EP1997082A1 - Verfahren und apparatur zur sicheren verarbeitung von schützenswerten informationen - Google Patents

Verfahren und apparatur zur sicheren verarbeitung von schützenswerten informationen

Info

Publication number
EP1997082A1
EP1997082A1 EP07711693A EP07711693A EP1997082A1 EP 1997082 A1 EP1997082 A1 EP 1997082A1 EP 07711693 A EP07711693 A EP 07711693A EP 07711693 A EP07711693 A EP 07711693A EP 1997082 A1 EP1997082 A1 EP 1997082A1
Authority
EP
European Patent Office
Prior art keywords
information
stored
key
certificate
memory unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07711693A
Other languages
German (de)
English (en)
French (fr)
Inventor
Stephan Völkening
Hardy Jüngermann
Torsten Hupe
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bayer Innovation GmbH
Original Assignee
Bayer Innovation GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bayer Innovation GmbH filed Critical Bayer Innovation GmbH
Publication of EP1997082A1 publication Critical patent/EP1997082A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification

Definitions

  • the present invention relates to a system and a method for the secure processing of information, in particular sensitive information, the use of the system and the method according to the corresponding preambles of claims 1, 12, 13, 14.
  • Access control devices such as ATMs are known, for example, which permit access or access only via authentication, for example by means of magnetic stripe cards or chip or smart cards, in some cases also in combination with a PIN.
  • Protective information is stored on the cards which, in order to protect against unauthorized use, requires the retrieval of further information (e.g., PIN).
  • PIN further information
  • For magnetic stripe cards or chip cards for electronic money encrypted data is stored.
  • passive cards such as the magnetic stripe card, the decryption of this data is done externally, that is in a separate reading unit.
  • a processor is integrated into the card like a chip. In this case, a decryption of information on the chip can be made.
  • access to the chip is e.g. controlled by a PIN or the query of a biometric feature.
  • Magnetic as well as smart cards have the disadvantage that they are easily susceptible to damage, - contamination or other impairments, for example by mechanical or electromagnetic influences.
  • magnetic as well as smart cards on a limited storage volume, which is very low due to the predetermined dimensions for the cards.
  • Chip cards have a higher storage capacity compared to the magnetic stripe card and they are also safer against manipulation and copying.
  • the object of the invention is to provide a system and / or method for the secure transmission of sensitive information, which in a wide range of applications and for various uses can be used and in particular is easy to use for the general public.
  • Another object is to provide a reliable system and / or method for the secure transmission of sensitive information that can reliably transmit a large amount of data, and avoid unauthorized use or use, reliably and with little trouble.
  • a system for the secure processing of information, in particular sensitive information, by means of a signature and / or encryption principle at least comprises: a first mobile, passive storage unit, for retrievably storing first information, a processing device adapted to cooperate with the first memory unit to process information comprising: a decryption-proof second memory unit for retrievably storing second information corresponding to the first information, a computing unit for processing, preferably for cryptographically processing the information, an information transmission unit for transmitting the information of the first and / or the second storage unit to the computer unit.
  • processing is generally understood to mean the processing according to the EVA (S) principle - input, processing, output (storage) principle. More generally one can also speak of handling the information.
  • information is understood to mean all information, but especially the information that must be protected against unauthorized access, that is to say generally sensitive and / or confidential information, such as, for example, personal data comprising diagnosed clinical pictures, therapies, financial data such as bank details, and the like.
  • a signature and / or encryption principle is provided for processing.
  • the system or apparatus for processing the information includes at least a first, mobile storage unit for retrievably storing first information.
  • the first storage unit is corresponding object or person bound and is of the object or managed and stored by the person.
  • the first storage unit is designed to be mobile, so that it can be moved with the object or the person.
  • On the mobile first storage unit data or information is stored, which can be read out from an appropriate device if necessary.
  • the information includes, for example, an electronic key, such as a private key of a key pair and / or a signature or electronic signature.
  • the information may contain data that must be protected from access by other persons or kept inaccessible. These may be, for example, bank account data, patient data, identity data and the like. This information is preferably encrypted and / or signed with a corresponding key.
  • a processing device is provided in the system.
  • the processing device interacts with the first storage unit in such a way that the confidential information can be read out or stored on the first storage unit by means of the processing device.
  • the processing device comprises at least one second storage unit.
  • the second memory unit is preferably designed to be secure against decryption. This may be realized by physical protection such as closed, unauthorized inaccessible enclosures, and / or other protection devices such as privacy.
  • the second storage unit On the second storage unit second information is stored, which is not available from the outside.
  • the second information in particular second sensitive and / or confidential information, correspond to the first information of the first memory unit.
  • the second information may comprise a counterkey corresponding to the key of the first memory unit, for example to form a key pair.
  • relevant data for authentication corresponding to the data of the first memory unit can be stored on the second memory unit.
  • the processing device comprises a computer unit for processing, in particular cryptographic processing, the information.
  • This computer unit processes the at least partially encrypted and / or signed data, so that a transaction which may only be carried out by the carrier of the first memory unit can be carried out.
  • an information transmission unit is further provided. With this, the corresponding information can be transmitted securely. It is also preferred that at least one of the storage units is designed as a non-electronic storage unit on which and / or from which the confidential information, in particular the first information, can be stored and / or retrieved electronically.
  • Non-electronic storage devices include, for example, magnetic or optical storage devices.
  • At least one of the storage units is designed as an optical storage unit comprising the group of photoaddressable polymers as a storage medium on which and / or from which the confidential information, in particular the first information, can be optically stored and / or retrieved.
  • the photoaddressable polymers form a class of materials which are characterized in that a direct birefringence can be registered in the material by means of light ⁇ Polymers as Electrooptical and Photooptical Active Media, V.P. Shibaev (ed.), Springer Verlag, New York 1995; Natansohn et al, Chem. Mater. 1993, 403-411).
  • Examples of these photoaddressable polymers are polymers with azobenzene-functionalized side chains, e.g. in US Pat. No. 5,173,381.
  • optical storage By means of the optical storage of information, these can be safely protected from external influences and arranged in a high amount in the smallest space.
  • the optically stored information is safely stored against influences such as magnetic fields or electrical influences.
  • the optical storage results in an optimum capacity-memory size ratio.
  • the optical storage units are more economical to manufacture than e.g. electronic storage devices, such as chips. Therefore, there is also an optimal capacity-cost ratio for optical storage.
  • At least one of the memory units is in the form of a card selected from the group of chip, memory, smart cards.
  • the training as a card enables an easy-to-use and mobile execution of the memory.
  • the card preferably has the same dimensions as other cards in daily use, for example credit cards and the like. This form of card allows for easy storage of the mobile storage, for example, in purses and the like, without the need to re-create special storage units.
  • the card therefore preferably has the format ID-I, which is also defined in the standard ISO / IEC 7810. This format is preferably also with common readers and the like usable.
  • At least one of the storage units has a storage capacity of preferably more than 0.5 MB, more preferably more than 1.0 MB, and most preferably of more than 1.5 MB.
  • Traditional memory like Magnetic strips, chips and the like have smaller memories which can store only a very limited amount of information. Thus, only a small amount of information can be stored. Larger information can not be stored.
  • the preferred storage capacity according to the invention it is now also possible to store larger amounts of data, and in some cases also encode them more expensively.
  • the storage medium which is used to form the storage unit, in particular the first mobile storage unit is formed as a polymer, in particular as a polymer from the group of photoaddressable polymers.
  • information can be stored holographically on the mobile memory, particularly preferably as one or more polarization holograms.
  • holographic storage of information effective and improved protection of the information against unauthorized handling of other persons, such as copying or other manipulation, is given.
  • Holographic storage is an analog storage method, i. Information is available in analog form on the first mobile storage.
  • the information worth protecting that is stored on the first mobile memory is preferably in digital form prior to storage on the mobile memory and / or after reading from the mobile memory.
  • They are preferably encrypted prior to storage on the mobile memory and / or after reading from the mobile memory and / or they are signed.
  • a preferred embodiment provides that at least one of the storage units, preferably the second storage unit, is designed as a digital storage unit on which and / or from which the information can be digitally stored and / or retrieved.
  • the information is stored not least for reasons of space, preferably digitally on the corresponding memory unit, in particular the second memory unit.
  • the digital confidential information is preferably digitally encrypted and / or signed. In the case in which the information worth protecting is signed, the signature is preferably stored on the storage unit together with the information worth protecting.
  • at least one of the storage units, preferably the second storage unit is embodied as an encryptable storage unit on which and / or from which the first confidential information can be stored and / or retrieved in encrypted form.
  • the corresponding memory unit is preferably designed as passive memory.
  • the mobile storage unit stores a lot of information.
  • the passive memory unit therefore has no areas in which active calculation, processing, decryption etc. of the information is carried out by means of appropriate algorithms.
  • the second storage unit is an active storage unit.
  • the mobile memory unit is designed as an active memory (chip card) or the mobile memory unit has a very small, non-secure memory (magnetic stripe card).
  • the first mobile memory as a passive, secure memory with a high storage capacity and the formation of the second memory as an active memory or active storage unit so that a secure, robust and cost-effective system is created.
  • the second storage unit is an electronic storage unit on which and / or from which the second information can be electronically stored and / or retrieved.
  • the valuable information and the algorithms preferably electronically and a corresponding communication with computer units can be easily realized without interposing example, analog / digital converter.
  • the first memory is formed as an optical memory, that is, as a passive memory, and the second memory as an electronic memory.
  • a card with a corresponding second memory is also referred to as an active memory card, since the second memory is coupled in conjunction with a computing unit.
  • the information is therefore stored optically, preferably holographically, on the first memory.
  • the data In order to transmit the data to the second, electronic storage unit by means of an information transfer unit, the data must now be brought from the analog state into the electronic or digital state.
  • a light source in combination with a camera is used as information transmission unit.
  • the hologram on the first storage unit is illuminated with the light source. Due to the diffraction of the light beam on the hologram, an image of the stored information is generated. This generated image containing the information worth protecting is detected by the camera and thus imaged there.
  • the camera now generates from the optical signals electronic or digital signals corresponding to the second memory unit.
  • the second memory is in communication with a first computer unit. Only this first computer unit has access to the information on the second memory. There are no possibilities to read and / or manipulate the information stored on the second memory from outside by unauthorized persons. Only the first computer unit can communicate with the second memory unit in such a way that data is transmitted between the two.
  • the first computer unit has cryptographic functions with which information is encrypted, decrypted or even signed.
  • the functions also include the possibility of creating and / or checking a signature.
  • the second storage unit is secured against unauthorized access
  • the first arithmetic unit is also protected against unauthorized access.
  • the computer unit, the second memory unit and an information transmission unit are designed for data exchange between the computer unit and the second memory in a unit or device. This unit can then exchange the information between the first and second memory.
  • the computer unit is integrated into the second memory unit in the manner of a smart or chip card.
  • the unit of computer unit and memory unit is preferably provided with a certificate, for example according to the "Common Criteria", in particular an EAL 4+ or higher is achieved in this case.
  • the information transmission unit between the mobile first memory and the second memory is designed as an optical information transmission unit in order to transmit information via at least one beam path.
  • the computer unit has at least one transmission channel via which information can be transmitted to and / or from further computer units.
  • a transmission channel is preferably designed as a secured channel.
  • a secured channel may be an encrypted channel (logical protection); but it can also be a channel in which unauthorized persons can not attack from the outside, since they are e.g. is in a guarded environment or is inaccessible (physical protection).
  • the information transmission unit may preferably be designed as a writing and / or reading unit.
  • the optical information transmission unit is designed to emit polarized light comprising the group of lasers in order to transmit information optically by means of at least one beam.
  • a third memory unit for storing third information corresponding to the first and / or second information.
  • a further security query can also be realized, for example in the form of a retinal scan, entry of a PIN, acquisition of further biometric data, such as a fingerprint, and the like.
  • a key management unit is provided for managing a plurality of keys and / or signatures.
  • the invention further includes the technical teaching that a method for secure cryptographic processing, handling and / or transmitting information is provided, comprising the steps of reading and / or storing first encrypted information on a first passive mobile memory , Reading and / or storing second information corresponding to the first information, transmitting the first encrypted information to a computer unit, transmitting the second information to a computer unit, cryptographically processing the first information using the second information in the computer unit, the step reading and / or storing first information and / or performing the step of transmitting the first information at least partially in a non-electronic manner.
  • the inventive method for processing confidential information comprises in particular the steps described below.
  • Information in particular information requiring protection, which has previously been stored on a mobile memory, is transmitted from the first mobile memory to the first computer unit with the aid of an information transmission unit. If the information is digitally encrypted, it is decrypted using the first computer unit and the information stored on the second memory, for example cryptographic keys. If the information is signed, this signature is checked accordingly.
  • the information on the first mobile memory is encrypted by a symmetric encryption system. For this purpose, for example, an encryption method of the type of AES or the like can be used.
  • the signature a standard procedure for electronic encryption is preferably used. For this example, a method according to type of RSA or ECDSA (elliptic curve digital signature algorithm) can be used.
  • the step "reading and / or storing first information" and / or the step “transmitting the first information” are carried out optically. In this way, a transmission optimized in terms of transmission speed and data security can be realized.
  • At least one of the steps of the method according to the invention is carried out digitally.
  • Digital processing has the advantage of easy processing by means of computers or computers without requiring an A / D converter. Thus, a simpler structure and a simpler method can be realized.
  • At least one of the steps of "reading and / or storing" and / or “transmitting” is carried out encrypted. This ensures a high level of data security. Encryption ensures the highest level of data security, especially in the case of optical digital processing, so that even very confidential information can be processed with this method. Overall, a very high security level of data security can be achieved with this method.
  • the first information is preferably present in an optically transferable form.
  • the "read and / or store step" and / or “second information transfer” be carried out electronically.
  • the second information which are already secured against unauthorized access, and are generally not stored on a mobile storage unit, can be easily processed by computer units.
  • memories and / or processing media which are already known from the prior art and which are each adapted to the corresponding application according to the present invention.
  • the step "read and / or store” further comprises the step "reading and / or storing signature and / or key data".
  • the signature and / or the key data can be stored on the various storage units, for example on the mobile storage unit. If the data is stored holographically, a high standard of security can be achieved which makes the reading of the signature and / or the key at least virtually impossible.
  • the confidential information when the confidential information is read as a hologram comprising polarization holograms and / or stored, they are optimally protected against unwanted or unwanted access, since in particular holograms can hardly or not easily be read by third parties.
  • storage as a hologram also provides effective protection against manipulation and / or copying.
  • Key management is part of the present invention.
  • keys and certificates are defined, selected and / or derived and assigned to the various components of the system in such a way that secure processing of, in particular, information worthy of protection is ensured.
  • Key management also ensures that components can be removed from the system and / or integrated into the system without the need for a complete exchange of keys and / or certificates.
  • a group of components is first defined, all of which belong to one system.
  • Each system has a plurality of mobile memories and at least one or more read / write devices for these mobile memories.
  • the read / write devices each include at least one memory in the form of the second memory already described, in conjunction with a computing unit.
  • employee badges and readers are components that belong to a system.
  • the bank cards and the read / write devices are components that belong to a system.
  • the system also has a global certificate ⁇ TC>, which was issued by a trust center (TC), for example.
  • the certificate ⁇ TC> has a secret key t.
  • the global certificate is also stored in the second memory (of each system read / write device).
  • S: Sig (m, k,) signed.
  • the signature S is stored together with the certificate on the mobile memory.
  • the data m, the signature S and the certificate ⁇ ID> t are transmitted from the mobile memory to the first processor using the information transfer unit.
  • the certificate ⁇ ID> t is verified. Then the signature S is verified with the certificate ⁇ ID> t . If all verifications succeed, the signature is accepted.
  • the higher-level unit directly signs the data m with the aid of the secret key t.
  • the higher-level unit first checks whether the information to be stored on the mobile memory really belongs to this.
  • the superordinate organization checks whether the biometric data (information m) to be stored on the identity card (mobile storage) actually belongs to the cardholder and signs the correctness.
  • the signature S is stored together with the data m on the mobile memory. It can be verified by using ⁇ TC>.
  • the first computer unit is connected to further computer units via transmission channels. Then it is of particular interest that these additional computer units are involved in the secure transmission of sensitive information.
  • further computer units belong to the system, which should be referred to as higher-level devices.
  • a group certificate ⁇ G> exists with the corresponding secret key g.
  • the group certificate ⁇ G> is stored in every device belonging to the system.
  • Each device with the identity number ID j has a certificate ⁇ ID (, A> that is signed g with the secret key, it contains attributes A;., Can provide information on the type of device (eg biometric acquisition system, database, etc.
  • Two devices communicating with each other over an encrypted channel exchange their certificates, verifying the signature of the ⁇ ID i5 A> certificate by using ⁇ G> and verifying the attributes, only if the verification of the signatures proceeds without errors a secure transmission path established between the devices.
  • the certificate ⁇ ID ( , A> with a limited validity period, for example, the certificate can be introduced into the devices in the form of a smart card so that there is an easy way of exchange.
  • Each device contains a list (CRL) of revoked certificates.
  • These certificates can be group or device certificates. In the case of a group certificate, entire groups of devices are blocked; in the case of device certificates, individual devices are blocked.
  • Such a revocation list with revoked devices must be loaded into each device.
  • the revocation list is signed with a global certificate, eg with the above-introduced certificate ⁇ TC>.
  • the block list is then loaded into the devices together with the signature Sig (CRL, t). This allows devices that eg _ _
  • the block list can also be updated or queried by querying a central server. It is checked on the server whether there is an entry for the certificate currently being tested.
  • Access control systems access control systems, ATM systems,
  • Identification system system for managing medical data (e.g., health card).
  • medical data e.g., health card
  • FIG. 1 shows schematically a system according to the invention for processing information by means of a signature and / or encryption principle.
  • FIG. 1 schematically shows a system 1 according to the invention for processing information, in particular sensitive information, according to the present invention.
  • the system 1 comprises a memory unit 2, which in the present case is designed as a mobile memory unit and is designed in particular as a mobile, passive memory unit.
  • the memory unit can be designed in any desired form, but in the present case is designed as a memory card, which is also shown symbolically in the corresponding box.
  • the memory unit 2 is presently designed to store information or data optically.
  • the information to be stored is confidential or sensitive information, which in particular includes biometric data and / or signature data including error correction data.
  • the data are stored on the memory unit 2 holographically and / or digitally encrypted.
  • the system 1 further comprises a processing device 3, which is shown schematically by a dashed line.
  • the processing device 3 is designed so that it can cooperate with the memory unit 2, in particular the memory unit 2 can read and / or describe.
  • the processing device 3 comprises a first information transmission unit 4, which in the present case comprises a sensor unit (camera) 4a, which is suitable for signal processing.
  • the information transmission unit generally comprises all transmission means between different units, components and the like. As the corresponding arrows to the first information transmission unit 4 a or schematically indicate, the first information transmission unit 4 and the sensor unit 4 a serves for transmitting information.
  • the system 1 comprises a computer unit 5 for the cryptographic processing of information.
  • the data or information is transmitted from the sensor unit 4a or, more generally, from the first information transmission unit 4 to the computer unit 5 or away from it.
  • the system 1 also comprises a second memory unit 6.
  • the second memory unit 6 is designed to be secure against decryption and serves for the retrievable storage of second information corresponding to the first information.
  • these are further security-relevant data which, together with the first information, allow access or access.
  • the second memory unit comprises an area 6a in which the corresponding keys for decrypting information worth protecting are stored. Further data that can be retrieved in the area can be data for decryption, signature, MAC (Message Authentication Code) or in the other direction, for example for encryption or authentication.
  • MAC Message Authentication Code
  • the corresponding data which correspond to the data read in by the first memory unit 2, are transmitted from the second memory unit 6 or 6a into the computer unit 5 via a secure second information transmission unit 7.
  • the information transmission unit 7 is designed such that it has effective protection mechanisms against attackers, so that interception of the communication and / or manipulation of the exchanged information is not possible.
  • the computer unit 5 is embodied in FIG. 1 by way of example consisting of two modules 5 a and 5 b.
  • Module 5a performs the cryptographic calculations, while module 5b controls the entire process and is responsible for communication with other connected components (8, 9).
  • the system 1 sees an external communication with the provided carrier of the mobile storage unit 2 before.
  • the system in the processing device interfaces 8 for external communication.
  • a first interface 8a is used for the output or display of prompts or questions which serve to verify the carrier.
  • This first interface 8a is designed here as a display or display.
  • the display indicates the prompt to enter a personal identification number (PIN).
  • PIN personal identification number
  • a second interface 8b is used to input information by the user of the processing device 3.
  • This second interface 8b is presently implemented as a number input with the possibility of input control by cursor movement.
  • the user of the processing device 3 can input control parameters or personal data, for example a PIN.
  • the first interface 8a is unidirectionally connected to the computer unit 5, more precisely to the second module 5b, via a secure second information transmission unit 7, the direction being directed from the second module to the first interface 8a.
  • the second interface 8b is unidirectionally connected to the computer unit 5, more precisely to the second module 5b, via a secure information transmission unit 7, the direction being directed from the second interface 8b to the second module 5b.
  • the system 1 illustrated in FIG. 1 comprises not only the mobile memory unit 2 and the processing unit 3, which form the core of the system, but also further peripherals 9 or connection systems with which data or information can be exchanged via corresponding connections.
  • this periphery 9 can serve a first connection system 9a for the biometric detection and for the comparison of the information.
  • the second module 5b is bidirectionally connected to the first connection system 9a in order to transmit control signals.
  • the second module 5b is bidirectionally connected to the first connection system 9a via a secure connection to transmit biometric data and to return the result of a verification.
  • a secure connection is an inaccessible connection for an attacker.
  • the first attachment system 9a may be, for example, a retinal scan device or any other device for acquiring biometric data such as fingerprint, retinal pattern, voice, and the like.
  • the periphery 9 may comprise a second connection system 9b.
  • This second connection system 9b may be a database comprising, for example, a computer network or simply a server. In the database, corresponding information can be stored, which the user can retrieve after verification.
  • the second connection system 9b is over a secure or simple connection to the processing device 3, more specifically to the second module 5, connected and it will be transmitted between these data or information M. In the case of exchanging sensitive information, the connection is executed as a secure, second information transmission unit 7. When uncritical information is exchanged, a simple, first information transmission unit 4 can be selected.
  • the periphery 9 may include a third connection system 9c.
  • the third connection system 9c can be designed as an access, for example a door lock, which grants access after verification or authentication of the information or the user.
  • the third connection system 9c is connected to the computer unit 5 via a bidirectional connection. In order to prevent an attacker from sending external signals to the access system 9c designed to access the access, the connection system 9c is preferably connected to the computer unit 5 via a secure connection 7.
  • the periphery 9 may comprise a fourth connection system 9d.
  • the fourth connection system 9d can, for example, be a time processing device which, for example, grants time recording or limited access.
  • the fourth connection system 9d is bidirectionally connected via a secure connection to the computer unit 5 and, inter alia, time information is transmitted.
  • connection is executed as a secure connection or second information transmission unit 7.
  • second information transmission unit 7 When exchanging uncritical information, a simple connection or first information transmission unit 4 can be selected.
  • the periphery 9 can generally detect only one of the connection systems 9a to 9d or any combination of connection systems.

Landscapes

  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)
EP07711693A 2006-03-11 2007-02-27 Verfahren und apparatur zur sicheren verarbeitung von schützenswerten informationen Withdrawn EP1997082A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006011402A DE102006011402A1 (de) 2006-03-11 2006-03-11 Verfahren und Apparatur zur sicheren Verarbeitung von schützenswerten Informationen
PCT/EP2007/001677 WO2007104423A1 (de) 2006-03-11 2007-02-27 Verfahren und apparatur zur sicheren verarbeitung von schützenswerten informationen

Publications (1)

Publication Number Publication Date
EP1997082A1 true EP1997082A1 (de) 2008-12-03

Family

ID=38068550

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07711693A Withdrawn EP1997082A1 (de) 2006-03-11 2007-02-27 Verfahren und apparatur zur sicheren verarbeitung von schützenswerten informationen

Country Status (11)

Country Link
US (1) US8266447B2 (zh)
EP (1) EP1997082A1 (zh)
JP (1) JP5064417B2 (zh)
AU (1) AU2007224797B2 (zh)
CA (1) CA2645157A1 (zh)
DE (1) DE102006011402A1 (zh)
IL (1) IL193251A (zh)
NO (1) NO20084261L (zh)
RU (1) RU2449377C2 (zh)
TW (1) TW200805204A (zh)
WO (1) WO2007104423A1 (zh)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104619595B (zh) 2012-07-05 2017-08-22 P.C.O.A.设备有限公司 药物分配器
AU2013298086B2 (en) 2012-07-30 2017-07-20 P.C.O.A. Devices Ltd A receptacle for containing and dispensing solid medicinal pills
IL233295B (en) 2014-06-22 2019-11-28 Ilan Paz A control pill dispensing system
IL238387B (en) 2015-04-20 2019-01-31 Paz Ilan Drug dispenser release mechanism
CN115350095A (zh) 2015-10-15 2022-11-18 东森塔克斯公司 基于图像识别的剂型分配器
WO2017077529A1 (en) 2015-11-02 2017-05-11 P.C.O.A. Lockable advanceable oral dosage form dispenser containers
MD4511C1 (ro) * 2016-04-20 2018-03-31 Анатолий БАЛАБАНОВ Dispozitiv şi procedeu de protecţie criptografică a informaţiei binare (variante)
RU2720320C1 (ru) * 2019-10-22 2020-04-28 Акционерное общество "Актив-софт" (АО "Актив-софт") Способ доверенного хранения на смарт-карте списка отозванных сертификатов (crl)

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6084686A (ja) * 1983-10-17 1985-05-14 Toshiba Corp 情報記録媒体の記録方式
JPH0762862B2 (ja) * 1985-09-17 1995-07-05 カシオ計算機株式会社 Icカ−ドシステムにおける認証方式
US5173381A (en) * 1991-08-05 1992-12-22 Queen's University Azo polymers for reversible optical storage
US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
DE19535019A1 (de) * 1995-09-21 1997-03-27 Cardtec Entwicklungs Und Vertr Magnetisches Speichermedium mit verschlüsselten Rohdaten
JPH09114944A (ja) * 1995-10-19 1997-05-02 Nippon Conlux Co Ltd カード及びその処理装置
JPH09282433A (ja) * 1996-04-12 1997-10-31 Nhk Spring Co Ltd セキュリティシステム
WO1999019846A2 (en) * 1997-10-14 1999-04-22 Visa International Service Association Personalization of smart cards
US6829711B1 (en) * 1999-01-26 2004-12-07 International Business Machines Corporation Personal website for electronic commerce on a smart java card with multiple security check points
JP2001092787A (ja) * 1999-09-27 2001-04-06 Ntt Data Corp カード認証システム、カード媒体及びカード認証方法
HUP0000518D0 (en) 2000-02-04 2000-04-28 Method of placing data signals onto a carrier; method and apparatus for the holographic recording and read-out of data
EP1161055B1 (en) * 2000-02-29 2006-05-03 International Business Machines Corporation System and method of associating devices to secure commercial transactions performed over the internet
US6871278B1 (en) * 2000-07-06 2005-03-22 Lasercard Corporation Secure transactions with passive storage media
DE10037176C2 (de) 2000-07-31 2002-10-17 Orga Kartensysteme Gmbh Datenträger mit verschlüsselten personalisierten Daten
US6968453B2 (en) 2001-01-17 2005-11-22 International Business Machines Corporation Secure integrated device with secure, dynamically-selectable capabilities
US20040019564A1 (en) * 2002-07-26 2004-01-29 Scott Goldthwaite System and method for payment transaction authentication
US20040128256A1 (en) * 2002-12-04 2004-07-01 Krouse Wayne F. Remote location credit card transaction system with card present security system
JP4536330B2 (ja) 2003-03-06 2010-09-01 ソニー株式会社 データ処理装置、および、その方法
US20050005108A1 (en) * 2003-05-13 2005-01-06 Bsi2000, Inc. Cryptographically secure transactions with optical cards
US7013365B2 (en) * 2003-06-16 2006-03-14 Michael Arnouse System of secure personal identification, information processing, and precise point of contact location and timing
US20050269410A1 (en) * 2004-06-04 2005-12-08 Bsi2000, Inc. Authentication of optical cards
WO2006039771A1 (en) * 2004-10-12 2006-04-20 Bce Inc. System and method for access control
RU49311U1 (ru) * 2005-06-10 2005-11-10 Мосиенко Сергей Александрович Устройство для хранения и передачи электронной паспортно-визовой информации (варианты)
RU50065U1 (ru) * 2005-07-05 2005-12-10 Закрытое акционерное общество "РИМКО-XXI" Считыватель идентификационных данных паспортно-визовых документов (варианты)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2007104423A1 *

Also Published As

Publication number Publication date
IL193251A0 (en) 2009-02-11
US8266447B2 (en) 2012-09-11
WO2007104423A1 (de) 2007-09-20
RU2008140114A (ru) 2010-04-20
AU2007224797B2 (en) 2012-03-29
JP5064417B2 (ja) 2012-10-31
DE102006011402A1 (de) 2007-09-13
AU2007224797A1 (en) 2007-09-20
IL193251A (en) 2013-02-28
NO20084261L (no) 2008-10-10
CA2645157A1 (en) 2007-09-20
JP2009529738A (ja) 2009-08-20
US20090254758A1 (en) 2009-10-08
TW200805204A (en) 2008-01-16
RU2449377C2 (ru) 2012-04-27

Similar Documents

Publication Publication Date Title
DE60117598T2 (de) Sichere transaktionen mit passiven speichermedien
EP2454704B1 (de) Verfahren zum lesen von attributen aus einem id-token
DE69627270T2 (de) Sicherheitssystem zum Schutz von Informationen auf Speichermedien
DE69835764T2 (de) Biometrisches system und darauf anwendbare technik
WO2007104423A1 (de) Verfahren und apparatur zur sicheren verarbeitung von schützenswerten informationen
EP1010136B1 (de) Verfahren zur echtheitsprüfung eines datenträgers
DE3103514A1 (de) Verfahren und vorrichtung zum steuern einer gesicherten transaktion
DE19629856A1 (de) Verfahren und System zum sicheren Übertragen und Speichern von schützbaren Informationen
EP1188151B1 (de) Einrichtungen und verfahren zur biometrischen authentisierung
EP1706957B1 (de) Biometrische authentisierung
DE19542910A1 (de) Verfahren und Vorrichtung zum Schutz gespeicherter Daten
DE10353853A1 (de) Autorisierung einer Transaktion
DE19718547C2 (de) System zum gesicherten Lesen und Ändern von Daten auf intelligenten Datenträgern
EP1784756B1 (de) Verfahren und sicherheitssystem zur sicheren und eindeutigen kodierung eines sicherheitsmoduls
EP2364491A1 (de) Identifikationsmerkmal
EP4179488A1 (de) Herausgabeinstanz und verfahren zum herausgeben von elektronischen münzdatensätzen sowie bezahlsystem
DE19806295A1 (de) Zugangsberechtigungs- oder Identifikationsmedium und Verfahren zu seiner Herstellung
DE10259270A1 (de) Personalisierung von Sicherheitsmoduln
DE102009008184B4 (de) Prüfen einer Authentisierung eines Besitzers eines portablen Datenträgers
DE102016110274B4 (de) Verfahren für ein biometrisch basiertes Auslösen einer Nutzaktion mittels einem Nutzer zugeordneten ID-Tokens
DE10328792A1 (de) Fälschungssicheres Dokument und Verfahren zu seiner Herstellung
DE10207056A1 (de) Verfahren zum Nachweis der Berechtigung einer Person zur Nutzung eines tragbaren Datenträgers
DE10059066A1 (de) Vorrichtung zum digitalen Signieren von in digitaler Form vorliegender Information
EP2234030A2 (de) Chipkarte, Computersystem, Verfahren zur Aktivierung einer Chipkarte und Verfahren zur Personalisierung einer Chipkarte
WO1991011794A1 (de) Anlage zur sicherung von daten in einem datenverarbeitungsgerät

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20081013

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: BAYER INNOVATION GMBH

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20150901