DE102012216396A1 - Method for determining information technology (IT) authorization information by physical permission object, involves detecting physical characteristics of physical permission object by measuring device - Google Patents

Abstract

The method involves detecting physical characteristics (12) of a physical permission object (9) by the measuring devices (5-7). The detected physical characteristics and IT authorization information (11) are used. The physical permission object is a mechanical key. The physical characteristics are a contour, a weight, a length, a width and/or surface texture of the physical permission object. An independent claim is included for an IT system for determining IT authorization information by physical permission object.

Description

The present invention relates to the technical field of determining IT authorization information.

It is generally known to authenticate a user by knowledge (e.g., password, PIN), possession (e.g., passport, smart card, mechanical key), or characteristics (e.g., fingerprint, iris, voice).

Mechanical keys and corresponding locks or lock cylinders are well known.

Mechanical keys with integrated crypto module and a radio interface (e.g., RFID) are known. These are e.g. used on vehicle keys to unlock an immobilizer. Electronic access control systems are known in which a user can identify himself by a security token, a chip card or by means of biometric features instead of a mechanical key.

Physical Unclonable Functions (PUF) are known: they do not use physically reproducible physical properties. For this purpose, the response behavior of a physical structure can be evaluated for different stimuli (challenges).

It is also known to determine or reconstruct a cryptographic key depending on intrinsic properties of a semiconductor IC. A PUF is used here to realize a secure memory for a cryptographic key.

There are different PUF known, see http://en.wikipedia.org/wiki/Physical_unclonable_function ,

Among them are also PUFs, in which the surface condition (coating PUF) or a reflected optical or electromagnetic signal (optical PUF) is checked.

Similar to a PUF, security documents are known in which the surface texture of the paper is used as security information (recognize original document).

It is known to authenticate a paper document by examining random structural properties of the paper surface.

Authorizations of a user on an IT system can be explicitly administered, e.g. by modifying an access control list. Authorization information may be provided between IT systems in cryptographic form, e.g. in the form of a SAML assertion (SAML: Security Assertion Markup Language) or in the form of a digital authorization certificate.

It is known to optically detect and decode a barcode with a camera or scanner of a mobile device. In the barcode, a device type can be encoded (EAN code, EAN: European Article Number) via which e.g. Additional information or price information is available. In a QR code (QR: Quick Response, a two-dimensional barcode), a URL can be encoded, which is opened in a Web browser.

OCR (Optical Character Recognition) methods are known for converting optically scanned text documents (images) into textual representations.

In a password recovery, i. resetting or reestablishing e.g. forgotten or blocked passwords, is known to ask a user questions ("first pet's name") or biometrically authenticate it (e.g., speaker recognition via telephone system).

It is known that a mobile device captures an image of the user by means of a built-in camera and checks it. If the authorized user is detected, the device will power up. This has the advantage that the user does not have to enter a PIN or password.

In security bootstrapping, ie setting up a cryptographic key, different methods are known (eg Bluetooth pairing, Wi-Fi Protected Setup). A bootstrapping can be authorized by pressing a button (push button configuration), a configuration setting can be transferred by means of a memory token (USB stick, memory card) or via a short-range radio interface (NFC interface; NFC: Near Field Communication). or a user can enter a PIN or check a displayed PIN. It is generally known to use an out-of-band channel / side channel to protect bootstrapping. Different out-of-band channels have been proposed in academic research, eg synchronous movement of the devices to be linked ( R. Mayrhofer, H. Gellersen: Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices, IEEE Transactions on Mobile Computing, Vol 8, Issue 6, pp. 792-806, June 2009 ). The use of a visual channel using 2D barcodes ( Leonid Batyuk, Seyit Ahmet Camtepe, Sahin Albayrak: Multi-device Key Management Using Visual Side Channels in Pervasive Computing Environments, Sictch International Conference on Broadcasting and Wireless Computing, Communication and Applications BWCCA, 2011 ) or acoustic out-of-band channels ( M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, E. Uzun: Loud and Clear: Human Verifiable Authentication Based on Audio, ICDCS'06 )

Coin counting machines are also known, which check the properties of coins in order to recognize them as original coins. These capture physical properties of the coin via sensors. In the case of a parking ticket system, authorization information is determined by the payment process, e.g. a parking period of a parking ticket to be issued.

There is a need to simplify the management of access authorizations or access authorizations of an IT system. There is also a need for secure and simple bootstrapping, that is, for the secure and simple establishment of a cryptographic key, which is a fundamental requirement for the use of cryptographic security methods. The present invention is therefore based on the object to set up an authorization user-friendly for an IT system.

This object is achieved by the features described in the independent claims. Advantageous embodiments of the invention are specified in further claims.

According to a first aspect, the invention relates to a method for determining an IT authorization information by means of a mechanical key. First physical properties of the mechanical key are detected by a measuring device. Subsequently, the acquired physical properties are used as IT authorization information.

According to a further aspect, the invention relates to an IT system for determining IT authorization information by means of a physical key. The IT system comprises a measuring device and a means of use. The measuring device is designed and adapted to detect physical properties of the mechanical key. The utilization means is designed and adapted to use the acquired physical properties as IT authorization information.

Preferred embodiments of the invention will be explained in more detail with reference to the figures, for example. Showing:

1 an IT system according to an embodiment of the invention;

2 a mechanical key that captures physical properties.

1 shows an IT system 1 for determining an IT authorization information 11 by means of a physical authorization object designed as a mechanical key 9 , The IT system 1 includes at least one measuring device 5 . 6 . 7 for detecting physical properties 12 of the mechanical key 9 , The IT system 1 also includes one as an IT system 2 trained use agent 2 to use the acquired physical properties 12 as IT authorization information 11 ,

According to a in 1 shown preferred application scenario wants a user 8th on a maintenance interface 3 the plant 2 , such as an automation robot or a vehicle control of a rail vehicle, access via WLAN. Alternatively, not shown, an access could also be wired, for example via an Ethernet interface or a serial interface. For access the user can 8th as a measuring device 5 . 6 . 7 for example, a notebook 14 with scanner 15 or a tablet PC 6 with touch-sensitive display or a smartphone 7 use with camera (three variants). The measuring device 5 . 6 . 7 is adapted, an image of a physical key 9 and extract this image or extracted characteristic authorization information derived from the image 11 to the plant 2 via a WLAN data communication 13 to convey. The data communication 13 is preferably cryptographically encrypted, eg by means of TKIP, CCMP, IPsec or SSL / TLS. These are cryptographic protected communication methods (TKIP: Temporal Key Integrity Protocol according to the WLAN standard IEEE 802.11 ; CCMP: Counter Mode with Cipher Block Chaining Message Authentication Code Protocol according to the WLAN standard IEEE 802.11 ; IPsec according to Internet RFC 4301 , SSL Secure Sockets Layer Protocol, TLS: Transport Layer Security Protocol according to the Internet RFC 5246 ). The attachment 2 grants access to a maintenance functionality depending on the provided authorization information 11 of the physical key 9 namely, when the mechanical key 9 due to his authorization information 11 through the IT system 2 has been recognized as valid.

According to preferred embodiments, the physical properties include 12 a contour, a weight, a length, a width and / or a surface finish of the key 9 , For example, a contour of the key profile is detected. From the indentations, their position, form can the authorization information 11 digitally encoded, eg in the form of a height profile.

The detected physical properties 12 may be direct or in derivative form as IT authorization information 11 be used. By direct use is to be understood that the measured data are provided directly to the IT system for testing. For this purpose, for example, the optically acquired image can be provided, or the physically measured variables, such as the distances and depths of the notches, can be provided. Using in derivative form is to be understood that depending on the measured data, a digitally coded authorization information is determined according to a calculation rule and this is provided to the IT system, eg a cryptographic key or a password from the measured data by means of a key derivation function can be determined , Thus, the physical properties 12 be used as an IT security credential, ie, for example, according to a password, a PIN, or a cryptographic key. The measured variables can be used directly as a security credential, or it is first derived from a password, a PIN or a cryptographic key from it as a conventional security credential, which then in known manner with known IT security mechanisms, such as a password check or a cryptographic encryption or an access authorization.

According to a preferred variant, the physical properties include 12 optically detectable properties. These can be recorded with a camera, with ultrasound, with radar technology or with mechanical scanning or with a touch-sensitive display or touchpad.

In a variant, the authorization information 11 usable as long as the physical properties 12 of the physical key 9 be recorded. Once they are no longer detected, eg because the physical key from the measuring device 5 . 6 . 7 is removed, the authorization information is disabled, ie marked as invalid, or deleted. In another variant, a logoff takes place, ie, for example, a blocking of the maintenance access via the maintenance interface 3 to the plant 2 ,

According to a preferred embodiment, the IT system comprises 1 a coding means 4 , which is formed, the detected physical properties 12 to encode digitally. In the in 1 illustrated embodiments is the coding means 4 through at least one of the measuring devices 5 . 6 . 7 includes. Preferably, the authorization information 11 digitally encoded and includes more than one bit.

The the physical properties 12 may be encoded into a digital certificate according to a preferred embodiment, wherein the digital certificate encodes IT access permissions. The attachment 2 is configured, the digitally coded properties as IT authorization information 11 to use.

According to a preferred embodiment, the IT system 1 designed so that the key 9 both access to and access to the IT system 2 allows. Access to the facility 2 is determined by the physical properties 12 of the authorization object 9 directly and without the use of IT authorization information 11 allows, for example, access to the system 2 by means of the mechanical key 9 is mechanically released by a mechanical lock. Access to the system 2 whereas, by means of the use of the detected physical properties 12 as IT authorization information 11 Approved.

According to preferred embodiments of the invention, it is proposed a portable physical article in the form of a conventional mechanical key 9 to use as a physical authorization object PBO or as a physical authentication object PAO for an IT security operation. When used as a PBO become physical properties 12 the PBO detected by a measuring device and directly or in derived form as IT security authorization information 11 eg used by an access control check mechanism. When used as PAO become physical properties 12 of the PAO through a measuring device 5 . 6 . 7 captured and used directly or in derived form as an IT security credential (password, PIN, cryptographic key).

With a protected maintenance access to an IT system 2 can create a credential by capturing and checking a physical key 9 through the IT system 1 respectively. Without a physical key 9 No or limited access is possible. With a user key or a universal key, different authorizations can be granted depending on the physical key used. A main user with a universal key can thus receive eg extended access rights.

Characteristic physical properties 12 a key 9 are in particular optically detectable properties (contour, notches, dents, holes / breakthroughs). These can be easily detected eg with a common camera. In general, other measuring methods such as ultrasound or a mechanical Scanning can be used. The key 9 can be scanned mechanically in a variant. Also, capturing the contour of the key 9 by placing it on a touch-sensitive display / touchpad.

The mechanism described can also be used in combination with conventional IT security methods, eg password, digital certificate or similar. be used. In a variant, physical properties 12 of the physical key 9 (Reference image, position of notches) in a digital certificate, which as IT authorization information 11 is used, encoded. The digital certificate also encodes IT access permissions.

The secure establishment of a cryptographic key is a fundamental requirement for the use of cryptographic security methods. This is also known as security bootstrapping.

According to a preferred embodiment, the present invention can also be used to set up a cryptographic parameter in a user-friendly manner, or to derive it from a mechanical key.

2 shows therefore by means of a mechanical key 9 By way of example with reference to a preferred embodiment, a way to from the mechanical properties of the mechanical key 9 a cryptographic key 11 to determine. This is the distance of the peaks 12 of the key profile measured from the right key edge (here eg m1, m2, m3, m4, m5, m6). The readings are rounded (to compensate for measurement inaccuracies) and digitally coded.

Other measured values can also be taken into account, eg the height of the peaks 12 , Likewise, the positions of the notches and their depth can be measured.

Depending on the detected physical properties 12 will give access to the facility 2 granted or rejected. In particular, reference images of keys and the assigned IT authorizations of the IT system can be stored for this purpose.

A cryptographic key K is now determined by means of a cryptographic hash function H, for example MD5, SHA1, SHA256, etc., or by means of a key derivation function (Key Derivation Function KDF): K: = H (m1 | m2 | m3 | m4 | m5 | m6)

The symbol denotes | the concatenation, i. hanging on one another.

Instead of a hash function, a fuzzy key extractor may also be used, such as e.g. is used for key derivation in intrinsic PUFs. As a result, measurement inaccuracies or individual measurement errors can be corrected.

In addition, a conventional cryptographic key, PIN or password can be used in the key derivation, eg K: = H (m1 | m2 | m3 | m4 | m5 | m6 | PIN) Or K: = HMAC (m1 | m2 | m3 | m4 | m5 | m6, PIN) K: = HMAC (PIN, m1 | m2 | m3 | m4 | m5 | m6)

The above based on 2 described recorded physical properties of the mechanical key 2 Of course, they do not necessarily have to be used to generate a cryptographic key, but can also be used to generate other authorization information, such as for generating a PIN or a password.

According to a preferred embodiment, the realization of the detection of the physical properties takes place on a computer (mobile device with camera), preferably on a mobile device 5 . 6 . 7 , The mobile device 5 . 6 . 7 visually captures an image of the PAO. Preferably, the mobile device includes 5 . 6 . 7 a coding means 4 and can itself extract a security credential from the image, or it can transmit the captured image to a server that extracts a security credential and provides it to the mobile device.

It can be checked whether the picture is up-to-date: This can be done with a comparison with previously used pictures. Also in the image encoded meta-information (EXIF data or similar) a time, a place o. which can be tested.

Instead of a single image, multiple images or a video clip can be used. Instead of a camera, it is also possible to use e.g. the contour of the key by placing on a touch-sensitive display or on a touchpad done.

It can be checked whether the optically detected physical object is actually a key. It can be checked if it is a specific type of mechanical key. For this purpose, known image recognition methods can be used become. It can be checked whether the detected object has a sufficient randomness "entropy". Simple keys with no or only insufficient individualization, as used for example in some furniture, can be rejected.

• • Security-Bootstrapping: Initiales Einrichten eines kryptographischen Schlüssels zwischen zwei Geräten (z.B. zwei Mobiltelefone): Beide erfassen den gleichen physikalischen Gegenstand. Durch Vergleich der erfassten physikalischen PAO-Objekteigenschaften kann eine Bindung zwischen den Geräten manipulationsgeschützt hergestellt werden, z.B. das Einrichten eines kryptographischen Schlüssels. Die erfassten physikalischen Eigenschaften werden dabei entsprechend einer PIN in einem Pairing bzw. Security Bootstrapping verwendet.
• • Authentisierung eines Nutzers im regulären Betrieb (z.B. bei Anmeldung an einem Web-Seite): Ein Mobilgerät erfasst den physikalischen Gegenstand und überträgt die Information über eine Kommunikationsverbindung an einen Server, der die erfasste Information mit gespeicherter Referenzinformation vergleicht und bei hinreichender Ähnlichkeit einen Zugriff gewährt.
• • Password-Recovery: Bei einem vergessenen Passwort kann ein Benutzer ein neues Passwort von einem Server anfordern. Zusätzlich oder anstatt herkömmlicher Fragen kann verlangt werden, ein (aktuelles) Foto eines mechanischen Schlüssels zu übertragen.
• • Ein Computer erfasst physikalische PAO-Eigenschaften und ermittelt daraus einen kryptographischen Schlüssel. Er kann dazu nur die erfassten PAO-Eigenschaften alleine verwenden, oder er kann diese mit zusätzlichen gespeicherten Hilfs-Daten verwenden, um einen kryptographischen Schlüssel zu rekonstruieren. Der kryptographische Schlüssel kann z.B. zur Dateiverschlüsselung genutzt werden.
• • Eine Anwendungsmöglichkeit ist insbesondere der Zugang zu einer Service-Funktionalität des IT-Systems (z.B. Steuerungsrechner). Der Wartungstechniker muss dabei einen physikalischen Schlüssel vorweisen, den er z.B. auch zum Betreten eines Trafohäuschens oder zum Öffnen einer Wartungsklappe (Zug, Schaltschrank) benötigt. Durch den Schlüssel wird ein physikalischer Zugangsschutz zu einer Wartungs-Schnittstelle (z.B. RS232, USB, Ethernet) realisiert. Der Wartungstechniker kann nun ein Wartungs-/Diagnosegerät mit der Schnittstelle verbinden. Bevor er auf eine bestimmte Wartungsfunktionalität zugreifen kann, wird seine Berechtigung geprüft, indem er einen physikalischen Schlüssel vorweisen muss, der erfasst wird. Abhängig vom verwendeten physikalischen Schlüssel wird der Zugriff abgewiesen oder gewährt.
• • In einer anderen Variante verwendet der Wartungstechniker eine Funkschnittstelle, z.B. WLAN, Bluetooth, ZigBee o.ä., um auf die Wartungsschnittstelle zuzugreifen. Hier kann er seine Berechtigung mittels eines physikalischen Schlüssels nachweisen. Der Zugriffsschutz ist hiermit auch bei einem drahtlosen Zugriff wirksam, bei dem eine physikalischer Zugangsschutz (z.B. verschließbare Klappe) zur Wartungsschnittstelle nicht greift.

Possible applications are:

• • Security bootstrapping: Initial setup of a cryptographic key between two devices (eg two mobile phones): Both capture the same physical object. By comparing the detected physical PAO object properties, a binding between the devices can be made tamper-proof, eg, the establishment of a cryptographic key. The acquired physical properties are used according to a PIN in a pairing or security bootstrapping.
• Authentication of a user in regular operation (eg when logging on to a web page): A mobile device acquires the physical object and transmits the information via a communication link to a server, which compares the acquired information with stored reference information and grants access with sufficient similarity ,
• • Password Recovery: For a forgotten password, a user can request a new password from a server. In addition or instead of conventional questions may be required to transmit a (current) photo of a mechanical key.
• • A computer collects physical PAO properties and uses this to determine a cryptographic key. He can only use the acquired PAO properties alone, or he can use these with additional stored auxiliary data to reconstruct a cryptographic key. The cryptographic key can be used eg for file encryption.
• • An application option is in particular the access to a service functionality of the IT system (eg control computer). The maintenance technician must present a physical key, which he also requires, for example, to enter a transformer housing or to open a maintenance cover (train, control cabinet). The key realizes physical access protection to a maintenance interface (eg RS232, USB, Ethernet). The maintenance technician can now connect a maintenance / diagnostic device to the interface. Before he can access a specific maintenance functionality, his authorization is checked by showing a physical key that is captured. Depending on the physical key used, access is denied or granted.
• In another variant, the service technician uses a radio interface, eg WLAN, Bluetooth, ZigBee or the like, to access the maintenance interface. Here he can prove his authorization by means of a physical key. The access protection is hereby also effective for a wireless access in which a physical access protection (eg closable flap) does not interfere with the maintenance interface.

An embodiment of the present invention allows a conventional mechanical key 9 can be used to provide authorization information. A mechanical key 9 will be treated carefully anyway. Such a key 9 is already protected by most users. An existing physical key 9 can be used as an existing security infrastructure for IT security purposes.

If the key 9 Both for a physical access control (eg door, maintenance cover), which protects the IT system from unauthorized access is used, so an attacker after breaking the mechanical lock still not or only partially access to IT functionality.

In particular, the physical key can be used to grant access authorization for a wireless maintenance access by means of a mobile device (tablet, PDA, mobile telephone). A physical key that has heretofore been used to prevent access to a wired maintenance interface by a lockable service door may thereby also be used for the protected wireless maintenance access.

Also, the present invention can use a conventional mechanical key to protect a cryptographic key. Two users can safely agree on a cryptographic key if they have identical physical keys.

A reconstruction of a forgotten cryptographic key / password is possible as long as the physical object, ie the mechanical key, is still present.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited non-patent literature

• http://en.wikipedia.org/wiki/Physical_unclonable_function [0007]
• R. Mayrhofer, H. Gellersen: Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices, IEEE Transactions on Mobile Computing, Vol 8, Issue 6, pp. 792-806, June 2009 [0016]
• Leonid Batyuk, Seyit Ahmet Camtepe, Sahin Albayrak: Multi-Device Key Management Using Visual Side Channels in Pervasive Computing Environments, Sictch International Conference on Broadcasting and Wireless Computing, Communication and Applications BWCCA, 2011 [0016]
• M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, E. Uzun: Loud and Clear: Human Verifiable Authentication Based on Audio, ICDCS'06 [0016]
• IEEE 802.11 [0026]
• IEEE 802.11 [0026]
• RFC 4301 [0026]
• RFC 5246 [0026]

Claims (16)

Method for determining IT authorization information ( 11 ) by means of a physical authorization object ( 9 ) comprising the method steps: detecting physical properties ( 12 ) of the physical authorization object ( 9 ) by a measuring device ( 5 . 6 . 7 ); Using the acquired physical properties ( 12 ) as IT authorization information ( 11 ); where the authorization object ( 9 ) a mechanical key ( 9 ). Method according to claim 1, wherein the physical properties ( 12 ) a contour, a weight, a length, a width and / or a surface condition of the authorization object ( 9 ). Method according to one of the preceding claims, wherein the detected physical properties ( 12 ) directly or in derived form as IT authorization information ( 11 ), preferably as an IT security credential such as password, PIN, or cryptographic key. Method according to one of the preceding claims, wherein the physical properties ( 12 ) comprise optically detectable properties. Method according to one of the preceding claims, wherein the physical properties ( 12 ) can be detected with a camera, with ultrasound or by mechanical scanning or by means of a touch-sensitive display or touchpad. Method according to one of the preceding claims, wherein the detected physical properties ( 12 ) are encoded into a digital certificate and, preferably, the digital certificate also encodes IT access permissions. Method according to one of the preceding claims, wherein the authorization information ( 11 ) is digitally coded and preferably comprises more than one bit. Method according to one of the preceding claims, wherein the authorization object ( 9 ) both access to and access to a means of use ( 2 ), whereby the access by means of physical properties of the authorization object ( 9 ) preferably directly by the physical properties ( 12 ) and without the use of IT authorization information ( 11 ) while accessing the means of use ( 2 ) by using the acquired physical properties ( 12 ) as IT authorization information ( 11 ). IT system ( 1 ) for determining IT authorization information ( 11 ) by means of a physical authorization object ( 9 ) comprising: a measuring device ( 5 . 6 . 7 ) which is designed and adapted, physical properties ( 12 ) of the physical authorization object ( 9 ) capture; a use agent ( 2 ) which is designed and adapted, the acquired physical properties ( 12 ) as IT authorization information ( 11 ) to use; where the authorization object ( 9 ) a mechanical key ( 9 ). IT system ( 1 ) for determining IT authorization information ( 11 ), the physical properties ( 12 ) a contour, a weight, a length, a width and / or a surface condition of the authorization object ( 9 ). IT system ( 1 ) according to claim 9 or 10, wherein the detected physical properties ( 12 ) directly or in derived form as IT authorization information ( 11 ), preferably as an IT security credential such as password, PIN, or cryptographic key. IT system ( 1 ) according to any one of claims 9-11, wherein the physical properties ( 12 ) comprise optically detectable properties. IT system ( 1 ) according to any one of claims 9-12, wherein the physical properties ( 12 ) can be detected with a camera, with ultrasound or by mechanical scanning or by means of a touch-sensitive display or touchpad. IT system ( 1 ) according to any one of claims 9-13, wherein the IT system comprises a coding means ( 4 ), which is formed, the detected physical properties ( 12 ) digitally encode, and the means of use ( 2 ) is formed, the digitally coded properties as IT authorization information ( 11 ) to use. IT system ( 1 ) according to claim 14, wherein the coding means ( 4 ) is configured to encode the physical properties into a digital certificate, wherein the digital certificate encodes IT access permissions. IT system ( 1 ) according to any one of claims 9-15, wherein the authorization information ( 11 ) is digitally coded and preferably comprises more than one bit. IT system ( 1 ) according to any one of claims 9-16, wherein the IT system ( 1 ) is designed such that the authorization object ( 9 ) both access to and access to the means of use ( 2 ), with access to the Use agent ( 2 ) preferably by means of physical properties of the authorization object ( 9 ) directly and without the use of IT authorization information ( 11 ) while accessing the means of use ( 2 ) by means of the acquired physical properties ( 12 ) as IT authorization information ( 11 ).

Images