicht erzielt werden kann. Eine erste Markierung erfolgt dabei am Herstellerort in einem Herstellerzentrum nach einer ersten kryptographischen Initialisierung des Sicherheitsmoduls, wobei die erste Markierung vorzugsweise ein auf ein erstes Label gedruckter öffentlicher Schlüssel ist und das Label bevorzugt an der versandfertigen Verpackung des Sicherheitsmoduls bzw. eines Geräts mit integriertem, Sicherheitsmodul angebracht wird. Die erste Markierung kann dabei den zu versendenden elektronischen Schlüssel in unverschlüsseiter oder verschlüsselter Form enthalten je nachdem, ob es sich bei dem zu versendenden Schlüssel um einen öffentlichen Schlüssel oder um einen privaten (geheimen) Schlüssel handelt. Die Verschlüsselung kann beispielsweise mit Hilfe eines Hash-Algorithmus erfolgen.This object is achieved by a method according to claim 1 or 5, a distribution system according to claim 14 or 16 and a service center of a distribution system according to claim 18 or 19. The invention is based on the recognition that by generating and checking special markings, if appropriate in combination with corresponding certificates, successful protection against tampering with manipulation can be achieved. A first marking is carried out at the manufacturer's location in a manufacturer's center after a first cryptographic initialization of the security module, wherein the first marker is preferably a printed on a first label public key and the label preferably on the shipping ready packaging of the security module or a device with integrated security module is attached. The first mark can contain the electronic key to be sent in encrypted or encrypted form, depending on whether the key to be sent is a public key or a private (secret) key. The encryption can be done for example by means of a hash algorithm.

Eine zweite Markierung erfolgt entfernt vom Herstellerort bei einem Verteilerzentrum an einem Verteilerort bzw. einem sogenannten Einfuhrpunkt, der jeweils für eine bestimmte Region oder ein bestimmtes Land vorgesehen ist, beim Einführen und Registrieren der Verpackung mit dem Sicherheitsmodul. Dies ermöglicht eine Identifikation der Verpackung beim späteren Registrieren des Sicherheitsmoduls, ausgelöst durch den am Einsatzort befindlichen Benutzer, bevor angeforderte Daten auf das Sicherheitsmodul bzw. die Frankiermaschine geladen werden können und die Frankiermaschine benutzt werden kann. Der am Verteilerort erzeugte Identifizierungscode wird dazu in einer entfernten zentralen Datenbank gespeichert.A second marking takes place away from the manufacturer location at a distribution center at a distribution point or a so-called entry point, which is provided in each case for a particular region or a specific country, when inserting and registering the packaging with the security module. This allows identification of the packaging during the later registration of the security module, triggered by the user located at the site, before requested data can be loaded onto the security module or the postage meter machine, and the franking machine can be used. The identification code generated at the distribution point is stored in a remote central database.

Die Verifizierung erfolgt erfindungsgemäß mittels eines Verifizierungscodes, der aus dem Identifizierungscode und dem in dem Sicherheitsmodul gespeicherten elektronischen Schlüssel erzeugt wird. Als ein solcher Verifizierungscode wird bevorzugt eine digitale Signatur oder ein Authentisierungscode, z. B. ein MAC (Message Authentication Code) Verwendung finden.The verification is carried out according to the invention by means of a verification code, which is generated from the identification code and the electronic key stored in the security module. As such a verification code is preferably a digital signature or an authentication code, eg. B. a MAC (Message Authentication Code) use.

Das erfindungsgemäße Verfahren und das erfindungsgemäße Distributionssystem gewährleisten einen sicheren Vertrieb von Sicherheitsmodulen, bei dem die kundenfertig verpackten Geräte, z. B. Frankiermaschinen, inklusive der bereits eingebauten Sicherheitsmodule bzw. die separat vertriebenen und/oder separat verpackten Sicherheitsmodule am Verteilerort bzw. dem Einfuhrpunkt nicht ausgepackt werden brauchen. Dabei ist es besonders wirtschaftlich, einen einzigen zentralen Einfuhrpunkt in einem Land bzw. in einer Region zu haben, durch den alle verpackten Geräte bzw. Sicherheitsmodule importiert werden. Dieser Einfuhrpunkt kann vom Betreiber mit vertretbarem Aufwand regelmäßig inspiziert oder sogar selbst betrieben werden. Alle eintreffenden Geräte bzw. Sicherheitsmodule in diesem Einfuhrpunkt auszupacken und zu inspizieren, was sehr aufwendig wäre, ist erfindungsgemäß nicht mehr erforderlich.The inventive method and the distribution system according to the invention ensure safe distribution of security modules, in which the customer-packaged devices, eg. B. franking machines, including the already installed security modules or separately sold and / or separately packaged security modules need not be unpacked at the distribution or import point. It is particularly economical to have a single central entry point in a country or region through which all packaged devices or security modules are imported. This entry point can be regularly inspected by the operator with reasonable effort or even operated by the operator. Unpacking and inspecting all incoming devices or security modules in this import point, which would be very expensive, is no longer required according to the invention.

Vorteilhafte Ausgestaltungen des erfindungsgemäßen Verfahrens bzw. des erfindungsgemäßen Distributionssystems sind in den Unteransprüchen angegeben. Dabei kann selbstverständlich das Distributionssystem in ähnlicher Weise weitergebildet sein, wie es in den Unteransprüche bezüglich des Verfahrens angegeben ist.Advantageous embodiments of the method according to the invention or of the distribution system according to the invention are specified in the subclaims. Of course, the distribution system can be developed in a similar manner, as indicated in the dependent claims with respect to the method.

Bevorzugt ist vorgesehen, dass an der Verpackung des Sicherheitsmoduls vom Herstellerzentrum ein Label angebracht wird, auf das ein elektronischer Schlüssel in verschlüsselter oder unverschlüsselter Form, z. B. als Barcode, aufgedruckt ist. Diese maschinenlesbare Markierung wird dann vom Verteilerzentrum bzw. am Einfuhrpunkt gelesen und wird zur Identifizierung verwendet, wonach ein zweites Label mit dem Identifizierungscode an der Verpackung angebracht wird. Dabei wird entweder das erste Label überklebt oder entfernt, so dass es jedenfalls danach, insbesondere beim Benutzer, nicht mehr lesbar ist. Auch der Iderttifizierungscode kann verschlüsselt oder unverschlüsselt als Barcode auf dem Label aufgebracht sein. Anstelle von Labels mit Barcodes sind auch andere Möglichkeiten zum Versenden bzw. Anbringen des elektronischen Schlüssels und/oder des Identifizierungscodes an der Verpackung bzw. dem Sicherheitsmodul selbst denkbar, wie beispielsweise Chipkarten, Magnetstreifenkarten oder ID-Tags. Dabei ist jeweils wieder bevorzugt vorgesehen, dass vom Verteilerzentrum bzw. am Einfuhrpunkt der beim Hersteller gespeicherte elektronische Schlüssel gelöscht und durch den Identifizierungscode ersetzt wird.It is preferably provided that a label is attached to the packaging of the security module from the manufacturer, to which an electronic key in encrypted or unencrypted form, for. B. as a barcode, is printed. This machine-readable mark is then from the distribution center or at the entry point is read and used for identification, after which a second label with the identification code is attached to the packaging. In this case, either the first label is pasted over or removed, so that it is no longer readable, in any case, especially for the user. The ID verification code can also be encrypted or unencrypted applied as a barcode on the label. Instead of labels with barcodes, other possibilities for sending or attaching the electronic key and / or the identification code to the packaging or the security module itself are conceivable, such as chip cards, magnetic stripe cards or ID tags. In this case, it is again preferably provided that the electronic key stored by the manufacturer is deleted from the distribution center or at the entry point and replaced by the identification code.

In einer weiteren Ausgestaltung der Erfindung ist die Benutzung eines Authentisierungsalgorithmus und eines einzigen elektronischen Schlüssels beim Hersteller vorgesehen. Ein solcher Authentisierungsalgorithmus kann Teil eines sogenannten MAC (Message Authentication Code) sein. Weiter kann vorgesehen sein, dass dieser elektronische Schlüssel, der in dem Sicherheitsmodul gespeichert ist und gleichzeitig mit dem Sicherheitsmodul in von außen lesbarer Form versendet wird, mittels eines einzigen, nur dem Hersteller bzw. einem Herstellerzentrum und einem Service-Center in der Region des Benutzers bekannt ist. Der elektronische Schlüssel, der dann auf dem Sicherheitsmodul gespeichert ist, ist ebenfalls dem Benutzer bekannt und kann später zur Verschlüsselung weiterer Informationen, beispielsweise zwischen Benutzer und Service-Center, verwendet werden.In a further embodiment of the invention, the use of an authentication algorithm and a single electronic key is provided by the manufacturer. Such an authentication algorithm can be part of a so-called MAC (Message Authentication Code). It can further be provided that this electronic key, which is stored in the security module and is sent simultaneously with the security module in externally readable form, by means of a single, only the manufacturer or a manufacturer center and a service center in the region of the user is known. The electronic key, which is then stored on the security module, is also known to the user and can later be used to encrypt further information, for example between the user and the service center.

Alternativ ist in einer Weiterbildung die Verwendung eines elektronischen Schlüsselpaares mit einem privaten und einem öffentlichen Schlüssel vorgesehen. Dieses wird mit einem digitalen Signaturalgorithmus erzeugt, wie beispielsweise einem RSA (Rivest, Shamir, Adleman), einem DSA (Digital Signature Algorithm) oder einem ECDSA (Elliptic Curve DSA). Bevorzugt ist der öffentliche Schlüssel dabei in der zentralen Datenbank gespeichert, auf die auch das Verteilerzentrum und das Service-Center zugreifen können, und wird in von außen lesbarer Form mit dem Sicherheitsmodul versendet, während der private Schlüssel ausschließlich im Sicherheitsmodul gespeichert ist und mit diesem versendet wird. Zur Erzeugung von Zertifikaten, mit denen sich das Sicherheitsmodul identifizieren lässt und die den Schutz vor Manipulationen erhöhen, kann ebenfalls ein elektronisches Schlüsselpaar aus einem privaten und einem öffentlichen Schlüssel verwendet werden, wobei sowohl beim Herstellerzentrum als auch beim Verteilerzentrum ein getrenntes elektronisches Schlüsselpaar vorgesehen sein können.Alternatively, the use of an electronic key pair with a private and a public key is provided in a development. This is generated with a digital signature algorithm, such as an RSA (Rivest, Shamir, Adleman), a DSA (Digital Signature Algorithm) or an ECDSA (Elliptic Curve DSA). Preferably, the public key is stored in the central database, which can also be accessed by the distribution center and the service center, and is presented in externally readable form with the Security module sent while the private key is stored only in the security module and shipped with this. To generate certificates that identify the security module and increase protection against tampering, a private and public key electronic key pair can also be used, with a separate electronic key pair at both the manufacturer center and the distribution center ,

Alternativ zu einer zentralen Datenbank, in der bestimmte elektronische Schlüssel, der Identifizierungscode und gegebenenfalls erzeugte Zertifikate in verschlüsselter oder unverschlüsselter Form gespeichert werden, kann auch vorgesehen sein, diese Daten über ein separates Netzwerk, in dem Sicherheitsmodul gespeichert oder auf sonstigem Wege, beispielsweise mittels eines per Post verschickten Datenträgers, vom Herstellerzentrum an das Verteilerzentrum und/oder das regionale Service-Center zu übermitteln. Dies hätte den Vorteil, dass die zentrale Datenbank, die bevorzugt die Daten allerglobal eingesetzten Sicherheitsmodule enthält, geringeren Sicherheitsanforderungen genügen muss, kleiner ausgestaltet sein kann oder gänzlich entfallen kann.As an alternative to a central database in which certain electronic keys, the identification code and any certificates generated are stored in encrypted or unencrypted form, can also be provided, this data via a separate network, stored in the security module or otherwise, for example by means of a sent by post to the distribution center and / or the regional service center. This would have the advantage that the central database, which preferably contains the data all-globally used security modules must meet lower security requirements, may be made smaller or may be omitted altogether.

Die Erfindung ist selbstverständlich auch dann anwendbar, wenn es getrennte Hersteller bzw. Herstellerzentrum für das Sicherheitsmodul und das Anwendungsgerät, beispielsweise die Frankiermaschine, gibt. Die Sicherheitsmodule werden dann in der beschriebenen Weise an den Hersteller der Frankiermaschine gesendet, wo das Sicherheitsmodul identifiziert und registriert werden und anschließend in die Frankiermaschine eingebaut werden kann. Auch beim Versenden der mit dem Sicherheitsmodul ausgestatteten Frankiermaschine kann dann das erfindungsgemäße Verfahren entsprechend angewendet werden.Of course, the invention can also be used if there are separate manufacturers or manufacturer centers for the security module and the application device, for example the franking machine. The security modules are then sent in the manner described to the manufacturer of the franking machine, where the security module can be identified and registered and subsequently installed in the franking machine. Also, when sending the equipped with the security module franking machine method of the invention can then be applied accordingly.

Die Erfindung wird nachfolgend anhand der Zeichnungen näher erläutert. Es zeigen:

Figur 1
ein Blockschaltbild einer ersten Ausführungsform eines erfindungsgemäßen Distributionssystems,
Figur 2
ein Ablaufdiagramm zur Erläuterung des erfindungsgemäßen Verfahrens bei einem Distributionssystem gemäß Figur 1,
Figur 3
eine zweite Ausgestaltung eines erfindungsgemäßen Distributionssystems und
Figur 4
einen Ablaufplan zur Erläuterung des erfindungsgemäßen Verfahrens bei einem Distributionssystem gemäß Figur 3.
The invention will be explained in more detail with reference to the drawings. Show it:
FIG. 1
a block diagram of a first embodiment of a distribution system according to the invention,
FIG. 2
a flowchart for explaining the method according to the invention in a distribution system according to Figure 1,
FIG. 3
a second embodiment of a distribution system according to the invention and
FIG. 4
a flow chart for explaining the method according to the invention in a distribution system according to Figure 3.

Das in Figur 1 gezeigte erfindungsgemäße Distributionssystem weist folgende wesentliche Einheiten auf:

  1. a) Ein Hersteller bzw. Herstellerzentrum 1 von Sicherheitsmodulen 7 und gegebenenfalls Frankiermaschinen an einem Herstellerort umfasst ein Hersteller-Service-Center 6 (MSC = Manufacturing Service Center), worunter ein in oder nahe bei der Fabrik des Herstellers 1 betriebener Server verstanden werden soll. An diesen Server ist ein Drucker oder ein Chipkarten-Schreib-/Lesegerät angeschlossen, so dass frisch produzierte Sicherheitsmodule kryptographisch initialisiert werden können.
  2. b) Ein Verteiler bzw. Verteilerzentrum 2 an einem Verteilerort, das auch als Einfuhrpunkt (ESP = Entry Service Point) bezeichnet wird, ist in jeder Region vorgesehen, in der Geräte mit Sicherheitsmodulen betrieben werden sollen. Dabei kann es ein oder mehrere solcher Service-Center geben, die alle Geräte mit Sicherheitsmodulen für diese Region registrieren. Z. B. können alle Geräte mit Sicherheitsmodulen, die in einer Region verkauft werden sollen, an ein Verteilerzentrum 2 dieser Region geliefert, dort registriert und anschließend an den betreffenden Kunden ausgeliefert werden.
  3. c) Ein Benutzer 3 an einem Benutzerort, worunter ein Endkunde verstanden wird, erwirbt ein Gerät mit eingebautem Sicherheitsmodul oder beide Geräte separat und arbeitet damit.
  4. d) Eine zentrale Datenbank 4 (PKD = Public Key Directory) dient als weltweites Verzeichnis allergefertigten Sicherheitsmodule und bestimmter Attribute dieser Sicherheitsmodule, wobei es ein oder mehrere verteilte Datenbanken geben kann.
  5. e) In jeder Region gibt es ein oder mehrere Service-Center 5 (RSC = Remote Service Center), worunter Regional-Server zu verstehen sind, die für alle in dieser Region registrierten Geräte mit Sicherheitsmodulen Dienste (Remote Services) anbieten. Der oder die regionalen Server 5 können räumlich auch in den Verteilerzentrum 2 der Region angesiedelt sein.
The distribution system according to the invention shown in FIG. 1 has the following essential units:
  1. a) A manufacturer or manufacturer center 1 of security modules 7 and, where appropriate, franking machines at a manufacturer's location comprises a manufacturer service center 6 (MSC = Manufacturing Service Center), which is to be understood as a server operated in or close to the manufacturer's factory 1. A printer or chip card read / write device is connected to this server so that newly produced security modules can be cryptographically initialized.
  2. b) A distributor or distributor center 2 at a distribution location, which is also referred to as entry point (ESP), is provided in each region in which devices are to be operated with security modules. There may be one or more such service centers that register all devices with security modules for that region. For example, all devices with security modules to be sold in one region can be delivered to a distribution center 2 of that region, registered there and then delivered to the customer in question.
  3. c) A user 3 at a user location, by which an end customer is understood, acquires a device with built-in security module or both devices separately and works with it.
  4. d) A central database 4 (PKD = Public Key Directory) serves as a worldwide directory of all-made security modules and certain attributes of these security modules, whereby it has one or more distributed databases can give.
  5. e) There are one or more Remote Service Centers (RSCs) in each region, which are regional servers that provide services (Remote Services) to all devices with security modules registered in that region. The regional server or servers 5 may also be spatially located in the distribution center 2 of the region.

Weiter kann es in jeder Region einen regionalen Betreiber geben, der alle Geräte mit Sicherheitsmodulen in dieser Region betreibt, wobei dies auch eine postalische Autorität sein kann. Regionaler Betreiber ist derjenige, der für Schäden haftet, die aus der Kompromittierung eines Sicherheitsmoduls resultieren, das in dieser Region registriert ist. Aufgrund dieser Haftung wird vorausgesetzt, dass der regionale Betreiber den Verteilerzentrum seiner Region vertraut, das heißt, dass er sie z. B. regelmäßig inspiziert, inspizieren lässt oder selbst betreibt.Further, in each region, there may be a regional operator who operates all devices with security modules in that region, which may also be a postal authority. Regional operator is the one liable for damages resulting from the compromise of a security module registered in that region. Because of this liability, it is assumed that the regional operator trusts the distribution center of his region, ie B. regularly inspected, inspected or self operates.

Das erfindungsgemäße Verfahren wird nachfolgend näher erläutert. Das Herstellerzentrum 1 betreibt neben der Herstellung der Sicherheitsmodule 7 einen lokalen Hersteller-Server (Herstellungs-Service-Center) 6 in unmittelbarer Nähe zum Produktionsendpunkt der Fabrik. Zunächst wird von dem Hersteller-Server 6 ein elektronisches Hersteller-Schlüsselpaar (sk1, vk1) erzeugt (Schritt 20 in Figur 2). Der private Schlüssel sk1 wird dabei von dem Hersteller-Server 6 benutzt, um Mitteilungen über neu produzierte Sicherheitsmodule 7 zu signieren, während der öffentliche Schlüssel vk1 von den Service-Centern 5 dazu benutzt wird, diese Signaturen zu verifizieren. Dazu kann der öffentliche Schlüssel vk1 von dem Hersteller-Server 6 offline an das Verteilerzentrum 2 und/oder das regionale Service-Center 5 übermittelt werden. Um diesen Übertragungskanal zu authentifizieren, können eine oder mehrere zertifizierende Autoritäten vorgesehen sein.The inventive method will be explained in more detail below. The manufacturer center 1 operates in addition to the production of the security modules 7 a local manufacturer server (manufacturing service center) 6 in close proximity to the production end point of the factory. First, an electronic manufacturer key pair (sk 1 , vk 1 ) is generated by the manufacturer server 6 (step 20 in FIG. 2). The private key sk 1 is used by the manufacturer server 6 to sign messages about newly produced security modules 7, while the public key vk 1 is used by the service centers 5 to verify these signatures. For this purpose, the public key vk 1 can be transmitted from the manufacturer server 6 offline to the distribution center 2 and / or the regional service center 5. To authenticate this transmission channel, one or more certifying authorities may be provided.

Auch das Verteilerzentrum 2, das als Einfuhrpunkt für alle in einer bestimmten Region zu betreibenden Sicherheitsmodule dient, erzeugt zunächst ein Verteiler-Schlüsselpaar (sk2, vk2) mit einem privaten Schlüssel sk2 und einem öffentlichen Schlüssel vk2 (Schritt 21). Damit können für die Sicherheitsmodule sogenannte Eingangszertifikate als digitale Signaturen erzeugt werden, die in der zentralen Datenbank 4 gespeichert werden können. Die verschiedenen Verteilerzentren der unterschiedlichen Regionen oder Länder kennen dabei die öffentlichen Verteiler-Schlüssel der anderen Verteilerzentren nicht. Jedes Verteilerzentrum muss nur in der Lage sein, seine eigenen Einträge in der zentralen Datenbank 4 prüfen zu können. Grundsätzlich ist es auch möglich, mehrere Verteilerzentrum bzw. Einfuhrpunkte für ein Land oder eine Region vorzusehen.The distribution center 2, which serves as an entry point for all security modules to be operated in a certain region, first generates a distribution key pair (sk 2 , vk 2 ) with a private key sk 2 and a public key vk 2 (step 21). Thus, for the security modules so-called Input certificates are generated as digital signatures that can be stored in the central database 4. The various distribution centers of the different regions or countries do not know the public distribution keys of the other distribution centers. Each distribution center need only be able to check its own entries in the central database 4. In principle, it is also possible to provide several distribution centers or entry points for a country or a region.

Nachdem ein Sicherheitsmodul 7 hergestellt und mit den mechanischen Schutzvorrichtungen versehen ist, wird es mit dem Hersteller-Server 6 verbunden, beispielsweise über einen zwischengeschalteten (nicht gezeigten) Registrierungs-PC. Dieser fordert von dem Sicherheitsmodul 7 einen öffentlichen Schlüssel an, wobei die Anforderung den öffentlichen Hersteller-Schlüssel vk1 und die Anforderung, ein Transport-Schlüsselpaar zu erzeugen, enthält (Schritt 22). Das Sicherheitsmodul 7 speichert den Schlüssel vk1 in einem nicht-flüchtigen Speicher und generiert das angeforderte Transport-Schlüsselpaar (stk, vtk), welches einen Signier-Transport-Schlüssel stk (signing transport key) und einen Verifizier-Transport-Schlüssel vtk (verifying transport key) enthält (Schritt 23). Während der private Schlüssel stk von dem Sicherheitsmodul 7 privat gehalten und nur dort gespeichert wird, wird von dem Sicherheitsmodul 7 eine einmalige Seriennummer s, die bei der Herstellung vergeben wurde, und der Verifizier-Transport-Schlüssel vtk über den Registrierungs-PC an den Hersteller-Server 6 weitergegeben (Schritt 24). Dieser erzeugt daraufhin mit Hilfe seines privaten Schlüssels sk1 und eines Signieralgorithmus cert ein öffentliches Schlüssel-Zertifikat c1 (Schritt 25), das er anschließend zusammen mit der Seriennummer s und dem Verifizier-Transport-Schlüssel vtk in der öffentlichen entfernten zentralen Datenbank 4 speichert (Schritt 26). Nach dieser anfänglichen Registrierung wird das Sicherheitsmodul 7 seinen Verifizier-Transport-Schlüssel vtk niemals mehr herausgeben, auch eine Speicherung desselben ist nicht erforderlich.After a security module 7 is manufactured and provided with the mechanical protection devices, it is connected to the manufacturer server 6, for example via an intermediary registration PC (not shown). The latter requests a public key from the security module 7, the request containing the public manufacturer key vk 1 and the request to generate a transport key pair (step 22). The security module 7 stores the key vk 1 in a non-volatile memory and generates the requested transport key pair (stk, vtk) containing a signing transport key stk (signing transport key) and verifying transport key vtk (verifying transport key) (step 23). While the private key stk is kept private by the security module 7 and is stored there only, the security module 7 sends a unique serial number s given in the production and the verification transport key vtk to the manufacturer via the registration PC Server 6 (step 24). The latter then uses its private key sk 1 and a signing algorithm cert to generate a public key certificate c 1 (step 25), which it then stores together with the serial number s and the verification transport key vtk in the public remote central database 4 (Step 26). After this initial registration, security module 7 will never release its verify transport key vtk, nor will it need to store it.

Für die Realisierung des Registrierungs-PCs und des Hersteller-Servers 6 bieten sich verschiedene Möglichkeiten, wie beispielsweise eine Client-Server-Architektur auf der Basis von Windows-NT.For the realization of the registration PC and the manufacturer server 6, there are various possibilities, such as a client-server architecture based on Windows NT.

Anschließend wird das Sicherheitsmodul 7 in einer Transportverpackung 8 verpackt, wobei das Sicherheitsmodul 7 in einer separaten Verpackung oder zusammen mit einem Benutzergeräte 71, z.B. einer Frankiermaschine, in einer gemeinsamen Verpackung 8 enthalten sein kann. Im letzteren Falle kann das Sicherheitsmodul 7, wie in Fig. 1 gezeigt, auch bereits in die Frankiermaschine 71 eingebaut sein. Nachdem die Verpackung 8 verschlossen und versiegelt ist, wird ein Label 9 erzeugt, auf das die Seriennummer s, der Verifizier-Transport-Schlüssel vtk des Sicherheitsmoduls 7 und gegebenenfalls weitere Informationen, bevorzugt in Form eines zweidimensionalen Barcodes, gedruckt sind (Schritt 27). Dieses Label 9 wird von außen sichtbar und lesbar auf die Verpackung 9 aufgebracht, so dass die enthaltene Information mit einer Maschine, z. B. mit einem Barcode-Leser auf einfache Weise gelesen werden kann. Wenn die Labels 9 nicht robust genug sind, um den Transport zu überstehen, können die Barcodes auch direkt auf die Verpackung oder etwaige Begleitpapiere gedruckt werden, die dann in eine entsprechende Hülle auf die Außenseite der Verpackung 8 aufgebracht werden.Subsequently, the security module 7 is packed in a transport packaging 8, wherein the security module 7 in a separate package or together with a user equipment 71, e.g. a franking machine, in a common packaging 8 may be included. In the latter case, as shown in FIG. 1, the security module 7 may also already be installed in the franking machine 71. After the package 8 has been sealed and sealed, a label 9 is produced on which the serial number s, the verification transport key vtk of the security module 7 and optionally further information, preferably in the form of a two-dimensional barcode, are printed (step 27). This label 9 is visible and read from the outside applied to the package 9, so that the information contained with a machine, for. B. can be read easily with a barcode reader. If the labels 9 are not robust enough to survive the transport, the bar codes can also be printed directly on the package or any accompanying papers which are then placed in a corresponding envelope on the outside of the package 8.

Die Verpackungen werden anschließend vom Herstellerzentrum 1 direkt zu den Verteilerzentrum 2 in den jeweiligen Regionen gesandt, in denen die Frankiermaschinen 71 bzw. die Sicherheitsmodule 7 dann verkauft und benutzt werden sollen. Dort werden die Barcodes jeder ankommenden Verpackung 9 mit einem Scanner 10 gelesen, der an einen entsprechenden Rechner 11 mit angeschlossenem Drukker 12 angeschlossen ist. Für jede Seriennummer s und jeden Verifizier-Transport-Schlüssel vtk wird anschließend per Zufall ein Identifizierungscode ID gewählt, auch wenn der Endkunde des Produkts weder bereits bekannt noch bestimmt ist. Die Anzahl der Kundennummern muss dabei groß genug sein, so dass Kollisionen von Identifikationscodes äußerst selten sind und es praktisch ausgeschlossen ist, zu erraten, welcher Identifikationscode einem bestimmten Sicherheitsmodul zugewiesen werden wird. Bevorzugt ist deshalb die Benutzung von Identifikationscodes mit einer Länge zwischen 32 und 64 Bit vorgesehen.The packages are then sent from the manufacturer center 1 directly to the distribution center 2 in the respective regions in which the franking machines 71 and the security modules 7 are then to be sold and used. There, the bar codes of each incoming packaging 9 are read with a scanner 10, which is connected to a corresponding computer 11 with connected Drukker 12. For each serial number s and each verification transport key vtk, an identification code ID is then randomly selected, even if the end customer of the product is neither already known nor determined. The number of customer numbers must be large enough, so that collisions of identification codes are extremely rare and it is virtually impossible to guess which identification code will be assigned to a particular security module. Preferably, therefore, the use of identification codes with a length between 32 and 64 bits is provided.

Anschließend verknüpft das Verteilerzentrum 2 den neuen Identifikationscode ID mit der Seriennummer s und dem Verifizier-Transport-Schlüssel vtk auf der Verpackung, indem der Identifizierungscode ID auf ein neues Label 13 gedruckt wird, welches über das erste Label 9 auf der Verpackung 8 geklebt wird, so dass der Barcode des ersten Labels 9 nicht mehr gelesen werden kann. Dazu kann das erste Label 9 auch entfernt werden, bevor das Label 13 aufgeklebt wird. Wenn das Label oder der Barcode auf Begleitpapieren angebracht ist, wird das neue Label 13 an dieser Stelle angebracht. Bevorzugt ist der Identifikationscode ID in normal lesbarer Form auf dem Label 13 aufgebracht, wobei das genaue Format die Eigenschaften der Eingabemittel der mit dem Sicherheitsmodul auszustattenden Frankiermaschine berücksichtigen sollte. Wenn beispielsweise die Eingabemittel ein Ziffernfeld aufweisen, dann kann der Identifikationscode ID auch in Dezimalzahlen gedruckt werden. Wenn jedoch die Eingabemittel nur eine Anzahl von speziellen, beispielsweise farblich unterschiedlichen Tasten aufweisen, dann sollte auch der Identifkationscode in entsprechender Weise codiert sein. Ausserdem wird vom Verteilerzentrum 2 ein Eingangszertikat c2 aus der Seriennummer s, dem Verifizier-Transport-Schlüssel vtk und dem Identifikationscode ID mit Hilfe des privaten Verteiler-Schlüssels sk2 mittels eines Signieralgorithmus cert erzeugt (Schritt 28). Dieses wird schließlich zusammen mit dem Identifikationscode ID in der zentralen Datenbank 4 gespeichert und dort den bereits gespeicherten Daten des Sicherheitsmoduls 7 zugeordnet (Schritt 29).Subsequently, the distribution center 2 links the new identification code ID with the serial number s and the verification transport key vtk on the packaging, by printing the identification code ID on a new label 13, which is pasted over the first label 9 on the packaging 8, so that the barcode of the first label 9 can no longer be read. For this purpose, the first label 9 can also be removed before the label 13 is adhered. If the label or barcode is attached to accompanying documents, the new label 13 will be attached at this point. Preferably, the identification code ID is applied to the label 13 in a normally readable form, wherein the exact format should take into account the characteristics of the input means of the franking machine to be equipped with the security module. If, for example, the input means have a number field, then the identification code ID can also be printed in decimal numbers. However, if the input means have only a number of special, for example, color-different keys, then the Identifkationscode should be encoded in a similar manner. In addition, the distribution center 2 generates an entry certificate c2 from the serial number s, the verification transport key vtk and the identification code ID with the aid of the private distribution key sk 2 by means of a signing algorithm cert (step 28). This is finally stored together with the identification code ID in the central database 4 and there associated with the already stored data of the security module 7 (step 29).

Konzeptionell ist die zentrale Datenbank ein großes verteiltes Verzeichnis, das öffentliche Verifizier-Schlüssel von Sicherheitsmodulen für Frankiermaschinen in allen Ländern zentral verwaltet. Der Zugriff auf diese globale Datenbank 4 ist streng begrenzt, wobei Lese- und Schreib-Zugriffe auf die Service-Center 5, 6 und die Verteilerzentren 2 beschränkt sind. Die Verteilerzentren 2 und die Service-Center jeder Region haben dabei nur auf die Schlüssel Zugriff, die die in ihrer Region betriebenen Sicherheitsmodule betreffen.Conceptually, the central database is a large distributed directory that centrally manages public verification keys of security modules for postage meters in all countries. The access to this global database 4 is strictly limited, with read and write accesses to the service centers 5, 6 and the distribution centers 2 being restricted. The distribution centers 2 and the service centers of each region have access only to the keys concerning the security modules operated in their region.

Alle derartig verarbeiteten Verpackungen 8 mit Sicherheitsmodulen werden anschließend von den Verteilerzentren 2 direkt vermarktet oder über Einzelhändler vertrieben. Im allgemeinen wissen die Verteilerzentren 2 nicht, wer schließlich der Endkunde 3 ist, welches Produkt er erhält und wann er es erhält.All thus processed packages 8 with security modules are then marketed directly from the distribution centers 2 or sold through retailers. In general, the distribution centers 2 do not know who the end customer 3 is after all, which product he receives and when he receives it.

Nachdem ein Kunde 3 eine Verpackung 18 erhalten und das Sicherheitsmodul 7 entnommen hat, wird er es in die Frankiermaschine 71 einbauen, sofern es nicht wie gezeigt bereits eingebaut ist, diese in Betrieb nehmen und an das Telefonnetz anschließen. Die Frankiermaschine wird dann mit einem regionalen Service-Center 5 seiner Region verbunden, um dort registriert zu werden. Dazu wird zunächst von dem Sicherheitsmodul 7 ein Verifizierungscode sig aus dem in dem Sicherheitsmodul gespeicherten privaten Schlüssel stk und dem auf dem Label 13 enthaltenen Identifikationscode ID erzeugt (Schritt 30). Dieser Verifizierungscode sig wird dann zusammen mit dem Identifikationscode ID an das regionale Service-Center 5 übertragen, welches daraufhin in der zentralen Datenbank 4 nachsieht, ob der übertragene Identifikationscode ID von dem Verteiler 2 dieser Region erzeugt worden ist und ob ein gültiges Eingangszertifikat c2 vorliegt (Schritte 31, 32). Sofern dies der Fall ist, erhält das regionale Service-Center 5 von der zentralen Datenbank 4 den Verifizier-Schlüssel vtk zurück (Schritt 33), der dann für die Verifizierung des Sicherheitsmoduls mittels des Verifizieralgorithmus ver anhand des erzeugten Verifizierungscode sig und des Identifikationscodes ID benutzt wird (Schritt 34).After a customer 3 has received a package 18 and removed the security module 7, he will install it in the postage meter 71, unless it is already installed as shown, put it into operation and connect it to the telephone network. The franking machine is then connected to a regional service center 5 of its region to be registered there. For this purpose, a verification code sig is initially generated by the security module 7 from the private key stk stored in the security module and the identification code ID contained on the label 13 (step 30). This verification code sig is then transmitted together with the identification code ID to the regional service center 5, which then checks in the central database 4 whether the transmitted identification code ID has been generated by the distributor 2 of this region and whether a valid entry certificate c 2 exists (Steps 31, 32). If so, the regional service center 5 retrieves, from the central database 4, the verification key vtk (step 33), which then verifies the verification of the security module by means of the verification algorithm ver using the generated verification code sig and the identification code ID becomes (step 34).

Wenn dieser Test erfolgreich ist, ist das Sicherheitsmodul und die zugehörige Frankiermaschine registriert und für die Benutzung freigegeben, wonach die länderspezifische Software, Initialisierung und Authorisierung heruntergeladen werden können. Danach ist das Sicherheitsmodul als postalische Sicherheitseinrichtung (PSD = Postal Security Device) anerkannt, so dass die Frankiermaschine in Betrieb gehen, Gebühreneinheiten herunterladen und Frankierungen erzeugen kann. Wie unmittelbar aus der oberen Erläuterung ersichtlich ist, ist es bei der Erfindung nicht erforderlich, dass die Verpackung des Sicherheitsmoduls auf dem Weg zum Hersteller bis zum Endbenutzer geöffnet werden muss. Es können demnach Siegel an der Verpackung angebracht werden, so dass beim Benutzer ein unbefugtes Öffnen der Verpackung während des Transports leicht festgestellt werden kann. Durch die Verwendung der beschriebenen Zertifikate und der beschriebenen Labels wird ausserdem ein weitreichender Schutz vor Manipulationen mit Fälschungsabsicht erzielt. Nur wenn die Verifizierung und Registrierung am Ende des beschriebenen Verfahrens erfolgreich verläuft, kann das Sicherheitsmodul auch in Betrieb genommen werden.If this test is successful, the security module and associated postage meter is registered and approved for use, after which the country specific software, initialization and authorization can be downloaded. Thereafter, the security module is recognized as a postal security device (PSD = Postal Security Device), so that the franking machine go into operation, download fee units and can generate frankings. As immediately apparent from the above explanation, it is not necessary in the invention that the packaging of the security module on the way to the manufacturer must be opened to the end user. It can therefore be attached to the packaging seals, so that the user unauthorized opening of the packaging during transport can be easily detected. By using the described certificates and the described labels also a far-reaching protection against tampering with manipulation intent achieved. Only if the verification and registration at the end of the described procedure is successful, the security module can also be put into operation.

Grundsätzlich muss ein Distributionssystem einer Reihe von Sicherheitsanforderungen genügen und Schutz vor unterschiedlichen Manipulationen bieten. Diese sollen nachfolgend kurz dargestellt werden:

  1. 1. Ein Betrüger könnte den privaten Transportschlüssel stk eines Sicherheitsmoduls kompromittieren und sich mittels eines PC an einem regionalen Service-Center in gleicher Weise wie ein Sicherheitsmodul anmelden. Nachdem er sich dann angemeldet, initialisiert und autorisiert hat, könnte er ein geeignetes Schlüsselpaar unter Kontrolle haben, um Frankierungen in beliebiger Zahl und Höhe zu erzeugen. Die Kompromittierung könnte dadurch erfolgen, dass beim Herstellungsprozess der private Transportschlüssel gestohlen wird, dass öffentliche Transportschlüssel bei der Übertragung über ein Netzwerk abgehört werden oder dass die mechanischen Schutzvorrichtungen eines Sicherheitsmoduls aufgebrochen werden. Ausserdem könnte ein solcher Betrüger auch direkt Sicherheitsmodule beim Hersteller stehlen.
  2. 2. Ein Betrüger könnte auch seine eigenen Transportschlüssel erzeugen und in das System durch Ankopplung an einen Hersteller-Service 6 oder ein regionales Service-Center 5 einschleusen. Auch der Transport von Verifizier-Schlüsseln neuer Sicherheitsmodule könnte von einem Betrüger unterbrochen werden. In diesem Falle würde das System keinen Unterschied zwischen der Anzahl der hergestellten Sicherheitsmodule und der Anzahl der Transportschlüssel registrieren. Da der Betrüger dann einen privaten Transportschlüssel kennt, der mit einem öffentlichen Transportschlüssel zusammenpasst, ist der Betrüger ebenso mächtig wie jemand, der einen privaten Transportschlüssel kompromittiert.
  3. 3. Ein Betrüger könnte auch ein fertiggestelltes Sicherheitsmodul, das mit einem Transportschlüssel ausgestattet ist, entwenden, bevor es zum Kunden geliefert wird. Dieses könnte er dann dazu benutzten, um in einem bestimmten Land Frankierungen zu erzeugen.
  4. 4. Schließlich könnte ein Betrüger auch seine eigenen Sicherheitsmodule herstellen und in die Vertriebskette einschleusen. Dabei müsste der Betrüger allerdings öffentliche Transportschlüssel erfolgreich in das System einschleusen, da ansonsten seine Sicherheitsmodule nicht akzeptiert werden.
Basically, a distribution system must meet a number of security requirements and provide protection against various manipulations. These are to be briefly described below:
  1. 1. A fraudster could compromise the private transport key stk of a security module and log in to a regional service center using a PC in the same way as a security module. After logging in, initializing, and authorizing, he could have a suitable pair of keys under control to generate any number and amount of franking. Compromising could be done by stealing the private transport key during the manufacturing process, by listening to public transport keys when transmitting over a network, or by breaking the mechanical protections of a security module. In addition, such a fraudster could also steal security modules directly from the manufacturer.
  2. 2. A fraudster could also generate his own transport keys and introduce them into the system by interfacing with a manufacturer service 6 or a regional service center 5. The transport of verification keys of new security modules could also be interrupted by a fraudster. In this case, the system would register no difference between the number of security modules produced and the number of transport keys. Since the cheater then knows a private transport key that matches a public transport key, the cheater is just as powerful as someone who compromises a private transport key.
  3. 3. A fraudster could also steal a completed security module equipped with a transport key before it is delivered to the customer. He could then use this to generate frankings in a certain country.
  4. 4. Finally, a fraudster could also make his own security modules and smuggle them into the distribution chain. However, the fraudster would have to successfully introduce public transport keys into the system, otherwise his security modules will not be accepted.

Das erfindungsgemäße Verfahren und das erfindungsgemäße Distributionssystem kann allen beschriebenen Missbräuchen standhalten, ausser das Sicherheitsmodul wird beim Kunden gestohlen und die mechanischen Sicherheitsvorrichtungen werden aufgebrochen oder der öffentliche Transportschlüssel fällt dem Betrüger dabei in die Hände. Bei der erfindungsgemäßen Lösung muss einem Betrüger nicht nur ein registriertes Schlüsselpaar von Transportschlüsseln, sondern auch ein zugehöriger Identifikationscode in die Hände fällen. Wenn ein Betrüger nur das registrierte Transportschlüsselpaar und möglicherweise ein Sicherheitsmodul findet, ist es immer noch erforderlich, dass er dafür einen Identifikationscode beim Verteiler erzeugen lassen muss. Andernfalls wird sonst kein Identifikationscode in die zentrale Datenbank eingetragen und eine Registrierung oder Benutzung wird fehlschlagen. Nachdem das Verteilerzentrum einen Identifikationscode erzeugt und in der zentralen Datenbank gespeichert hat, könnte ein Betrüger auch versuchen, diesen aus der zentralen Datenbank auszulesen oder das Sicherheitsmodul auf dem Transportweg zum Benutzer abzufangen, um den Identifikationscode zu erhalten. Dabei ist anzumerken, dass nicht jedermann eine Verpackung mit einem Sicherheitsmodul und einem Label mit Identifikationscode bestellen kann.The inventive method and the distribution system according to the invention can withstand all described abuses, except the security module is stolen from the customer and the mechanical security devices are broken or the public transport key falls into the hands of the fraudster. In the solution according to the invention, a fraudster not only has to register a registered key pair of transport keys, but also an associated identification code. If a fraudster finds only the registered transport key pair and possibly a security module, it still requires that he must have an identification code generated at the distributor. Otherwise, no identification code will be entered in the central database and registration or use will fail. After the distribution center has generated and stored an identification code in the central database, a fraudster could also try to read it from the central database or intercept the security module on the way to the user to obtain the identification code. It should be noted that not everyone can order a packaging with a security module and a label with identification code.

Das beschriebene erfindungsgemäße Distributionssystem umfasst eine verteilte Datenbank mit höchster Sicherheitsstufe, die in ausreichendem Maße gegen nichtautorisierten Zugriff geschützt werden muss. Dies ist dadurch gesichert, dass die Infrastruktur ein geschlossenes System ist ohne Zugriffsmöglichkeit über das Internet.The described distribution system according to the invention comprises a distributed database with highest security level, which must be sufficiently protected against unauthorized access. This is ensured by the fact that the infrastructure is a closed system without access via the Internet.

Eine Verpackung mit einem Label auf dem Vertriebswege abzufangen wird allgemein als ausreichend schwierig angesehen. Die Anzahl der Versendungen von Sicherheitsmodulen ist relativ gering und es ist auch nicht möglich, ohne Barcodescanner einen öffentlichen Transportschlüssel von einem Label zu lesen. Noch schwieriger ist es dann, wenn das Label mit dem Identifikationscode über das erste Label geklebt ist.Trapping a packaging with a label on the distribution channel is generally considered to be sufficiently difficult. The number of shipments of security modules is relatively low and it is also not possible to read a public transport key from a label without a barcode scanner. It is even more difficult if the label with the identification code is pasted over the first label.

Der schwerwiegendste Betrugsversuch liegt vermutlich darin, eine große Anzahl von privaten Transportschlüsseln beim Hersteller zu kompromittieren und deren öffentliche Transportschlüssel mit derselben Anzahl von Verpackungen zu vergleichen, die in Ladenregalen liegen, um wenigstens eine einzige Übereinstimmung zu finden. Diese Betrugsmethode funktioniert nur dann, wenn der Betrüger irgendwie erkennen kann, welche Verpackungen in den Ladenregalen mit welchen von dem Hersteller kommenden Verpackungen übereinstimmen. Dies könnte dadurch erfolgen, dass ein Betrüger beim Verteilerzentrum den öffentlichen auf dem ersten Label gespeicherten Transportschlüssel in irgendeiner Weise ausliest, bevor das zweite Label darüber geklebt wird. Eine andere Möglichkeit wäre die heimliche Markierung von Verpackungen beim Hersteller, um dieselben Verpackungen später wiedererkennen zu können.The most serious fraud attempt is probably to compromise a large number of private transport keys from the manufacturer and to compare their public transport keys with the same number of packages that are on store shelves to find at least one match. This method of fraud works only if the fraudster can somehow detect which packaging in the store shelves matches which packaging coming from the manufacturer. This could be done by having a scam at the distribution center read the public transport key stored on the first label in some way before sticking the second label over it. Another possibility would be the secret marking of packaging by the manufacturer in order to recognize the same packaging later.

All die beschriebenen Missbrauchsmöglichkeiten werden jedoch bei dem erfindungsgemäßen Distributionssystem und Verfahren unterbunden bzw. weitgehend vermieden, so dass die vorgesehenen Sicherheitsmaßnahmen nur unter sehr großem Aufwand umgangen werden können.However, all the abuse possibilities described are prevented or largely avoided in the distribution system and method according to the invention, so that the security measures provided can only be circumvented at great expense.

Eine zweite Ausführungsform des erfindungsgemäßen Distributionssystems und des erfindungsgemäßen Verfahrens soll anhand der Figuren 3 und 4 erläuert werden. Anders als bei dem Distributionssystem gemäß Fig. 1 werden hier nicht Schlüsselbpaare mit einem privaten und einem öffentlichen Schlüssel, sondern es wird nur jeweils ein symmetrischer Schlüssel eingesetzt. Zunächst erzeugt der Hersteller-Server 6 einen privaten Schlüssel k1, der mit dem regionalen Service-Center 5 vereinbart wird (Schritt 40). Ebenso generiert das Verteilerzentrum 2 einen eigenen privaten Schlüssel k2 und das Sicherheitsmodul 7 einen Transportschlüssel tk (Schritte 41, 42). Nachdem das Sicherheitsmodul 7 den Transportschlüssel tk an den Hersteller-Server 6 übertragen hat (Schritt 43), verschlüsselt dieser den Transportschlüssel tk mit Hilfe seines privaten Schlüssels k1 mittels eines Verschlüsselungsalgorithmus enc und sendet das Zertifikat c1 an das Sicherheitsmodul 7 zurück (Schritte 44, 45). Das Sicherheitsmodul 7 speichert das Zertifikat c1, erstellt aus dem Transportschlüssel tk einen Hash-Wert h und druckt diesen auf das Label 9, welches dann an der Verpackung 8 des Sicherheitsmoduls 7 angebracht wird (Schritt 46). Dieser Hash-Wert h wird schließlich über den Hersteller-Server 6 auch in die zentrale Datenbank 4 eingetragen (Schritt 47).A second embodiment of the distribution system according to the invention and of the method according to the invention will be explained with reference to FIGS. 3 and 4. Unlike the distribution system shown in FIG. 1 are not key pairs with a private and a public key, but it is only one symmetric key used. First, the manufacturer server 6 generates a private key k 1 which is arranged with the regional service center 5 (step 40). The distribution center 2 likewise generates its own private key k 2 and the security module 7 generates a transport key tk (steps 41, 42). After the security module 7 has transferred the transport key tk to the manufacturer server 6 (step 43), it encrypts the transport key tk by means of its private key k 1 by means of an encryption algorithm enc and sends the certificate c 1 back to the security module 7 (steps 44 , 45). The security module 7 stores the certificate c 1 , creates a hash value h from the transport key tk and prints it on the label 9, which is then attached to the packaging 8 of the security module 7 (step 46). This hash value h is finally also entered into the central database 4 via the manufacturer server 6 (step 47).

Bei dem Verteilerzentrum 2 wird der Hash-Wert h von dem Label 9 mittels des Scanners 10 gelesen, ein Identifikationscode ID erzeugt und auf das zweite Label 13 gedruckt, welches dann über dem Label 9 auf der Verpackung 8 angebracht wird (Schritt 48). Der Identifikationscode ID wird ebenfalls in der zentralen Datenbank 4 gespeichert und dort den Hash-Wert h zugeordnet (Schritt 49).At the distribution center 2, the hash value h is read from the label 9 by means of the scanner 10, an identification code ID is generated and printed on the second label 13, which is then placed over the label 9 on the package 8 (step 48). The identification code ID is also stored in the central database 4 and assigned there the hash value h (step 49).

Am Benutzerort 3 wird vom Sicherheitsmodul 7 nach dessen Eintreffen mittels eines Authentisierungsalgorithmus aus dem Transportschlüssel tk, der in dem Sicherheitsmodul gespeichert ist, und dem Identifikationscode ID des Labels 13 ein Verifizierungscode m, oft auch als MAC (Message Authentication Code) bezeichnet, erzeugt (Schritt 50). Dieser wird zusammen mit dem Identifizierungscode ID und dem Zertifikat c1 an das regionale Service-Center 5 übertragen (Schritt 51). Dort wird das Zertifikat c1 mit Hilfe des privaten Schlüssels k1 mittels eines Entschlüsselungsalgorithmus dec entschlüsselt, woraus sich der Transportschlüssel tk ergibt, aus dem dann anschließend ein Hash-Wert h berechnet wird (Schritt 52). Danach prüft das regionale Service-Center 5, ob der Identifizierungscode ID und der Hash-Wert h in der zentralen Datenbank 4 enthalten sind (Schritt 53). Sofern dies der Fall ist, erfolgt schließlich die Verifizierung mittels des Verifizieralgorithmus ver mit Hilfe des Transportschlüssels tk, des Identifizierungscodes ID und des Verifizierungscodes m (Schritt 54). Bei erfolgreicher Verifizierung kann dann die Registrierung erfolgen, wonach das Sicherheitsmodul bestimmungsgemäß benutzt werden kann.At the user location 3, the security module 7 generates a verification code m, often also referred to as a MAC (Message Authentication Code), by means of an authentication algorithm from the transport key tk stored in the security module and the identification code ID of the label 13 (step 50). This is transmitted to the regional service center 5 together with the identification code ID and the certificate c 1 (step 51). There, the certificate c 1 is decrypted with the aid of the private key k 1 by means of a decryption algorithm dec, from which the transport key t k results, from which then a hash value h is subsequently calculated (step 52). Thereafter, the regional service center 5 checks whether the identification code ID and the hash value h are included in the central database 4 (step 53). If this is the case, verification is finally carried out by means of the verification algorithm ver using the transport key tk, the identification code ID and the verification code m (step 54). Upon successful verification, then the registration can be made, after which the security module can be used as intended.

Claims (19)

  1. Method of secure distribution of security modules (7), particularly for franking machines, from a manufacturer's location (1) via a distributor's location (2) to a user's location (3), with the following steps:
    a) generating and storing an electronic key pair including a public electronic key (vtk) and a private electronic key (stk) in the security module (7) at the manufacturer's location (1),
    b) storing the public electronic key (vtk) in a central database (4),
    c) generating a key marking (9), which includes the public electronic key (vtk), at the manufacturer's location (1), and dispatching the key marking (9), together with the security module (7), in externally readable form to the distributor's location,
    d) generating an identification code (ID) which is assigned to the public electronic key (vtk), storing the identification code (ID), which is generated at the distributor's location (2), in the remote central database (4), generating an ID marking (13), which contains the identification code, at the distributor's location (2), and dispatching the ID marking (13), together with the security module (7), in externally readable form to the distributor's location (2), the key marking (9) being made unreadable or removed at the distributor's location (2),
    e) generating a verification code (sig; m), from the identification code (ID) and the private electronic key (stk) which is stored in the security module, by the security module (7) at the user's location (3),
    f) verifying that the verification code (sig; m), identification code (ID) and public electronic key (vtk), which is read out of the central database (4) and belongs to the identification code (ID), belong together, by a service centre (5), and
    g) registering the security module (7) in the case of successful verification by the service centre (5).
  2. Method according to Claim 1,
    characterized in that the electronic key pair (vtk, stk) is generated by means of a digital signature algorithm.
  3. Method according to Claim 2,
    characterized in that only the public key (vtk) is stored in the central database (4), and is dispatched with the security module in externally readable form, and that the private key (stk) is stored exclusively in the security module and used only to generate the verification code.
  4. Method according to Claim 2 or 3,
    characterized in that to generate certificates, the electronic key pair of the private and public keys is used.
  5. Method of secure distribution of security modules (7), particularly for franking machines, from a manufacturer's location (1) via a distributor's location (2) to a user's location (3), with the following steps:
    a) generating and storing a symmetrical electronic key (tk) in the security module (7) at the manufacturer's location (1),
    b) storing the symmetrical electronic key (tk) in a central database (4),
    c) generating a key marking (9), which includes a hash value (h) which is created from the symmetrical electronic key (tk), at the manufacturer's location (1), and dispatching the key marking (9), together with the security module (7), in externally readable form to the distributor's location,
    d) generating an identification code (ID) which is assigned to the hash value (h) of the symmetrical electronic key (tk), storing the identification code (ID), which is generated at the distributor's location (2), in the remote central database (4), generating an ID marking (13), which contains the identification code, at the distributor's location (2), and dispatching the ID marking (13), together with the security module (7), in externally readable form to the distributor's location (2), the key marking (9) being made unreadable or removed at the distributor's location (2),
    e) generating a verification code (sig; m), from the identification code (ID) and the symmetrical electronic key (tk) which is stored in the security module, by the security module (7) at the user's location (3),
    f) verifying that the verification code (sig; m), identification code (ID) and symmetrical electronic key (tk), which is read out of the central database (4) and belongs to the identification code (ID), belong together, by a service centre (5), and
    g) registering the security module (7) in the case of successful verification by the service centre (5).
  6. Method according to Claim 5,
    characterized in that the hash value (h) is generated from the symmetrical electronic key (tk) by means of an authentication algorithm.
  7. Method according to one of the preceding claims,
    characterized in that for dispatch with the security module (7), the key marking (9) and/or the ID marking (13) are attached to the security module (7), to a device (71) with a built-in security module, or to transport packaging (8) of the security module or device.
  8. Method according to Claim 7,
    characterized in that the key marking (9) and/or the ID marking (13) are attached in machine-readable form, in particular as a barcode or data medium, in particular a chip card, magnetic stripe card or ID tag.
  9. Method according to one of the preceding claims,
    characterized in that to generate the verification code, the identification code is entered into the security module.
  10. Method according to one of the preceding claims,
    characterized in that a manufacturer's centre (1) at the manufacturer's location is in a form for full or partial manufacture of the security modules, that a distributor's centre (2) at the distributor's location is in a form for distribution of the security modules, which are packaged and provided externally with the identification code, and that the service centre (5) is in a form to supply the security modules to the user's premises with charge units.
  11. Method according to one of the preceding claims,
    characterized in that the public or symmetrical electronic key and the identification code, instead of being stored in the central database (4), are transmitted via a network, stored in the security module or transmitted otherwise for verification of the security module.
  12. Method according to one of the preceding claims,
    characterized in that the data of the central database (4) is encrypted, and that the manufacturer's centre (1) and a service centre (5) which is provided for registration of the security module possess a key for access to the database (4).
  13. Method according to one of the preceding claims,
    characterized in that the security module is dispatched from the manufacturer's location to the distributor's location and from the distributor's location to the user's location in a dispatch package which remains sealed.
  14. Distribution system for secure distribution of security modules, particularly for franking machines, with:
    a) a manufacturer's centre (1) for generating and storing an electronic key pair including a public electronic key (vtk) and a private electronic key (stk) in the security module (7), for storing the public electronic key (vtk) in a central database (4), for generating a key marking (9), which includes the public electronic key (vtk), and for dispatching the key marking (9), together with the security module (7), in externally readable form,
    b) a distributor's centre (2) for receiving the security module (7) from the manufacturer (1), for generating an identification code (ID) which is assigned to the public electronic key (vtk), for storing the identification code (ID), which is generated at the distributor's location, in the remote central database (4), for generating an ID marking (13), which contains the identification code (ID), and for dispatching the ID marking (13), together with the security module (7), in externally readable form, the key marking (9) being made unreadable or removed,
    c) a user's device (3), which is put into operation after the security module (7) is received, with the security module (7), for generating a verification code (sig; m) from the identification code (ID) and the private electronic key (stk) which is stored in the security module, and
    d) a service centre (5) for verifying that the verification code (sig; m), identification code (ID) and public electronic key (vtk), which is read out of the central database (4) and belongs to the identification code (ID), belong together, and for registering the security module (7) in the case of successful verification.
  15. Distribution system according to Claim 14,
    characterized in that the distributor's centre (2) includes the service centre (5), and that the distributor's centre (2) and/or the service centre (5) are operated by a regional operator.
  16. Distribution system for secure distribution of security modules, particularly for franking machines, with:
    a) a manufacturer's centre (1) for generating and storing a symmetrical electronic key (tk) in the security module (7), for storing the symmetrical electronic key (tk) in a central database (4), for generating a key marking (9), which includes a hash value (h) which is created from the symmetrical electronic key (tk), and for dispatching the key marking (9), together with the security module (7), in externally readable form,
    b) a distributor's centre (2) for receiving the security module (7) from the manufacturer (1), for generating an identification code (ID) which is assigned to the hash value (h) of the symmetrical electronic key (tk), for storing the identification code (ID), which is generated at the distributor's location, in the remote central database (4), for generating an ID marking (13), which contains the identification code (ID), and for dispatching the ID marking (13), together with the security module (7), in externally readable form, the key marking (9) being made unreadable or removed,
    c) a user's device (3), which is put into operation after the security module (7) is received, with the security module (7), for generating a verification code (sig; m) from the identification code (ID) and the symmetrical electronic key (tk) which is stored in the security module,
    d) a service centre (5), for verifying that the verification code (sig; m), identification code (ID) and symmetrical electronic key (tk), which is read out of the central database (4) and belongs to the identification code (ID), belong together, and for registering the security module (7) in the case of successful verification.
  17. Distribution system according to Claim 16,
    characterized in that the distributor's centre (2) includes the service centre (5), and that the distributor's centre (2) and/or the service centre (5) are operated by a regional operator.
  18. Service centre (5) of a distribution system for secure distribution of security modules, particularly for franking machines, according to Claim 14 or 15, for verification and registration of a security module (7), the service centre (5) comprising:
    - reception means for receiving a verification code (sig) and an identification code (ID), the security module (7) having generated the verification code (sig) from a private electronic key (stk), which is stored in the security module (7), and the identification code (ID), and a distributor's centre (2) having assigned the identification code (ID) to the security module (7) and transmitted it to a central database (4),
    - matching means for checking the validity of the identification code (ID) by matching with the database (4),
    - verification means for verifying the security module (7) using a public electronic verification key (vtk) (which is assigned to the security module (7) and taken from the database (4)), the verification code (sig) and the identification code (ID), and
    - registration means for registering the security module (7) after successful verification.
  19. Service centre (5) of a distribution system for secure distribution of security modules, particularly for franking machines, according to Claim 16 or 17, for verification and registration of a security module (7), the service centre (5) comprising:
    - reception means for receiving a verification code (m), an identification code (ID) and a manufacturer's certificate (c1), the security module (7) having generated the verification code (m) from a symmetrical electronic key (tk), which is stored in the security module (7), and the identification code (ID), a distributor's centre (2) having assigned the identification code (ID) to the security module (7), and a manufacturer's centre (1) having generated the manufacturer's certificate (c1) from the symmetrical electronic key (tk) using a certificate key (k1),
    - decryption means for decrypting the symmetrical electronic key (tk) from the manufacturer's certificate (c1),
    - hash means for determining a hash value (h) from the symmetrical electronic key (tk),
    - matching means for checking the validity of the identification code (ID) and hash value (h) by matching with a central database (4), the manufacturer's centre having transmitted a hash value (h) which was calculated there to the database (4), and a distributor's centre (2) having transmitted the identification code (ID) to the database (4),
    - verification means for verifying the security module (7) using the symmetrical electronic verification key (tk), the verification code (m) and the identification code (ID), and
    - registration means for registering the security module (7) after successful verification.
EP01104610A 2000-04-28 2001-02-23 Method for the secure distribution of security modules Expired - Lifetime EP1150256B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10020904A DE10020904B4 (en) 2000-04-28 2000-04-28 Procedure for the secure distribution of security modules
DE10020904 2000-04-28

Publications (2)

Publication Number Publication Date
EP1150256A1 EP1150256A1 (en) 2001-10-31
EP1150256B1 true EP1150256B1 (en) 2007-05-02

Family

ID=7640249

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01104610A Expired - Lifetime EP1150256B1 (en) 2000-04-28 2001-02-23 Method for the secure distribution of security modules

Country Status (3)

Country Link
US (1) US6850912B2 (en)
EP (1) EP1150256B1 (en)
DE (2) DE10020904B4 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104229243A (en) * 2014-09-26 2014-12-24 国网重庆市电力公司电力科学研究院 Automatic labeling production line for electric energy meter

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4355124B2 (en) * 2002-01-31 2009-10-28 インターナショナル・ビジネス・マシーンズ・コーポレーション Entrance / exit management system, entrance / exit management method, program for executing entrance / exit management, and recording medium recording the program
US20030229795A1 (en) * 2002-02-19 2003-12-11 International Business Machines Corporation Secure assembly of security keyboards
DE10260406B4 (en) * 2002-12-16 2007-03-08 Francotyp-Postalia Gmbh Method and arrangement for different generation of cryptographic backups of messages in a host device
US7433847B2 (en) * 2004-09-22 2008-10-07 Pitney Bowes Inc. System and method for manufacturing and securing transport of postage printing devices
US7634802B2 (en) * 2005-01-26 2009-12-15 Microsoft Corporation Secure method and system for creating a plug and play network
DE102007011309B4 (en) * 2007-03-06 2008-11-20 Francotyp-Postalia Gmbh Method for authenticated transmission of a personalized data record or program to a hardware security module, in particular a franking machine
US8908870B2 (en) * 2007-11-01 2014-12-09 Infineon Technologies Ag Method and system for transferring information to a device
US8627079B2 (en) 2007-11-01 2014-01-07 Infineon Technologies Ag Method and system for controlling a device
US20110169602A1 (en) * 2010-01-08 2011-07-14 Gaffney Gene F System and method for monitoring products in a distribution chain

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5153842A (en) * 1990-02-05 1992-10-06 Pitney Bowes Inc. Integrated circuit package label and/or manifest system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08101867A (en) * 1994-09-30 1996-04-16 Fujitsu Ltd Software use permission system
US5812666A (en) * 1995-03-31 1998-09-22 Pitney Bowes Inc. Cryptographic key management and validation system
US5786587A (en) * 1995-08-10 1998-07-28 American Bank Note Holographics, Inc. Enhancement of chip card security
US6260144B1 (en) * 1996-11-21 2001-07-10 Pitney Bowes Inc. Method for verifying the expected postal security device in a postage metering system
WO1998057305A1 (en) * 1997-06-13 1998-12-17 Pitney Bowes Inc. System and method for dynamic selection of appropriate postal rates based on metering data
US6289452B1 (en) * 1997-11-07 2001-09-11 Cybersource Corporation Method and system for delivering digital products electronically
DE19816344C2 (en) * 1998-04-01 2000-08-10 Francotyp Postalia Gmbh Procedure for secure key distribution

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5153842A (en) * 1990-02-05 1992-10-06 Pitney Bowes Inc. Integrated circuit package label and/or manifest system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104229243A (en) * 2014-09-26 2014-12-24 国网重庆市电力公司电力科学研究院 Automatic labeling production line for electric energy meter

Also Published As

Publication number Publication date
US6850912B2 (en) 2005-02-01
DE10020904B4 (en) 2004-12-09
DE10020904A1 (en) 2001-11-08
US20020046175A1 (en) 2002-04-18
DE50112418D1 (en) 2007-06-14
EP1150256A1 (en) 2001-10-31

Similar Documents

Publication Publication Date Title
CA1331640C (en) Document authentication system
CN100388306C (en) Method for verifying the validity of digital franking notes
DE69636631T2 (en) Method for generating and registering basic keys
EP1150256B1 (en) Method for the secure distribution of security modules
AU2002226272B2 (en) Method for providing letters and parcels with postal remarks
CN100585643C (en) Method for verifying the validity of digital franking notes
DE10020566C2 (en) Method for providing postage with postage indicia
GB2293737A (en) Postage evidencing system with encrypted hash summary reports
CN100486156C (en) Forming and verifying system for bill anti-fake code
US20080109359A1 (en) Value Transfer Center System
WO2002039390A1 (en) Method for providing postal deliveries with franking stamps
Hühnlein et al. Secure and cost efficient electronic stamps
Merkle Secure and cost efficient electronic stamps

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): CH DE FR GB IT LI

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

17P Request for examination filed

Effective date: 20020502

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: FRANCOTYP-POSTALIA AG & CO. KG

AKX Designation fees paid

Free format text: CH DE FR GB IT LI

17Q First examination report despatched

Effective date: 20040714

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: FRANCOTYP-POSTALIA GMBH

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): CH DE FR GB IT LI

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20070502

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: ROTTMANN, ZIMMERMANN + PARTNER AG

Ref country code: CH

Ref legal event code: EP

REF Corresponds to:

Ref document number: 50112418

Country of ref document: DE

Date of ref document: 20070614

Kind code of ref document: P

ET Fr: translation filed
PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20080205

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: CH

Payment date: 20110222

Year of fee payment: 11

Ref country code: IT

Payment date: 20110221

Year of fee payment: 11

Ref country code: FR

Payment date: 20110302

Year of fee payment: 11

Ref country code: DE

Payment date: 20101214

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20110217

Year of fee payment: 11

REG Reference to a national code

Ref country code: CH

Ref legal event code: PFA

Owner name: FRANCOTYP-POSTALIA GMBH

Free format text: FRANCOTYP-POSTALIA GMBH#TRIFTWEG 21-26#16547 BIRKENWERDER (DE) -TRANSFER TO- FRANCOTYP-POSTALIA GMBH#TRIFTWEG 21-26#16547 BIRKENWERDER (DE)

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20120223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120229

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120229

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20121031

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120223

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 50112418

Country of ref document: DE

Effective date: 20120901

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120229

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120223

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20120901