DE102005046781A1 - Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication - Google Patents

Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication Download PDF

Info

Publication number
DE102005046781A1
DE102005046781A1 DE200510046781 DE102005046781A DE102005046781A1 DE 102005046781 A1 DE102005046781 A1 DE 102005046781A1 DE 200510046781 DE200510046781 DE 200510046781 DE 102005046781 A DE102005046781 A DE 102005046781A DE 102005046781 A1 DE102005046781 A1 DE 102005046781A1
Authority
DE
Germany
Prior art keywords
authentication
user
computer system
memory
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
DE200510046781
Other languages
German (de)
Inventor
Harry Adler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Priority to DE200510046781 priority Critical patent/DE102005046781A1/en
Publication of DE102005046781A1 publication Critical patent/DE102005046781A1/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The method involves proceeding preliminary authentication of a user based on preset criteria after starting a computer system, and loading an operating system in a memory of the computer system. User-individual programs and/or data in the memory are loaded and/or user-individual services are started depending on the preliminary authentication. A final authentication of the user is implemented, and the computer system is directly ready-to-use during the final authentication of the user. An independent claim is also included for a device for implementing an operating state obtaining method of a computer system.

Description

Die Erfindung bezieht sich auf die Authentifizierung eines Benutzers eines programmgesteuerten Rechnersystems.The This invention relates to the authentication of a user a program-controlled computer system.

Nach dem Einschalten eines Rechnersystems (siehe hierzu 2, Aktion 1, Stromversorgung EIN) sendet das Betriebssystem eine Anfrage an das BIOS (basic input/output system). Die Initialisierung des BIOS erfolgt durch das Booten, bei dem ein Selbsttest durchgeführt wird. Anschließend werden die BIOS-Routinen abgearbeitet, die die Kommunikation mit den Hardware-Komponenten wie Tastatur, Maus, Laufwerke, Festplatte, Speicher und Monitor ermöglichen (nicht dargestellt).After switching on a computer system (see 2 , Action 1, Power ON), the operating system sends a request to the BIOS (basic input / output system). The initialization of the BIOS is done by booting, where a self-test is performed. Then the BIOS routines are processed, which enable the communication with the hardware components such as keyboard, mouse, drives, hard disk, memory and monitor (not shown).

Anschließend wird das eigentliche Betriebssystem in den Speicher geladen (siehe hierzu 2, Operation 1, (100) Lade Betriebssystem). Das Betriebssystem setzt auf dem BIOS auf und bildet die Grundlage, um Applikationen auf einem Rechnersystem ausführen zu können. Das Laden des Betriebssystems dauert – je nach Gerät und Betriebssystem – zwischen wenigen Sekunden und mehreren Minuten (in den Figuren durch eine Sanduhr angedeutet).Then the actual operating system is loaded into the memory (see 2 , Operation 1, (100) loading operating system). The operating system is based on the BIOS and forms the basis for executing applications on a computer system. Depending on the device and the operating system, loading the operating system takes between a few seconds and several minutes (indicated in the figures by an hourglass).

Vor der Freigabe der Benutzung des Betriebssystems für den Nutzer findet häufig eine Authentifizierung des Benutzers statt, um das Rechnersystem vor unerlaubter Nutzung zu schützen (siehe hierzu 2, Aktion 2, Authentifizierung). Ist das Rechnersystem zur Benutzung durch verschiedene Benutzer vorgesehen, so dient die Benutzerauthentifizierung auch dazu, entsprechende benutzerindividuelle Programme, Daten und Dienste zu starten. Auch dieser Vorgang kann wiederum bis zu einige Minuten lang dauern (siehe 2, Operation 2, (200) Lade Dienste/Profile).Prior to the user's use of the operating system, the user is often authenticated to protect the computer system from unauthorized use (see 2 , Action 2, authentication). If the computer system is intended for use by different users, the user authentication also serves to start corresponding user-specific programs, data and services. Again, this process can take up to several minutes (see 2 , Operation 2, (200) Loading Services / Profiles).

Aus der Offenlegungsschrift DE 10128729 A1 ist ein Authentifizierungsverfahren bekannt, bei dem nach erfolgter erster und zweiter Authentifikation der Nutzer unter Verwendung der Anmeldeinformation bei einer Dienstleistungseinheit angemeldet wird.From the publication DE 10128729 A1 an authentication method is known in which after the first and second authentication of the user using the login information is registered with a service unit.

Ziel der Erfindung ist es, die unmittelbare Betriebsbereitschaft eines Rechnersystems nach der Authentifizierung des Benutzers zu ermöglichen. Dies wird – ausgehend von den Merkmalen der Oberbegriffe der Patentansprüche 1 und 4 – durch deren kennzeichnende Merkmale erreicht.aim The invention is the immediate operational readiness of a Computer system after authentication of the user. This will - outgoing from the features of the preambles of claims 1 and 4 - through whose characteristic features achieved.

Wesentliche Merkmale der Erfindung sind eine vorläufige und eine endgültigen Authentifizierung des Benutzers.basics Features of the invention are preliminary and final authentication the user.

Wesentlicher Vorteil der Erfindung ist die sofortige Einsatzbereitschaft des Rechnersystems nach der endgültigen Benutzerauthentifizierung. Durch sie entfallen Wartezeiten zwischen der endgültigen Benutzerauthentifizierung und der endgültigen Betriebsbereitschaft des Rechnersystems.essential Advantage of the invention is the immediate readiness of the Computer system after the final User authentication. They eliminate waiting times between them the final User authentication and final operational readiness of the computer system.

Im Folgenden wird die Erfindung anhand eines Ausführungsbeispiels und mit Bezug auf die beigefügte Zeichnung verdeutlicht. Dabei zeigen:in the The invention will be described below with reference to an embodiment and with reference on the attached Drawing clarifies. Showing:

1 das erfindungsgemäße Verfahren in einem solchen Fall, und 1 the inventive method in such a case, and

2 das bislang übliche Benutzerauthentifizierungsverfahren nach dem Einschalten eines Rechnersystems. 2 the hitherto customary user authentication method after switching on a computer system.

Nach dem Einschalten des Rechnersystems – beispielsweise ein Personalcomputer oder ein Laptop – findet erfindungsgemäß zunächst eine vorläufige Authentifizierung (010 Vor-Authentifizierung) statt (siehe 1). Sie kann z.B. darin bestehen, dass

  • – der Nutzer eine ID-Karte und einen Kartenleser (Card Reader) verwendet, und/oder
  • – der Nutzer eine zugeordnete Taste (spez. Tastenkombination) betätigt, oder dass
  • – das Rechnersystem den letzten oder aber einen bestimmten, zuvor festgelegten Nutzer (letzter oder gewöhnlicher Benutzer) automatisch vorläufig authentifiziert.
After switching on the computer system - for example, a personal computer or a laptop - first provisional authentication (010 pre-authentication) takes place according to the invention (see 1 ). It can be, for example, that
  • - The user uses an ID card and a card reader (card reader), and / or
  • - The user presses an assigned key (specific key combination), or that
  • - The computer system automatically provisionally authenticates the last or a specific, previously defined user (last or ordinary user).

Nach der vorläufigen Authentifizierung (010 Vor-Authentifizierung) lädt das Rechnersystem das Betriebssystem (100 Lade Betriebssystem) und die benutzerindividuellen Services und Profile (200 Lade Dienste/Profile) in seinen Speicher.To the provisional Authentication (010 pre-authentication) loads that Computer system the operating system (100 loading operating system) and the user-individual Services and Profiles (200 Loading Services / Profiles) in its memory.

Erst dann findet die endgültige Authentifizierung des Nutzers statt (Aktion 2, Authentifizierung). Nur wenn der endgültig authentifizierte Nutzer mit dem vorläufig authentifizierten Nutzer identisch ist, steht das Rechnersystem dem Nutzer unmittelbar zur Nutzung zur Verfügung.First then find the final one Authentication of the user instead (action 2, authentication). Just if the final authenticated users with the tentatively authenticated user is identical, the computer system is the user directly to use to disposal.

Stimmen endgültig authentifizierter Nutzer (Benutzer ungleich vorauthentifizierter Benutzer) und vorläufig authentifizierter Nutzer nicht überein, so werden die benutzerindividuellen Dienste gestoppt und das Nutzerprofil wird aus dem Speicher entfernt (190 Stopp Dienste/entferne Profile). Anschließend werden die benutzerindividuellen Dienste und das Nutzerprofil des endgültig authentifizierten Nutzers geladen (200 Lade Dienste/Profile).vote finally authenticated user (user not pre-authenticated Users) and provisionally authenticated user does not match, This stops the user-specific services and the user profile is removed from memory (190 Stop Services / Remove Profiles). Then be the user-specific services and the user profile of the final authenticated user User loaded (200 load services / profiles).

Claims (4)

Verfahren zum beschleunigten Erreichen der Betriebsbereitschaft nach Durchführung der Authentifizierung eines Benutzers eines programmgesteuerten Rechnersystems mit einem Betriebssystem und wenigstens einem Speicher, dadurch gekennzeichnet, – dass nach Inbetriebnahme des Rechnersystems eine vorläufige Authentifizierung (010 Vor-Authentifizierung) des Benutzers anhand bestimmter Kriterien stattfindet, und – dass anschließend das Betriebssystem in einen Speicher des Rechnersystems geladen wird (100 Lade Betriebssystem), – dass anhand der vorläufigen Authentifizierung (010 Vor-Authentifizierung) benutzerindividuelle Programme und/oder Daten in den Speicher geladen und/oder benutzerindividuelle Dienste gestartet werden (200 Lade Dienste/Profile), – dass nachfolgend eine endgültige Authentifizierung (Authentifizierung) des Benutzers durchgeführt wird, und – dass bei einer erfolgreichen endgültigen Authentifizierung (Authentifizierung) des Benutzers, das Rechnersystem unmittelbar betriebsbereit ist.A method for accelerating the operational readiness after carrying out the authentication of a user of a program-controlled computer system with an operating system and at least one memory, characterized in that - after commissioning of the computer system a preliminary authentication (010 pre-authentication) of the user takes place based on certain criteria, and in that the operating system is subsequently loaded into a memory of the computer system (100 loading operating system), that user-specific programs and / or data are loaded into the memory and / or user-specific services are started based on the preliminary authentication (010 pre-authentication) (200 loading services / Profiles), - that subsequently a final authentication (authentication) of the user is performed, and - that upon a successful final authentication (authentication) of the user, the computer system unmit is ready to use. Verfahren nach Anspruch 1, dadurch gekennzeichnet, dass bei erfolgloser endgültiger Authentifizierung (Authentifizierung) die benutzerindividuelle Programme und/oder Daten aus dem Speicher entfernt und/oder benutzerindividuelle Dienste gestoppt werden (190 Stopp Dienste/entferne Profile).Method according to claim 1, characterized in that that if unsuccessful final Authentication (authentication) the user-specific programs and / or data removed from the memory and / or user-specific Services are stopped (190 stop services / remove profiles). Verfahren nach Anspruch 1, dadurch gekennzeichnet, dass die vorläufige Authentifizierung (010 Vor-Authentifizierung) des Benutzers anhand einer ID-Karte (Kartenleser) und/oder einer zugeordneten Taste (spez. Tastenkombination) oder dadurch, dass der Benutzer keine Eingabe macht, stattfindet.Method according to claim 1, characterized in that that the provisional Authentication (010 Pre-authentication) of the user based on an ID card (card reader) and / or an assigned key (spec. Keyboard shortcut) or by the fact that the user is not typing makes, takes place. Vorrichtung für programmgesteuertes Rechnersystem, dadurch gekennzeichnet, dass die Vorrichtung zur Durchführung der Verfahrensschritte nach einem der Patentansprüche 1 bis 3 ausgestaltet ist.Device for program-controlled computer system, characterized in that the device for implementation the method steps according to one of the claims 1 to 3 is configured.
DE200510046781 2005-09-29 2005-09-29 Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication Ceased DE102005046781A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE200510046781 DE102005046781A1 (en) 2005-09-29 2005-09-29 Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE200510046781 DE102005046781A1 (en) 2005-09-29 2005-09-29 Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication

Publications (1)

Publication Number Publication Date
DE102005046781A1 true DE102005046781A1 (en) 2007-04-12

Family

ID=37886826

Family Applications (1)

Application Number Title Priority Date Filing Date
DE200510046781 Ceased DE102005046781A1 (en) 2005-09-29 2005-09-29 Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication

Country Status (1)

Country Link
DE (1) DE102005046781A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010052069A1 (en) * 2000-06-13 2001-12-13 Yutaka Sekiguchi User-authentication-type network operating system booting method and system utilizing BIOS preboot environment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010052069A1 (en) * 2000-06-13 2001-12-13 Yutaka Sekiguchi User-authentication-type network operating system booting method and system utilizing BIOS preboot environment

Similar Documents

Publication Publication Date Title
EP2820587B1 (en) Method for controlling access to a computer using a mobile terminal
EP1792248A1 (en) Portable device for clearing access
DE102016201601A1 (en) Methods and devices concerning in particular a motor vehicle access and / or start system
DE20320853U1 (en) Software execution apparatus for implementing hot key functions in computer system, identifies hot key in keyboard and transmits corresponding system management interrupt, according to scan code from keyboard encoder
DE102009009310A1 (en) Method for performing communication between e.g. head unit of automobile and server, for use in e.g. navigation field, involves storing specific certificate as identifier on remote device such that head units are identified
WO2006120170A1 (en) Data transfer between modules
DE102005046781A1 (en) Program-controlled computer system`s operating state obtaining method, involves proceeding preliminary authentication based on preset criteria after starting computer system, where system is directly ready-to-use during final authentication
DE102010031932A1 (en) Method for access control to building or room of building for automation system, involves releasing access in case of successful authentication when safety token is authenticated at controller within preset time span
EP2561460B1 (en) Method for configuring an application for a terminal
WO2008000369A1 (en) Method for delegating privileges to a lower level privilege instance by a higher level privilege instance
WO2010055026A1 (en) Method and apparatus for allocating of a portable data medium, in particular a chip card, to a terminal
EP2019365A3 (en) System and method for entering a PIN securely
EP3113439A1 (en) Method for producing a zero knowledge connection between an electronic device and a computer
DE102008027586A1 (en) Procedure for creating, issuing and reviewing authorization authorizations
DE102011079786A1 (en) Method and device for testing a program stored on a memory of an electrical appliance
EP4064081B1 (en) Method and system for identifying and authenticating a user in an ip network
DE102016012880A1 (en) Method for operating a keyless entry system for a motor vehicle and access system
DE102007014143A1 (en) Test stand e.g. engine test stand, for e.g. engine controller, of motor vehicle i.e. engine driven motor vehicle, has computing unit for connecting components with immobilizer, which is activated by authorization request in data base
DE102010018237A1 (en) Method for granting access of protected resources in communication system, involves generating one-time password which is combination of consumer personal identification number (PIN) and security code and transmitting password to consumer
EP3070552B1 (en) Linking an automation device to a data processing system
DE102009056494A1 (en) User authentication system for controlling user access to e.g. electronic access system, has testing device with matching unit to match transmitted biometric characteristics to user and verification unit to verify transmitted test data
EP1393526A1 (en) Method for generating a key for signature cards
DE102014102637B4 (en) Method for storing biometric access data for a computer system, computer system and data memory
DE102020007075A1 (en) Method for authenticating a person in a vehicle
DE102006014133A1 (en) Sensitive personal data e.g. personal identification number, input, storage and display method, involves directly connecting data memory with deletion unit, which deletes data of data memory during mechanical manipulation at protection unit

Legal Events

Date Code Title Description
OP8 Request for examination as to paragraph 44 patent law
8131 Rejection