CN100483297C - Device and method for securing and monitoring protected data - Google Patents

Device and method for securing and monitoring protected data Download PDF

Info

Publication number
CN100483297C
CN100483297C CNB2004800370982A CN200480037098A CN100483297C CN 100483297 C CN100483297 C CN 100483297C CN B2004800370982 A CNB2004800370982 A CN B2004800370982A CN 200480037098 A CN200480037098 A CN 200480037098A CN 100483297 C CN100483297 C CN 100483297C
Authority
CN
China
Prior art keywords
visit
protected data
data
time interval
subjected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CNB2004800370982A
Other languages
Chinese (zh)
Other versions
CN1894644A (en
Inventor
D·多曼
J·吕丁格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone Holding GmbH
Original Assignee
Vodafone Holding GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Holding GmbH filed Critical Vodafone Holding GmbH
Publication of CN1894644A publication Critical patent/CN1894644A/en
Application granted granted Critical
Publication of CN100483297C publication Critical patent/CN100483297C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a device (10) for securing and monitoring protected data (12) in a volatile and/or non-volatile data memory (14) of a data processing unit for the purpose of protecting them from unauthorized access. The inventive device is provided with access means (18) via which the protected data (12) in the data memory (14) can only be accessed via an authentication code (20) and/or authentication key. Means (110) detect any accesses to the protected data (12) irrespective of the input of the authentication code (20). The invention also relates to a method for securing and monitoring protected data (12) from unauthorized access using the inventive device (10).

Description

Be used to protect equipment and method with monitoring protected data
Technical field
The present invention relates to a kind ofly be used for protecting and monitor at the protected data of the volatibility of data processing unit and/or non-volatile data memory in case be subjected to the equipment of unwarranted visit, wherein
(a) be provided with access device, can only utilize protected data in the authorization code accesses data memory via it,
(b) comprise the device of the number of times that is used to detect the authorization code input,
(c) be provided with the device that is used to limit to the visit of protected data,, then limit if wherein the number of times of the input of the authorization code in the time interval of determining surpasses the reference value that is assigned to this time interval,
In addition, the present invention relates to a kind of be used for utilizing according to the described equipment of one of aforesaid right requirement (10) protect and monitoring protected data (12) in case be subjected to the method for unauthorized access, wherein
(a) number of times of the authorization code of visit protected data (12) input is determined in the time interval of determining (36), and
(b) will compare in the number of times and the reference value of the trial in the time interval of determining (36), wherein
(c) if the number of times of the input in this time interval greater than this reference value, then the visit to protected data is limited or is prevented from.
Prior art
In order to prevent and stop unwarranted visit that numerical data is protected according to cryptographic methods.Cryptography is construed as in principle studying and realizes data are encrypted or the knowledge of the method for deciphering, and wherein encryption method or (when using consistent encryption method) employed key notion are maintained secrecy.By changing, change according to the rule of determining or adding symbol, plain text is converted into the key text, and vice versa.This cryptographic methods for example can be employed when storage data and transmission data.This is the most effective means of present data protection, so that make the information that arrives in the wrong personnel hand valueless.Except by the secret that plain text is encrypted, utilize the method for cryptography also can guarantee the authenticity of message and the integrality of file, wherein the latter, be the definition that the integrality of file should be understood that to receive with constant form file.
Attack to password-protected data can only realize by visiting protected data extremely continually.At this, the combination of different cipher symbols is tested, to the last have a kind of combination to be fit to till so that can visit data.According to key length (digital code) and employed cryptographic algorithm, these visits that are used for deciphering without permission are extremely time-consuming.If the assailant has time enough, then he can crack this code in theory.
Equipment (for example computing machine) with this cryptographic methods is known, and described equipment is used to protect protected data, makes that the person can not visit data without permission.To this, password-protected data for example are present in volatile data memory (for example RAM (random access memory)) or the non-volatile data memory (for example shaft collar, CD-ROM and EPROM (EPROM (Erasable Programmable Read Only Memory))).Can only utilize suitable digital code ability visit data.This code for example can be stored on the magnetic stripe or chip of " credit card ", and analyzed by means of suitable fetch equipment, to be used to visit protected data.Have only when code check success, that is to say that data can especially utilize secret key code decoded now, data just can be accessed.In other equipment, secret key code must be transfused to via keyboard.Can attempt cracking secret key code arbitrarily frequently by person without permission, in this equipment, may go wrong.He finally utilizes the unwarranted visit of this secret key code acquisition to protected data, and perhaps may cause great infringement.
German patent DE 198 39 041 C2 have described a kind of method that is used to discern and show the state of maloperation counter.This maloperation counter is installed on the intelligent data carriers.If the mistake when the input recognition feature attempts reaching defined number of times, then the visit to intelligent data carriers automatically is under an embargo.When the input recognition feature, do not carry out coupling to the user.
According to the known a kind of method of European patent application EP 1 209 551 A2, so that control is to the visit of computing machine.At this, password is verified.Have only when password is effective, visit just is allowed to.If reach definite quantity in the time interval of determining when the input error password, then access is under an embargo.Shortcoming is in the method, and the password input does not match with user behavior.For example exist more under the elderly or children's the situation following dangerous, i.e. input error password repeatedly in definite time interval.
So far, the user imports PIN (=personal identity number) or alphanumeric code is used to insert protected data or function as authorization code.Therefore, this user is authorized to visit protected data or function.When mobile radio terminal apparatus, the PIN that is used to discern is transfused to.This identification utilizes SIM card to be corrected.If PIN is correct, then the user of mobile radio terminal apparatus signs in in the mobile radio telephone.Since then, the user is counted as to the full extent in this mobile radio telephone and has authorized.
The hacker refers to this people, promptly attempts to obtain protected data for different motivations.The hacker mostly on the one hand takes action for crime strength, for example so that obtaining bank inserts or carry out enterprise's espionage or sabotage, takes action for pure motion nature on the other hand.
There is following possibility for the hacker in theory now, promptly do not having also to visit protected data or function under the situation of SIM card.The SIM visit protected data that the hacker can utilize suitable equipment to attempt via other channels, for example utilizing another mobile radio terminal apparatus and authorized.For this reason, he needn't need PIN.
Summary of the invention
Therefore, task of the present invention provides a kind of equipment, and it is avoided the shortcoming of prior art and stops may be by attempting arbitrarily realizing to the attack towards the protected data of user's request.
According to the present invention, this task solves in the following manner, promptly at the equipment of the aforementioned type that is used for protecting protected data,
(d) be provided with device, utilize the input of this device and authorization code irrespectively to determine in the time interval of determining number of times the visit of protected data in volatibility or the non-volatile data memory and/or function.
In addition, the method for the aforementioned type of this task by utilizing an equipment solves, wherein
(d) irrespectively determine in the time interval of determining number of times with the input of authorization code to the visit of protected data in volatibility or the non-volatile data memory and/or function.
The present invention is based on following principle, promptly monitor the number of times of in a time interval, protected data being visited.Starting point is in the present invention, and the user who has authorized fully also can make mistakes when the input authorization code.The measure of passing through to be advised has stoped person without permission to have any attempt of definite authorization code.In addition, present device provides window for the moment for the user authorized, this user can this time window in a certain frequency visit protected data.Need the visit to protected data in this time interval is counted for this reason.At this, system can skill ground and user's coupling.In to the access procedure of ciphered data, usually need for example five visits someone also five visits will be arranged in a time interval from now on because equipment and user are mated.
This by make reference value towards before the time interval realize that the user has visited protected data in the time interval before described.If access characteristics and former time interval depart from, then the access of protected data is limited or is under an embargo fully.
A favourable aspect of the present invention is: data processing unit comprises the clock generator that work clock is used, wherein the time interval can be scheduled to the quantification of the clock period by clock generator constitute.This measure can make equipment not rely on outside time generator to the full extent, because the quantity of clock period is determined the time interval.
In addition, if the device that is used to detect to the visit of protected data comprises counter, described counter is counted the number of times of visiting in the time interval, then proves favourable improvement project of the present invention.Whether can check another visit of protected data still possiblely according to counter status, perhaps whether each inserts possibility and at first is under an embargo.
Advantageous modification of the present invention draws in the following manner, promptly is provided with the device that is used to make counter reset, and described device is made as zero with counter when the visit of authorizing.Therefore, counter for example can be reset after the predefined time interval finishes, so that have the possibility that can visit protected data again.Advantageously, the device that is used to limit to the visit of protected data dynamically is adjusted.Thus, this restriction is complementary with the user profile of determining in case of necessity.When visiting the personnel of protected data more continually, many during than personnel's circle of not occurring so repeatedly counting to the number of times of the permits access of protected data in the time interval of possible access times.Therefore, if the device that is used to limit to the visit of protected data is configured adjustably according to the user, then be favourable.
Another favourable improvement project of the present invention draws in the following manner, promptly is provided with data-carrier store on SIM card.Therefore, this equipment also can for example be used in mobile radio terminal apparatus or remote equipment by rights.At this, mobile radio terminal apparatus and remote equipment preferably are constructed to data processing unit.Can be instead to this, in another improvement project of the present invention, data processing unit is constructed to computing machine.An advantageous modification of the present invention draws by warning device, and when surpassing the number of times of unwarranted or abuse, described warning device produces an alerting signal.Therefore can use signaling: possible unauthorized persons begins to attempt to obtain protected data.
In an improvement scheme of the inventive method, the number of times to the visit of protected data in the time interval of determining utilizes counter to detect.Realize following aspect by this measure, i.e. the number of times of record access is so that make the incident that takes place when the number of times that surpasses in this time interval.If the visit to protected data is limited, then this incident is another improvement project that is used to protect with the inventive method of monitoring protected data.This for example takes place when the reference value that surpasses in the time interval of determining the access times of protected data.
In addition, in one of the inventive method special improvement project, the counter that is used for the number of times of visit is counted is reset when correct visit.Guarantee that thus the authorized person can visit protected data once more after abuse.
Different users has the user profile of self.Therefore possible is for example under the situation of mobile radio terminal apparatus for example the elderly and perhaps children higher ratio of error is arranged when visiting protected data.Therefore, if the number of times of visit for limit can be adjusted and/or with user coupling, then be favourable improvement project.
In addition, if the number of times of visit for limit via network, especially mobile radio telephone network be adjusted and/or with user coupling, then draw the advantageous modification of the inventive method.Therefore, the user needn't go to the service center that makes equipment cater to user's request with its equipment.
Be used to protect protected data in case be subjected to an advantageous modification of the inventive method of unwarranted visit and draw in the following manner, promptly when the value that surpasses the number of times of the visit of protected data, produce a suitable alerting signal.Preferably, this alerting signal is unrecognizable for the visitor of protected data.Thus, perhaps the person is arrested then and there without permission.
In a suitable improvement project of the inventive method, when the value that surpasses the number of times of the visit of protected data, in a time interval to other access denieds of data.Therefore, the access of protected data just is under an embargo on the time interval of determining, for example makes that person " Hacker Program " is difficult to enter in this system without permission.Also be that they can not begin arbitrarily trial repeatedly, but must be always latency period once more, can visit protected data again once more up to them.
Other advantages by the theme of dependent claims and the accompanying drawing of the description under having draw.
Description of drawings
Fig. 1 illustrates the present device that is used to protect with monitoring protected data with the form of schematic diagram.
Embodiment
In Fig. 1, the preferred embodiment that is used to protect with the present device 10 of monitoring protected data 12 is shown with the form of schematic diagram.Protected data 12 is arranged in the data-carrier store 14 of equipment 10, and marks by the hacures that intersect.Data 12 exist according to the form of cryptographic methods with coding or encryption.In the present embodiment, data-carrier store 14 is nonvolatile memories, and it also can be arranged on the SIM card (=subscriber identification module).
In the present embodiment, present device 10 is arranged in data processing unit (for example computing machine) that does not clearly illustrate or the equipment of similarly being controlled by processor, as having the mobile radio terminal apparatus or the remote equipment of standard interface commonly used 16, described interface 16 is configured to data access.
Can import authorization code 20 as digital cipher via access device 18 (for example computer keyboard), it is represented as key with the form of symbol for this reason.Authorization code 20 is fed to verification unit 22.This verification unit 22 is arranged in authorization device 23 again.When correct authorization code 20, the protected data 12 of 26 pairs of data storeies 14 of decoding unit is decoded, and gives output interface 28 with it.Authorization code 26 perhaps may be fully or is necessary for the decoding by 26 pairs of protected datas 12 of decoding unit partly.
For example can be provided with unshowned watch-dog, printer or another computing machine or memory drives at output interface 28 places, so that the data 12 of demonstration or store decrypted.Data between each unit 18,22,26 or interface 16,28 or authorization code transmission realize via data bus 30.In equipment 10, the control of operation realizes that by means of processor 32 (CPU) this processor utilizes clock generator 34 to produce beat.
Clock generator 34 also is used to limit the time scale 36 of authorization device 23 in addition.The quantity that can regulate by means of regulating device 38 of the clock period of clock generator 34 constitutes the time interval.The trial of the incorrect input of 40 pairs of authorization codes 20 of counter is counted, so that can be visited protected data 12.
If the pre-determined number of input reference is determined by verification unit 22 in the time interval 36 that sets, then no longer allow other visits via 16 pairs of protected datas 12 of this interface.From before input time interval 36 of attempting calculate this reference value of the number of times of possible visit.For example pass through the average time of the former authorization code input in per time interval 36 of record.By use from before the reference value calculated attempting of input, the user is obtained higher dirigibility.
But find out that easily what at first will stop is: especially unwarranted user's computer program test different code combination is till obtaining correct authorization code." the cracking " of almost having forbidden authorization code 20 by limiting access.When surpassing the pre-determined number of the input of authorization code 20 during time interval 36, the visit of protected data 12 was under an embargo in definite time interval, perhaps even fully be under an embargo.At this, alerting signal also can be produced, so that use signaling: be used to import the number of times that the mistake of authorization code attempts and be exceeded.
Have only " keeper " can utilize suitable " reset function " 42 to attempt counter 40 is resetted at mistake in case of necessity.Can be instead, counter 40 is reset after the predefined time interval finishes.The time interval that is used to limit access also can dynamically be accustomed to adjusting according to possible user.
Hacker 100 for example may or sabotage attempt for espionage and arrive protected data 12 via another interface 102, and irrelevant with previous described authorization code input.But for protected data 12 is deciphered, the hacker must know decoding algorithm 104.In order to draw this decoding algorithm, he must be via data bus 106 visit protected datas 12.With compare in the user's who has authorized situation, may be much higher in the access frequency in this per time interval 108.In order to control visit, be provided with control module 110 to protected data.This control module 110 comprises counter 112, and its counting is to the number of times of the visit of protected data 12.In addition, this control module 110 also comprises regulating device 114.Utilizing regulating device 114, is that control module 110 is determined time scale 116 via clock generator 34.The clock period of clock generator 34 constitute the time intervals 108 by means of the adjustable quantity of regulating device 114.Counter 118 countings are to the number of times of the visit of protected data 12.
If the pre-determined number of input reference is determined by verification unit 120 in the time interval 108 that sets, then no longer allow other visits to protected data 12.From before time interval 108 of visit calculate this reference values of possible access times.The average time by per time interval 108 of record for example to the former visit of protected data 12.By using the reference value of being calculated the visit before per time interval, the user is obtained higher dirigibility.
If verification unit 120 is determined the number of times of the visit of protected data is increased, then reporting to the police 122 is triggered.If the visit in a time interval is less than reference value, then counter 112 is reset.
" keeper " also can utilize " reset function " 42 that counter 112 is resetted to be used to visit protected data 112.Can be instead, counter 112 is reset after the predefined time interval finishes.

Claims (25)

1. be used for protecting and monitor at the protected data (12) of the volatibility of data processing unit and/or non-volatile data memory (14) in case be subjected to the equipment (10) of unwarranted visit, wherein
(a) be provided with access device (18), can only utilize authorization code (20) to visit protected data (12) in the data-carrier store (14) via this access device,
(b) comprise the device (23) of the number of times that is used to detect the authorization code input,
(c) be provided with the device (23 that is used for limiting to the visit of protected data (12); 26); if wherein the number of times of described authorization code input surpasses first reference value that is assigned to this very first time interval in the very first time interval of determining (36), then limit
It is characterized in that,
(d) be provided with the device (110) that is used for detecting to the visit of protected data (12); utilize the input of this device and described authorization code (20) irrespectively to determine in second time interval of determining (108) number of times to the visit of described protected data (12) in described volatibility or non-volatile data memory (14) and/or function; if and second reference value of being scheduled to of determining the number of times of visit in second time interval of determining (108) is exceeded, then no longer allow other visits to described protected data (12).
2. according to the described equipment of claim 1 (10), it is characterized in that being used for from before per second time interval (108) in second time interval (108) number of times of the visit of described protected data (12) and/or function is determined the device (120) of second reference value.
3. according to claim 1 or 2 described equipment (10), it is characterized in that, described data processing unit comprises the clock generator (34) that work clock is used, wherein said second time interval (108) can be predeterminedly clock period by the quantification of described clock generator (34) be configured.
4. according to claim 1 or 2 described equipment (10), it is characterized in that the device (110) that is used for detecting to the visit of protected data (12) comprises counter (112), it is counted the access times in described second time interval (108).
5. according to the described equipment of claim 4 (10), it is characterized in that be provided with and be used to device (42) that counter (112) is resetted, it is made as zero with described counter (112) when the visit of authorizing.
6. according to claim 1 or 2 described equipment (10), it is characterized in that, be used for restriction the device (110) of the visit of protected data (12) is dynamically adjusted.
7. according to claim 1 or 2 described equipment (10), it is characterized in that, be used for restriction the device (110) of the visit of protected data (12) is configured adjustably according to user profile.
8. according to claim 1 or 2 described equipment (10), it is characterized in that described data-carrier store (14) is set on the SIM card.
9. according to claim 1 or 2 described equipment (10), it is characterized in that described data processing unit is constructed to mobile radio terminal apparatus or RTU (remote terminal unit).
10. according to claim 1 or 2 described equipment (10), it is characterized in that described data processing unit is constructed to computing machine.
11., it is characterized in that according to claim 1 or 2 described equipment (10), be provided with warning device (122), it produces an alerting signal when second reference value that surpasses the number of times of the visit of protected data (12).
12. be used for utilizing according to the described equipment of one of aforesaid right requirement (10) protect and monitoring protected data (12) in case be subjected to the method for unwarranted visit, wherein
(a) the very first time of determining at interval the number of times imported of the authorization code in (36) for visit protected data (12) be determined and
(b) in the described number of times and the comparison of first reference value of the input in (36) at interval of described definite very first time, wherein
(c) if at the number of times of described very first time input at interval greater than described first reference value, then the visit to protected data is limited or is prevented from,
It is characterized in that,
(d) irrespectively determine in second time interval of determining (108) number of times with the input of described authorization code (20) to the visit of described protected data (12) in volatibility or the non-volatile data memory (14) and/or function; if and second reference value of being scheduled to of determining the number of times of visit in second time interval of determining (108) is exceeded, then no longer allow other visits to described protected data (12).
13. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that, from before the number of times to the visit of described protected data (12) in second time interval (108) calculate second reference value.
14. according to claim 13 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that; if in second time interval of determining (108) to the number of times of the visit of described protected data (12) above second reference value, then the visit to described protected data (12) is limited.
15. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that, be used for counting the described counter (112) of the number of times of the visit of described protected data (12) is reset when the correct visit.
16. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that, second reference value of the number of times of the visit of described protected data (12) to be adjusted and/or to mate with user profile in order to limit.
17. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that second reference value of the number of times of visit to be adjusted and/or to mate with user profile in order to limit via network.
18. in case be subjected to the method for unwarranted visit, it is characterized in that mobile radio telephone is used as described network according to described protection and the monitoring protected data (12) of being used for of claim 17.
19. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that; when second reference value that surpasses the number of times of the visit of described protected data (12), a suitable alerting signal is produced.
20. in case be subjected to the method for unwarranted visit, it is characterized in that described alerting signal is used to produce defensive measure according to described protection and the monitoring protected data (12) of being used for of claim 19.
21. in case be subjected to the method for unwarranted visit, it is characterized in that described defensive measure is the prolongation of response time according to described protection and the monitoring protected data (12) of being used for of claim 20.
22. in case be subjected to the method for unwarranted visit, it is characterized in that described defensive measure is that the result makes mistakes according to claim 20 or 21 described protection and the monitoring protected datas (12) of being used for.
23. in case be subjected to the method for unwarranted visit, it is characterized in that described alerting signal is unrecognizable for the visitor of described protected data (12) according to described protection and the monitoring protected data (12) of being used for of claim 19.
24. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that; when surpassing second reference value of access times, in second time interval (108) to other access denieds of data (12).
25. according to claim 12 described be used for the protection and monitoring protected data (12) in case be subjected to the method for unwarranted visit; it is characterized in that; when surpassing second reference value of access times, other visits of described protected data (12) were limited in a time period.
CNB2004800370982A 2003-10-16 2004-10-11 Device and method for securing and monitoring protected data Active CN100483297C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10348729.8A DE10348729B4 (en) 2003-10-16 2003-10-16 Setup and procedures for backing up protected data
DE10348729.8 2003-10-16

Publications (2)

Publication Number Publication Date
CN1894644A CN1894644A (en) 2007-01-10
CN100483297C true CN100483297C (en) 2009-04-29

Family

ID=34442144

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004800370982A Active CN100483297C (en) 2003-10-16 2004-10-11 Device and method for securing and monitoring protected data

Country Status (4)

Country Link
EP (1) EP1676191A1 (en)
CN (1) CN100483297C (en)
DE (1) DE10348729B4 (en)
WO (1) WO2005038633A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005030072A1 (en) * 2005-06-27 2007-01-04 Giesecke & Devrient Gmbh Procedure for protecting confidential data
EP2316180A4 (en) 2008-08-11 2011-12-28 Assa Abloy Ab Secure wiegand communications
EP2157526B1 (en) 2008-08-14 2014-04-30 Assa Abloy Ab RFID reader with embedded attack detection heuristics
CN101448130B (en) * 2008-12-19 2013-04-17 北京中星微电子有限公司 Method, system and device for protecting data encryption in monitoring system
CN102773325B (en) * 2011-12-22 2016-05-25 黄启瑞 Forming system and forming method of metal plate
CN103428235B (en) * 2012-05-15 2018-08-17 上海博路信息技术有限公司 A kind of data exchange system
US9560523B2 (en) * 2013-08-23 2017-01-31 General Electric Company Mobile device authentication
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19839041C2 (en) * 1998-08-28 2003-03-27 Ibm Method for identifying and displaying states of a misuse counter
JP2000148276A (en) * 1998-11-05 2000-05-26 Fujitsu Ltd Device and method for monitoring security and securithy monitoring program recording medium
AUPQ866000A0 (en) 2000-07-07 2000-08-03 Activesky, Inc. A secure data storage device
WO2002014987A2 (en) 2000-08-18 2002-02-21 Camelot Information Technologies Ltd. An adaptive system and architecture for access control
EP1209551B1 (en) * 2000-11-28 2013-02-13 International Business Machines Corporation System and method of preventing unauthorized access to computer resources

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Password hardening based on keystroke dynamics. F.MONROSE ET AL.INTERNATIONAL JOURNAL OF INFORMATION SECURITY. 2001
Password hardening based on keystroke dynamics. F.MONROSE ET AL.INTERNATIONAL JOURNAL OF INFORMATION SECURITY. 2001 *

Also Published As

Publication number Publication date
WO2005038633A1 (en) 2005-04-28
DE10348729B4 (en) 2022-06-15
EP1676191A1 (en) 2006-07-05
DE10348729A1 (en) 2005-05-19
CN1894644A (en) 2007-01-10

Similar Documents

Publication Publication Date Title
US7178025B2 (en) Access system utilizing multiple factor identification and authentication
AU2006203517B2 (en) Using Promiscuous and Non-Promiscuous Data to Verify Card and Reader Identity
US7131009B2 (en) Multiple factor-based user identification and authentication
AU2006203768B2 (en) Device authentication using a unidirectional protocol
US5636280A (en) Dual key reflexive encryption security system
EP0246823A2 (en) Data communication systems and methods
US9580295B2 (en) Systems and methods for fuel dispenser security
EP3072273B1 (en) Systems and methods for fuel dispenser security
EP2339777A2 (en) Method of authenticating a user to use a system
CA2538850A1 (en) Record carrier, system, method and program for conditional access to data stored on the record carrier
US9139414B2 (en) Systems and methods for fuel dispenser security
CN100483297C (en) Device and method for securing and monitoring protected data
US20070106903A1 (en) Multiple Factor-Based User Identification and Authentication
JP2005293490A (en) Biometrics system
US20090241184A1 (en) Method for generating access data for a medical device
JP2005148982A (en) Method for authenticating user, user information acquisition device, authentication server device, program for user information acquisition device, and program for authentication server device
KR101624394B1 (en) Device for authenticating password and operating method thereof
Kurita et al. Privacy protection on transfer system of automated teller machine from brute force attack
CN105635077B (en) A kind of imported password coding/decoding system and its recognition methods
CN114267102B (en) Intelligent door lock control method, device and system
CN116798153B (en) Access control authorization opening method and device
JP2004515014A (en) Method and apparatus for determining an error rate for a biometric device
JP2008084231A (en) Ic card, data theft prevention method of terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant