CA2398323A1 - Method for safeguarding the access to a data processing apparatus and corresponding arrangement - Google Patents
Method for safeguarding the access to a data processing apparatus and corresponding arrangement Download PDFInfo
- Publication number
- CA2398323A1 CA2398323A1 CA002398323A CA2398323A CA2398323A1 CA 2398323 A1 CA2398323 A1 CA 2398323A1 CA 002398323 A CA002398323 A CA 002398323A CA 2398323 A CA2398323 A CA 2398323A CA 2398323 A1 CA2398323 A1 CA 2398323A1
- Authority
- CA
- Canada
- Prior art keywords
- access terminal
- data processing
- processing apparatus
- access
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
- Communication Control (AREA)
Abstract
The invention relates to a method for securing access to at least one data processing device (10, 12) via at least one access terminal (18, 20) which is connected to the data processing device (10, 12) via a data circuit (14, 16, 22). An identification signal is transmitted to the data processing device (10, 12) via the data circuit (14, 16, 22).
Description
' CA 02398323 2002-07-24 r Berlin 25th January 2000 Our ref: BB1007 JVO/js Applicants/proprietors: BB-DATA GMBH
Office ref: New application BB-DATA Gesellschaft fur Informations- and Kommunikationssysteme mbH, Brunnenstr. 111, 13355 Berlin Method of safeguarding the access to a data processing apparatus and corresponding arrangement The invention concerns a method of safeguarding the access to at least one data processing apparatus by way of at least one access terminal which is connected to the data processing apparatus by way of a data connection and in which an identification signal is communicated to the data processing apparatus by way of the data connection. The invention also concerns an arrangement which includes at least one data processing apparatus and at least one access terminal which is connected to the data processing apparatus by way of a data connection.
1o It is the usual practice that access to a data processing apparatus such as for example a computer in a local area network (LAN) or in a spatially widely distributed network (wide area network, WAN) is limited to such persons or tasks who or which were previously authorized for such an access. In order for an authorized task or an authorized person to attain access to the data processing apparatus the person must firstly prove the authorization for example by communicating to the data processing apparatus an identification signal, for example a password or a PIN code. In addition, a user identification (user id) or a procedure identification (task id) is often communicated, and the user id or the task id are analyzed together with the identification signal, for example PIN
code, by the data processing apparatus. If that analysis shows that for 1o example the user id and the PIN code or the password belong together or stand for an authorized user, access to the data processing apparatus is enabled.
Particularly in the case of wide area data networks (WAN) but also in relation to data processing apparatuses for process control in relatively large machines or industrial installations, it fairly frequently happens that the access terminal and the data processing apparatus are spatially far away from each other. It is even conceivable that the access terminal is in a different network from the data processing apparatus and that the two are interconnected for example by way of the Internet. In such a case in practice any computer with Internet access can function as an access terminal for the data processing apparatus. Access which is possible thereby to the data processing apparatus from any location ultimately facilitates malicious access to the data processing apparatus.
The object of the invention is to better safeguard the access to one z5 or more data processing apparatuses in relation to malicious access.
In accordance with the invention, that object is attained with a method of the kind set forth in the opening part of this specification, which is distinguished in that an identification sign is allocated to the access terminal for access to the data processing apparatus and the identification sign is combined with the location signal to form a pair of values, then communicated to the data processing apparatus as an identification signal, and thereupon compared to permissible pairs of values which are stored in a memory unit, and that when the communicated pair of values is coincident with a permissible pair of values access to the data processing apparatus is enabled.
The identification sign can in that respect be fixedly allocated to the access terminal and stored in the access terminal. Alternatively the identification sign is communicated to the access terminal upon access occurring, more specifically by a procedure whereby the identification sign is inputted to the input terminal upon access occurring by way of a keyboard or the identification sign is communicated to the access terminal 1o upon access occurring by way of a transportable storage medium which can be read out by the access terminal, such as a chip card. In addition to those preferred variants in respect of allocation of identification sign with the access terminal, it is also possible to envisage others.
The core of the method according to the invention is always making use of an identification sign jointly with a location signal for enablement of access to a data processing apparatus. In that way, it is possible to ensure that access to a data processing apparatus occurs only by way of given selected access terminals which can be spatially allocated by means of the location sign and whose individual location signal was previously 2o associated with the identification sign. The pairs of mutually associated location signals and identification signs can be so formed and stored in a central storage unit that for example given people with an identification sign allocated thereto only have access to a data processing apparatus by way of given access terminals. Identification signs can also be attributed for individual services which are furnished by a data processing apparatus.
Those services are then available only at given access terminals. For example, interventions in a process control which is controlled by a data processing apparatus can be effected only from such access terminals which are disposed in a process control room.
Particularly in connection with the above-indicated method, the object of the present invention is also attained by a method of the kind set forth in the opening part of this specification, in which firstly in preparatory method steps for the access terminal using a public key method a private key and a public key associated with the private key are produced for data encryption and decryption, in which then the public key is stored in a memory unit in such a way that it can be called up while the private key is stored in the access terminal for which the private key and the associated public key were produced in such a way that it can be called up only by the access terminal itself, and in which after conclusion of the preparatory method steps upon an or each access to the access terminal a location signal which is allocated to the access terminal and which identifies the position of a location indicator connected to the access terminal is produced, in which the location signal is then encrypted with the private key and thereupon communicated to the data processing apparatus as an identification signal, in which the data processing apparatus thereafter decrypts the identification signal with that public key which is associated with the access terminal which produced the encrypted identification signal and upon successful decryption enables access to the data processing apparatus by way of the access terminal.
Preferably the private key and the public key for the access terminal are produced in the access terminal itself and the public key is then communicated to the memory unit. A data processing apparatus, for decryption of an identification signal, can then call up that respective public key from the memory unit, which is associated with the access terminal which produced the encrypted identification signal.
Preferably access is respectively enabled for the duration of an access procedure.
Insofar as, in accordance with the method, a location signal associated with an access terminal is encrypted with a private key which is also associated with the access terminal and communicated to the data processing apparatus, that ensures that a person or a task cannot pass himself or itself off as authorized, without knowledge of the specific location signal and the associated private key, in relation to the data processing apparatus. As the private key does not need to be delivered from the access terminal or the location indicator and therefore can be stored in the access terminal or the location indicator in such a way that it cannot be called up from outside the terminal, the access terminal or the location indicator can be so designed that the private key cannot be ascertained without applying external force to the access terminal or the location indicator. Such an attack on the access terminal or the location indicator would also not be unnoticed so that unnoted access to the data processing apparatus is not possible in any other way than by way of suitable authorized access terminals.
A network comprising a plurality of data processing apparatuses and access terminals can accordingly be so designed that access to individual data processing apparatuses is only possible by way of defined access terminals. Those access terminals can be set nn fnr a~ramnla in rooms to which only authorized persons have access. In that way it is possible to exclude unauthorized access even to such a data processing apparatus which is not disposed in that room as it is possible to restrict the possibility of access by means of the locatiorf signal to those access terminals which are disposed in secured rooms to which for example only certain persons have rights of admission.
2o In order centrally to permit access only to given services which are afforded by a data processing apparatus, preferably pairs of mutually associated private and public keys are formed for specific services afforded by the data processing apparatus and communicated to the access terminal in encrypted form or in a private manner, wherein for the purposes of calling up the service of the data processing apparatus which affords the service there. is communicated from the access terminal calling up the service an enquiry signal which is encrypted with the private key associated with the corresponding service and which is decrypted with the public key associated with the service, in which case the service is enabled only upon successful decryption. The described way of central key formation permits inter alia central allocation and storage of keys and associated services.
Office ref: New application BB-DATA Gesellschaft fur Informations- and Kommunikationssysteme mbH, Brunnenstr. 111, 13355 Berlin Method of safeguarding the access to a data processing apparatus and corresponding arrangement The invention concerns a method of safeguarding the access to at least one data processing apparatus by way of at least one access terminal which is connected to the data processing apparatus by way of a data connection and in which an identification signal is communicated to the data processing apparatus by way of the data connection. The invention also concerns an arrangement which includes at least one data processing apparatus and at least one access terminal which is connected to the data processing apparatus by way of a data connection.
1o It is the usual practice that access to a data processing apparatus such as for example a computer in a local area network (LAN) or in a spatially widely distributed network (wide area network, WAN) is limited to such persons or tasks who or which were previously authorized for such an access. In order for an authorized task or an authorized person to attain access to the data processing apparatus the person must firstly prove the authorization for example by communicating to the data processing apparatus an identification signal, for example a password or a PIN code. In addition, a user identification (user id) or a procedure identification (task id) is often communicated, and the user id or the task id are analyzed together with the identification signal, for example PIN
code, by the data processing apparatus. If that analysis shows that for 1o example the user id and the PIN code or the password belong together or stand for an authorized user, access to the data processing apparatus is enabled.
Particularly in the case of wide area data networks (WAN) but also in relation to data processing apparatuses for process control in relatively large machines or industrial installations, it fairly frequently happens that the access terminal and the data processing apparatus are spatially far away from each other. It is even conceivable that the access terminal is in a different network from the data processing apparatus and that the two are interconnected for example by way of the Internet. In such a case in practice any computer with Internet access can function as an access terminal for the data processing apparatus. Access which is possible thereby to the data processing apparatus from any location ultimately facilitates malicious access to the data processing apparatus.
The object of the invention is to better safeguard the access to one z5 or more data processing apparatuses in relation to malicious access.
In accordance with the invention, that object is attained with a method of the kind set forth in the opening part of this specification, which is distinguished in that an identification sign is allocated to the access terminal for access to the data processing apparatus and the identification sign is combined with the location signal to form a pair of values, then communicated to the data processing apparatus as an identification signal, and thereupon compared to permissible pairs of values which are stored in a memory unit, and that when the communicated pair of values is coincident with a permissible pair of values access to the data processing apparatus is enabled.
The identification sign can in that respect be fixedly allocated to the access terminal and stored in the access terminal. Alternatively the identification sign is communicated to the access terminal upon access occurring, more specifically by a procedure whereby the identification sign is inputted to the input terminal upon access occurring by way of a keyboard or the identification sign is communicated to the access terminal 1o upon access occurring by way of a transportable storage medium which can be read out by the access terminal, such as a chip card. In addition to those preferred variants in respect of allocation of identification sign with the access terminal, it is also possible to envisage others.
The core of the method according to the invention is always making use of an identification sign jointly with a location signal for enablement of access to a data processing apparatus. In that way, it is possible to ensure that access to a data processing apparatus occurs only by way of given selected access terminals which can be spatially allocated by means of the location sign and whose individual location signal was previously 2o associated with the identification sign. The pairs of mutually associated location signals and identification signs can be so formed and stored in a central storage unit that for example given people with an identification sign allocated thereto only have access to a data processing apparatus by way of given access terminals. Identification signs can also be attributed for individual services which are furnished by a data processing apparatus.
Those services are then available only at given access terminals. For example, interventions in a process control which is controlled by a data processing apparatus can be effected only from such access terminals which are disposed in a process control room.
Particularly in connection with the above-indicated method, the object of the present invention is also attained by a method of the kind set forth in the opening part of this specification, in which firstly in preparatory method steps for the access terminal using a public key method a private key and a public key associated with the private key are produced for data encryption and decryption, in which then the public key is stored in a memory unit in such a way that it can be called up while the private key is stored in the access terminal for which the private key and the associated public key were produced in such a way that it can be called up only by the access terminal itself, and in which after conclusion of the preparatory method steps upon an or each access to the access terminal a location signal which is allocated to the access terminal and which identifies the position of a location indicator connected to the access terminal is produced, in which the location signal is then encrypted with the private key and thereupon communicated to the data processing apparatus as an identification signal, in which the data processing apparatus thereafter decrypts the identification signal with that public key which is associated with the access terminal which produced the encrypted identification signal and upon successful decryption enables access to the data processing apparatus by way of the access terminal.
Preferably the private key and the public key for the access terminal are produced in the access terminal itself and the public key is then communicated to the memory unit. A data processing apparatus, for decryption of an identification signal, can then call up that respective public key from the memory unit, which is associated with the access terminal which produced the encrypted identification signal.
Preferably access is respectively enabled for the duration of an access procedure.
Insofar as, in accordance with the method, a location signal associated with an access terminal is encrypted with a private key which is also associated with the access terminal and communicated to the data processing apparatus, that ensures that a person or a task cannot pass himself or itself off as authorized, without knowledge of the specific location signal and the associated private key, in relation to the data processing apparatus. As the private key does not need to be delivered from the access terminal or the location indicator and therefore can be stored in the access terminal or the location indicator in such a way that it cannot be called up from outside the terminal, the access terminal or the location indicator can be so designed that the private key cannot be ascertained without applying external force to the access terminal or the location indicator. Such an attack on the access terminal or the location indicator would also not be unnoticed so that unnoted access to the data processing apparatus is not possible in any other way than by way of suitable authorized access terminals.
A network comprising a plurality of data processing apparatuses and access terminals can accordingly be so designed that access to individual data processing apparatuses is only possible by way of defined access terminals. Those access terminals can be set nn fnr a~ramnla in rooms to which only authorized persons have access. In that way it is possible to exclude unauthorized access even to such a data processing apparatus which is not disposed in that room as it is possible to restrict the possibility of access by means of the locatiorf signal to those access terminals which are disposed in secured rooms to which for example only certain persons have rights of admission.
2o In order centrally to permit access only to given services which are afforded by a data processing apparatus, preferably pairs of mutually associated private and public keys are formed for specific services afforded by the data processing apparatus and communicated to the access terminal in encrypted form or in a private manner, wherein for the purposes of calling up the service of the data processing apparatus which affords the service there. is communicated from the access terminal calling up the service an enquiry signal which is encrypted with the private key associated with the corresponding service and which is decrypted with the public key associated with the service, in which case the service is enabled only upon successful decryption. The described way of central key formation permits inter alia central allocation and storage of keys and associated services.
Private communication of the private key associated with the service can be for example through the mail. Preferably the private key associated with a specii=tc service however is encrypted with the public key of an access terminal and communicated to the access terminal. In the access terminal, the private key associated with the service can then be decrypted with the private key associated with the access terminal and used there to call up the service or stored for that purpose.
A further preferred alternative form of the method is distinguished in that the location signal is produced by a satellite receiver like a GPS
1o receiver, as the location indicator. That alternative form of the method permits accurate and simple positionai determination by means of the Global Positioning System or a similar system. Equally advantageous however is also a location indicator which can be fixedly anchored in space and which can deliver a location signal which is as secret as possible and which as far as possible uniquely identifies it.
A further preferred method is one in which the private and the public keys are formed by the location indicator. That provides.a close interrelationship between the private key and the location indicator.
A particularly preferred form of the method is distinguished in that 2o associated with the memory unit are its own private key and an associated public key, of which the public key can be called up in unencrypted form while the private key serves for encryption of the public key which is stored in the memory unit and associated with the access terminal, or for encryption of the pair of values comprising the location signal and the identification sign.
The memory unit can also comprise a plurality of spatially distributed components which can each have their own specific key.
In that way, it is possible to avoid unauthorized access to the data processing apparatus occurring by virtue of a memory unit for the public keys of the access terminals being simulated to the data processing apparatus, which memory unit also contains a public key to an unauthorized simulated access terminal with corresponding private key and corresponding location signal. On the contrary the memory unit for the public keys of the access terminals authorizes itself by the use of its private key which can be called up in unencrypted form for the data processing apparatus. The result of this is that unauthorized access to the memory unit and the data processing apparatuses is not possible so that the public key for the memory unit cannot be modified by authorized access for example to the effect that it matches the private key of an unauthorized simulated memory unit.
In addition it is possible to associate with the memory unit its own location indicator so that the memory unit, by means of the private key associated therewith and the location indicator; can authorize itself only when the memory unit is at the intended location.
A further preferred alternative form of the method is distinguished in that a time signal specifying the time of production of the location signal is added to the location signal prior to encryption and that for transfer of the location signal to the data processing apparatus a time frame is predetermined and the access to the data processing apparatus is refused if the time of production of the location signal and reception of the encrypted identification signal in the data processing apparatus are not within the time frame. This alternative form of the method is intended to obviate an encrypted identification signal being intercepted and a falsified message being appended to the identification signal. The time frame for transfer of the encrypted identification signal can be so selected that such interception and modification of the message appended to the encrypted identification signal cannot occur within the time frame. A GPS receiver as the location indicator regularly produces a corresponding time signal.
If the data processing apparatus also includes such a GPS receiver the time signals of the access terminal and the data processing apparatus are readily synchronized.
As an alternative to the last-mentioned alternative form of the method it is possible, on the basis of a message appended to the identification signal, to form a hash code which is specific to the message.
A further preferred alternative form of the method is distinguished in that the location signal is produced by a satellite receiver like a GPS
1o receiver, as the location indicator. That alternative form of the method permits accurate and simple positionai determination by means of the Global Positioning System or a similar system. Equally advantageous however is also a location indicator which can be fixedly anchored in space and which can deliver a location signal which is as secret as possible and which as far as possible uniquely identifies it.
A further preferred method is one in which the private and the public keys are formed by the location indicator. That provides.a close interrelationship between the private key and the location indicator.
A particularly preferred form of the method is distinguished in that 2o associated with the memory unit are its own private key and an associated public key, of which the public key can be called up in unencrypted form while the private key serves for encryption of the public key which is stored in the memory unit and associated with the access terminal, or for encryption of the pair of values comprising the location signal and the identification sign.
The memory unit can also comprise a plurality of spatially distributed components which can each have their own specific key.
In that way, it is possible to avoid unauthorized access to the data processing apparatus occurring by virtue of a memory unit for the public keys of the access terminals being simulated to the data processing apparatus, which memory unit also contains a public key to an unauthorized simulated access terminal with corresponding private key and corresponding location signal. On the contrary the memory unit for the public keys of the access terminals authorizes itself by the use of its private key which can be called up in unencrypted form for the data processing apparatus. The result of this is that unauthorized access to the memory unit and the data processing apparatuses is not possible so that the public key for the memory unit cannot be modified by authorized access for example to the effect that it matches the private key of an unauthorized simulated memory unit.
In addition it is possible to associate with the memory unit its own location indicator so that the memory unit, by means of the private key associated therewith and the location indicator; can authorize itself only when the memory unit is at the intended location.
A further preferred alternative form of the method is distinguished in that a time signal specifying the time of production of the location signal is added to the location signal prior to encryption and that for transfer of the location signal to the data processing apparatus a time frame is predetermined and the access to the data processing apparatus is refused if the time of production of the location signal and reception of the encrypted identification signal in the data processing apparatus are not within the time frame. This alternative form of the method is intended to obviate an encrypted identification signal being intercepted and a falsified message being appended to the identification signal. The time frame for transfer of the encrypted identification signal can be so selected that such interception and modification of the message appended to the encrypted identification signal cannot occur within the time frame. A GPS receiver as the location indicator regularly produces a corresponding time signal.
If the data processing apparatus also includes such a GPS receiver the time signals of the access terminal and the data processing apparatus are readily synchronized.
As an alternative to the last-mentioned alternative form of the method it is possible, on the basis of a message appended to the identification signal, to form a hash code which is specific to the message.
That method is used for example in the authorization of messages in accordance with known PGP (Pretty Good Privacy) encryption.
The invention also provides an arrangement of the kind set forth in the opening part of this specification for carrying out the method, which is distinguished by a location indicator which is fixedly connected to the access terminal and which can deliver a location signal specifying the position of the location indicator, and a memory which is fixedly connected to the access terminal for a private key associated with the access terminal, and a memory unit connected to the data processing apparatus and the access terminal for a public key associated with the private key.
The invention will now be described in greater detail by means of an embodiment with reference to the Figure. The Figure shows access terminals and data processing apparatuses which are connected together by way of data connections.
More precisely the Figure shows two data processing apparatuses 10 and 12 of which the data processing apparatus 10 is connected by way of data connections 14 and 16 to two access terminals 18 and 20 while the data processing apparatus 12 is connected by way of a corresponding data connection 22 to the access terminal 20. The two access terminals 18 and 20 and the two data processing apparatuses 10 and 12 are connected by way of corresponding data connections 24, 26, 28 and 30 to a central memory unit 32. In that case, the central memory unit 32 can be integrated spatially for example in one of the two data processing apparatuses 10 and 12. It is thus not necessary but possible for the data processing apparatuses 10 and 12 and the access terminals 18 and 20 and the memory unit 32 to be spatially far away from each other and connected together by a wide area network (WAN).
The two access terminals 18 and 20 are each fixedly connected to a location indicator 34 and 36. As shown in the Figure the location indicator 34 is integrated in the access terminal 18 while the location indicator 36 is connected by way of a signal line 38 to the access terminal 20. The access terminals 18 and 20 can be for example conventional personal computers. The location indicators 34 and 36 can be GPS receivers which by means of the Global Positioning System produce a signal which specifies the position of the respective GPS receiver and the respective reference time for the Global Positioning System. For reliable and stronger interlinking between the location indicator 34 and the access terminal 18 the location indicator 34 can be for example soldered onto a motherboard of the access terminal 18 or can be provided at least as a plug-in card in a free plug-in slot on the motherboard of the access terminal 18. The memory unit 32 is preferably also connected to a Location indicator 40. If that is a GPS receiver the reference time of the Global Positioning System is also available to the memory unit 32.
The method of safeguarding access to the data processing apparatuses 10 and 12 is a two-stage method: in a first method stage which is to be carried out only once for each access terminal 18 or 20, a private and a public key are respectively formed in the access terminals 18 and 20 in accordance with a known public key method. As a result, for each access terminal 18 or 20, there is a pair of mutually related keys, which pair is precisely associated with that access terminal. Of the two keys of a pair a private key is stored in the access terminal in which it was 2o produced while a public key is transmitted to the central memory unit 32.
The public keys of all access terminals are stored in the memory unit 32 in such a way that they can be called up.
In addition the positional data for each access terminal 18 and 20 are stored in the memory unit. The positional data of an access terminal 18 or 20 form a data set, together with the public key associated with that access terminal. In addition, it is also possible to store in the memory unit 32 identification signs which are allocated to authorized access terminals or authorized persons. In particular the identification signs of authorized persons can be linked to the positional data or the public key of one or more access terminals in such a way that access to given data processing apparatuses is possible to authorized persons only by way of given selected access terminals.
The invention also provides an arrangement of the kind set forth in the opening part of this specification for carrying out the method, which is distinguished by a location indicator which is fixedly connected to the access terminal and which can deliver a location signal specifying the position of the location indicator, and a memory which is fixedly connected to the access terminal for a private key associated with the access terminal, and a memory unit connected to the data processing apparatus and the access terminal for a public key associated with the private key.
The invention will now be described in greater detail by means of an embodiment with reference to the Figure. The Figure shows access terminals and data processing apparatuses which are connected together by way of data connections.
More precisely the Figure shows two data processing apparatuses 10 and 12 of which the data processing apparatus 10 is connected by way of data connections 14 and 16 to two access terminals 18 and 20 while the data processing apparatus 12 is connected by way of a corresponding data connection 22 to the access terminal 20. The two access terminals 18 and 20 and the two data processing apparatuses 10 and 12 are connected by way of corresponding data connections 24, 26, 28 and 30 to a central memory unit 32. In that case, the central memory unit 32 can be integrated spatially for example in one of the two data processing apparatuses 10 and 12. It is thus not necessary but possible for the data processing apparatuses 10 and 12 and the access terminals 18 and 20 and the memory unit 32 to be spatially far away from each other and connected together by a wide area network (WAN).
The two access terminals 18 and 20 are each fixedly connected to a location indicator 34 and 36. As shown in the Figure the location indicator 34 is integrated in the access terminal 18 while the location indicator 36 is connected by way of a signal line 38 to the access terminal 20. The access terminals 18 and 20 can be for example conventional personal computers. The location indicators 34 and 36 can be GPS receivers which by means of the Global Positioning System produce a signal which specifies the position of the respective GPS receiver and the respective reference time for the Global Positioning System. For reliable and stronger interlinking between the location indicator 34 and the access terminal 18 the location indicator 34 can be for example soldered onto a motherboard of the access terminal 18 or can be provided at least as a plug-in card in a free plug-in slot on the motherboard of the access terminal 18. The memory unit 32 is preferably also connected to a Location indicator 40. If that is a GPS receiver the reference time of the Global Positioning System is also available to the memory unit 32.
The method of safeguarding access to the data processing apparatuses 10 and 12 is a two-stage method: in a first method stage which is to be carried out only once for each access terminal 18 or 20, a private and a public key are respectively formed in the access terminals 18 and 20 in accordance with a known public key method. As a result, for each access terminal 18 or 20, there is a pair of mutually related keys, which pair is precisely associated with that access terminal. Of the two keys of a pair a private key is stored in the access terminal in which it was 2o produced while a public key is transmitted to the central memory unit 32.
The public keys of all access terminals are stored in the memory unit 32 in such a way that they can be called up.
In addition the positional data for each access terminal 18 and 20 are stored in the memory unit. The positional data of an access terminal 18 or 20 form a data set, together with the public key associated with that access terminal. In addition, it is also possible to store in the memory unit 32 identification signs which are allocated to authorized access terminals or authorized persons. In particular the identification signs of authorized persons can be linked to the positional data or the public key of one or more access terminals in such a way that access to given data processing apparatuses is possible to authorized persons only by way of given selected access terminals.
In the event of access to an access terminal 18 or 20 with the aim of acquiring access to one of the data processing apparatuses, the location indicator 34 or 36 associated with the access terminal 18 or 20 firstly produces a location signal specifying the position of the access terminal.
That location signal and an identification sign characterizing the access terminal or the accessing person are combined together to form a pair of values, encrypted with the private key stored in the access terminal and then transmitted as an identification signal to that data processing apparatus for which access is wanted. The data processing apparatus 10 1o or 12 thereupon calls up from the memory unit 32 that public key which is associated with that access terminal from which the data processing apparatus received the identification signal. In the data processing apparatus, the identification signal is decrypted with the public key which is compatible with the private key. That is possible only if the identification signal were actually encrypted with the authentic private key which is stored in the access terminal in such a way as not to be accessible from the exterior. Therefore it is only successful decryption of the identification signal that is sufficient in the simplest case to authorize the access terminal.
2o The level of security of authorization of the access terminal is enhanced by the location signal which is contained in the identification signal and which specifies the position of the access terminal being compared to the positional data, stored in the memory unit 32, of the corresponding access terminal. In addition, the data processing apparatus can check whether an identification sign possibly contained in the identification signal belongs to the access terminal or to a person who is authorized to access to the data processing apparatus by way of the corresponding access terminal.
That location signal and an identification sign characterizing the access terminal or the accessing person are combined together to form a pair of values, encrypted with the private key stored in the access terminal and then transmitted as an identification signal to that data processing apparatus for which access is wanted. The data processing apparatus 10 1o or 12 thereupon calls up from the memory unit 32 that public key which is associated with that access terminal from which the data processing apparatus received the identification signal. In the data processing apparatus, the identification signal is decrypted with the public key which is compatible with the private key. That is possible only if the identification signal were actually encrypted with the authentic private key which is stored in the access terminal in such a way as not to be accessible from the exterior. Therefore it is only successful decryption of the identification signal that is sufficient in the simplest case to authorize the access terminal.
2o The level of security of authorization of the access terminal is enhanced by the location signal which is contained in the identification signal and which specifies the position of the access terminal being compared to the positional data, stored in the memory unit 32, of the corresponding access terminal. In addition, the data processing apparatus can check whether an identification sign possibly contained in the identification signal belongs to the access terminal or to a person who is authorized to access to the data processing apparatus by way of the corresponding access terminal.
Claims (14)
1. A method of safeguarding the access to at least one data processing apparatus (10, 12) by way of at least one access terminal (18, 20) which is connected to the data processing apparatus (10, 12) by way of a data connection (14, 16, 22) and in which an identification signal is communicated to the data processing apparatus (10, 12) by way of the data connection (14, 16, 22), characterized in that an identification sign is allocated to the access terminal (18, 20) for access to the data processing apparatus (10, 12) and the identification sign is combined with the location signal to form a pair of values, then communicated to the data processing apparatus (10, 12) as an identification signal, and thereupon compared to permissible pairs of values which are stored in a memory unit (32), and that when the communicated pair of values is coincident with a permissible pair of values access to the data processing apparatus (10, 12) is enabled.
2. A method as set forth in claim 1 characterized in that access is respectively enabled for the duration of an access procedure.
3. A method as set forth in claim 1 or claim 2 characterized in that the identification sign is fixedly allocated to the access terminal (18, 20) and stored in the access terminal (18, 20).
4. A method as set forth in claim 1 or claim 2 characterized in that the identification sign is communicated to the access terminal (18, 20) upon an access procedure occurring.
5. A method as set forth in claim 4 characterized in that the identification sign is inputted to the access terminal (18, 20) upon an access procedure by way of a keyboard.
6. A method as set forth in claim 4 characterized in that the identification sign is communicated to the access terminal (18, 20) upon an access procedure occurring by way of a transportable storage medium which can be read off by the access terminal (18, 20) such as a chip card or the like.
7. A method in particular as set forth in one of claims 1 through 6 characterized in that firstly in preparatory method steps for the access terminal (18, 20) using a public key method a private key and a public key associated with the private key are produced for data encryption and decryption, then the public key is stored in a memory unit (32) in such a way that it can be called up while the private key is stored in the access terminal (18, 20) for which the private key and the associated public key were produced, after conclusion of the preparatory method steps upon an or each access to the access terminal a location signal which is allocated to the access terminal (18, 20) and which identifies the position of a location indicator (34, 36) connected to the access terminal (18, 20), is produced, the location signal is then encrypted with the private key and thereupon communicated to the data processing apparatus (10, 12) as an identification signal, the data processing apparatus (10, 12) thereafter decrypts the identification signal with that public key which is associated with the access terminal (18, 20) which produced the encrypted identification signal and upon successful decryption enables access to the data processing apparatus (10, 12) by way of the access terminal (18, 20).
8. A method as set forth in one of claims 1 through 7 characterized in that the location signal is produced by a satellite receiver such as a GPS receiver.
9. A method as set forth in claim 7 and claim 8 characterized in that the private and the public keys are formed by the location indicator (34, 36).
10. A method as set forth in one of claims 7 through 9 characterized in that pairs of mutually associated private and public keys are formed for specific services afforded by the data processing apparatus (10, 12) and are communicated to the access terminal (18, 20) in encrypted form or privately, and that there is communicated to the data processing apparatus (10, 12) affording the service, by the access terminal (18, 20) calling up the service, an enquiry signal which is encrypted with the private key associated with the corresponding service and which is decrypted with the public key associated with the service, wherein the service is enabled only upon successful decryption.
11. A method as set forth in claim 10 characterized in that a private key associated with a specific service is encrypted with the public key of an access terminal (18, 20) and transmitted to the access terminal (18, 20).
12. A method as set forth in one of claims 1 through 11 characterized in that associated with the memory unit (32) is its own private key and a public key associated therewith, of which the public key can be called up in unencrypted form while the private key serves for encryption of the public key which is stored in the memory unit and which is associated with the access terminal.
13. A method as set forth in one of claims 1 through 12 characterized in that a time signal specifying the time of production of the location signal is added to the location signal prior to encryption, and that a time frame is predetermined for transmission of the location signal to the data processing apparatus (10, 12) and access to the data processing apparatus (10, 12) is refused if the times of production of the location signal and reception of the encrypted identification signal in the data processing apparatus (10, 12) are not within the time frame.
14. An arrangement including at least one data processing apparatus (10, 12) and at least one access terminal (18, 20) which is connected to the data processing apparatus (10, 12) by way of a data connection (14, 16, 22), characterized by a location indicator (34, 36) which is fixedly connected to the access terminal (18, 20) and which can deliver a location signal which specifies the position of the location indicator (34, 36), a memory fixedly connected to the access terminal (18, 20) for a private key associated with the access terminal (18, 20) or an identification sign or both as well as a memory unit (32) connected to the data processing apparatus (10, 12) and to the access terminal (18, 20) for a public key associated with the private key or for permissible pairs of values comprising location signal and identification sign or for both.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE19903105.3 | 1999-01-27 | ||
| DE19903105A DE19903105A1 (en) | 1999-01-27 | 1999-01-27 | Method for securing access to a data processing device and corresponding device |
| PCT/EP2000/000548 WO2000048060A1 (en) | 1999-01-27 | 2000-01-25 | Method for securing access to a data processing device and appropriate device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2398323A1 true CA2398323A1 (en) | 2000-08-17 |
Family
ID=7895489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002398323A Abandoned CA2398323A1 (en) | 1999-01-27 | 2000-01-25 | Method for safeguarding the access to a data processing apparatus and corresponding arrangement |
Country Status (7)
| Country | Link |
|---|---|
| EP (1) | EP1163559B1 (en) |
| JP (1) | JP2002536934A (en) |
| AT (1) | ATE356386T1 (en) |
| AU (1) | AU2110300A (en) |
| CA (1) | CA2398323A1 (en) |
| DE (2) | DE19903105A1 (en) |
| WO (1) | WO2000048060A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8887307B2 (en) | 2007-10-12 | 2014-11-11 | Broadcom Corporation | Method and system for using location information acquired from GPS for secure authentication |
| US9767319B2 (en) | 2007-04-17 | 2017-09-19 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Method and apparatus of secure authentication for system on chip (SoC) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007004656A (en) * | 2005-06-27 | 2007-01-11 | Toshiba Corp | Server device, method and program |
| DE102005061281A1 (en) * | 2005-12-20 | 2007-06-28 | Wolfgang Suft | Device and method for generating an authentication feature |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE3687671D1 (en) * | 1985-06-07 | 1993-03-18 | Siemens Ag | METHOD AND ARRANGEMENT FOR SECURING ACCESS TO A COMPUTER SYSTEM. |
| US5249230A (en) * | 1991-11-21 | 1993-09-28 | Motorola, Inc. | Authentication system |
| US5757916A (en) * | 1995-10-06 | 1998-05-26 | International Series Research, Inc. | Method and apparatus for authenticating the location of remote users of networked computing systems |
-
1999
- 1999-01-27 DE DE19903105A patent/DE19903105A1/en not_active Withdrawn
-
2000
- 2000-01-25 AU AU21103/00A patent/AU2110300A/en not_active Abandoned
- 2000-01-25 DE DE50014136T patent/DE50014136D1/en not_active Expired - Lifetime
- 2000-01-25 AT AT00901133T patent/ATE356386T1/en not_active IP Right Cessation
- 2000-01-25 WO PCT/EP2000/000548 patent/WO2000048060A1/en active IP Right Grant
- 2000-01-25 JP JP2000598913A patent/JP2002536934A/en active Pending
- 2000-01-25 CA CA002398323A patent/CA2398323A1/en not_active Abandoned
- 2000-01-25 EP EP00901133A patent/EP1163559B1/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9767319B2 (en) | 2007-04-17 | 2017-09-19 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Method and apparatus of secure authentication for system on chip (SoC) |
| US8887307B2 (en) | 2007-10-12 | 2014-11-11 | Broadcom Corporation | Method and system for using location information acquired from GPS for secure authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| EP1163559B1 (en) | 2007-03-07 |
| JP2002536934A (en) | 2002-10-29 |
| DE50014136D1 (en) | 2007-04-19 |
| AU2110300A (en) | 2000-08-29 |
| WO2000048060A1 (en) | 2000-08-17 |
| ATE356386T1 (en) | 2007-03-15 |
| DE19903105A1 (en) | 2000-08-03 |
| EP1163559A1 (en) | 2001-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1997291B1 (en) | Method and arrangement for secure authentication | |
| JP3776619B2 (en) | Encryption communication terminal, encryption communication center apparatus, encryption communication system, and storage medium | |
| US6078908A (en) | Method for authorizing in data transmission systems | |
| US5343529A (en) | Transaction authentication using a centrally generated transaction identifier | |
| CN108512987B (en) | Mobile communication device | |
| CN104798083B (en) | For the method and system of authentication-access request | |
| GB2370383A (en) | Access to personal computer using password stored in mobile phone | |
| JPS63205687A (en) | Method and apparatus for protecting secret element in network of cryptograph by handing open key | |
| CN101853533B (en) | Password setting method and device used for building gate control system | |
| KR20100021818A (en) | Method for authentication using one-time identification information and system | |
| GB2337908A (en) | Accessing a network host computer from outside the network with improved security | |
| US8990887B2 (en) | Secure mechanisms to enable mobile device communication with a security panel | |
| JP4405309B2 (en) | Access point, wireless LAN connection method, medium recording wireless LAN connection program, and wireless LAN system | |
| KR101677249B1 (en) | Security Apparatus and Method for Controlling Internet of Things Device Using User Token | |
| US20030221098A1 (en) | Method for automatically updating a network ciphering key | |
| JP2009075688A (en) | Program and method for managing information related with location of mobile device and cryptographic key for file | |
| RU2150790C1 (en) | Method and device for confidential identification of mobile user in communication network | |
| US7587051B2 (en) | System and method for securing information, including a system and method for setting up a correspondent pairing | |
| JP3964338B2 (en) | Communication network system, communication terminal, authentication device, authentication server, and electronic authentication method | |
| EP0018129B1 (en) | Method of providing security of data on a communication path | |
| CA2398323A1 (en) | Method for safeguarding the access to a data processing apparatus and corresponding arrangement | |
| CN106878989B (en) | Access control method and device | |
| JP2005036394A (en) | User authentication system | |
| JPH063905B2 (en) | Authentication method between the center and the user | |
| WO2016204700A1 (en) | System for secure transmission of voice communication via communication network and method of secure transmission of voice communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |