CN1378667A - Security arrangement - Google Patents

Security arrangement Download PDF

Info

Publication number
CN1378667A
CN1378667A CN00814190A CN00814190A CN1378667A CN 1378667 A CN1378667 A CN 1378667A CN 00814190 A CN00814190 A CN 00814190A CN 00814190 A CN00814190 A CN 00814190A CN 1378667 A CN1378667 A CN 1378667A
Authority
CN
China
Prior art keywords
unit
lock cell
key
numerical value
safety equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN00814190A
Other languages
Chinese (zh)
Other versions
CN1195275C (en
Inventor
罗伊·玛廷森
奥斯卡·安德勒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lianzhi Technology Co.,Ltd.
Logue Will AG
Original Assignee
FINGLOG AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from SE0001687A external-priority patent/SE526732C2/en
Application filed by FINGLOG AB filed Critical FINGLOG AB
Publication of CN1378667A publication Critical patent/CN1378667A/en
Application granted granted Critical
Publication of CN1195275C publication Critical patent/CN1195275C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/26Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
    • G07C2009/00396Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method starting with prompting the keyless data carrier
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
    • G07C2009/00404Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method starting with prompting the lock
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00785Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by light
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00793Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/08With time considerations, e.g. temporary activation, valid time window or time limitations

Abstract

The present invention relates to a security arrangement (10) for ensuring access to a unit or information in a unit, mainly comprising a key unit (11) and a lock unit (12). The key unit (11) is arranged in a distance from the lock unit comprising an input unit (13) and a communication unit (14). The identification of a user is performed in the key unit (11) before the lock unit accepts locking/unlocking.

Description

Safety equipment
Technical field:
The present invention relates to a kind of security system that is used to guarantee a unit or one group of information security.
Background technology:
The development day by day rapidly of electronic applications has brought more sizes to reduce and has had ambulant electrical equipment.Movability itself not only can cause equipment itself but also canned data all can be more attractive to the burglar in equipment.
Known safety equipment provide the locking that utilizes hardware or locking in conjunction with primary input signal software are provided.
Under the situation of hardware lock, use first input block, for example fingerprint input, (biometrics sensor), in conjunction with or not in conjunction with the pin sign indicating number of another unit, so-called smart card or the like for example.
In the software situation, use verifying software, the correct input that this software control provides through outside input block (pin sign indicating number, fingerprint or the like).Usually, software is installed in storage unit, in the hard disk that for example is easy to visit.
Summary of the invention:
The object of the present invention is to provide a kind of very reliable and safe device, be used to prevent access means and/or be stored in wherein information.
Another object of the present invention be to provide a kind of can be in conjunction with the device of different units, it is used for locking and identity is imported.
According to the present invention, the prior art of comparing, wherein this arrangement advantage is (if being applied to computing machine), does not need to change operation system of computer or BIOS.The fact is that this system is easy to execute, even do not possess this area more knowledge.
In addition, lock cell is integrated in the equipment that will protect according to the present invention, this means overall safety, does not need to change normal equipment input and output, port or the like in addition.
These purposes can realize by the safety equipment that are used for unit of secure access or a unit information, this equipment mainly comprises key unit and lock cell, it is characterized in that the key element is arranged in apart from the place of lock cell one segment distance, this key unit comprises input block and communication unit, and carries out User Recognition in key unit before key unit is accepted locking/unlatching.
Description of drawings:
Hereinafter, the present invention is described with reference to embodiment with reference to the accompanying drawings, wherein:
Fig. 1 represents the block scheme according to the critical piece of present device;
Fig. 2 represents the figure that communicates by letter according between two unit in the equipment of the present invention;
Fig. 3 is illustrated in the block scheme of realizing in the computer installation according to first embodiment of present device;
Fig. 4 is the diagrammatic side view that is equipped with according to the mobile comm unit of present device; With
Fig. 5 is the block scheme of another aspect of expression the present invention.
Embodiment:
Mainly form as the device 10 according to the present invention that Fig. 1 schematically shows by two unit that are expressed as 11 and 12.
First module comprises sensor or the key part 10 that is used to import an identity, and it carries out user's identification.Key part 10 can be divided into two unit: input block 13 and key unit 14, these two unit are preferably but be not must be integrated in the physical location 11.
Input block 13 preferably can comprise the equipment of any kind, preferably can import unique identifying information by this input block.A kind of such equipment may comprise biometrics sensor, PIN code reader, speech pick-up unit, eye detection device, card reader or the like, and these all are well-known to those skilled in the art.
Second portion comprises lock cell 12, the object 15 that protection is discussed.
Key unit 14 starts unique communication process between key part 11 and the lock part 12.Uniqueness of the present invention is that user's identification does not directly occur in the lock part in 11 execution of key part.
After user's registration, can open corresponding locking.There are two kinds of possibilities, in the time cycle of a certain preliminary election, open this locking on the one hand, for good and all open this locking (if artificial selection) on the other hand, but security is relatively poor.If this locking is opened in the cycle at special time, then the request user discerns himself once more when the time passes through.
Under this operation, import identity, (FPS), input PIN code or the like on the sensor of for example putting one's fingerprint.If by this User Recognition, then send the electronic information encrypted to lock cell, thereby the user can use the resource or the object 15 (for example hard disk of computing machine) of locking from key unit.
Utilize the safety transmitting method between the unit to guarantee that the message that can not send mistake arrives lock cell to realize the visit to lock cell.
External unit, key unit 14 are equipped with electronic equipment, mainly comprise having microprocessor 16 and the data-carrier store built-in and program that quilt is adequately protected.
The latter is preventive measure, makes it possible to visit this program or is used to the key information of the storage of reading or duplicating.
Best, store a user who is allowed to inventory in the key unit 14.Carry out the maintenance of these registers in this locality, for example increase newly approved user, deletion user or the like and needn't with other unit communication.
If object should be protected, then key unit determines constantly that at each it should open or lock.Usually according to operator/user's decision, promptly key is started by the user who allows in this decision.Locking also can take place when starting lock cell after one period schedule time, if the operator no matter ask in special time nonrecognition himself.
Key unit can be opened fully and needn't be prevented and invades, because computing machine and data storage can not externally be read (security function the processor) outside processor.
For example the lock cell 12 of communicating by letter with key unit via series connection is installed on the object 15 that will lock or in object 15 and is protected.Walking around normally the attempt that registration process by key part 11 visits lock object can both find locked unit at every turn.May start alternative step, not work in the promptly longer time period, alert message, wipe data on hard disk/storage unit or the like.
Communication between key and the lock cell is for example carried out by the digitally encoded signal via series connection.
This connection may be asynchronous and may be to take place than higher transfer rate.This communication can take place by special-purpose Lock-Up Agreement, also can comprise the control of known parity and time.
As previously mentioned, according to the present invention, the purpose of security system is to prevent for example computing machine of unauthorized access, perhaps more particularly visits a certain hard disk and the information that is stored in wherein.In order to obtain almost security fully, cryptographic protocol can be used to the communication between key part 11 and the lock part 12.The possibility that success is invaded depends on the length of random number, the protected length and the response length of key.Can reach easily and for example be less than 10 -18, in fact this mean that it is safe for unauthorized access.
Lock-Up Agreement is to guarantee the communication process of the computing machine integrality transmitted, and guarantees can not take place the unwarranted infringement of exchanges data between each unit.If message exchange is correctly carried out, then blocked object is opened or stays open.If detect any error signal, then lock this object.
In order to verify proof, can use following message exchange (referring to Fig. 2):
A. key unit or secret key code 14 ask lock cell to begin to verify sequence by sending one;
B. lock cell is with the variable message response that produces at random;
C. adopt the tailor-made algorithm that has utilized protected key to calculate a numerical value simultaneously.Store this numerical value that derives from the response message that is sent fully for future use;
D. key unit responds from the numerical value that received message calculates to utilize same algorithm and the key that is used for lock cell.This numerical value can use in response or encode in the mode that lock cell can be explained unchangeably.If lock cell receives a message, it comprises the identical numerical value of numerical value that calculates with when transmission during step b, then thinks to have confirmed this proof.
If message exchange is correctly closed, then open the object of locking respectively or keep it to open according to above-mentioned step a-d.If response does not agree that then object keeps locking.
The secret key code of hiding between key and each lock cell and between each lock cell may be different.This is possible, starts key unit because utilize respectively for the special additional information of the lock cell that is connected.This makes lock cell can return correct response to lock cell (secret key code that seems its visit lock cell).
In most preferred embodiment, the biometrics sensor is used as input block.
The biometrics sensor comprises the significant advantage of the people that is identified in inlet, computer access or the like.Among these advantages, can mention speed, the tight security of identification and most importantly can not producing is forgotten the problem of the password that falls into his staff.In conjunction with the present invention, Sensor section is carried out the biometrics identification of user fingerprints.When the identification of user fingerprints by the time, send enciphered message to lock cell from key unit, thus user's resource that can obtain to lock.
Having the register that is allowed to fingerprint is in the key unit.Safeguard this register, promptly increase new approval fingerprint, deletion fingerprint or the like and all carry out and do not need and other unit communication in this locality.
Sensor unit can be equipped with indicating device, two light emitting diodes for example, and green of a redness is used to make things convenient for fingerprint register and cancellation.This diode is indicated this locking to be closed or to open, and the state of fingerprint register/cancellation.
Provided many non-limiting instance hereinafter, they have illustrated different aspect of the present invention.
First non-limiting instance as shown in Figure 3, it relates to the hard disk unit 30 (or another memory cell or storage unit) in the computer installation of being furnished with fingerprint sensor 31 or biometrics sensor, i.e. extra cell (add-on unit)." adding " is according in many application of locking system of the present invention one.Extra cell refers to a standard block, hard disk for example, this hard disk be furnished with lock cell and via special electronic equipment be connected to computer installation (or the like), this standard block for example is arranged on the controller board 32 and (will blocks and insert computing machine, for example ISA, PCI or the like).This electronic equipment comprises key unit and via the application of software communication in described data bus and the computing machine.Sensor 31 or other identification equipment that substitutes directly or via for example IR (infrared ray) or wireless (bluetooth) or the like are connected to plate 32.
In this preferred embodiment, standard hard drive change over according to locking device co-operation of the present invention.This means that it is furnished with the inner locking system of installing and prevents the hard disk visit data by hardware.A kind of suitable process depends on unit (hard disk) structure.
Be connected to this unit and to be connected to common hard disk identical, i.e. signal cable and the power supply presented from computer power supply equipment.Be provided for lock cell and being connected that controller is communicated by letter in addition.
According to the present invention, lock function obtains by key unit and lock cell respectively.Fingerprint sensor is connected to the interface of controller unit by cable and switch, and key unit is applied to this interface.Lock cell is arranged on the hard disk.
Except that lock function, the electronic equipment that is used for communicating by letter with computer program is arranged on lock cell.This program may be sent the warning about the hard disk locking in advance.In addition, this locking can be carried out by software.
In order to restart computing machine, use one to be installed in positive switch usually.Suppose that supply voltage connects, even voltage (Vin=+5V) then also can be provided during computer shutdown.When opening switch, offer signal of motherboard and start computing machine.By utilizing fingerprint sensor, switch can disconnect connection, and the Vin at two ends, contact changes into and be connected to controller card, and from further being connected to fingerprint sensor here.Fingerprint sensor is always connected in this way.The approval login slave controller card send out a signal to motherboard with replace the routine press the button.
Locking may start in many ways:
(for example under the situation in illegal operation) starts automatically when through certain hour;
When the user locks via locking system;
When the user utilizes monitoring process locking (as described below).
Unblank to carry out in one way usually, promptly by correct fingerprint is provided.
If the people of registered fingerprint does not exist when hard disk must be unblanked, then there is a kind of possibility, promptly the personnel of system manager or responsible security are by utilizing special code this unit of unblanking.This must be that a kind of code of enough complexity is so that almost prevent any visit.
Attempt to come positive lock may cause locking hard disk to forbid that further visit is attempted by glitch being offered hard disk, this forbids for example occurring in the certain period of time or till responsible person's reset locking function.
Fingerprint sensor can also with other locking device for example smart card (smart card) realize.
Except the function of enumerating previously, the complete and standard hard drive compatibility of described extra cell.
As for the installation of extra cell, may need special software.This will and be user's indicating status by controller card monitoring locking function.Particularly, must before dish is locked, in time warn the user in advance.Utilize this program, also may directly lock this unit.This program is preferably always movable, and the state of hard disk illustrates at system file lattice (system tray) (activity field) (activity field), also can provide different orders at this.
According to the present invention, other application of this system is " notebook/kneetop computer ", it is portable computer, make various storage medium safety therein, for example HDD, FDD, CD, RAM, ROM, flash memory, comprise all component for example BIOS the master controller plate, be used for controller unit of control data medium or the like.
In fixing computer/server, can protect the assembly on the network interface card that is used for network management etc.
This system can be arranged to and remote control as the combination of the mobile phone of code supplier unit.The data code generator of noncyclic code is used for access computer, warning system, automotive lock, channel system or the like.
Transaction code via telephone system, GSM, WAP or the like can take place.Open this element according to unit of the present invention and might select type of action then.
In that the present invention is used for the application of bank transaction etc. via for example computing machine, may offer the client according to sensor/key unit of the present invention.This client unit is furnished with the unique pin sign indicating number and the tailor-made algorithm of embedding.This pin sign indicating number may be the type that is used for credit or bank card application, but advanced more.Identical pin sign indicating number can also be kept in the key unit of being used by the client.The pin sign indicating number may change by the special-purpose terminal of bank.Identical unique code can interrelate with customer account number.
In bank, when receiving transaction request, by response of computing unit generation of special use, this proof belongs to correct account holder really from the request of correct key unit.
This function can be described in more detail according to the following step:
-client gets in touch bank by the computer program in the computing machine that is installed in him and imports his account number;
-this bank sends and comprises identification division, the answer of locking data or the like;
-this customer selecting type of transaction is also inserted amount of money or the like and this transaction of checking;
-this program transmits a locking transaction according to foregoing description, and transmission comprises for example transaction data of the amount of money, account number, time stamp etc.;
-have only lock cell when key unit receives correct sign, just to receive answer; This response can comprise identity, variable locking/turn-on data and transaction data, and this response is sent to bank.Simultaneous verification is to transaction data (for example total charge) and transaction executor's proof.
-as previously mentioned, bank uses algorithm and client's pin sign indicating number to be used to verify this response, if can urge response and the transaction data of correct response, then guarantee not change whatever after the biometrics control, so accept this transaction and notify the client about input.
If carry out trade or transaction,, then can offer the key unit that the user is furnished with biological example surveying sensor etc. for example by the internet.This user's key unit be furnished with verification and etc. the unique identification of form.Identical unique identification can be associated with user's account No..Bank disposes control device, is used for verifying correct transaction request in above-mentioned same mode.In this case, checking and transaction are at first carried out in above-mentioned same mode to the seller then by bank.
In another example, the present invention is used for a kind of mobile unit, mobile phone for example, as shown in Figure 4.Safety equipment 40 comprise two pivot section 41 respect to one another and 42 (according to these examples), and wherein part 42 comprises connector 43, is used to be connected to the communication port (not shown) of telephone set 44.This equipment comprises sensor 45, biological example surveying sensor etc. and be arranged on respective electronic equipment and storer on the second portion 41.This electronic equipment can be powered by telephone power.The coupling part is connected to telephone set, and Sensor section 41 is connected to the rear portion of telephone set, for example on the battery.When connecting, according to top description, telephone set can be used as control or key unit.
Just can visit this telephone set when only using telephone set via the correct people of sensor validates, this telephone set also can be used to control other unit, for example by telephone network paying, remote control, open door, access computer (for example through the IR interface) or the like.Lock cell can be realized in telephone set in this case.
Other uses application example of the present invention to comprise:
-wireless additional (add-on) (RFR), promptly storage arrangement for example is furnished with the hard disk of biometrics or transponder card reader.
-be used for the lock cell of portable set (handheld computer), just operate when having only a certain transponder nearby.This transponder can for example embed in the wrist-watch.In addition, this wrist-watch may be furnished with the biometrics sensor of communicating by letter with handheld computer via IR or RF.
-this locking device can be arranged in the telechiric device, is used to guarantee to have only an authorized user can visit by the equipment of remote control.
-work as encrypt/decrypt, for example when Email or file, encryption can be carried out and by the private key deciphering, this private key is verified about utilizing the correct people of biometrics sensor by public keys.
The present invention is not limited to and uses a key or lock cell, and is to use the combination of a plurality of keys and lock cell, and the cooperation of one or more key/lock cells wherein also may take place.The block scheme of Fig. 5 illustrates a kind of like this equipment, wherein L 1-L 5The expression lock cell, K 1And K 2The expression key unit.Key unit, for example K 1, can be provided with and be used for opening many lock cells, for example L 1-L 4, and K 2Open L 4And L 5Term " is opened " and is also referred to visit different resources and information.The communication that reaches between each lock cell between each lock cell and the key unit can (or other network), IR or the like be carried out through wireless, internet, preferably according to above-mentioned description deciphering.
Though just illustrate and described the preferred embodiments of the present invention, should understand and to carry out various deformation and modification within the scope of the appended claims.

Claims (15)

1. safety equipment (10), the information that is used for guaranteeing to visit a unit or a unit, this equipment mainly comprises key unit (11) and lock cell (12), it is characterized in that:
Key unit (11) is arranged in apart from the position of lock cell certain distance, and this key unit comprises input block (13) and communication unit (14), carries out user's sign before key unit is accepted to lock/unblank in key unit (11).
2. safety equipment as claimed in claim 1 is characterized in that:
Described unit is a computing machine, Automatic Teller Machine, door lock, car door, telechiric device, mobile communication equipment, portable computer or the like.
3. safety equipment as claimed in claim 1 or 2 is characterized in that:
Described input block is biometrics sensor, PIN code reader, speech pick-up unit, eye detection device, card reader or mobile phone or the like.
4. as the described safety equipment of claim 1-3, it is characterized in that:
User identity is kept in the key unit.
5. as the described safety equipment of claim 1-4, it is characterized in that:
Key unit and communicating by letter of lock cell be by:
A. start the checking sequence by transmit a request to lock cell by key unit;
B. lock cell responds with the variable message that produces at random basically;
C. utilize protected key by a kind of algorithm computation one numerical value, this numerical value fully from
Obtain in the response message that has transmitted;
D. respond from receiving the numerical value that message utilizes described algorithm and cipher key calculation to go out, its
Be used for lock cell,, then confirm if lock cell is received the message that comprises a numerical value
Proof, the numerical value that calculates between the transmission period of described numerical value and step b is identical.
6. safety equipment as claimed in claim 5 is characterized in that:
Described numerical value can use in response or encrypt in the mode that lock cell can be explained unchangeably.
7. safety equipment that are used for computer installation memory cell (30), this computer installation is furnished with biometrics sensor (31), it is characterized in that:
This memory cell is furnished with built-in locking system, it prevents visit data and is connected to computing machine via controller unit (32) as hardware, these safety equipment comprise key unit and as via described controller unit directly or via being connected to described sensor (31) or other can select the connection of identification equipment to communicate by letter with the various piece in the computer unit.
8. safety equipment as claimed in claim 7 is characterized in that:
Described controller unit is ISA card, pci card or the like.
9. as claim 7 or 8 described safety equipment, it is characterized in that:
Described controller unit comprises key unit.
10. as the described safety equipment of claim 7-9, it is characterized in that:
Described computer unit starts by described sensor via controller unit.
11., it is characterized in that as the described safety equipment of claim 7-10:
Described locking can start in several ways: utilize security procedure to start through automatic startup later and/or by the user by locking system and/or by the user at certain hour.
12. one kind is disposed the mobile communications device (44) that is used for guaranteeing obtaining the safety equipment (40) of a unit or a unit information, it is characterized in that:
These safety equipment are the external units that are connected to the communication port of this communicator, this equipment is furnished with the biometrics sensor that is connected to this communicator, this communicator is formed in key unit and/or the lock cell one thus, and carries out User Recognition before lock cell is accepted to lock/unblank in this lock cell.
13. the method in the safety equipment (10) that are used in the information that is used for guaranteeing visiting a unit or a unit, these safety equipment roughly comprise key unit (11) and lock cell (12), it is characterized in that:
Key unit (11) is arranged in apart from the position of lock cell certain distance, and this key unit comprises input block (13) and communication unit (14), and discerns the user before key unit is accepted to lock/unblank in key unit (11).
14. method as claimed in claim 13 comprises the step that checking proves:
A. start checking by key unit by transmiting a request to lock cell;
B. lock cell responds with the variable message that produces at random;
C. utilize protected key to calculate a numerical value simultaneously, and store this numerical value for future use by tailor-made algorithm;
D. key unit responds a numerical value, and this numerical value is to utilize same algorithm and the cipher key calculation that is used for lock cell to go out from the message that is received; With
If e. lock cell is received the message that comprises a numerical value, then confirm proof, the numerical value of being confirmed in the transmission during described numerical value and the step b is identical.
15. method as claimed in claim 14 is characterized in that:
Described numerical value obtains from described response message fully.
CNB008141908A 1999-09-17 2000-09-18 Security arrangement Expired - Fee Related CN1195275C (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US15439599P 1999-09-17 1999-09-17
US60/154,395 1999-09-17
SE00016873 2000-05-05
SE0001687A SE526732C2 (en) 1999-09-17 2000-05-05 Security arrangement for ensuring access to device such as portable computer, has key unit with input and communication units to identify user before key unit accepts locking-unlocking

Publications (2)

Publication Number Publication Date
CN1378667A true CN1378667A (en) 2002-11-06
CN1195275C CN1195275C (en) 2005-03-30

Family

ID=26655098

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB008141908A Expired - Fee Related CN1195275C (en) 1999-09-17 2000-09-18 Security arrangement

Country Status (5)

Country Link
EP (1) EP1228433A1 (en)
JP (1) JP2003509771A (en)
CN (1) CN1195275C (en)
AU (1) AU7695400A (en)
WO (1) WO2001020463A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104364791A (en) * 2012-03-06 2015-02-18 温科尼克斯多夫国际有限公司 PC security using BIOS/(U)EFI extensions
CN105393254A (en) * 2013-06-21 2016-03-09 Visa欧洲有限公司 Enabling access to data
CN108604982A (en) * 2016-01-04 2018-09-28 克莱夫公司 with encrypted data security system
US10754992B2 (en) 2007-09-27 2020-08-25 Clevx, Llc Self-encrypting drive
US10778417B2 (en) 2007-09-27 2020-09-15 Clevx, Llc Self-encrypting module with embedded wireless user authentication
US10783232B2 (en) 2007-09-27 2020-09-22 Clevx, Llc Management system for self-encrypting managed devices with embedded wireless user authentication
US11190936B2 (en) 2007-09-27 2021-11-30 Clevx, Llc Wireless authentication system
US11971967B2 (en) 2021-08-20 2024-04-30 Clevx, Llc Secure access device with multiple authentication mechanisms

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7302571B2 (en) 2001-04-12 2007-11-27 The Regents Of The University Of Michigan Method and system to maintain portable computer data secure and authentication token for use therein
US20030023882A1 (en) * 2001-07-26 2003-01-30 Charlie Udom Biometric characteristic security system
EP1293874A3 (en) * 2001-09-06 2006-08-02 Nippon Telegraph and Telephone Corporation Authentication method, authentication system, and authentication token
US7299364B2 (en) 2002-04-09 2007-11-20 The Regents Of The University Of Michigan Method and system to maintain application data secure and authentication token for use therein
GB2417116A (en) * 2004-08-10 2006-02-15 Gw Pharmaceuticals Plc Secure dispensing system
US8000502B2 (en) * 2005-03-09 2011-08-16 Sandisk Technologies Inc. Portable memory storage device with biometric identification security
KR100748034B1 (en) * 2006-09-15 2007-08-09 삼성전자주식회사 Apparatus and method for bluetooth control in portable terminal
JP5295999B2 (en) * 2010-03-19 2013-09-18 日本電信電話株式会社 Terminal initial setting method and initial setting device
KR102423759B1 (en) 2015-05-18 2022-07-22 삼성전자주식회사 Binding device with embedded smart key and object control method using the same

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5280527A (en) * 1992-04-14 1994-01-18 Kamahira Safe Co., Inc. Biometric token for authorizing access to a host system
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
EP0723251A3 (en) * 1995-01-20 1998-12-30 Tandem Computers Incorporated Method and apparatus for user and security device authentication
AU4196497A (en) * 1996-09-18 1998-04-14 Dew Engineering And Development Limited Biometric identification system for providing secure access
US6041410A (en) * 1997-12-22 2000-03-21 Trw Inc. Personal identification fob
US6151676A (en) * 1997-12-24 2000-11-21 Philips Electronics North America Corporation Administration and utilization of secret fresh random numbers in a networked environment
AU2345499A (en) * 1998-01-30 1999-08-16 Barry C. Phelps Biometric authentication system and method

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11151231B2 (en) 2007-09-27 2021-10-19 Clevx, Llc Secure access device with dual authentication
US10985909B2 (en) 2007-09-27 2021-04-20 Clevx, Llc Door lock control with wireless user authentication
US11233630B2 (en) 2007-09-27 2022-01-25 Clevx, Llc Module with embedded wireless user authentication
US11190936B2 (en) 2007-09-27 2021-11-30 Clevx, Llc Wireless authentication system
US10754992B2 (en) 2007-09-27 2020-08-25 Clevx, Llc Self-encrypting drive
US10778417B2 (en) 2007-09-27 2020-09-15 Clevx, Llc Self-encrypting module with embedded wireless user authentication
US10783232B2 (en) 2007-09-27 2020-09-22 Clevx, Llc Management system for self-encrypting managed devices with embedded wireless user authentication
CN104364791A (en) * 2012-03-06 2015-02-18 温科尼克斯多夫国际有限公司 PC security using BIOS/(U)EFI extensions
CN105393254A (en) * 2013-06-21 2016-03-09 Visa欧洲有限公司 Enabling access to data
US10445484B2 (en) 2013-06-21 2019-10-15 Visa Europe Limited Enabling access to data
US11275821B2 (en) 2013-06-21 2022-03-15 Visa Europe Limited Enabling access to data
US11868169B2 (en) 2013-06-21 2024-01-09 Visa Europe Limited Enabling access to data
CN108604982B (en) * 2016-01-04 2020-09-04 克莱夫公司 Method for operating a data security system and data security system
CN108604982A (en) * 2016-01-04 2018-09-28 克莱夫公司 with encrypted data security system
US11971967B2 (en) 2021-08-20 2024-04-30 Clevx, Llc Secure access device with multiple authentication mechanisms

Also Published As

Publication number Publication date
WO2001020463B1 (en) 2001-05-10
WO2001020463A1 (en) 2001-03-22
EP1228433A1 (en) 2002-08-07
AU7695400A (en) 2001-04-17
JP2003509771A (en) 2003-03-11
CN1195275C (en) 2005-03-30

Similar Documents

Publication Publication Date Title
CN1195275C (en) Security arrangement
US8322608B2 (en) Using promiscuous and non-promiscuous data to verify card and reader identity
CN100437635C (en) Secure biometric verification of identity
JP3222110B2 (en) Personal identification fob
US7407110B2 (en) Protection of non-promiscuous data in an RFID transponder
CA2748563C (en) Biometric key
US8112632B2 (en) Security devices, systems and computer program products
US9690916B2 (en) Multi-function identification system and operation method thereof
CN105900114B (en) For executing the safety card of finger print identifying and based on this safe card processing system and its processing method
US7461264B2 (en) Method for automatic identification control and management
EA002737B1 (en) Fingerprint collation
CN1918584A (en) Portable data carrier, external arrangement, system and methods for wireless data transfer
CN108701383A (en) Attack resistance bio-identification authorization device
CN113971849A (en) Dynamic coded lock with management system
CN104123777A (en) Access control remote authorization method
US20030014642A1 (en) Security arrangement
EP1855227A2 (en) Processing device constituting an authentication system, authentication system, and the operation method thereof
US20190028470A1 (en) Method For Verifying The Identity Of A Person
CN1606027A (en) Method for software copyright protection by utilizing fingerprint and application apparatus thereof
CN1282051C (en) Safety industrial control system with fingerprint encryption
RU2260840C2 (en) Protection means
CN115604029B (en) Vehicle information management method of security chip and security chip device
CN211979737U (en) Access control system based on two-dimensional code
CN1226983A (en) Fingerprint collation
EP1480099A2 (en) Mobile communication unit with a security arrangement

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: LIANZHI TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: LOGGWILL STOCK CO., LTD.

Effective date: 20070907

C41 Transfer of patent application or patent right or utility model
C56 Change in the name or address of the patentee

Owner name: LOGGWILL STOCK CO., LTD.

Free format text: FORMER NAME OR ADDRESS: FINGLOG AB

CP03 Change of name, title or address

Address after: Gothenburg

Patentee after: Logue Will AG

Address before: Gothenburg

Patentee before: FINGLOQ AB

TR01 Transfer of patent right

Effective date of registration: 20070907

Address after: The British Virgin Islands of Tortola

Patentee after: Lianzhi Technology Co.,Ltd.

Address before: Gothenburg

Patentee before: Logue Will AG

C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20050330

Termination date: 20091019