EP2044547A1 - Procédé de production de données d'accès pour un appareil médical - Google Patents

Procédé de production de données d'accès pour un appareil médical

Info

Publication number
EP2044547A1
EP2044547A1 EP07786175A EP07786175A EP2044547A1 EP 2044547 A1 EP2044547 A1 EP 2044547A1 EP 07786175 A EP07786175 A EP 07786175A EP 07786175 A EP07786175 A EP 07786175A EP 2044547 A1 EP2044547 A1 EP 2044547A1
Authority
EP
European Patent Office
Prior art keywords
key
generating
access
access code
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07786175A
Other languages
German (de)
English (en)
Inventor
Axel Doering
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Carl Zeiss Meditec AG
Original Assignee
Carl Zeiss Meditec AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Carl Zeiss Meditec AG filed Critical Carl Zeiss Meditec AG
Publication of EP2044547A1 publication Critical patent/EP2044547A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • the invention relates to a method for generating access data for a medical device, which has a secure storage of medical or patient data.
  • Access to patient data collected or stored on medical devices is subject to strict legal requirements. A minimum requirement is always the identification and authorization of a device user who is allowed to view this data. A practically relevant complication, however, is the loss of this access authorization (for example, forgetting the password, previous user leaves clinic / practice without a correct transfer of information takes place).
  • the access-authorizing data (usually: user code / password) can in principle be kept in a safe place (sealed envelope in the safe). Since regular password changes are among the basic security measures, however, it is difficult in practice to ensure that the stored password is up-to-date. This procedure also presupposes the cooperation of the (previous) user, which is not necessarily given
  • a common method consists in the provision of a hidden, only a limited group of people (eg service personnel) known access without authorization (eg secret key combination, service user ID with unchangeable password - "secret master key”), which in turn directly access to the data, or the Resetting lost access to a known or definable value
  • This procedure can not ensure effective and traceable protection of patient data because it makes them dependent on trusted individuals only gaining knowledge of the Secret Master Key not realizable and in particular the secrecy is barely detectable.
  • a physically protected key prevents the uncontrolled transmission of access information (as with the Secret Master Key), and facilitates the detection of it with the help of the physical protected key (resetting the lost access).
  • access information as with the Secret Master Key
  • the physical protected key resetting the lost access.
  • an authorized person eg authorized service representative
  • the access protection for all devices is broken as soon as a physically protected key is stolen or duplicated.
  • the problem solved by the invention consists in the controlled activation of a lost access authorization without physical manipulation of the data-storing device.
  • Controlled activation means that the procedure can not be misused to gain access to any other than the identified device, and that this access procedure becomes ineffective immediately after its use, and thus does not constitute a "master key" for this identified device.
  • a method for generating a once only valid access code for a medical device or system comprising the steps of: a) generating a query key from at least one device-internal identifier b) transmitting the query key to an authorization authority c) generating an activation key from the Interrogation key through the authori zation d) transfer of the release key to the device e) enable access by the device and f) accidental alteration of at least one of the device-internal license plates.
  • the accidental change of the at least one device-internal identifier by generating the indicator by means of a random number generator.
  • the random change of the at least one device-internal identifier can be done by a random selection from a predefined list of labels. In this case, the transmission of the interrogation key or the transmission of the release key by means of data carriers or online data transmission can take place.
  • the authorizing entity is advantageously a computer or other information processing unit which is in the access of the equipment manufacturer or an authority authorized by it and is able to verify, in a manner known per se, the authorization to request the access code by e.g. it is checked whether the device has been properly purchased and / or e.g. a service or maintenance contract has been made and / or the person entitled to access the data of the device has requested the access code.
  • FIG. 1 shows schematically the sequence of the inventive method.
  • the medical device has a memory 1 which contains at least one (with sufficient probability) unique, preferably unpredictable internal identifier K 1 . From this indicator K 1 is in a computing unit
  • Query key S 4 (K 1 ) generated.
  • This may be a string or sequence of numbers oa arbitrary length, it being advantageous to provide at least 10 characters, alternatively, it may also be a byte sequence, which also contains non-printable characters.
  • This query key is sent via a preferably secure channel 2 (eg, mail, telephone, signed email, via data carrier) to the authorization authority.
  • This authorization instance can be, for example, the customer service or service of the device manufacturer, which is able to check the authorization of the query (identity and authorization of the sender to request a new access code).
  • Reset the access code can be realized in various ways, e.g. a previously agreed password can be set, a new, valid password can be displayed to the user, or a password-free access can be temporarily permitted, which immediately forces the definition of a new password.
  • the proposed method offers access to protected data independent of preventive measures by the user, avoiding the known disadvantages of a master key.
  • the process of authorization (external calculation of the activation key) is decoupled from the operation of the equipment software, so that the presence of a service person on the device is not required and the number of authorized persons (ie the authorized to operate the external program for Generation of the activation key on the authorization authority side) can be drastically reduced in comparison to the group of people who would need access to a master key.
  • the proposed solution can be extended in different directions, e.g. by the electronic storage and / or transmission of the challenge key and the release key directly from the device software (e.g., as email or export / import to / from a file).
  • an automatic, independent of the entry of a valid activation key change the internal identifier after certain large time intervals (eg Once a month), unused unlock keys were automatically invalidated after the elapsed time, thus posing no risk for unauthorized use
  • the method for determining the internal identifier K 1 can be varied within wide limits are conceivable
  • hash functions eg MD5 or SHA

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de production d'un code d'accès à un appareil médical, valable une seule fois, l'appareil médical disposant d'une mémoire de données de patients. Une clé d'interrogation est produite à partir d'une identification interne à l'appareil, et envoyée à une instance d'autorisation. L'instance d'autorisation produit alors une clé de libération correspondante permettant l'accès lors de l'introduction dans l'appareil, et modifiant l'identification interne de telle manière que le code d'accès ne peut pas être modifié une deuxième fois.
EP07786175A 2006-07-26 2007-07-19 Procédé de production de données d'accès pour un appareil médical Withdrawn EP2044547A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006034536A DE102006034536A1 (de) 2006-07-26 2006-07-26 Verfahren zum Erzeugen von Zugangsdaten für ein medizinisches Gerät
PCT/EP2007/006403 WO2008012020A1 (fr) 2006-07-26 2007-07-19 Procédé de production de données d'accès pour un appareil médical

Publications (1)

Publication Number Publication Date
EP2044547A1 true EP2044547A1 (fr) 2009-04-08

Family

ID=38669013

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07786175A Withdrawn EP2044547A1 (fr) 2006-07-26 2007-07-19 Procédé de production de données d'accès pour un appareil médical

Country Status (6)

Country Link
US (1) US20090241184A1 (fr)
EP (1) EP2044547A1 (fr)
JP (1) JP2009545041A (fr)
CN (1) CN101496021A (fr)
DE (1) DE102006034536A1 (fr)
WO (1) WO2008012020A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850533B2 (en) * 2009-05-29 2014-09-30 Medaxion, LLC Multi-level authentication for medical data access
US8311419B2 (en) 2010-11-29 2012-11-13 Xerox Corporation Consumable ID differentiation and validation system with on-board processor
US8532506B2 (en) 2010-11-29 2013-09-10 Xerox Corporation Multiple market consumable ID differentiation and validation system
US20130152005A1 (en) 2011-12-09 2013-06-13 Jeffrey Lee McLaren System for managing medical data
EP3220298A1 (fr) * 2016-03-14 2017-09-20 Fenwal, Inc. Système de traitement de cellules et procédé avec commande de paramètre de processus

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3053527B2 (ja) * 1993-07-30 2000-06-19 インターナショナル・ビジネス・マシーンズ・コーポレイション パスワードを有効化する方法及び装置、パスワードを生成し且つ予備的に有効化する方法及び装置、認証コードを使用して資源のアクセスを制御する方法及び装置
KR100213188B1 (ko) * 1996-10-05 1999-08-02 윤종용 사용자 인증 장치 및 방법
US6370649B1 (en) * 1998-03-02 2002-04-09 Compaq Computer Corporation Computer access via a single-use password
GB2347248A (en) * 1999-02-25 2000-08-30 Ibm Super passwords
US6668323B1 (en) * 1999-03-03 2003-12-23 International Business Machines Corporation Method and system for password protection of a data processing system that permit a user-selected password to be recovered
EP1451786A1 (fr) * 2001-12-10 2004-09-01 Beamtrust A/S Procede de distribution d'une cle publique
GB0210692D0 (en) * 2002-05-10 2002-06-19 Assendon Ltd Smart card token for remote authentication
US7519989B2 (en) * 2003-07-17 2009-04-14 Av Thenex Inc. Token device that generates and displays one-time passwords and that couples to a computer for inputting or receiving data for generating and outputting one-time passwords and other functions
JP2007523431A (ja) * 2004-02-23 2007-08-16 ベリサイン・インコーポレイテッド トークン認証システムおよび方法
US7210166B2 (en) * 2004-10-16 2007-04-24 Lenovo (Singapore) Pte. Ltd. Method and system for secure, one-time password override during password-protected system boot
US7571489B2 (en) * 2004-10-20 2009-08-04 International Business Machines Corporation One time passcode system
US8266441B2 (en) * 2005-04-22 2012-09-11 Bank Of America Corporation One-time password credit/debit card
TWI271620B (en) * 2005-06-16 2007-01-21 Ememory Technology Inc Method and apparatus for performing multi-programmable function with one-time programmable memories
US20070101152A1 (en) * 2005-10-17 2007-05-03 Saflink Corporation Token authentication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008012020A1 *

Also Published As

Publication number Publication date
US20090241184A1 (en) 2009-09-24
CN101496021A (zh) 2009-07-29
WO2008012020A1 (fr) 2008-01-31
JP2009545041A (ja) 2009-12-17
DE102006034536A1 (de) 2008-01-31

Similar Documents

Publication Publication Date Title
DE69724946T2 (de) Programmvermietungssystem und Verfahren zur Vermietung von Programmen
DE60306844T2 (de) Methode und System zur Datenaktualisierung
DE102004025084B4 (de) Personen-Authentifizierungs-Vorrichtung und Personen-Authentifizierungs-System und Personen-Authentifizierungs-Verfahren
DE102009027723A1 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
DE102011056191A1 (de) Vorrichtung zum Schutz von Sicherheitstoken gegen Malware
WO2003013167A1 (fr) Dispositif de signature numerique d'un document electronique
DE102008028701B4 (de) Verfahren und System zum Erzeugen einer abgeleiteten elektronischen Identität aus einer elektronischen Hauptidentität
EP2044547A1 (fr) Procédé de production de données d'accès pour un appareil médical
EP3422274A1 (fr) Procédé de configuration ou de modification d'une configuration d'un terminal de paiement et/ou d'attribution d'un terminal de paiement à un exploitant
WO2015180867A1 (fr) Génération d'une clé cryptographique
DE102020118716A1 (de) Verfahren zur sicheren Durchführung einer Fernsignatur sowie Sicherheitssystem
DE60016042T2 (de) Auto-registrierungsprozess für hardware-etikett
EP2080144B1 (fr) Procédé pour la libération d'une carte à puce
EP2562669B1 (fr) Procédé d'exécution d'un accès en écriture, produit de programme informatique, système informatique et carte à puce
EP1652337B1 (fr) Procede pour signer une quantite de donnees dans un systeme a cle publique et systeme de traitement de donnees pour la mise en oeuvre dudit procede
WO2011072952A1 (fr) Dispositif et procédé pour accorder des droits d'accès à une fonctionnalité de maintenance
EP3254432A1 (fr) Procédé de gestion d'autorisation dans un ensemble comportant plusieurs systèmes informatiques
EP1362272B1 (fr) Procede et configuration pour un systeme de tickets d'habilitation visant a augmenter la securite lors du controle d'acces a des ressources informatiques
EP0947072A1 (fr) Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees
DE10307996A1 (de) Verfahren zum Ver- und Entschlüsseln von Daten durch verschiedene Nutzer
DE102006034535A1 (de) Verfahren zur Generierung eines Einmal-Zugangscodes
DE102018010027A1 (de) Abwicklungssystem
EP1054364A2 (fr) Méthode pour améliorer la sécurité de systèmes utilisant des signatures digitales
EP2230648A1 (fr) Masque de mot de passe à usage unique destiné à dévier un mot de passe à usage unique
EP3358488B1 (fr) Procédé de reconnaissance de copies non autorisées de jetons de sécurité numériques

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090116

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

17Q First examination report despatched

Effective date: 20090928

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20120201

DAX Request for extension of the european patent (deleted)