EP2044547A1 - Method for generating access data for a medical device - Google Patents
Method for generating access data for a medical deviceInfo
- Publication number
- EP2044547A1 EP2044547A1 EP07786175A EP07786175A EP2044547A1 EP 2044547 A1 EP2044547 A1 EP 2044547A1 EP 07786175 A EP07786175 A EP 07786175A EP 07786175 A EP07786175 A EP 07786175A EP 2044547 A1 EP2044547 A1 EP 2044547A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- generating
- access
- access code
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000013475 authorization Methods 0.000 claims abstract description 16
- 230000005540 biological transmission Effects 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 7
- 238000012546 transfer Methods 0.000 claims description 3
- 230000004913 activation Effects 0.000 description 9
- 230000004075 alteration Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Definitions
- the invention relates to a method for generating access data for a medical device, which has a secure storage of medical or patient data.
- Access to patient data collected or stored on medical devices is subject to strict legal requirements. A minimum requirement is always the identification and authorization of a device user who is allowed to view this data. A practically relevant complication, however, is the loss of this access authorization (for example, forgetting the password, previous user leaves clinic / practice without a correct transfer of information takes place).
- the access-authorizing data (usually: user code / password) can in principle be kept in a safe place (sealed envelope in the safe). Since regular password changes are among the basic security measures, however, it is difficult in practice to ensure that the stored password is up-to-date. This procedure also presupposes the cooperation of the (previous) user, which is not necessarily given
- a common method consists in the provision of a hidden, only a limited group of people (eg service personnel) known access without authorization (eg secret key combination, service user ID with unchangeable password - "secret master key”), which in turn directly access to the data, or the Resetting lost access to a known or definable value
- This procedure can not ensure effective and traceable protection of patient data because it makes them dependent on trusted individuals only gaining knowledge of the Secret Master Key not realizable and in particular the secrecy is barely detectable.
- a physically protected key prevents the uncontrolled transmission of access information (as with the Secret Master Key), and facilitates the detection of it with the help of the physical protected key (resetting the lost access).
- access information as with the Secret Master Key
- the physical protected key resetting the lost access.
- an authorized person eg authorized service representative
- the access protection for all devices is broken as soon as a physically protected key is stolen or duplicated.
- the problem solved by the invention consists in the controlled activation of a lost access authorization without physical manipulation of the data-storing device.
- Controlled activation means that the procedure can not be misused to gain access to any other than the identified device, and that this access procedure becomes ineffective immediately after its use, and thus does not constitute a "master key" for this identified device.
- a method for generating a once only valid access code for a medical device or system comprising the steps of: a) generating a query key from at least one device-internal identifier b) transmitting the query key to an authorization authority c) generating an activation key from the Interrogation key through the authori zation d) transfer of the release key to the device e) enable access by the device and f) accidental alteration of at least one of the device-internal license plates.
- the accidental change of the at least one device-internal identifier by generating the indicator by means of a random number generator.
- the random change of the at least one device-internal identifier can be done by a random selection from a predefined list of labels. In this case, the transmission of the interrogation key or the transmission of the release key by means of data carriers or online data transmission can take place.
- the authorizing entity is advantageously a computer or other information processing unit which is in the access of the equipment manufacturer or an authority authorized by it and is able to verify, in a manner known per se, the authorization to request the access code by e.g. it is checked whether the device has been properly purchased and / or e.g. a service or maintenance contract has been made and / or the person entitled to access the data of the device has requested the access code.
- FIG. 1 shows schematically the sequence of the inventive method.
- the medical device has a memory 1 which contains at least one (with sufficient probability) unique, preferably unpredictable internal identifier K 1 . From this indicator K 1 is in a computing unit
- Query key S 4 (K 1 ) generated.
- This may be a string or sequence of numbers oa arbitrary length, it being advantageous to provide at least 10 characters, alternatively, it may also be a byte sequence, which also contains non-printable characters.
- This query key is sent via a preferably secure channel 2 (eg, mail, telephone, signed email, via data carrier) to the authorization authority.
- This authorization instance can be, for example, the customer service or service of the device manufacturer, which is able to check the authorization of the query (identity and authorization of the sender to request a new access code).
- Reset the access code can be realized in various ways, e.g. a previously agreed password can be set, a new, valid password can be displayed to the user, or a password-free access can be temporarily permitted, which immediately forces the definition of a new password.
- the proposed method offers access to protected data independent of preventive measures by the user, avoiding the known disadvantages of a master key.
- the process of authorization (external calculation of the activation key) is decoupled from the operation of the equipment software, so that the presence of a service person on the device is not required and the number of authorized persons (ie the authorized to operate the external program for Generation of the activation key on the authorization authority side) can be drastically reduced in comparison to the group of people who would need access to a master key.
- the proposed solution can be extended in different directions, e.g. by the electronic storage and / or transmission of the challenge key and the release key directly from the device software (e.g., as email or export / import to / from a file).
- an automatic, independent of the entry of a valid activation key change the internal identifier after certain large time intervals (eg Once a month), unused unlock keys were automatically invalidated after the elapsed time, thus posing no risk for unauthorized use
- the method for determining the internal identifier K 1 can be varied within wide limits are conceivable
- hash functions eg MD5 or SHA
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for generating an access code to a medial device comprising a memory for patient data, said access code being valid only once. According to said method, a query key is generated from a device-internal identification and is transmitted to an authorization entity. The authorization entity generates an associated release key from the query key. The release key grants access and modifies the internal identification when the release key is entered into the device such that the access code cannot be used a second time.
Description
Verfahren zum Erzeugen von Zugangsdaten für ein medizinisches Gerät Method for generating access data for a medical device
Die Erfindung betrifft ein Verfahren zum Erzeugen von Zugangsdaten für ein medizinisches Gerät, welches über eine gesicherte Speicherung von medizinischen oder Patientendaten verfügt.The invention relates to a method for generating access data for a medical device, which has a secure storage of medical or patient data.
Der Zugang zu Patientendaten, die auf medizinischen Geräten erfasst oder gespeichert werden, unterliegt strengen gesetzlichen Anforderungen. Eine Minimalforderung ist stets die Identifizierung und Autorisierung eines Gerätebenutzers, der Einsicht in diese Daten nehmen darf. Eine praktisch relevante Komplikation ist dabei jedoch der Verlust dieser Zugangsberechtigung (z.B. Vergessen des Passwortes, bisheriger Benutzer verlässt Klinik/Praxis ohne dass eine korrekte Informationsübergabe erfolgt).Access to patient data collected or stored on medical devices is subject to strict legal requirements. A minimum requirement is always the identification and authorization of a device user who is allowed to view this data. A practically relevant complication, however, is the loss of this access authorization (for example, forgetting the password, previous user leaves clinic / practice without a correct transfer of information takes place).
Die zugriffsberechtigenden Daten (meist: Nutzerkürzel / Passwort) können im Prinzip an einem sicheren Ort (verschlossener Briefumschlag im Safe) aufbewahrt werden. Da regelmäßiges Wechseln von Passwörtern zu den elementaren Sicherheitsmaßnahmen zählt, ist in der Praxis jedoch schwer sicherzustellen, dass das hinterlegte Passwort aktuell ist. Dieses Verfahren setzt auch die Kooperation des (bisherigen) Benutzers voraus, die nicht notwendigerweise gegeben istThe access-authorizing data (usually: user code / password) can in principle be kept in a safe place (sealed envelope in the safe). Since regular password changes are among the basic security measures, however, it is difficult in practice to ensure that the stored password is up-to-date. This procedure also presupposes the cooperation of the (previous) user, which is not necessarily given
Ein übliches Verfahren besteht im Vorsehen eines verdeckten, nur einem beschränkten Personenkreis (z.B. Servicepersonal) bekannten Zugangs ohne Autorisierung (z.B. geheime Tastenkombination, Service-Nutzerkürzel mit unveränderbarem Passwort - „Geheimer Generalschlüssel"), welcher seinerseits direkt Zugang zu den Daten, oder aber das Rücksetzen des verloren gegangenen Zugangs auf einen bekannten oder zu definierenden Wert erlaubt. Dieses Verfahren kann einen wirksamen und verfolgbaren Schutz der Patientendaten nicht sichern, da es diesen davon abhängig macht, dass nur vertrauenswürdige Personen Kenntnis über den Geheimen Generalschlüssel erhalten. Dies ist in der Praxis nicht realisierbar und insbesondere die erfolgte Geheimhaltung ist kaum nachweisbar.A common method consists in the provision of a hidden, only a limited group of people (eg service personnel) known access without authorization (eg secret key combination, service user ID with unchangeable password - "secret master key"), which in turn directly access to the data, or the Resetting lost access to a known or definable value This procedure can not ensure effective and traceable protection of patient data because it makes them dependent on trusted individuals only gaining knowledge of the Secret Master Key not realizable and in particular the secrecy is barely detectable.
Die Verwendung eines physisch geschützten Schlüssels (z.B. als „Dongle" am USB- oder Parallelport) verhindert zwar die unkontrollierte Weitergabe von Zugangsinformationen (wie beim Geheimen Generalschlüssel), und erleichtert den Nachweis von mit Hilfe des physisch
geschützten Schlüssels vorgenommenen Manipulationen (Rücksetzen des verlorenen Zugangs). Andererseits erfordert sie jedoch die physische Anwesenheit eines Berechtigten (z.B. autorisierter Service-Mitarbeiter), was Zeit und Geld kostet. Gleichzeitig ist der Zugangsschutz für alle Geräte durchbrochen, sobald ein physisch geschützter Schlüssel entwendet oder vervielfältigt würde.The use of a physically protected key (eg as "dongle" on the USB or parallel port) prevents the uncontrolled transmission of access information (as with the Secret Master Key), and facilitates the detection of it with the help of the physical protected key (resetting the lost access). On the other hand, however, it requires the physical presence of an authorized person (eg authorized service representative), which costs time and money. At the same time, the access protection for all devices is broken as soon as a physically protected key is stolen or duplicated.
Die durch die Erfindung gelöste Aufgabe besteht in der kontrollierten Freischaltung einer verloren gegangenen Zugangsberechtigung ohne physische Manipulation am Daten speichernden Gerät.The problem solved by the invention consists in the controlled activation of a lost access authorization without physical manipulation of the data-storing device.
Kontrollierte Freischaltung bedeutet dabei, dass das Verfahren nicht missbraucht werden kann, um sich Zugang zu einem anderen als dem identifizierten Gerät zu verschaffen, und dass dieses Zugangsverfahren unmittelbar nach seiner Verwendung unwirksam wird, also auch für dieses identifizierte Gerät keinen „Generalschlüssel" darstellt.Controlled activation means that the procedure can not be misused to gain access to any other than the identified device, and that this access procedure becomes ineffective immediately after its use, and thus does not constitute a "master key" for this identified device.
Diese Aufgabe wird durch ein Verfahren zur Generierung eines nur einmal gültigen Zugangscodes für ein medizinisches Gerät oder System gelöst, welches die Schritte a) Geräteseitiges Erzeugen eines Abfrageschlüssels aus mindestens einem geräteinternen Kennzeichen b) Übertragen des Abfrageschlüssels an eine Autorisierungsinstanz c) Erzeugen eines Freischaltschlüssels aus dem Abfrageschlüssel durch die Autori si erungsi nstanz d) Übertragen des Freigabeschlüssels an das Gerät e) Frei schalten des Zugangs durch das Gerät und f) Geräteseitige zufällige Veränderung mindestens eines der geräteinternen Kennzeichen aufweist.This object is achieved by a method for generating a once only valid access code for a medical device or system, comprising the steps of: a) generating a query key from at least one device-internal identifier b) transmitting the query key to an authorization authority c) generating an activation key from the Interrogation key through the authori zation d) transfer of the release key to the device e) enable access by the device and f) accidental alteration of at least one of the device-internal license plates.
Dabei ist es vorteilhaft, wenn die zufällige Veränderung des mindestens einen geräteinternen Kennzeichens durch Generierung des Kennzeichens mittels eines Zufallsgenerators erfolgt.
Alternativ kann die zufällige Veränderung des mindestens einen geräteinternen Kennzeichens durch eine zufällige Auswahl aus einer vordefinierten Liste von Kennzeichen erfolgen. Dabei kann die Übertragung des Abfrageschlüssels bzw. die Übertragung des Freigabeschlüssels mittels Datenträger oder Online-Datenübertragung erfolgen.It is advantageous if the accidental change of the at least one device-internal identifier by generating the indicator by means of a random number generator. Alternatively, the random change of the at least one device-internal identifier can be done by a random selection from a predefined list of labels. In this case, the transmission of the interrogation key or the transmission of the release key by means of data carriers or online data transmission can take place.
Die Autorisierungsinstanz ist vorteilhafterweise ein Rechner oder eine andere Informationsverarbeitungseinheit, welche im Zugriff des Geräteherstellers oder einer vom ihm autorisierten Stelle liegt und in der Lage ist, in an sich bekannter Art und Weise die Berechtigung zur Anforderung des Zugangscodes zu prüfen, indem z.B. überprüft wird, ob das Gerät ordnungsgemäß erworben wurde und/oder z.B. ein Service- oder Wartungsvertrag vorliegt und/oder die zum Zugriff auf die Daten des Gerätes berechtigte Person die Anforderung des Zugangscodes gestellt hat.The authorizing entity is advantageously a computer or other information processing unit which is in the access of the equipment manufacturer or an authority authorized by it and is able to verify, in a manner known per se, the authorization to request the access code by e.g. it is checked whether the device has been properly purchased and / or e.g. a service or maintenance contract has been made and / or the person entitled to access the data of the device has requested the access code.
Die Erfindung wird im Folgenden anhand eines bevorzugten Ausführungsbeispiels erläutert. Fig. 1 zeigt schematisch den Ablauf des erfϊndungsgemäßen Verfahrens.The invention will be explained below with reference to a preferred embodiment. Fig. 1 shows schematically the sequence of the inventive method.
Das Medizinische Gerät weist einen Speicher 1 auf, welcher mindestens ein (mit hinreichender Wahrscheinlichkeit) eindeutiges, vorzugsweise nicht voraussagbares internes Kennzeichen K1 enthält. Aus diesem Kennzeichen K1 wird in einer Recheneinheit einThe medical device has a memory 1 which contains at least one (with sufficient probability) unique, preferably unpredictable internal identifier K 1 . From this indicator K 1 is in a computing unit
Abfrageschlüssel S4 (K1 ) generiert. Dieser kann eine Zeichenkette oder Folge von Zahlen o.a. beliebiger Länge sein, wobei es vorteilhaft ist, mindestens 10 Zeichen vorzusehen, alternativ kann es sich auch um eine Bytefolge, welche auch nichtdruckbare Zeichen enthält, handeln. Dieser Abfrageschlüssel wird über einen vorzugsweise sicheren Kanal 2 (z.B. Post, Telefon, signierte Email, per Datenträger) an die Autorisierungsinstanz gesendet. Diese Autorisierungsinstanz kann z.B. der Kundendienst oder Service des Geräteherstellers sein, welche in der Lage ist, die Autorisierung der Abfrage zu prüfen (Identität und Berechtigung des Absenders zur Anforderung eines neuen Zugangscodes). Über ein geeignetes Verschlüsselungsverfahren D(S A, SM) wird z.B. mit einem Rechner aus diesem Abfrageschlüssel mittels eines geheimen Masterschlüssels SM ein Freischaltschlüssel SF e = D(S A , SM ) erzeugt, welcher wiederum über einen sicheren Kanal an eine zur Änderung des Zugangscodes des Gerätes autorisierte Stelle des Kunden zurück übertragen wird.
In der Software des Daten speichernden Geräts ist dasselbe Verschlüsselungsverfahren und derselbe (geheime) Masterschlüssel implementiert, so dass intern und damit für den Nutzer nicht sichtbar, der Freischaltschlüssel SF l = D(S A, S M ) berechnet werden kann. Ergibt derQuery key S 4 (K 1 ) generated. This may be a string or sequence of numbers oa arbitrary length, it being advantageous to provide at least 10 characters, alternatively, it may also be a byte sequence, which also contains non-printable characters. This query key is sent via a preferably secure channel 2 (eg, mail, telephone, signed email, via data carrier) to the authorization authority. This authorization instance can be, for example, the customer service or service of the device manufacturer, which is able to check the authorization of the query (identity and authorization of the sender to request a new access code). By means of a suitable encryption method D (S A , S M ), for example, a release key S F e = D (S A , S M ) is generated by means of a secret master key S M from a computer using this key to change the access code of the device authorized body of the customer is transferred back. The same encryption method and the same (secret) master key are implemented in the software of the data-storing device, so that the enabling key S F = D (S A , S M ) can be calculated internally and thus not visible to the user. Yields the
Vergleich mit dem vom Nutzer eingegebenen, von der Autorisierungsinstanz berechneten Freischaltschlüssel Gleichheit SF_e - SF , , so wird der Zugangscode des Gerätes zurückgesetzt und die interne Kennung K1 gezielt aber nicht vorausschaubar verändert. DasComparison with the user-entered, by the authorizing authority calculated activation key equality S F _ e - S F ,, the access code of the device is reset and the internal identifier K 1 targeted but not predictably changed. The
Zurücksetzen des Zugangscodes kann dabei auf verschiedene Art und Weise realisiert werden, z.B. kann ein vorher vereinbartes Passwort gesetzt werden, ein neues, gültiges Passwort dem Nutzer angezeigt werden oder auch temporär ein passwortfreier Zugang erlaubt werden, welcher unmittelbar die Definition eines neuen Passwortes erzwingt.Reset the access code can be realized in various ways, e.g. a previously agreed password can be set, a new, valid password can be displayed to the user, or a password-free access can be temporarily permitted, which immediately forces the definition of a new password.
Die Wiederholung dieses Ablaufs auf demselben / einem anderen Gerät würde auf Grund der veränderten bzw. anderen internen Kennung einen anderen Abfrageschlüssel erzeugen. Der vorher verwendete Freischaltschlüssel ist folglich wertlos und kann damit nicht mißbraucht werden.The repetition of this procedure on the same / another device would generate a different query key due to the changed or different internal identifier. The previously used unlock key is therefore worthless and can not be misused.
Das vorgeschlagene Verfahren bietet einen von vorbeugenden Maßnahmen des Benutzers unabhängigen Zugang zu geschützten Daten und vermeidet dabei die bekannten Nachteile eines Generalschlüssels. Außerdem wird der Vorgang der Autorisierung (externe Berechnung des Freischaltschlüssels) von der Bedienung der Geräte Software entkoppelt, so dass die Anwesenheit eines Service-Mitarbeiter am Gerät nicht erforderlich ist und die Zahl der autorisierten Personen (d.h. der Berechtigten für die Bedienung des externen Programms zur Generierung des Freischaltschlüssels auf Seiten der Autorisierungsinstanz) im Vergleich zum Personenkreis, der Zugang zu einem Generalschlüssel erhalten müsste, drastisch reduziert werden kann.The proposed method offers access to protected data independent of preventive measures by the user, avoiding the known disadvantages of a master key. In addition, the process of authorization (external calculation of the activation key) is decoupled from the operation of the equipment software, so that the presence of a service person on the device is not required and the number of authorized persons (ie the authorized to operate the external program for Generation of the activation key on the authorization authority side) can be drastically reduced in comparison to the group of people who would need access to a master key.
Die vorgeschlagene Lösung kann in verschiedenen Richtungen erweitert werden, z.B. durch die elektronische Speicherung und/oder Übertragung des Abfrageschlüssels und des Freigabeschlüssels direkt aus der Gerätesoftware (z.B. als Email oder Export/Import nach/von einer Datei).The proposed solution can be extended in different directions, e.g. by the electronic storage and / or transmission of the challenge key and the release key directly from the device software (e.g., as email or export / import to / from a file).
Weiterhin kann eine automatische, von der Eingabe eines gültigen Freischaltschlüssels unabhängige Veränderung der internen Kennung nach gewissen größeren Zeitabständen (z.B.
einmalig im Monat) vorgesehen sein Damit wurden nicht benutzte Freischaltschlussel nach der abgelaufenen Zeit automatisch entwertet und stellten so kein Risiko für die unbefugte Benutzung darFurthermore, an automatic, independent of the entry of a valid activation key change the internal identifier after certain large time intervals (eg Once a month), unused unlock keys were automatically invalidated after the elapsed time, thus posing no risk for unauthorized use
Das Verfahren zur Festlegung der internen Kennung K1 kann in weiten Grenzen variiert werden Denkbar sindThe method for determining the internal identifier K 1 can be varied within wide limits are conceivable
- Kombination aus Zeitstempel, Geräte-Identifikation (z B Seriennummer) und einer Zufallszahl- Combination of time stamp, device identification (eg serial number) and a random number
- Verwendung von Hash-Funktionen (z B MD5 oder SHA) auf konstante Benutzeridentitatsdaten in Kombination mit einer Zufallszahl- Use of hash functions (eg MD5 or SHA) for constant user identity data in combination with a random number
- Verwendung von Konstanten (z B UIDs) des Geräte-Betriebssystems in Kombination mit einer Zufallszahl- Use of constants (eg UIDs) of the device operating system in combination with a random number
Ferner kann das Verfahren zur Generierung bzw zum Vergleich der Freischaltschlussel modifiziert oder erweitert werden Denkbar ist eine Signaturprufung anstelle eines Tests auf Gleichheit, beispielsweise durch Verwendung eines asymmetrischen Verschlusselungsverfahrens, wie RSA, bei dem der übertragene Abfrageschlussel mit dem „öffentlichen" Schlüssel in den Freischaltschlussel verschlüsselt wird, und der Freischaltschlussel auf dem Daten speichernden Gerat mit dem „privaten" Schlüssel entschlüsselt wird, und das Entschlusselungsergebnis gegen den Abfrageschlussel verglichen wird (Die Begriffe „öffentlicher" und „privater" Schlüssel beziehen sich hier auf die in der Kryptographie gebrauchliche Terminologie im vorliegenden Fall waren beide Schlüssel geheim zu halten )
It is also conceivable to modify or extend the method for generating or comparing the activation key. It is conceivable to perform a signature verification instead of a test for equality, for example by using an asymmetric encryption method such as RSA, in which the transmitted query key with the "public" key is encrypted in the activation key and decrypting the unlock key on the data storage device with the "private" key and comparing the decryption result against the query key (the terms "public" and "private" key refer to the terminology used in cryptography herein Case, both keys were kept secret)
Claims
1. Verfahren zur Generierung eines Zugangscodes für ein medizinisches Gerät, welches über einen Speicher für Patientendaten oder andere zu schützende Daten verfügt, wobei der Zugangscode nur ein Mal gültig ist, gekennzeichnet durch die Schritte a) Geräteseitiges Erzeugen eines Abfrageschlüssels aus mindestens einem geräteinternen Kennzeichen b) Übertragen des Abfrageschlüssels an eine Autorisierungsinstanz c) Erzeugen eines Freischaltschlüssels aus dem Abfrageschlüssel durch die Autori si erungsinstanz d) Übertragen des Freigabeschlüssels an das Gerät e) Frei schalten des Zugangs durch das Gerät und f) Geräteseitige zufällige Veränderung mindestens eines der geräteinternen Kennzeichen.A method of generating an access code for a medical device having a memory for patient data or other data to be protected, the access code being valid only once, characterized by the steps of: a) generating a query key from at least one device-internal identifier b ) Transferring the query key to an authorization instance c) Generating a release key from the query key by the authorizing entity d) Transferring the release key to the device e) Enable access by the device and f) Random change of at least one of the device-internal license plates.
2. Verfahren zur Generierung eines Zugangscodes nach Anspruch 1, gekennzeichnet dadurch, dass die zufällige Veränderung des mindestens einen geräteinternen Kennzeichens durch Generierung des Kennzeichens mittels eines Zufallsgenerators erfolgt.2. A method for generating an access code according to claim 1, characterized in that the random change of the at least one device-internal identifier by generating the identifier by means of a random number generator.
3. Verfahren zur Generierung eines Zugangscodes nach Anspruch 1, gekennzeichnet dadurch, dass die zufällige Veränderung des mindestens einen geräteinternen Kennzeichens durch eine zufällige Auswahl aus einer vordefinierten Liste von Kennzeichen erfolgt.3. A method for generating an access code according to claim 1, characterized in that the random change of the at least one device-internal identifier is done by a random selection from a predefined list of license plates.
4. Verfahren zur Generierung eines Zugangscodes nach einem der Ansprüche 1 bis 3, dadurch gekennzeichnet, dass die Übertragung des Abfrageschlüssels bzw. die Übertragung des Freigabeschlüssels mittels Datenträger oder Online- Datenübertragung erfolgt. 4. A method for generating an access code according to one of claims 1 to 3, characterized in that the transmission of the interrogation key or the Transmission of the release key by means of data carrier or online data transfer takes place.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102006034536A DE102006034536A1 (en) | 2006-07-26 | 2006-07-26 | Method for generating access data for a medical device |
PCT/EP2007/006403 WO2008012020A1 (en) | 2006-07-26 | 2007-07-19 | Method for generating access data for a medical device |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2044547A1 true EP2044547A1 (en) | 2009-04-08 |
Family
ID=38669013
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07786175A Withdrawn EP2044547A1 (en) | 2006-07-26 | 2007-07-19 | Method for generating access data for a medical device |
Country Status (6)
Country | Link |
---|---|
US (1) | US20090241184A1 (en) |
EP (1) | EP2044547A1 (en) |
JP (1) | JP2009545041A (en) |
CN (1) | CN101496021A (en) |
DE (1) | DE102006034536A1 (en) |
WO (1) | WO2008012020A1 (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100305970A1 (en) * | 2009-05-29 | 2010-12-02 | Medaxion, LLC | Mobile Electronic Case Board |
US8311419B2 (en) | 2010-11-29 | 2012-11-13 | Xerox Corporation | Consumable ID differentiation and validation system with on-board processor |
US8532506B2 (en) | 2010-11-29 | 2013-09-10 | Xerox Corporation | Multiple market consumable ID differentiation and validation system |
US20130151285A1 (en) | 2011-12-09 | 2013-06-13 | Jeffrey Lee McLaren | System for automatically populating medical data |
US11139074B2 (en) * | 2016-03-14 | 2021-10-05 | Fenwal, Inc. | Cell washing system with process parameter control |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3053527B2 (en) * | 1993-07-30 | 2000-06-19 | インターナショナル・ビジネス・マシーンズ・コーポレイション | Method and apparatus for validating a password, method and apparatus for generating and preliminary validating a password, method and apparatus for controlling access to resources using an authentication code |
KR100213188B1 (en) * | 1996-10-05 | 1999-08-02 | 윤종용 | Apparatus and method for user authentication |
US6370649B1 (en) * | 1998-03-02 | 2002-04-09 | Compaq Computer Corporation | Computer access via a single-use password |
GB2347248A (en) * | 1999-02-25 | 2000-08-30 | Ibm | Super passwords |
US6668323B1 (en) * | 1999-03-03 | 2003-12-23 | International Business Machines Corporation | Method and system for password protection of a data processing system that permit a user-selected password to be recovered |
US7362869B2 (en) * | 2001-12-10 | 2008-04-22 | Cryptomathic A/S | Method of distributing a public key |
GB0210692D0 (en) * | 2002-05-10 | 2002-06-19 | Assendon Ltd | Smart card token for remote authentication |
US7519989B2 (en) * | 2003-07-17 | 2009-04-14 | Av Thenex Inc. | Token device that generates and displays one-time passwords and that couples to a computer for inputting or receiving data for generating and outputting one-time passwords and other functions |
US8639628B2 (en) * | 2004-02-23 | 2014-01-28 | Symantec Corporation | Token authentication system and method |
US7210166B2 (en) * | 2004-10-16 | 2007-04-24 | Lenovo (Singapore) Pte. Ltd. | Method and system for secure, one-time password override during password-protected system boot |
US7571489B2 (en) * | 2004-10-20 | 2009-08-04 | International Business Machines Corporation | One time passcode system |
US8266441B2 (en) * | 2005-04-22 | 2012-09-11 | Bank Of America Corporation | One-time password credit/debit card |
TWI271620B (en) * | 2005-06-16 | 2007-01-21 | Ememory Technology Inc | Method and apparatus for performing multi-programmable function with one-time programmable memories |
US20070101152A1 (en) * | 2005-10-17 | 2007-05-03 | Saflink Corporation | Token authentication system |
-
2006
- 2006-07-26 DE DE102006034536A patent/DE102006034536A1/en not_active Withdrawn
-
2007
- 2007-07-19 WO PCT/EP2007/006403 patent/WO2008012020A1/en active Application Filing
- 2007-07-19 EP EP07786175A patent/EP2044547A1/en not_active Withdrawn
- 2007-07-19 JP JP2009521147A patent/JP2009545041A/en not_active Withdrawn
- 2007-07-19 CN CN200780028363.4A patent/CN101496021A/en active Pending
- 2007-07-19 US US12/374,921 patent/US20090241184A1/en not_active Abandoned
Non-Patent Citations (1)
Title |
---|
See references of WO2008012020A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2008012020A1 (en) | 2008-01-31 |
US20090241184A1 (en) | 2009-09-24 |
JP2009545041A (en) | 2009-12-17 |
DE102006034536A1 (en) | 2008-01-31 |
CN101496021A (en) | 2009-07-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69724946T2 (en) | Program rental system and method for renting programs | |
DE60306844T2 (en) | Method and system for data update | |
DE102004025084B4 (en) | Personal authentication device and personal authentication system and personal authentication method | |
DE102009027723A1 (en) | Method for reading attributes from an ID token | |
DE102011056191A1 (en) | Device for protecting security tokens against malware | |
WO2003013167A1 (en) | Device for digitally signing an electronic document | |
DE102008028701B4 (en) | Method and system for generating a derived electronic identity from a main electronic identity | |
EP2044547A1 (en) | Method for generating access data for a medical device | |
EP3422274A1 (en) | Method for configuring or changing a configuration of a payment terminal and/or for allocating a payment terminal to an operator | |
WO2015180867A1 (en) | Production of a cryptographic key | |
DE102020118716A1 (en) | Procedure for the secure implementation of a remote signature and security system | |
EP2080144B1 (en) | Method for enabling a chip card | |
EP2562669B1 (en) | Method for performing a write protection operation, computer program product, computer system and chip card | |
EP1652337B1 (en) | Method for signing a data set in a public key system and data processing system for carrying out said method | |
WO2011072952A1 (en) | Device and method for ensuring access rights to a maintenance functionality | |
WO2016124506A1 (en) | Method for authorization management in an arrangement having multiple computer systems | |
EP1362272B1 (en) | Method and arrangement for a rights ticket system for increasing security of access control to computer resources | |
WO1998026537A1 (en) | Method for electronically protected storage of data in a data bank | |
DE10307996A1 (en) | Data encoding method e.g. for different users of a system, involves obtaining data through different users, with whom user data key becomes encoding and decoding of data | |
DE102006034535A1 (en) | Method for generating a one-time access code | |
DE102018010027A1 (en) | Settlement system | |
EP1054364A2 (en) | Method to improve security of systems using digital signatures | |
EP2230648A1 (en) | Single-use code mask for deriving a single-use code | |
EP3358488B1 (en) | Method for detecting unauthorised copies of a digital security token | |
DE102016123787A1 (en) | Chip implant with two-factor authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20090116 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK RS |
|
17Q | First examination report despatched |
Effective date: 20090928 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20120201 |
|
DAX | Request for extension of the european patent (deleted) |