Method and system for limiting the possibility of transforming data designed to constitute, in particular pre-payment tokens

Description

The subject of the invention concerns the domain of technical means adapted to limit, through at least one processing and memorizing unit, the possibility to transform T_X-type data into T_Y-type data and the possibility to transform T_Y-type data into T_X-type data, the transformation of the T_X-type data into T_Y-type data being carried out using an A-type transformation function, while the transformation of the T_Y-type data into T_X-type data is carried out using a B-type transformation function, inverse of the A-type transformation function.

The subject of the invention finds a particularly advantageous but non-exclusive application in the domain of generation and use of data designed to constitute pre-payment tokens, such as prepayment cards for instance.

In the state of technology, appears the need, for certain applications, to attribute to at least three categories of persons or users, different transformation capabilities for data. The first user category is able to transform T_X-type data into T_Y-type data using an A-type transformation function. The second user category is able to transform T_Y-type data into T_X-type data using the B-type transformation function inverse of the A-type transformation function, but is not able to transform T_X-type data into T_Y-type data using the A-type transformation function. The third user category is able neither to transform T_X-type data into T_Y-type data using the A-type transformation function, nor to transform T_Y-type data into T_X-type data using the B-type transformation function, inverse of the A-type transformation function.

For instance, such a need to distinguish three user categories exists for data designed to constitute pre-payment tokens. Thus, a first user category is able to generate from known initial identifiers corresponding each to a client possessing a resource consumption credit, tamperproof pre-payment token identifiers. A second user category is able to restore, from a prepayment token identifier, the known initial identifier, and therefore the client, with the intention of affecting his resource consumption to him. The third user category is able neither to generate pre-payment token identifiers, nor to determine the client corresponding to a token identifier.

For the implementation of such a process, is known in the previous art, the technique which uses a public keys—private keys encryption system, applied twice. The first user category has a public key #1 and a private key #2. The second user category has a public key #2 and a private key #1.

The first user category is able to transform T_X-type data D_X into T_Y-type data D_Y. To that end, the data D_X is encrypted using the public key #1 to obtain intermediate data which is decrypted using the private key #2 to form data D_Y.

The second user category is able to transform the T_Y-type data D_Y into T_X-type data D_X. The data D_Y is encrypted using the public key #2 to obtain intermediate data which is decrypted using the private key #1 to constitute the data D_X. However, the second user category is not able to transform the data D_X into data D_Y, because it does not have the private key #2.

The third user category is able to transform neither the data D_X into data D_Y, nor the data D_Y into data D_X.

The implementation of that technique of limitation of the possibility to transform data requires the setting up of a public keys certification infrastructure. Such infrastructure is relatively complex and costly.

The subject of the invention aims at remedying the drawbacks of the previous art by proposing a technique enabling to limit the possibilities of data use for three user categories, by implementing simple and inexpensive means.

So as to reach such a goal, the subject of the invention concerns a process to limit, through at least one processing and memorizing unit, the possibility to transform T_X-type data into T_Y-type data and the possibility to transform T_Y-type data into T_X-type data, the transformation of the T_X-type data into T_Y-type data being carried out using an A-type transformation function, while the transformation of the T_Y-type data into T_X-type data is carried out using a B-type transformation function, inverse of the A-type transformation function, the data being in particular designed to constitute for instance, pre-payment tokens, and being implemented on at least one data processing system.

According to the invention, the process comprises:

• • using an A-type data processing system and a B-type data processing system,
  • setting up at least once, at least one link between the A-type data processing system and the B-type data processing system, so as to provide the transfer of at least T_Y-type data from the A-type data processing system to the B-type data processing system and/or to provide the transfer of at least T_X-type data from the B-type data processing system to the A-type data processing system,
  • during an A-type customization phase, creating at least one A-type processing and memorizing unit including at least the A-type transformation function,
  • during an A-type transformation phase:
    • for a user possessing at least one A-type processing and memorizing unit, enabling:
      • to transfer at least one piece of T_X-type data from the A-type data processing system to the A-type processing and memorizing unit,
      • to transform in the A-type processing and memorizing unit, each piece of T_X-type data into a piece of T_Y-type data, using the A-type transformation function,
      • to transfer each piece of T_Y-type data from the A-type processing and memorizing unit to the A-type data processing system,
    • for a user not possessing any A-type processing and memorizing unit, not being able to transform a piece of T_X-type data into a piece of T_Y-type data, using the A-type transformation function,
  • during a B-type customization phase, creating at least one B-type processing and memorizing unit including the B-type transformation function and not including the A-type transformation function,
  • and during a B-type transformation phase:
    • for a user possessing a B-type processing and memorizing unit, and not possessing an A-type processing and memorizing unit,
      • enabling:
        • to transfer at least one piece of T_Y-type data from the B-type data processing system, to the B-type processing and memorizing unit,
        • to transform in the B-type processing and memorizing unit each piece of T_Y-type data into a piece of T_X-type data, using the B-type transformation function,
        • to transfer each piece of T_X-type data from the B-type processing and memorizing unit to the B-type data processing system,
      • not being able to transform a piece of T_X-type data into a piece of T_Y-type data using the A-type transformation function.

Various other characteristics emerge from the description made below in reference to the appended diagrams which show, as non-limiting examples, embodiments and implementations of the subject of the invention.

FIG. 1 is a functional block diagram illustrating the technical means enabling the implementation of the invention.

FIG. 2 is a diagram illustrating the transformations of data implemented by the subject of the invention.

FIG. 3 is a diagram stowing the spot where the transformation functions are executed.

FIG. 4 is a diagram illustrating the user categories discriminated between by the subject of the invention.

FIG. 5 is a diagram illustrating the carrying out of the transformation functions using the known technique of secret keys encryption.

FIGS. 6 and 7 are diagrams illustrating two embodiments of the transformation functions using the known technique of public keys—private keys encryption.

FIG. 8 is a diagram illustrating the implementation of an additional transformation function in addition to the known encryption functions.

FIG. 9 is a diagram illustrating an implementation example of apparatuses of customization of processing and memorizing units.

FIG. 10 is a diagram illustrating the principle of information generation.

FIG. 11 is a diagram illustrating the generation and transfer of information towards the processing and memorizing units, during a customization phase.

FIGS. 12 and 13 are respectively principle and application diagrams, illustrating an application example of the subject of the invention enabling the generation and use of pre-payment tokens.

FIG. 1 illustrates an embodiment of a system 1 to limit the possibility of data transformation. The system 1 includes an A-type data processing system STD_A. Generally speaking, such an A-type data processing system STD_A includes at least one processor A₁₀ enabling the execution of an implementation software A₁₁. The A-type data processing system STD_A can be a computer, a server or be part, for instance, of various machines, devices, fixed or mobile products, or vehicles in the general sense. The A-type data processing system STD_A is connected, using transfer means A₁₂, by a link A₂₀, to an A-type processing and memorizing unit UTM_A.

For the sake of simplification in the rest of the description, the A-type data processing system STD_A shall be refereed to as system STD_A and the A-type processing and memorizing unit UTM_A shall be refereed to as unit UTM_A.

The link A₂₀ between the system STD_A and the unit UTM_A can be realized in any possible way, such as for instance a serial link, a USB bus, a radio link, an optical link, a network link or a direct electric connection to a circuit of the system STD_A, etc. It should be observed that the unit UTM_A can possibly be physically located inside the same integrated circuit than the processor of the system STD_A. In this case, the unit UTM_A can be considered as a co-processor in relation to the processor of the system STD_A and the link A₂₀ is internal to the integrated circuit.

The unit UTM_A includes transfer means A₃₀ and processing and memorizing means A₃₁. It must be considered that the transfer means A₁₂ and A₃₀ are of software and/or hardware nature and are capable of providing and optimizing the data communication between the system STD_A and the unit UTM_A. Said transfer means A₁₂, A₃₀ are adapted to enable to have at one's disposal an implementation software A₁₁ which is, preferably, independent from the type of link A₂₀ used. Said transfer means A₁₂, A₃₀ are not part of the subject of the invention and are not described more precisely as they are well known by the Man of art.

Said unit UTM_A is able to:

• • using the transfer means A₃₀:
    • accept data provided by the system STD_A,
    • return data to the system STD_A,
  • using the processing and memorizing means A₃₁:
    • to store data possibly in secret and to retain at least a part of said data even if the unit UTM_A is switched off,
    • and to carry out algorithmic processing on data, part or all of said processing being possibly secret.

As non-limiting example, said unit UTM_A can be constituted by a material key on the USB bus of the system STD_A or preferably by a chip card and its interface commonly called card reader linked up to the system STD_A.

In the case where the unit UTM_A is constituted by a chip card and its interface, the transfer means A₃₀ are split into two parts, one being on the interface and the other one being on the chip card. In this embodiment, the absence of the chip card is considered as equivalent to the absence of the unit UTM_A, inasmuch as the processing and memorizing means A₃₁ contained in the chip card are missing.

The system 1 also includes a B-type data processing system STD_B. Generally speaking, such a B-type data processing system STD_B includes at least one processor B₁₀ enabling the execution of an implementation software B₁₁. The B-type data processing system STD_B can be a computer, a server or be part, for instance, of various machines, devices, fixed or mobile products, or vehicles in the general sense. The B-type data processing system STD_B is connected, using transfer means B₁₂, by a link B₂₀, to a B-type processing and memorizing unit UTM_B.

For the sake of simplification in the rest of the description, the B-type data processing system STD_B shall be referred to as system STD_B and the B-type processing and memorizing unit UTM_B shall be referred to as unit UTM_B.

The link B₂₀ between the system STD_B and the unit UTM_B can be realized in any possible way, such as for instance a serial link, a USB bus, a radio link, an optical link, a network link or a direct electric connection to a circuit of the system STD_B, etc. It should be observed that the unit UTM_B can possibly be physically located inside the same integrated circuit than the processor of the system STD_B. In this case, the unit UTM_B can be considered as a co-processor in relation to the processor of the system STD_B and the link B₂₀ is internal to the integrated circuit.

The unit UTM_B includes transfer means B₃₀ and processing and memorizing means B₃₁. It must be considered that the transfer means B₁₂ and B₃₀ are of software and/or hardware nature and are capable of providing and optimizing the data communication between the system STD_B and the unit UTM_B. Said transfer means B₁₂, B₃₀ are adapted to enable to have at one's disposal an implementation software B₁₁ which is, preferably, independent from the type of link B₂₀ used. Said transfer means B₁₂, B₃₀ are not part of the subject of the invention and are not described more precisely as they are well known by the Man of art.

Said unit UTM_B is able to:

• • using the transfer means B₃₀:
    • accept data provided by the system STD_B,
    • return data to the system STD_B,
  • using the processing and memorizing means B₃₁:
    • to store data possibly in secret and to retain at least a part of said data even if the unit UTM_B is switched off,
    • and to carry out algorithmic processing on data, part or all of said processing being possibly secret.

As non-limiting example, said unit UTM_B can be constituted by a material key on the USB bus of the system STD_B or preferably by a chip card and its interface commonly called card reader linked up to the system STD_B.

In the case where the unit UTM_B is constituted by a chip card and its interface, the transfer means B₃₀ are split into two parts, one being on the interface and the other one being on the chip card. In this embodiment, the absence of the chip card is considered as equivalent to the absence of the unit UTM_B, inasmuch as the processing and memorizing means B₃₁ contained in the chip card are missing.

The system 1 according to the invention also includes at least once, at least one link L between the system STD_A and the system STD_B. Said link L constitutes an information transfer channel and can be realized in all known ways. Said link L can be provided by a computer network and/or by a material transmission of information (personal delivery, postal delivery, etc.). Depending on the applications, the link L can transmit information from the system STD_A to the system STD_B, from the system STD_B to the system STD_A or in both directions. As non-limiting example, the transfer by said link L between the system STD_A and the system STD_B can take the following heterogeneous channel: transmission of files from the system STD_A, then printing on a physical support, then transfer of said physical support, then keyboarding data on a computer, then lastly transfer through a computer network to the system STD_B.

FIG. 2 illustrates the data transformations carried out by the process according to the invention. Two data types are defined, namely the type T_X and the type T_Y. Each of said types T_X and T_Y is a computer type of data, such as for instance, a 8-bit character, a 32-bit integer, a 64-bit integer, a 512-bit integer, a 64-bit float. In a preferred variant embodiment, the 64-bit integer type is used as data type T_X, as well as as data type T_Y.

The invention uses an A-type transformation function F_A and a B-type transformation function F_B. The A-type transformation function F_A is a bijection having as starting set the type T_X and as ending set the type T_Y. The B-type transformation function F_B is a bijection having as starting set the type T_Y and as ending set the type T_X. The A-type transformation function F_A and the B-type transformation function F_B are inverse of each other. For the sake of simplification in the rest of the description, the A-type transformation function F_A shall be referred to as function F_A and the B-type transformation function F_B shall be referred to as function F_B.

Thus, the function F_A transforms a piece of T_X-type data D_X into a piece of T_Y-type data D_Y, namely D_Y=F_A (D_X), while the function F_B transforms a piece of T_Y-type data D_Y′ into a piece of T_X-type data D_X′, namely D_X′=F_B (D_Y′).

Since the two functions F_A and F_B are inverse of each other:

• • by applying successively the two functions F_A, then F_B to a piece of data D_X, one finds again the piece of data D_X, namely D_X=F_B (F_A(D_X)),
  • by applying successively the two functions F_B, then F_A, to a piece of data D_Y′, one finds again the piece of data D_Y′, namely D_Y′=F_A (F_B(D_Y′)).

FIG. 3 illustrates the spot where the functions F_A and F_B are executed. So as to implement the invention, the functions F_A and F_B must remain confidential. To this end, the function F_A is carried out only inside the unit UTM_A and the function F_B is carried out only inside the unit UTM_B and, possibly, inside the unit UTM_A. Thus, in the unit UTM_A, a piece of T_X-type data D_X is transformed by the function F_A into a piece of T_Y-type data D_Y and, possibly, a piece of T_Y-type data D_Y′ is transformed by the function F_B into a piece of T_X-type data D_X′. Furthermore, in the unit UTM_B, a piece of T_Y-type data D_Y′ is transformed by the function F_B into a piece of T_X-type data D_X′.

FIG. 4 makes explicit the three categories of persons or users C₁, C₂, C₃ discriminated between by the subject of the invention, depending on the possession or not of the units UTM_A and/or UTM_B.

Each user of the first category C₁ is able to transform a piece of T_X-type data into a piece of T_Y-type data using the function F_A and, possibly to transform a piece of T_Y-type data into a piece of T_X-type data using the function F_B. Each user of the first category C₁ can thus use a unit UTM_A and, possibly, a unit UTM_B.

Each user of the second category C₂ is able to transform a piece of T_Y-type data into a piece of T_X-type data using the function F_B. However, each user of the second category C₂ is not able to transform a piece of T_X-type data into a piece of T_Y-type data using the function F_A. Each user of the second category C₂ can use a unit UTM_B, but cannot use a unit UTM_A.

Each user of the third category C₃ possesses neither a unit UTM_A, nor a unit UTM_B. No user of said third category C₃ is able to transform a piece of T_X-type data into a piece of T_Y-type data using the function F_A, or to transform a piece of T_Y-type data into a piece of T_X-type data using the function F_B.

Naturally, the functions F_A and F_B are interesting only if they are not trivial and are difficult to infer from the observation of data coming in and out of the units UTM_A and/or UTM_B.

FIG. 5 illustrates a first variant embodiment of the functions F_A et F_B using the known technique of secret keys encryption. According to this variant, the function F_A is carried out in the form of a secret key encryption function CS using as secret key, a secret piece of information I_CS.

The secret key encryption function CS is a standard encryption function such as for instance DES, inverse DES, triple DES, or IDEA. The secret piece of information I_CS is a key for the chosen encryption function. As such, the secret piece of information I_CS belongs to the type K_CS, i.e. to the set of the keys for said function. For instance, said K_CS-type secret piece of information I_CS is a 56-bit integer when the chosen secret key encryption function CS is DES.

In other words, the transformation of a piece of T_X-type data D_X into a piece of T_Y-type data D_Y using the function F_A amounts to encrypt the piece of data D_X using the secret key encryption function CS, using as secret key, the K_CS-type secret piece of information I_CS.

Similarly, the function F_B, inverse of the function F_A, is also carried out in the form of a secret key encryption function CSI, called inverse, using as secret key, a secret piece of information I_CSI.

The secret key inverse encryption function CSI is a standard encryption function such as for instance DES, inverse DES, triple DES, or IDEA.

The secret piece of information I_CSI is a key for the chosen encryption function. As such, the secret piece of information I_CSI belongs to the type K_CSI, i.e. to the set of the keys for said function.

In other words, the transformation of a piece of T_Y-type data D_Y′ into a piece of T_X-type data D_X′ using the function F_B amounts to encrypt the piece of data D_Y′ using the secret key inverse encryption function CSI, using as secret key, the K_CSI-type secret piece of information I_CSI.

The secret key inverse encryption function CSI using the secret key I_CSI, is the inverse of the secret key encryption function CS using the secret key I_CS. For instance, in the case where the secret key encryption function CS is carded out by the function DES, the secret key inverse encryption function CSI must be carried out by the function inverse DES, while the K_CS-type secret piece of information I_CS and the K_CSI-type secret piece of information I_CSI must be identical.

FIGS. 6 and 7 illustrate a second variant embodiment of the functions F_A and F_B, using the known technique of public key-private key encryption.

FIG. 6 illustrates a first embodiment in which the function F_A is carried out in the form of a public key encryption function CPU using as public key, a secret piece of information I_CPU.

The public key encryption function CPU is a standard encryption function, for instance RSA. The secret piece of information I_CPU is a key for the chosen encryption function. As such, the secret piece of information I_CPU belongs to the type K_CPU, i.e. to the set of the public keys for said function. For instance, said K_CPU-type secret piece of information I_CPU can be formed by a “module” and a “public exponent” when the chosen public key encryption function CPU is RSA.

In other words, the transformation of a piece of T_X-type data D_X into a piece of T_Y-type data D_Y using the function F_A amounts to encrypt the piece of data D_X using the public key encryption function CPU, using as public key, the K_CPU-type secret piece of information I_CPU.

Similarly, the function F_B, inverse of the function F_A, is for its part carried out in the form of a private key decryption function CPUI, using as private key, a secret piece of information I_CPUI.

The private key decryption function CPUI is a standard function, for instance RSA.

The secret piece of information I_CPUI is a key for the chosen decryption function. As such, the secret piece of information I_CPUI belongs to the type K_CPUI, i.e. to the set of the private keys for said function.

In other words the transformation of a piece of T_Y-type data D_Y′ into a piece of T_X-type data D_X′ using the function F_B amounts to decrypt the piece of data D_Y′ using the private key decryption function CPUI, using as private key, the K_CPUI-type secret piece of information I_CPUI.

The private key decryption function CPUI using the private key I_CPUI, is the inverse of the public key encryption function CPU using the public key I_CPU. For instance, in the case where the public key encryption function CPU is carried out by the RSA encryption function, the private key decryption function CPUI must be carried out by the RSA decryption function, while the K_CPU-type secret piece of information I_CPU and the K_CPUI-type secret piece of information I_CPUI must be respectively an RSA public key and its associated private key.

FIG. 7 illustrates a second embodiment in which the function F_A is carried out in the form of a private key encryption function CPR using as private key, a secret piece of information I_CPR.

The private key encryption function CPR is a standard encryption function, for instance RSA. The secret piece of information I_CPR is a key for the chosen encryption function. As such, the secret piece of information I_CPR belongs to the type K_CPR, i.e. to the set of the private keys for said function. For instance, said K_CPR-type secret piece of information I_CPR can be formed by a “module” and a “private exponent” when the chosen private key encryption function CPR is RSA.

In other words, the transformation of a piece of T_X-type data D_X into a piece of T_Y-type data D_Y using the function F_A amounts to encrypt the piece of data D_X using the private key encryption function CPR, using as private key, the K_CPR-type secret piece of information I_CPR.

Similarly, the function F_B, inverse of the function F_A, is for its part carried out in the form of a public key decryption function CPRI, using as public key, a secret piece of information I_CPRI.

The public key decryption function CPRI is a standard function, for instance RSA.

The secret piece of information I_CPRI is a key for the chosen decryption function. As such, the secret piece of information I_CPRI belongs to the type K_CPRI, i.e. to the set of the public keys for said function.

In other words, the transformation of a piece of T_Y-type data D_Y′ into a piece of T_X-type data D_X′ using the function F_B amounts to decrypt the piece of data D_Y′ using the public key decryption function CPRI, using as public key, the K_CPRI-type secret piece of information I_CPRI.

The public key decryption function CPRI using the public key I_CPRI, is the inverse of the private key encryption function CPR using the private key I_CPR. For instance, in the case where the private key encryption function CPR is carried out by the RSA encryption function, the public key decryption function CPRI must be carried out by the RSA decryption function, while the K_CPR-type secret piece of information I_CPR and the K_CPRI-type secret piece of information I_CPRI must be respectively an RSA private key and its associated public key.

In the two examples described in relation to FIGS. 6 and 7, the terms “encryption function” and “decryption function” are used to refer to two encryption operations inverse of each other. For the sake of clarity, the first function is called encryption function and the second function is called decryption function. That choice is arbitrary, so much so that the first function might as well be called decryption function and the second function might as well be called encryption function.

FIG. 8 is a diagram illustrating the implementation of an additional transformation function in addition to the known encryption functions, as illustrated in FIGS. 5 to 7. Indeed, can be used as function F_A, an additional transformation function F_ad combined with the secret key encryption function CS or with the public key encryption function CPU or with the private key encryption function CPR. Said additional transformation function F_ad can be combined in any way before and/or after the secret key encryption function CS, the public key encryption function CPU or the private key encryption function CPR. Naturally, said additional transformation function F_ad can also be formed by at least one encryption function.

Similarly, the function F_B can be formed by an additional transformation function, called inverse F_adi, which is combined with the secret key inverse encryption function CSI or with the private key decryption function CPUI or with the public key decryption function CPRI.

Whichever embodiment of the transformation functions, illustrated in FIGS. 5 to 8, it must be considered that the subject of the invention includes, besides, a customization phase of the processing and memorizing units during which the transformation functions are implanted in the processing and memorizing units.

FIG. 9 illustrates an implementation example of customization apparatuses 100_A and 100_B for processing and memorizing units UTM, with the intention of obtaining respectively, units UTM_A and units UTM_B.

In a preferred embodiment, it must be considered that each processing and memorizing unit UTM includes algorithmic means 110 necessary to carry out the function F_A and algorithmic means 120 necessary to carry out the function F_B. In the case where a secret key encryption function CS is used, the algorithmic means 110 correspond to means enabling, for instance, the carrying out of the DES function. In this case, the algorithmic means 120 correspond to means enabling the carrying out of the inverse DES function.

During a B-type customization phase, the customization apparatus 100_B carried out through a data processing system of any type, includes means to customize at least one processing and memorizing unit UTM, with the intention of obtaining a unit UTM_B. To that end, the algorithmic means 120 are used so as to obtain a unit UTM_B which is able to carry out the function F_B. However, the customization apparatus 100_B must also:

• • either inhibit the algorithmic means 110 necessary to carry out the function F_A,
  • or not load to the processing and memorizing unit UTM, the customization information enabling the carrying out of the function F_A, and possibly prevent its later loading.

Thus, a unit UTM_B is obtained including the function F_B and not including the function F_A.

Similarly, the customization apparatus 100_A carried out through a data processing system of any type, is used during an A-type customization phase, to customize at least one processing and memorizing unit UTM, with the intention of obtaining a unit UTM_A including the function F_A and, possibly, the function F_B. In the case where the unit UTM_A does not include the function F_B, the algorithmic means 120 are inhibited or the customization information is not loaded, as explained above.

Naturally, the customization apparatuses 100_A and 100_B can be carried out through a same data processing system. Moreover, processing and memorizing units UTM including only the algorithmic means necessary to carry out only one of the two transformation functions can be used. In that case, it is obviously not necessary to inhibit the inverse function.

The customization apparatuses 100_A and 100_B are also used to provide the generation of secret information used by the functions F_A and F_B and, possibly, to provide the generation of additional parameters for the additional functions F_ad, F_adi described in the examples illustrated in FIGS. 5 to 8.

FIG. 10 makes explicit the general principle of information generation. According to said figure, a principal secret SP is used by an algorithm D_p enabling to determine one of the pairs of secret pieces of information K_CS-type I_CS and K_CSI-type I_CSI, or K_CPU-type I_CPU and K_CPU-type I_CPUI, or K_CPR-type I_CPR and K_CPR-type I_CPRI and, possibly, parameters P_ad for the additional transformation function F_ad and parameters P_adi for the additional inverse transformation function F_adi.

To increase security, it can be advantageous that the principal secret SP may be determined from shared secrets S₁, S₂, . . . , S_n, using a secret reconstruction algorithm D_ps.

After the generation of that information, it can be considered proceeding to the customization of the units UTM_A and UTM_B. Thus, as it emerges more precisely from FIG. 11, during the A-type customization phase, the customization apparatus 100_A is used, to transfer to a processing and memorizing unit UTM, with the intention of obtaining a unit UTM_A:

• • the K_CS-type secret piece of information I_CS or the K_CPU-type secret piece of information I_CPU or the K_CPR-type secret piece of information I_CPR and, possibly, the parameters P_ad for the additional transformation function F_ad to enable the unit UTM_A to carry out the function F_A,
  • and possibly, the K_CSI-type secret piece of information I_CSI or the K_CPUI-type secret piece of information I_CPUI or the K_CPRI-type secret piece of information I_CPRI and, possibly the parameters P_adi for the additional inverse transformation function F_adi to enable the unit UTM_A to carry out the function F_B.

Similarly, the customization apparatus 100_B is used during the B-type customization phase to transfer to a processing and memorizing unit UTM, with the intention of obtaining a unit UTM_B, the K_CSI-type secret piece of information I_CSI or the K_CPUI-type secret piece of information I_CPUI or the K_CPRI-type secret piece of information I_CPRI and, possibly the parameters P_adi for the additional inverse transformation function F_adi to enable the unit UTM_B to carry out the function F_B.

The subject of the invention aims at enabling to limit the possibility to transform T_X-type data into T_Y-type data and the possibility to transform T_Y-type data into T_X-type data. To that end, the subject of the invention aims at putting at the first user category C₁'s disposal, at least one unit UTM_A to enable to transform a piece of T_X-type data into a piece of T_Y-type using a function F_A. Optionally, said unit UTM_A includes the possibility to transform a piece of T_Y-type data into a piece of T_X-type data using the function F_B.

The second user category C₂ has at least one unit UTM_B able to provide the transformation of T_Y-type data into T_X-type data using the function F_B. However, no user of said second category C₂ is able to carry out the transformation of T_X-type data into T_Y-type data using the function F_A. It thus appears possible to limit the possibility to transform data between tie users of different categories.

The subject of the invention is particularly useful in the case where the two user categories C₁ and C₂ able to transform data, do not have access to the secret information characterizing those transformations. Such a goal is reached by using processing and memorizing units, such as material keys on the USB bus or chip cards. The only possibility for a user of a category to carry out a transformation attributed to a user of the other category, is to obtain the unit belonging to the latter.

FIGS. 12 and 13 are respectively principle and application diagrams, illustrating an application example of the subject of the invention enabling the generation and use of data designed to constitute pre-payment tokens.

As it appears more precisely in FIG. 12, a starting set E_D is defined, whose elements are pieces T_X-type data. The staring set E_D includes, in the illustrated example, five elements, namely: 3, 4, 5, 6, 7. Each element of the starting set E_D corresponds to an identifier of a client possessing a resource consumption credit, such as for instance a WEB pages viewing credit. During an A-type transformation phase, all the elements of the starting set E_D are transformed using the function F_A contained in the unit UTM_A, so as to obtain an ending set E_A whose elements are pieces of T_Y-type data. In the illustrated example, the elements 3, 4, 5, 6, 7 are transformed respectively into 12850, 85503, 23072, 70331, 45082. The data thus obtained by the transformation carried out in the unit UTM_A gives no indication on the elements of the starting set E_D.

As it appears more precisely in FIG. 13, each user belonging to the first category C₁, has a unit UTM_A and can thus, from known initial identifiers, namely: 3, 4, 5, 6, 7 in the illustrated example, obtain pre-payment token identifiers, respectively 12580, 85503, 23072, 70331, 45082. Such prepayment token identifiers can, for instance, be printed on tokens j which can be constituted by any appropriate support, such as plastic cards or coupons. Said pre-payment token identifiers are, preferably, masked to attest to the non-use of the resource corresponding to said tokens.

Moreover, information I enabling to characterize the starting set E_D, is transmitted through a link L₁, to at least one system STD_B belonging to a user of the second category C₂. In the present case where the staring set E_D is composed of successive integers, the information I enabling to characterize the starting set E_D can, for instance, be the value of the smallest element and the number of elements of the set, namely the pair (3, 5).

In the illustrated example, one of the tokens j is transmitted to a user of the third category C₃, who thus becomes a client possessing a resource consumption credit. That transmission is carried out by any appropriate mean, such as postal delivery or personal delivery (part of a link L₂). Remember that each user of said third category C₃ has neither a unit UTM_A, nor a unit UTM_B.

After having uncovered the identifier of his pre-payment token, namely 85503 in the illustrated example, the user of the third category C₃ transmits through another part of the link L₂ to a user of the second category C₂, the uncovered identifier, as well as a request R_q for a resource R_es to consume. Remember that each user of the second category C₂ has a unit UTM_B linked up to a system STD_B. The identifier transmitted by the user of the third category C₃ to the system STD_B is transferred to the unit UTM_B, so as to provide its transformation, using the function F_B contained in the unit UTM_B, with the intention of restoring the initial identifier. In the illustrated example, the unit UTM_B thus transfers to the system STD_B the known initial identifier, namely 4, corresponding to the prepayment token 85503.

The system STD_B uses the information I to verify that the transformed element, namely 4 in the illustrated example, belongs to the starting set E_D. That verification enables to make sure that the pre-payment token has not been tampered with or invented. Thus, if the identifier is not recognized (N), the request R_q is refused, so much so that a negative reply R_p is sent to the user of the third category C₃. If the request is accepted (O), the identifier is used as an index in an array T of resources. Said array T indicates the quantity of remaining credits (96 in the illustrated example) for the client possessing the pre-payment token corresponding to the identifier 4. It is then verified that the remaining credits are sufficient for the request made. In the negative case (N), a negative reply R_p is sent to the user of the third category C₃. In the case where the credits are sufficient (O), the array is updated by subtracting the cost of the requested resource, and a positive reply R_p containing the requested resource R_es is prepared and then delivered to the user of the third category C₃.

In the previous example, note that:

• • a there are several links between the systems STD_A and STD_B, called L₁, L₂,
  • the users of the first category C₁ correspond to persons able to issue pre-payment tokens,
  • the users of the second category C₂ correspond to a provider of services wishing to charge the access to resources R_es,
  • the users of the third category C₃ possessing at least one pre-payment token, corresponds to clients possibly accessing charged-for resources,
  • the users of the third category C₃ not possessing pre-payment tokens, cannot be clients and therefore cannot access charged-for resources.

In the preferred example described, the invention aims at limiting the possibility to transform data designed to constitute pre-payment tokens. Naturally, the subject of the invention can be implemented to limit the possibility to transform data of different kind, such as for instance, electronic mail messages, internet pages, etc.

The invention is not limited to the examples described and represented, as various modifications can be brought to it within its framework.