DE10353499A1 - Changing of the performance characteristics of a system software controlled device whereby read-protected activation data are encrypted in an alteration file and then transmitted, decrypted and transferred to security hardware - Google Patents

Abstract

Method for changing the performance characteristics of device controlled using system software that also has allocated security hardware with read-protected activation data. According to the method, the new activation data is encrypted in an alteration file, prior to transfer to the security hardware. The alteration file is remotely transmitted, decrypted and finally transferred to the security hardware.

Description

The The invention relates to a method for changing the features a system software controlled device having a their assigned security hardware with read-protected activation data comprising the system software for accessing the security hardware is set up by obtaining the activation data and the features dependent on the unlock data is set at which the security hardware dependent on the desired changed features equipped with new activation data becomes.

Such a procedure is over DE 198 24 814 A1 already known. In the method described here, the performance features of a program-controlled device are defined by means of a memory chip as security hardware. Upon delivery of the system software controlled device, the security chip is programmed with characteristics and algorithms associated with the customer and the device so that the included system software only runs along with the security hardware and to the extent specified by the clearance data. To change the features according to the previously known method, either the security hardware must be sent to its manufacturer or an authorized Peron with a smart card reader change the activation data on site. However, the necessary person or material transport is costly.

From the DE 43 21 765 A1 For example, a method is known in which the performance characteristics of a device are determined by selecting particular option codes. The device 1 also has a serial number, ie characteristic data, which uniquely identify the device. To change the features of the device, the option codes associated with the individual features are combined with each other and with the characteristics of the device and sent to the manufacturer of the device. The manufacturer then provides the sender, usually the customer, with an encrypted file which he or she enters into the device via an input / output device. The encrypted change file is decrypted by the system software and compared to the originally generated option code. If the comparison leads to a positive result, the features of the device or the software are unlocked. The prior art method has the disadvantage that after the one-off activation of the features no repetitive security check is possible as a result of whether the system software with the enabled features actually still runs on the device which is assigned by means of the identification data of the system software.

task the invention is to improve the method mentioned at the beginning, that a simplified change the features available while providing high protection against unauthorized software duplication is.

The Invention solves this task in that the new unlock data before transfer to the security hardware is encrypted to a change file, the change file remotely transmitted, subsequently decrypts and finally up transfer the security hardware becomes.

According to the invention changed the features using a change file that in a simple way, too size Transferable distance is. To abuse, so changes the system software or the device without the consent of the seller avoid, the change file is encrypted leaving only a select one Group of people, for example a customer as the owner of the system software, is able to change the file to decode and finally to transfer to the security hardware. For encryption can arbitrary cryptographic methods are used. So For example, an asynchronous encryption with a private one as well as a public Key, a so-called RSA encryption or the like provided. Deviating from this are symmetrical encryption method to encrypt the change file uses. Despite this opposite the nearest one Prior art simplified change the performance remains the one described by the writable and / or programmable security hardware granted high security standard across from an unauthorized copy of the system software. The changeable according to the inventive method Features of the device include both characteristics system software as well as hardware component properties the device.

The For example, new unlock data includes a code that includes all of them Performance characteristics desired by a customer. By way of derogation, the new clearance data comprises a code which only corresponds to such features that have not yet been were unlocked.

Here, the system software has a internal logic, with the help of which the old features are additively linked with the new additional features and then transferred to the security hardware.

advantageously, The activation data includes hardware identification data for identification security hardware, with the system software after access on the activation data the hardware characteristics with implemented in it Hardware characteristics and compares by the activation data defined new features depending on the comparison. According to this advantageous development is the security against one unwanted and unauthorized copy of the system software even further elevated. The system software is over the hardware identifier is firmly linked to the security hardware, so that the process of the system software on another programmatically taxed Device that has no or one security hardware with another Hardware characteristics is prevented.

According to one in this regard appropriate development attacks the system software during operating at certain intervals on the safety hardware gaining its hardware credentials and comparing them again on their agreement with the hardware parameters. In this way, removing the Safety hardware even while prevents the system software from running.

According to one Advantageous further development, the encrypted change file on a transportable Remote I / O device and fed from this into the device, the system software the change file decrypts and this afterwards as new unlock data writes to the security hardware or programmed. According to this Advantageous development, it is by no means necessary, the Device directly to a transmission line for transmission the change file to join. The change file can rather, to a receiving location independent of the site of the security hardware are sent, with the transportable input / output device the change file receives at the receiving site, then transferred to the device and after all the change file transfers to the device. So is the receiving site, for example, the site of one Internet server connected client computer, so that the data under Use of the so-called Internet by a seller of Performance characteristics to a buyer of the features can be. For example, the so-called file transfer protocol is suitable for this purpose (FTP).

advantageously, will according to one in this regard expedient embodiment the change file transferred as an attachment to an email. So For example, the e-mail can be sent to the Internet server and / or the Client computer to be sent. Of course, in the context of the invention of Client computer also the input / output device itself and as so-called Laptop be realized.

Conveniently, the activation data are password-protected before a read access protected, which is implemented in the system software. That way is access to the security hardware only via a password possible, which exclusively the Manufacturer of the system software and / or the provider of the security hardware is known.

According to one Advantageous further development is the safety hardware an interface of the device plugged. the interface is for example a parallel interface of the device. A such security hardware is also called a dongle. deviant Of these, the security hardware is firmly anchored in the device, so that a simple removal of the security hardware complicates is. The attachable variant has the advantage that the security hardware or the dongle is not re-delivered when replacing the device, but from the buyer the device only from the old to the new device must be plugged, so that a renewed production of a Dongles is redundant.

Conveniently, have the unlock data at least one auxiliary device identifier on. In this way, the use of a specific accessory is possible. In this development, the device is for example a security-grade reflex camera, the with the help of the release data of the security hardware to the operation is set up with a certain sort of lenses. To the system software accesses the security hardware under recovery the auxiliary device identifier and activates the driver software necessary to operate the attachment dependent on the accessory identifier, wherein the necessary logic implemented in the system software is. Would like to the customer the device with another accessory, for example another extra Lens type, use, so there is the possibility of new unlocking data into the security hardware of the device, wherein the Enrollment data sent to the customer using the encrypted change file become.

Furthermore, it is advantageous that the unlocking data have at least one manufacturer identifier. According to this advantageous further development, it is possible to attach additional devices to the Vorrich tion are mechanically connectable to allow about the activation data or in other words to connect effectively with the device and with the system software, which come only from certain manufacturers. For this purpose, the activation data comprises a manufacturer identification, which is compared to the accessibility of the system software to the security hardware with manufacturer parameters implemented in the system software. Of course, it is also possible to allow certain types or varieties of accessories only from certain manufacturers. For this reason, according to this expedient further development of the invention, the release data comprise both one or more manufacturer identifications and one or more accessory identifiers, wherein the system software compares the manufacturer identification data with manufacturer identification parameters and the accessory identifiers with ancillary device parameters, wherein the manufacturer parameters as well as the accessory parameters are implemented in the system software itself are. If the respective parameters agree with the assigned data, the use of the auxiliary device of a certain manufacturer is made possible.

following become preferred embodiments of the invention.

According to one preferred embodiment the invention is the device for coupling modulated carrier frequencies provided in a high voltage line and is hereinafter referred to as Called Power Line Carrier. For example, the Power Line Carrier placed in Brazil in the neighborhood of a high voltage power line and is controlled by a system software. The features of the Power Line Carriers and system software, for example, are transmitting from four voice frequency channels to a high voltage potential of the high voltage line and providing a synchronous digital interface. The provider of the device as well as the system software is resident in Europe where the device is manufactured and shipped to the customer in Brazil. The system software however, the apparatus is basically arranged to transmit eight voice frequency channels. Furthermore, in addition to a synchronous digital interface and a asynchronous digital interface can be unlocked here also not yet activated.

To suppress the customer's originally undesirable features and to protect the system software against piracy, the device with a security hardware, in this case with a so-called dongle, provided that can be programmed and read only with knowledge of a password. The programming of the dongle was done by the manufacturer of the device during manufacture. The read-protected dongle contains, due to the programming, release data comprising hardware identification data for associating the dongle with a particular system software, such as a serial number, a code representing the combination of particular features, and a device identification number. The release data stored in the dongle have the following structure according to this exemplary embodiment:
030731_1498_7VR531_12345

in this connection the number 030731 corresponds to a date, the number 1498 of the serial number of the Dongles, the number 7VR531 of a device identification number and the Number 12345 of a particular one originally ordered by the customer Combination of features. The system software in which the Serial number of the dongle is firmly implemented, leads one Read access to the dongle with naming of the password by and compares the serial number of the dongle with the one implemented in it Serial number. In case of agreement asks the system software the code for the desired Combination of features. By reading the code 12345 become four voice frequency channels and a synchronous interface enabled, their operation is now supported by the system software. As another security loop compares the system software the device identification number with a manufacturer in her implemented device identification parameters. Only with agreement the device identification number and device parameter is the Operation of the device allows.

Due to an extension of the station control system, the customer now needs a Power Line Carrier in Brazil, which is able to unlock eight voice channels as well as an additional asynchronous digital interface. For this purpose, the customer requests these additional features with an arbitrarily designed in its shape order from the manufacturer in Europe. The manufacturer produces a code in Europe according to the following example
040401_1498_7VR531_67890

Here, 040401 corresponds to the date of order of the release data, namely the 1st April 2004. The serial number of the dongle 1498 has of course not changed in comparison to the originally filed with the customer activation data. The device ID 7VR531 remains identical. The number 67890, however, corresponds to a new combination of features and here the unlocking of eight voice channels, a synchronous and an asynchronous digital interface of the power line carrier. The above code is encrypted by the manufacturer with the help of a public key of the customer, whereby only the customer has a so-called private key with which only a decryption of the encrypted change file is possible. The encrypted file is stored by the manufacturer on an Internet server, to which the customer has access. The customer loads from Brazil the change file from the Internet server to an available input / output device. After the input / output device has been connected to the Power Line Carrier, the encrypted change file is transferred to the Power Line Carrier, whose system software is able to decrypt the encrypted file using the private key and the decrypted data using the password to transfer to the dongle. If the system software is queried again, the Power Line Carrier is extended by four additional voice frequency channels and an asynchronous digital interface.

at In a different example, the number 67890 corresponds only a code for four additional voice channels also for a digital asynchronous interface. After dubbing on the Power Line Carrier, the system software decrypts the change file, connected the previous four language channels and the synchronous interface additively with the additional ones four voice channels and the asynchronous interface set and write the sum of these Features in the memory area of the dongle.

at In a different example, the device is an SLR camera, which is controlled by a camera software. The device has a security hardware, which realizes here again as a dongle is. The camera software accesses the dongle under extraction the release date. The release data has a serial number next to it of the dongle as a hardware identifier, a customer reference number as Manufacturer ID and a date an accessory or type identifier, which corresponds to wide-angle lenses here. The customer now wants the camera in addition to wide-angle lenses synonymous with the telephoto lenses use. To do this, he orders an encrypted change file, which is a new one Date, same dongle serial number, same customer reference number, the same type identifier for Wide-angle lenses and above addition, a type identifier for Includes telephoto lenses. The encrypted change file becomes the customer sent by the manufacturer as an attachment to an email to his email account. Of the Customer connects the camera to his computer, which now serves as an input / output device and dubbed the encrypted change file on the camera whose camera software decrypts the encrypted change file and using the password to the dongle of the camera transmits. by virtue of the unlocked features, the camera is now with Wide-angle lenses as well as with telephoto lenses usable.

at Another example is the device as a SLR camera realized by a manufacturer A. The SLR camera has a Dongle with activation data for All lenses of a particular manufacturer. The customer wants now The SLR also with lenses from another manufacturer use. To do this, he orders a change file containing a manufacturer ID and according to the preceding Procedures on the SLR camera dubbed, decrypted and transferred to the programmable memory area of the dongle becomes.

deviant it is also possible only specific or even a lens with specific serial numbers unlock the use of the camera with only one assigned Lens to enable. In this embodiment the lens itself has a security hardware, but the read-protected from the system software of the SLR camera is readable. Of the However, dongle of the lens need not be rewritten and is therefore not writable.

Claims (8)

A method of modifying the performance of a system software controlled device having security data associated therewith with read-enabled enablement data, wherein the system software is configured to access the security hardware to obtain the enablement data and the performance characteristics are determined in dependence on the enablement data at which the security hardware is equipped with new unlock data depending on desired changed features, characterized in that the new unlock data is encrypted before transmission to the security hardware to a change file, remotely transfer the change file, then decrypted and finally transferred to the security hardware. Method according to claim 1, characterized in that that the activation data hardware identification data for identifying the Security hardware, the system software after the Access to the activation data the characteristics with implemented in it Kennparametern compares and the enrollment data set new Features in dependence of the comparison releases. A method according to claim 1 or 2, characterized in that the encrypted change file is remotely transmitted to a portable input / output device and fed by the latter into the device, wherein the system software decrypts the change file and this then as a new unlock data on the security hardware writes or programs. Method according to one of the preceding claims, characterized marked that the change file transferred as an attachment to an email becomes. Method according to one of the preceding claims, characterized characterized in that the unlock data by a password protected for read access which is implemented in the system software. Method according to one of the preceding claims, characterized characterized in that the security hardware on an interface the device is attached. Method according to one of the preceding claims, characterized characterized in that the unlocking data comprise at least one auxiliary device identifier. Method according to one of the preceding claims, characterized characterized in that the unlocking data at least one manufacturer identifier exhibit.