EP1246135A2 - Method for registering a consumption value and consumption meter with a metered value - Google Patents

Abstract

Method for recording a consumption value, evaluated from measurement values, has the following steps: storage of valid tariff values, delivery and processing of measurement values relating to supply and consumption of material, energy or information using a first mathematical algorithm, supply of corresponding time data, calculation of a fee for supplied product, formation of a secure message containing the fee amount, transmission of the cryptographically protected message to a central server. An Independent claim is made for a consumer meter with a communications link to a central server with a security module for encrypting a billing message prior to sending it to a central server.

Description

The invention relates to a method for recording a consumption value, according to the type specified in the preamble of claim 1 and a consumption meter with a transmitter, according to the in the preamble of claim 10 specified type. The consumption meter has a security module to increase security against counterfeiting. On such can be used in consumption meters and similar devices be in a potentially unfriendly environment, for example in mechanical engineering companies, in public or private buildings, work.

In mail processing, which also requires a high level of security against counterfeiting, cryptographic security measures are already used when billing frankings and when generating a marking that is unique for each franking imprint.
A special secret key method has already been proposed in US Pat. No. 5,953,426 under the title: "Method and arrangement for generating and checking a security imprint". The secret key is kept in a secure database at the verification center, typically at the postal authority, and is therefore kept secret. A data authentication code (DAC) is formed from the data of a message to be transmitted, and is converted into a row of marking symbols, which can then be used as a so-called digital signature to authenticate the message. The Data Encryption Standard (DES) algorithm, which is also known from US Pat. No. 3,962,539, is used here. The latter is the best known symmetric crypto algorithm. A message authentication code (MAC) can be generated for data from the above-mentioned DAC or for messages using a symmetrical crypto-algorithm, such codes being used for authentication verification. With the symmetric crypto-algorithm, the advantage of a relatively short MAC is offset by the disadvantage of a single secret key.

The advantage of an asymmetric crypto-algorithm is given by a public key justified. A well-known asymmetric crypto algorithm, named after its inventors R.Rivest, A.Shamir and L.Adleman named and described in US 4,405,829 is the RSA algorithm. As is known, the recipient decrypts with a private secret key an encrypted message, which when Sender was encrypted with a public key. The The recipient keeps his private key secret but sends it associated public key to potential senders. RSA was that first asymmetric procedure that can be used both for key transmission as well as for creating digital signatures.

The private key can also be used to generate digital signatures, the public keys being used to authenticate the signature. Both RSA and digital signature algorithms use two keys, one of the two keys being public. The keys are used in the reverse order. However, the implementation of the RSA algorithm in a computer results in extremely slow processing and provides a long signature.
A digital signature standard (DSS) has already been developed, which provides a shorter digital signature and to which the digital signature algorithm (DSA) according to US Pat. No. 5,231,668 belongs. This development was based on the identification and signature according to the Schnorr patent US 4,995,085 and on the basis of the key exchange according to Diffie-Hellman US 4,200,770 or the ElGamal method (El Gamal, Taher, "A Public Key Cryptosystem and a Signature Scheme Based on Discrete" Logarithms ", III Transactions and Information Theory, vol. IT-31, No. 4, Jul. 1985). In the asymmetric crypto-algorithm, the advantage of using a public key is offset by the disadvantage of a relatively long digital signature.

In US 6,041,704 under the title: "Method for operating a digitally printing postage meter to generate and check a security imprint " proposed a modified public key procedure for a shorter one To use signature. However, it is only extremely quick Processors extremely long-term data processing to avoid. The secret private key before theft to protect from a computer or from a franking machine a security area to be created for all security the signature is based on the fact that the private key is not known. The public key, on the other hand, could be in a variety of postal institutions be used to check the signature. Such a Security area is defined in devices by a so-called security module created. The disadvantage is that the latter has high computing power must have the in real time or in a reasonable amount of time Complete data processing.

The data processing of a hash function, on the other hand, is even two to four orders of magnitude faster than the data processing of the digital signature or asymmetrical encryption. The creation of a checksum is a very simple example of a hash function. The byte sequence of information is, on the one hand, compressed into a hash value and, on the other hand, the hash value differs from other hash values that were formed from other information. With the one-way hash functions used in cryptography, it is almost impossible to form another byte sequence that gives the same hash value. The one-way hash functions should generally not be reversible. A one-way hash function MD5 developed by Ron Rivest in 1991 has a 128-bit hash value but is not supposed to be as secure as MD160 or SHA (Secure Hash Algorithm). The latter two use a 160-bit hash value. The SHA was developed by the NIST with the collaboration of the NSA and published in 1994. The SHA is part of the Digital Signature Algorithm (DAS). The collected records can be sent to a third party for inspection. A message authentication code (MAC) could be attached to each individual recording. This requires the central storage of a secret key, which is unique for each security module.
A security module (EP 1.035.513 A2, EP 1.035.516 A2, EP 1.035.517 A2, EP 1.035.518 A2) that uses a symmetrical crypto-algorithm is already used in a franking machine of the JetMail® type. A key transmission between the security module and a data center takes place by means of a DES-encrypted data record, which is also MAC-secured. However, the cryptographic calculation is only one of the security measures when billing services and calculating a fee for the delivery of the services and when transmitting the billing result or the booking to a remote data center. A security module must also survive a physical or chemical attack. Such an attack can also be detected and recorded.

A system for a remote inspection is already known from US Pat. No. 4,812,965 of a device that meets the requirements of a local Inspection reduced. Every counterfeiting act is done by the device recorded and transmitted to a central station. However protects this solution does not counter such attacks as the "Man in the middle Attacks "that are started when information is sent via modem central station is sent.

EP 504 843 B1 (US 5,243,654) already has a fee entry system with remotely resettable time lock and with one Device proposed to deliver a bookable size (Energy) is equipped, forcing the user of a device to do so is, the data center regularly the state of the accounting register tell. The disadvantage is that there is no safety module and that a user must enter a combination into the device.

The only security measure is a seal or a seal on Consumption meter provided. If this security measure is circumvented can record the consumption value with forgery be manipulated. Through such manipulations (Energy) utilities regularly lose a lot of money. While on the one hand the large customers are offered the opportunity to On the other hand, small customers will save money legally at low tariffs there was no incentive to use discounted tariffs. It is obvious only at peak times of consumption, for example, the energy more expensive or to provide the service more difficult, which of course then Customers of the service or utility company in authorized Way is billed.

It is the task of a procedure for recording a consumption value to create with high security against counterfeiting, which one for the customer Simplify billing or save costs allowed and that for an automatic and secure communication with a remote server of the service or utility company suitable is.

It is also the task of a consumption meter with a sensor to create, which can be determined when on the consumption meter is manipulated. Through a variety of different temporary applicable tariffs should also be allowed for small customers to save money. The local effort should be as low as possible.

The object is with the features of claim 1 for the method or with the features of claim 10 for the consumption meter solved. The latter is equipped with a security module.

A consumption meter is a device with the supply and discharge of matter, Energy or information by determining a bookable quantity. On Security module is a recording module equipped with security means for booking or billing a tax fee and for the formation of a message about the aforementioned record. On The consumer pays with a security module and with a means of communication equipped, the latter an automatic and secure communication with a remote server of the service or Utilities allowed. The determination of a bookable Size, such as the energy in an energy meter, requires an analog / digital conversion of at least one analog Measured variable and a calculation based on a first mathematical Algorithm. The safety module has an internal A / D converter and equipped with a microprocessor, which is used for the calculation the first mathematical algorithm is programmed. The service or consumption-dependent billing of a tax, takes place based on a real time in temporarily different Wise. For example, tariffs for day and night, working days and Weekend, summer and winter are different. The security module is with an internal battery powered real time clock and a Accounting unit, for example a hardware accounting unit, fitted. After billing the tax fee according to related Tariff according to the consumption period and the current time formation of a message to record at least the submission fee. In addition to the delivery fee, the record can include consumption, the associated tariff, the consumption period and the current time. Preferably at the end of each period of the consumption period the recording is secured by an authentication code.

The time periods are periodically and / or event-based. The security module is used to calculate the authentication code programmed a first cryptographic algorithm. The security module is equipped with a watchdog timer, which is the means of communication regularly for communication with the remote Unlocks the server. A failed attempt to communicate will occur at intervals repeated until a connection is established or until a credit line is exceeded. In the latter case, the Consumption counter blocked for the delivery of consumption values. The server monitors whether the consumption meter of the Customers received a message and whether the latter is authentic. The Message contains encrypted and additionally with a digital signature backed up data, which by means of the microprocessor after a second cryptographic algorithm and encrypted after a third cryptographic algorithm. The microprocessor monitors whether manipulated on the consumption meter or on the security module has been. For example, a sensor is provided to determine whether the consumption meter is illegally disconnected or bypassed has been. The message to the server contains appropriately secured Sensor data. The server can submit the consumption value in Block evaluation of the transmitted data.

An asymmetrical encryption method is used for the message second cryptographic algorithm used to encrypt an Data record with delivery or consumption values, time data, sensor data if necessary keys etc. Exchange data. For example, is suitable the RSA procedure, whereby a data record with a Public key of the recipient is encrypted. At the recipient the encrypted data record is decrypted with the associated private key of the recipient.

A digital signature based on a third cryptographic Algorithm is done, for example, with the reverse RSA method, where the sender has a hashed data record with a private key of the Sender is encrypted and at the recipient with the associated one Sender's public key is decrypted. The above recovered hashed record is hashed Comparison data set compared. The comparison data record is sent to the recipient from the encrypted record by decryption and Application of the same hash function is generated. If they match of the recovered hashed record with the hashed For comparison data record, the message received from the server is considered authentic and the transmitted values are saved.

Figur 1,

Darstellung eines bekannten RSA-Verfahrens,

Figur 2,

Darstellung eines Signier-Verfahrens unter Anwendung von RSA,

Figur 3,

Darstellung des Schlüsseltausches,

Figur 4,

Darstellung des Systems für eine kryptigraphisch gesicherte Kommunikation,

Figur 5,

Darstellung eines Verbrauchszählers,

Figur 6,

Blockschaltbild eines Energieverbrauchszählers,

Figur 7,

Blockschaltbild eines Sicherheitsmoduls.

Advantageous developments of the invention are characterized in the subclaims or are shown in more detail below together with the description of the preferred embodiment of the invention with reference to the figures. Show it:

Figure 1,

Representation of a known RSA method,

Figure 2,

Representation of a signing process using RSA,

Figure 3,

Representation of the key exchange,

Figure 4,

Presentation of the system for cryptographically secured communication,

Figure 5,

Representation of a consumption meter,

Figure 6,

Block diagram of an energy meter,

Figure 7,

Block diagram of a security module.

The flow chart of a public key method is explained in FIG. 1 using the example of RSA. The use of asymmetric encryption algorithms (RSA, ElGamal) requires the generation of a key pair: (ek, dk) ← genKey (k).

An encryption key ek is public and a decryption key dk is private. The public encryption key ek, n is transmitted to the subscriber at the place of sending a message. For example, an authentic channel or certificate must be used to ensure that the public encryption key is not exchanged between the place of destination and the place of dispatch and is misused as part of a "man in the middle attack". A mathematical operation is provided to encrypt the message m at the sending location for the ciphertext c: c ← encrypt (ek, m)

So-called modular arithmetic or congruence calculation is used at RSA. Two natural numbers a and c are called congruently modulo n if a and c leave the same remainder when divided by n. You set a = m ^ek and get for example: c ≡ m ^ek (mod n)

The ciphertext c can now be transmitted to the destination via an unsecured channel. An operation is provided to decrypt the ciphertext c: m ← decrypt (dk, c)

The second participant at the destination decrypts the cipher text c with the private decryption key dk for the message: m '≡ c ^dk (mod n). According to the laws of modular arithmetic, the latter corresponds to the original message m if m 'and c ^{dk are} congruently modulo n. The following therefore applies: m = m'.

In Figure 2, the flow chart of a signing process is explained using the example of RSA. The use of digital signature mechanisms (RSA, DSA or ECDSA) also requires the generation of a key pair. First of all, a public verification key vk, n is transmitted to the second subscriber at the destination, for example secured via an authentic channel or a certificate. A signature key sk remains as a private key of the security module at the sending location of a first participant and the verification key vk is provided as a public key for evaluating digital signatures sig, which are assigned to a message m (= message). The message m and the signature can now be transmitted to the second subscriber at the destination via an unsecured channel. A mathematical operation is provided to generate a signature sig by the security module at the sending location of a first participant: sig ← sign (sk, m)

To reduce the length of a signature sig, a hash function is first applied to the message m: h = hash (m)

A private signing key sk of the security module and, for example, the so-called modular arithmetic or congruence calculation are used for signing at the sending location of a first participant: sig ≡ h ^sk (mod n)

To verify a signature sig at the destination, a public verification key vk, the unencrypted message m and a mathematical operation of the type are provided: acc ← verify (vk, m, sig). where the result can be true (valid) or false (invalid). A hash function is applied to message m before the check: h = hash (m)

At the destination, the second participant uses the public verification key vk to verify the signature sig for the hash value h ', which, according to the laws of modular arithmetic, matches the hash value h formed from the original message m if h' and sig ^{vk are} congruently modulo n. The following therefore applies: h = h '≡ sig ^vk (mod n)

For h ≠ h 'the signature sig or message m is not considered authentic, but otherwise authentic for h = h '.

It is envisaged that each communication participant with a Security module or a security box is equipped, which before the communication in which messages are transmitted, Exchange public keys through an authentic channel. The can preferably be done at the seller or dealer of the security module or at the manufacturer.

The key exchange between a security module and a security box is explained in more detail using the illustration shown in FIG. First, a key pair is generated in both. The security module SM generates a public encryption key ek _SM and a private decryption key dk _SM . The security module SM also generates a public verification key vk _SM and a private signing key sk _SM . The security box BOX generates a public encryption key ek _BOX and a private decryption key dk _BOX . The security box BOX also generates a public verification key vk _BOX and a private signing key sk _BOX . The public keys are transmitted to the respective communication participant. The public encryption key ek _BOX and the public verification key vk _{BOX are} transmitted from the security box BOX 200 to the security module SM 100 and stored there. The public encryption key ek _SM and the public verification key vk _{SM are} transmitted from the security module SM 100 to the security box BOX 200 and stored there.

FIG. 4 shows a representation of the system for cryptographically secured communication via an unsecured channel. The consumption meter 1 is connected to the utility server 2 via ISDN, DECT telephone, Internet, power line or another network. The consumption meter 1 has a security module SM 100, which is equipped with a public encryption key ek _{BOX of} the security box BOX 200 for encrypting / decrypting a message m. According to a second cryptographic algorithm based on equations (2) and (5), an encryption text M1 is first formed and a hash function is applied to the message m, the hash value h1 ← hash (m) being produced. According to a third cryptographic algorithm based on equations (4) and (5), a signature sig _SM ← sign [sk _SM , h1] is generated by the security module SM 100. The ciphertext M1 and the digital signature sig _SM are transmitted as data record D1 = M1, sig _SM to the security box of the EVU server 2. With its private decryption key dk _BOX, the EVU server 2 decrypts the ciphertext M1 for the message m1 and checks its authenticity using the signature. The RU server 2 generates a message m2 transmits the message encrypted to the encrypted text M2 to the security module in a data record D2. The message m2 can include an activation code for the consumption meter 1. The message m1 contains consumption and booking data or delivery values and accounting values, time data and other data. It can be further evaluated by the EVU server in order to generate a bill according to the valid tariff. The data record D2 transmitted to the security module SM 100 also contains an encryption text M2 and the digital signature sig _BOX . The authenticity of the activation code can be verified by means of the latter. When the cryptographically secured activation code is received in the form of a second data record D2, the change is recorded by resetting the submission fee to zero if the activation code was genuine. Otherwise the consumption meter is blocked.

Figure 5 shows an illustration of a consumption meter, for example an electricity or energy meter 1. The latter is between a power cable 8 and a house power cable 6 switched and with a display unit 4 for equipped with energy consumption. A security housing 10 of the Electricity or energy meter 1 is with a security lock 9 fitted. Other special features are a window 7 for an additional one Status display of the security module (not visible) and on optional cable 5 for a communication connection with an EVU server for example via the ISDN telephone network.

FIG. 6 shows a block diagram of an energy meter 1. The latter could replace a conventional household meter (induction meter for single-phase alternating current with a Ferrari measuring mechanism). To detect manipulation, the switch S1 could be connected to the security module, which is also opened when the security housing 10 is opened. The status display by means of LEDs 107, 108 signals an unauthorized opening even after the safety housing 10 has been closed again. A trigger switch S2 for resetting is connected on the hardware side. It is triggered, for example, when the security lock 9 is switched to a second switching position. Resetting the status of the SM 100 is only permitted to a commissioned inspector who has a corresponding key and initiates communication with the power supply server to register or notify the inspection. Commercially available transducers 104, 105 for current or voltage measurement provide an analog measurement signal i (t), u (t) after full-wave rectification, which is converted into a digital signal by DA converter 102, 103 and then to the data inputs of the SM 100 security module is created. The instantaneous values of the rectified voltage u (t), which drops, for example, across a load resistor R or which results from a magnetic induction for an inductance L at a load current i u (t) = L · di / dt, are calculated using a multiplexer Microprocessor of the SM 100 scanned if two data inputs have to be scanned alternately. After the data inputs have been sampled and the measurement signals u (t) * i (t) have been digitally multiplied, a summation takes place for every half period T / 2 of the single-phase alternating current. This instantaneous value multiplication and together with a cumulative storage of the sums of the amounts results in the effective power P in the time range Δt = x · T. The respective instantaneous values are added in a non-volatile memory and the stored result or an instantaneous value can be displayed. Corresponding data outputs of the SM 100 security module are provided for the display unit 4. Let t1 be the start and t2 the end of the time range Δt ₁ = t2 - t1, which includes a plurality x of periods T, a first tariff being valid for the settlement of a delivery fee F1. Furthermore, let t3 be the start and t4 the end of a second time range Δt ₂ = t4 - t3, which also includes a plurality x of periods T, a second tariff being valid for the settlement of a delivery fee F2. In the event of an event, such as a tariff or load change, the microprocessor calculates the delivery fee according to the associated tariff in accordance with the consumption period and stores it in separate memory areas of the non-volatile memory together with the associated current consumption value V _K. User data can be stored further in order to determine user behavior or to derive marketing data.

#K:

Sequenzzähler ('13'),

R:

Typbezeichner der Nachricht ('R' für Realtime),

V1_K:

Verbrauchs- und Nutzdaten ('Tages-Verbrauch,Mr. Pauschinger'),

F1_K:

Abgabegebühr nach erstem Tarif ('Tages-Verbrauchsgebühr'),

V2_K:

Verbrauchs- und Nutzdaten ('Nacht-Verbrauch,Mr. Pauschinger'),

F2_K:

Abgabegebühr nach zweitem Tarif ('Nacht-Verbrauchsgebühr'),

t_j:

aktueller Echtzeitwert (dezimalisiert: '8491028108032001') mit fester Länge,

A_K:

Authentisierungscode (dezimalisiert : '8023024892048398'), i.e. Unterschrift, typischerweise mit fester Länge,

The security module detects an event V _K at time tj, which must be recorded at least as a real-time message. In addition, there is additional data, such as a tariff-based fee. Examples of such data elements are:

#K:

Sequence counter ('13'),

R:

Type identifier of the message ('R' for realtime),

V1 _K :

Consumption and user data ('Daily consumption, Mr. Flushing'),

F1 _K :

Submission fee according to the first tariff ('daily consumption fee'),

V2 _K :

Consumption and usage data ('night consumption, Mr. Flushing'),

F2 _K :

Submission fee according to the second tariff ('night consumption fee'),

t _j :

current real-time value (decimal: '8491028108032001') with a fixed length,

A _K :

Authentication code (decimal: '8023024892048398'), ie signature, typically with a fixed length,

In the first step before the first cryptographic operation, a 'real-time' message V1 _K , F1 _K , V2 _K , F2 _K , t _{j is} compiled with further data #K, R, to form a data record: INPUT = #K, R, V1 _K , F1 _K , V2 _K , F2 _K , t _j For example, let #K = 13 for a 13th record:

INPUT = '13RTages consumption, Mr.PauschingerTages consumption fee Night consumption, Mr.PauschingerNight consumption fee 8491028108032001

In the second step, the authentication code A _{K is} calculated from INPUT by forming the hash value. A _K ← hash (INPUT)

For example:
A _K = '8023024892048398'.

In the third step, the resulting authentication code A _{K is added} to the real-time message. At time t _j , the message m1 with the message to be saved is therefore: m1 = #K, R, V1 _K , F1 _K , V2 _K , F2 _K , t _j , A _K with K = 13

Recording involves storing real time and charge data. A data record D1 is transmitted periodically by the security module at the place of dispatch to a security box of an EVU server on Destination.

To prepare the creation of a digital signature, the message m1 is hashed: h1 ← hash (m1)

A public encryption key ek _{BOX of} the box and a private signing key sk _{SM of} the security module 100 are stored non-volatile in the security module 100. The microprocessor of the security module 100 is programmed to work as an authentication machine by a program stored in the internal program memory. The digital signature is generated with the sk _SM signature key of the SM 100 security module: sig _SM ← sign [sk _SM , h1]

To prepare for the transmission of the message to the server 2, the microprocessor of the security module SM 100 encrypts the message m1 with the encryption key ek _{BOX of} the security _box for the encryption text M1: M1 ← encrypt [ek _BOX , m1]

The data record D1 to be transmitted is: D1 = M1, sig _SM

Each consumption meter 1 contains a communication unit 101 for communication with the server 2, which has a comparable communication unit (not shown). A private decryption key dk _{BOX of} the box and a public verification key vk _{SM of} the security module 100 are stored in a non-volatile manner in the security box 200 of the server 2. The microprocessor of the safety box 200 is programmed to work as a verification machine by means of a program stored in the internal program memory. The server 2 works adapted to the respective way of generating the record. The analysis of the recording stream retrieved by the server 2 from the security module 100 depends on the corresponding application.

FIGS. 5 and 6 show an ISDN cable 5 connected to the consumption meter 1. It is provided for an exemplary embodiment that the communication device 101 is a modem, preferably an ISDN module, which communicates with the server 2 via a telephone / ISDN network connected is. When the consumption meter 1 communicates with the utility server 2 directly via the ISDN network, a corresponding communication unit 101 can be supplied with energy from the telephone / ISDN network or via a line 106 from the power supply unit or from the house power cable 6.
Alternatively, it is possible to use an existing digital powerline service from the energy supply company (EVU). The communication device 101 is now a power line module, which is communicatively connected to the server 2 via an energy supply network. The power line module is designed to transmit a message with transmission rates of up to 1 Mbit / s via a line 106 via power cable 8 to the utility server 2. The existing power supply cables are used as a physical carrier medium for a communication network. Of course, the above-mentioned ISDN cable 5 is omitted.
Another alternative for avoiding cable connections is provided by a 2.4 GHz Bluetooth radio receiver / transmitter module, which is used as communication device 101. It is provided that the communication device 101 is integrated in the security module 100. A blue-tooth module that is to be connected to the server 2 via a wireless connection via a further blue-tooth module, however, can only communicate with the same Bluetooth module over relatively short distances of approximately 10 m, so that the latter can be used again is connected to an ISDN terminal. The further blue tooth module is thus communicatively connected to the server 2 again via a telephone network. For example, the ISDN network is used again.
The security module SM 100 can be supplied with energy via the house power cable 6 or the power cable 8 from the energy network. This requires a power supply unit N 109, which is preferably connected so that the electricity customer bears the costs. For example, the ground connection at pin P23 receives the negative and the operating voltage connection at pin P25 the positive voltage potential. An electrolytic capacitor C buffers the operating voltage. At the connections P1, P2 there is a conductor loop which extends over the entire security housing and is interrupted when the security housing 10 is destroyed. It is provided that the consumption meter 1 has a safety housing 10, which encloses the safety module 100, a display unit 4, a feed and delivery device 8, 6 and a communication device 101. The safety module 100 is connected to at least one sensor 104, 105, to the display unit 4 for displaying a consumption value and to safety means S1, S2, 18. The security module 100 has a non-volatile memory 124, 129 for storing temporarily valid tariffs and is programmed to calculate a delivery fee based on the consumption value based on the tariff and to respond to a response of the security means S1, S2, 18 and to values of the sensors 104, 105 , which signal manipulation with the intention of forgery. The safety module internally contains a lithium battery 134 for data retention of the non-volatile stored data in order to enable an emergency supply in the event of a power failure. In the case of the non-volatile stored data, the time is also stored in addition to the cumulative power, so that disconnection from the energy supply network can subsequently be distinguished from the voltage failure in the energy supply network. If there is no system voltage, the SM 100 safety module simply switches to emergency supply via battery 134.
The safety module 100 functions as a voltage monitor to check whether the counter has been disconnected or not. The consumption meter 1 has at least one analog / digital converter 102, 103, which is connected to the at least one sensor 104, 105. Alternatively, the security module 100 has an analog / digital converter 127 integrated, which is connected to the sensors 104, 105. The security module 100 has a real-time counter 122 and the security module 100 performs the function of a watch dog timer in order to regularly transmit counter readings to a server 2. Because the security module 100 has a real-time counter 122, the microprocessor of the security module 100 can access the temporarily valid tariff, which is stored in the non-volatile memory. The microprocessor of the security module 100 is programmed to calculate a delivery fee based on the consumption value depending on the tariff.

• Detektionsdaten einer Manipulation am Gehäuse,
• Detektionsdaten einer Manipulation am Sicherheitsmodul,
• Versionsnummer und Gültigkeitsdatum der Tarife,
• Spitzenlast und Uhrzeit der Spitzenbelastung,
• Nächster Kommunikationstermin usw.

FIG. 7 shows a block diagram of an improved security module SM 100. When the security housing is opened and / or the security module 100 is unauthorized, the switch S1 is actuated and a detection unit 13 stores the event in a non-volatile manner. If the safety housing 10 is damaged, for example by drilling into the safety housing, a conductor loop 18 connected to the pins P1 and P2 is opened, via which, in the closed state, time-assignable pulses are transmitted. The microprocessor receives the transmitted pulses for the purpose of evaluating the detection data for damage or manipulation on the security housing 10. Proper opening / closing of the security housing 10 is detected by means of trigger switch S2. The switches S1, S2 and the conductor loop 18 are located at inputs / outputs of an input / output interface 125 of the microprocessor 120.
The type S3C44A0X from Samsung is a suitable microprocessor µP 120. The latter additionally has analog inputs for analog values u (t), i (t), an internal multiplexer (not shown) and an internal AD converter 127, so that separate AD converters can be omitted. 4 lines for the analog values u (t), i (t) are connected to the analog inputs. In addition, an integrated LCD controller (not shown) supports an external LCD display 4 connected to the input / output interface 125. External LEDs 107, 108 for status display are connected to the input / output interface 125. The status of the security module 100 can advantageously be signaled via a bicolor light-emitting diode instead of the light-emitting diodes 107, 108. A status message can include other data elements, for example:

• Detection data of a manipulation on the housing,
• Detection data of a manipulation on the security module,
• Version number and validity date of the tariffs,
• Peak load and time of peak load,
• Next communication appointment, etc.

With the 60-bit general purpose I / O ports there are enough inputs / outputs available at microprocessor 120 to a communication unit 101 and other I / O resources directly. However, it will be advantageous an adaptation logic in the form of the ASIC 150 and the programmable Logic 160 between microprocessor 120 and communication unit 101 connected. The communication unit 101 can be in the security module SM 100 integrated and possibly implemented as ASIC. This is suitable the modern digital communication technology, for example a Bluetooth module. The latter gives a transmission power of approx. 1mW over a short one Antenna 51 off. The integrated real-time clock 122 of the Microprocessor 120 takes over the security functions described above also the timing of the communication. The security modules 100 of the consumption meters of different customers can be programmed for different days for communication so that do not call everyone at the same time.

The EVU server 2 may transmit new current tariffs, including Version number and validity date of the tariffs, for the purpose of storage in the Security module. For this purpose, the microprocessor has an internal RAM 124, which is battery powered. If the latter is not enough, another will battery-backed SRAM 129 integrated in the safety module and operates in addition to RAM 124 of microprocessor 120 for the purpose of non-volatile Storage of tariff values in predetermined time ranges are valid. The integrated real-time clock 122 provides real-time data. The Microprocessor 120 takes over the evaluation of time data for tariff-dependent Determination of at least one consumption value. At predetermined A CPU 121 of the microprocessor 120 picks up events the temporarily valid tariff in SRAM 129, the latter the data for the delivery fee of a data processing unit designed as ASIC 150 passes. Billing takes place via ASIC 150 in the non-volatile Save NVRAM 114, 116. For both NVRAMs are off Two different storage technologies are used for security reasons. Billing takes place at event and time-determined intervals formation of a message indicating the consumption value, the delivery fee and includes the time data, formation of a verification code and securing the message using the verification code. The verification code is calculated by the CPU of the microprocessor 120. The ASIV 150 takes formation and recording of a message m1, which contains the message and the verification code. In a another variant can perform tasks of the ASIC from the microprocessor 120 are adopted. It is envisaged that securing the Record consumption preferably at the end of each period the period of consumption takes place, the periods being periodic and / or event-based. An event is, for example a tariff or load change.

The microprocessor 120 carries out a cryptographic analysis at larger intervals Securing a message and communicating with one remote server 2 through, for the transmission of the cryptographically secured Message in the form of a first data record D1. The security box 200 of server 2 verifies and decrypts the message. Only if a verification of the authenticity of the message is made by the server 2 Activation code generated. The security box 200 of the server 2 can Secure the activation code by encrypting and signing. The security module 100 of the consumption meter 1 can confirm the authenticity of the activation code verify based on the signature of server 2. It is intended that when receiving the cryptographically secured activation code a record of the change in the levy fee by resetting to zero if the activation code was genuine and that the Delivery of a bookable quantity or the consumption of a consumption value is carried out if the activation code is fake.

Consumption of solid, liquid or gaseous quantities is required specially adapted counter, which also in the inventive manner the security module. In another application the consumption meter is a franking machine. The bookable size is then the franking value. Further versions of other assemblies of the security module are the publications EP 1.035.513 A2, EP 1.035.516 A2, EP 1.035.517 A2, EP 1.035.518 A2, DE 20020635 U1 remove. The evaluation of the monitoring functions and cryptographic Calculations are done in the microprocessor. The first cryptographic Authentication code generation algorithm for Record data is a hash function, for example. Of course you can instead of the authentication code also a checksum or a MAC formed according to a symmetrical encryption algorithm be used. Of course, the billing function of the ASIC's 150 are taken over or checked by the microprocessor 120.

The invention is not limited to the present embodiment, since obviously other arrangements or designs of the Invention can be developed or used, the - of the same Basic ideas of the invention starting from the adjacent Protection claims are included.

Claims (20)

Method for recording a consumption value, which is determined by evaluating measured values, comprising the steps: non-volatile storage of tariff values that are valid in predetermined time ranges, Delivery and processing of measured values on the supply and delivery of matter, energy or information, the processing of which takes place according to a first mathematical algorithm, Delivery and evaluation of time data for the time-dependent determination of at least one consumption value based on matter, energy or information, tariff-dependent determination of at least one delivery fee according to the aforementioned consumption value, Formation of a message, which includes at least the submission fee, Formation of a verification code and securing the message using the verification code, Formation and recording of a message (m1) containing the message and the verification code, Establishing communication with a remote server (2) for transmitting the cryptographically secured message in the form of a first data record (D1). Method according to claim 1, characterized by repeating the start of communication with a remote server (2), for transmitting the cryptographically secured message in the form of a first data record (D1), and in the event of unsuccessful repetition until a credit limit is exceeded, and receiving one, after checking the authenticity of the first data record (D1) transmitted by the server (2), cryptographically secured activation code in the form of a second data record (D2), checking the authenticity of the activation code using the signature of the server (2) and recording the event. A method according to claim 1, characterized in that the message formed includes the consumption value, the delivery fee and time data, that the saving of the message and the recording of the consumption preferably takes place at the end of each period of the consumption period, the periods being periodically and / or event-based become. A method according to claim 2, characterized in that when the cryptographically secured activation code is received, the change in the delivery fee is recorded by resetting to zero if the activation code was genuine and the delivery of a bookable quantity or the consumption of a consumption value is blocked if the activation code is fake. A method according to claim 1, characterized in that an analog / digital conversion of the measured values takes place before their processing, the processing of which includes a recording that, in the event of an event, a calculation of the delivery fee according to the associated tariff in accordance with the period of consumption and one in the recording The storage fee is stored together with the associated current consumption value V _K. Method according to claim 5, characterized in that the event is a tariff or load change. A method according to claim 3, characterized in that a further storage of user data takes place during the recording in order to determine the user behavior or to derive marketing data. Method according to claim 1, characterized in that the verification code is an authentication code. Method according to claim 8, characterized in that the authentication code is a hash code or a MAC formed according to a symmetrical encryption algorithm. Consumption meter with a measuring sensor, characterized in that the consumption meter (1) has a safety housing (10) which encloses a safety module (100), a feed and discharge device (8, 6) and a communication device (101), the safety module (100) is connected to at least one sensor (104, 105) and to security means (S1, S2, 18) that the security module (100) has a non-volatile memory (124, 129) for storing temporarily valid tariffs and is programmed, one To calculate the charge based on the consumption value depending on the tariff and to respond to a response of the security means (S1, S2, 18) and to values of the sensors (104, 105) which signal manipulation with the intention of forgery. Consumption meter according to claim 10, characterized in that the consumption meter (1) has at least one analog / digital converter (102, 103) which is connected to the at least one measuring value transmitter (104, 105) and that the security module (100) has a Monitoring function to check whether the counter has been disconnected or not. Consumption meter according to claim 10, characterized in that the security module (100) has an analog / digital converter (127) which is connected to the sensors (104, 105) and that the security module (100) has a monitoring function in order to check whether the meter has been disconnected or not. Consumption meter according to claim 10, characterized in that the security module (100) has a real-time counter (122) and that the security module (100) has the function of a watchdog timer in order to regularly transmit meter readings to a server (2). Consumption meter according to claim 10, characterized in that the security module (100) has a real-time counter (122) and that a microprocessor (120) of the security module (100) accesses the temporarily valid tariff, which is stored in the non-volatile memory (124, 129) and is programmed to calculate a delivery fee based on the consumption value depending on the tariff. Consumption meter according to claim 10, characterized in that the communication device (101) is an ISDN module which is communicatively connected to the server (2) via a telephone network. Consumption meter according to claim 10, characterized in that the communication device (101) is a power line module which is communicatively connected to the server (2) via an energy supply network. Consumption meter according to claim 10, characterized in that the communication device (101) is a blue tooth module, which is connected to the server (2) via a further blue tooth module in a wireless manner. Consumption meter according to claim 17, characterized in that the blue tooth module is connected wirelessly to a further blue tooth module, the latter being communicatively connected to the server (2) via a telephone network. Consumption meter according to claim 10, characterized in that the communication device (101) is integrated in the security module (100). Consumption meter according to claims 10 to 19, characterized in that the consumption meter (1) is a franking machine.

Images