EP3552142A1 - Ensemble de stockage sécurisé - Google Patents

Ensemble de stockage sécurisé

Info

Publication number
EP3552142A1
EP3552142A1 EP17809189.8A EP17809189A EP3552142A1 EP 3552142 A1 EP3552142 A1 EP 3552142A1 EP 17809189 A EP17809189 A EP 17809189A EP 3552142 A1 EP3552142 A1 EP 3552142A1
Authority
EP
European Patent Office
Prior art keywords
security element
mass data
data storage
ssd
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP17809189.8A
Other languages
German (de)
English (en)
Inventor
Sönke SCHRÖDER
Jens Kulikowski
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secunet Security Networks AG
Original Assignee
Secunet Security Networks AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secunet Security Networks AG filed Critical Secunet Security Networks AG
Publication of EP3552142A1 publication Critical patent/EP3552142A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00253Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
    • G11B20/00275Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier the key being stored on a chip attached to the record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2125Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation

Definitions

  • the present invention is directed to a memory arrangement for secure authentication comprising a mass data memory and a security element, which makes it possible to securely authenticate a memory device in other hardware components, without causing great technical effort.
  • the present invention is further directed to a correspondingly arranged method for providing the proposed memory arrangement and to a
  • US 2014 0089196 A shows a secure data memory for a computer terminal.
  • a PIN number is used.
  • a secure boot even Secure Boot is known, as well as certain mechanisms that hardware or software technology can protect a data storage against unauthorized access or manipulation.
  • An example of a possible security mechanism is the so-called one-time password, one-time password OTP, which makes it possible to gain access to a secure area only once, after which the Password becomes invalid. This avoids so-called man-in-the-middle attacks, which do not allow an attacker to intercept and re-record data communication during an authentication process. If a corresponding authentication process is intercepted and corresponding passwords are provided again for further authentication, no access is granted because the password has already been used up.
  • the so-called Trusted Platform Module TPM is used, which may be present as a chip that adds security functionality to a computer or similar device.
  • this chip does not protect the booting process of a corresponding terminal and typically can not be managed such that a new version of control commands can be loaded.
  • hardware devices such as a dongle, which carry a license key with them and are plugged, for example via a USB port to a personal computer.
  • dongle are not rewritable and just not firmly connected to the appropriate hardware.
  • a smartcard terminal and its secret, which is needed for encryption, is typically only available in software on a PC.
  • Other known methods, such as the already described TPM and TrustZone are not updatable and therefore unmanageable. Longer security keys or new algorithms can be reloaded, but the security level is static. So-called MAC addresses, CPU identities, motherboard identities are generally changeable and therefore not secure.
  • a method for producing a secure storage network with unique authentication and cryptographic data protection comprising the steps of providing a mass data storage, providing a security element that is communicatively coupled to the mass data storage, wherein a secure data interface between the mass data storage and the security element is arranged, and the security element provides a safety-critical information regarding the data of the mass data storage.
  • the person skilled in the art recognizes that the abovementioned steps can be carried out in a different order and may optionally have substeps.
  • the security feature is coupled to the device in which the mass data storage is installed. The coupling can be done via one or more possibly different interfaces.
  • a conventional mass data storage device can be upgraded in such a way that the security element verifies the data of the mass data memory or executes cryptographic operations on the data of the mass data memory.
  • Such cryptographic operations do not have to be initiated directly by the security element itself. Rather, they can only be initiated by the security element.
  • the security element is particularly secure, for which structural and logical protection mechanisms are provided which protect the data of the security element.
  • the security element may be a hardware component having a secure data store and an execution environment.
  • a secure execution environment includes, for example, an operating system or hardware components that can execute arithmetic operations.
  • the hardware used can be provided depending on the selection of the security element.
  • a mass data storage with a secure unit namely the security element
  • the security element provides a possibility to securely authenticate the mass data storage against other components or to cryptographically secure data.
  • the security-critical information lies as an access authorization, an identity of the mass data memory, a cryptographic key, a data signature, a time stamp and / or a validity period of data.
  • This has the advantage that access to the mass data storage can be granted or denied based on the security element. It is also possible to sign requested data from the mass data memory in such a way that its data integrity can be determined by another component.
  • the access authorization or the data signature can also be provided with a period of validity, so that it can be specified how long an access authorization should exist or a data signature is valid. In this case, a relative period of validity starting from a time stamp may apply or else an end time may be specified for which the access authorization or the signature should expire.
  • the unique key is used for secure encryption and / or decryption of mass storage data.
  • the security element is capable of providing a trusted key that can be used as cryptographic information for encryption / decryption.
  • a secure cryptographic key can be generated and used independently of the mass data storage data.
  • the security-critical information is generated by the security element
  • the security element provides both a reliable, since secure, memory or even a cryptographic key can be generated at runtime.
  • the security element can provide at least one arithmetic unit, hand of which a cryptographic algorithm generates safety-critical information.
  • the security element provides control commands.
  • the security element can also have an operating system, which can then be updated and expanded.
  • At least a part of the security element is arranged on a board together with a type of mass data storage.
  • a chip of the security element can be arranged in one piece with the chip of the mass data memory on a circuit board in such a way that a so-called chip stack is formed.
  • the secure data interface is provided using network components.
  • This has the advantage that even a remote data storage, which are stored in a server, can be hedged according to the invention.
  • the mass data storage and the security element are not connected directly communicatively, but indirectly through network factory components, such that the mass data storage communicates, for example via the Internet with the security element.
  • a secure memory arrangement with unique authentication with cryptographic data protection comprising a mass data storage, a security element which is communicatively coupled to the mass data storage, wherein a secure data interface between the mass data storage and the security element is arranged and the security element is set up a to provide safety-critical information regarding the data of the mass data memory.
  • the present invention overcomes the disadvantage that a so-called Trusted Platform Module TPM often can not be used in industrial small plants, since such PCs have a long life cycle and the so-called Trusted Platform Module is difficult to manage.
  • an embedded security element that is to say an em, bedded secure element eSE
  • eSE embedded secure element
  • Such a security element can be found, for example, on the mainboard of a computer.
  • the security element is arranged on a removable medium of a computer, preferably a solid state disk SSD.
  • a computer hard disk with integrated security element thus results.
  • a secure authentication memory arrangement is proposed.
  • a secure authentication memory arrangement is proposed.
  • Mass data storage provided, wherein a security element is provided which is communicatively coupled to the mass data storage and the security element provides a unique authentication information, based on which the mass data storage against other computational components is clearly authenticated.
  • a memory device is any device which comprises a data memory, preferably a mass data memory, and is typically both readable and writable.
  • a mass data storage can be a so-called solid-state disk SSD, or even a conventional hard drive HDD.
  • a conventional hard disk is generally a data storage device that provides two or three disks on which data is magnetically backed up.
  • mass data stores which can be used according to the invention. This can be, for example, USB sticks or even SD cards of any type.
  • a mass data storage provides a storage capacity of typically at least 64 MB, but typically has storage capacities between 1 GB and 3 TB.
  • a master data store is by no means limitative, but rather one of ordinary skill in the art will recognize that this is generally a data store available to consumers.
  • further developments fall under the concept of a mass data storage, since it is to be expected that the storage capacities will also increase in the future, whereby a large number of TB can be stored.
  • Secure authentication can take place by means of the memory arrangement in cooperation with an authentication authority.
  • authentication information or authentication information is provided by means of the security element, and the corresponding information is transmitted to a superordinate location.
  • a device identifier by means of the security element, which is unique with respect to the mass data storage.
  • the mass data store indirectly authenticates itself via the security element to an authentication authority.
  • the corresponding location it is possible, for example, for the corresponding location to be installed in a personal computer or else in a network.
  • the mass data storage can be verified and a boot process of an operating system can only take place if the corresponding mass data storage which stores the control commands of the operating system is also properly authenticated.
  • each computer may be powered up with any hard disk having corresponding boot sectors and other control instructions provided by the operating system.
  • it is an attack scenario that the bootable data carrier is replaced in a computer and control commands load an operating system that are not actually authorized for this purpose.
  • the mass data storage can be authenticated by means of the security element against further components in a computer or a computer network.
  • the security element can first be checked, and accessed only for a positive check on the mass data storage, for example, to boot.
  • the mass data store together with the security element, that is to say the memory arrangement
  • the security element that is to say the memory arrangement
  • a mainboard of a computer This can already be set in a BIOS, which disk is allowed to operate the appropriate computer.
  • a whitelist with device identifier can be stored in a data memory of a mainboard, which describes terminals which are permitted according to the invention for operating the computer.
  • this BIOS which may also be present as a middleware or generally as a driver
  • this motherboard-side BIOS accesses the security element of the data carrier according to the invention.
  • the memory arrangement according to the invention is authenticated in the BIOS of the mainboard. Only if the appropriate mass data storage is also listed in the whitelist of the motherboard, then appropriate boot sectors are read, and there is a loading of the operating system. In this way, according to the invention, it is ensured that only authorized data carriers execute or provide certain control commands.
  • the security element is arranged with respect to the mass data storage that these two components are inseparable.
  • the security element nondestructively from the mass data storage to solve.
  • the person skilled in the art recognizes how he can produce such a compound according to the invention.
  • the two components ie the mass data memory and the security element
  • both the mass data storage and the security element are arranged on a circuit board. This ensures that the security element is never disconnected from the mass data carrier and thus an authentication of the mass data storage is always possible according to the invention.
  • further locking mechanisms can be provided, which, if the security element is detached or manipulated, cause the mass data memory to be blocked.
  • the security element may be a hardware-technical device, which is designed to be particularly tamper-proof.
  • the security element is designed in such a way that special software-technical devices are taken so that manipulation can be ruled out. These may in turn be cryptographic algorithms or generally a security software.
  • a security element can be present as a so-called secure element SE.
  • a security element may exist as a secure element, which may be integrated into conventional mobile phones. This protects important data such as PIN code, pictures, SMS and more. They are a component in the development of new technologies such as NFC, since such data are extremely sensitive.
  • a security element may exist as a MicroSD card or an integrated SIM.
  • these devices are adapted such that they are connected in one piece or inseparably with the mass data memory.
  • the coupling of the security element to the mass data memory can be effected such that a data line is provided between the mass data memory and the security element, which can be part of a bus system.
  • a data line is provided between the mass data memory and the security element, which can be part of a bus system.
  • mass data storage and the security element are separated from each other such that the transmission of the authentication information between the security element and a component is performed, which is externally arranged the mass data storage.
  • the memory arrangement is designed in such a way that the security element communicates in such a way with the Mass data storage is connected, that control commands can be stored on the mass data storage, which check whether the security element is actually present or the unique authentication information can be read out.
  • an interface to external components can be provided, by means of which both the mass data storage and the security element can be read out.
  • the mass data memory can in turn be subdivided in such a way that the mass data memory comprises both memory units and also further control components, such as microcontrollers, which provide a corresponding logic which accesses the memory units.
  • control components such as microcontrollers
  • the person skilled in the art will recognize further possible embodiments of how the security element and the mass data memory are to be coupled with one another.
  • Authentication takes place with respect to further computation components, which are typically arranged externally with regard to the memory arrangement.
  • Such computational components can be components of a mainboard which check whether the mass data storage used actually corresponds to the expected mass data storage.
  • the proposed secure authentication memory device may also be referred to as a secure authentication memory device.
  • the memory arrangement or the proposed security element only provides the unique authentication information which, although generally intended for authentication, is used.
  • the step of authenticating is carried out only by the security element proposed according to the invention.
  • the proposed memory arrangement generally has the possibility of authentication, but does itself only one step of authentication, ie providing the authentication information.
  • further authentication units can thus be provided, which in turn are communicatively coupled to the security element such that these authentication points or the authentication point authenticate the mass data store using the security element or the unique authentication information.
  • the mass data storage and the security element have separate storage areas.
  • no shared memory is implemented, but rather, each of the two components has their own physical storage devices.
  • a single physical storage device actually be provided for both components, that is to say the mass data storage and the security element these are at least separated by software technology. This can happen, for example, via own address spaces such that control commands from the mass data memory can not access a data memory of the security element or here
  • Rights management is implemented.
  • the memory area of the security element in such a way that only read commands can be carried out on the memory.
  • the mass data memory and the security element have separate arithmetic units or are actuated by separate arithmetic units. This has the advantage that another security mechanism is implemented in such a way that the control logic of the security element is completely separate from the control logic of the mass data memory. This in turn prevents manipulation of the respective units.
  • the mass data storage and the security element are inseparably connected.
  • This has the advantage that it is always ensured during an authentication process that the security element actually authenticates the intended mass data storage.
  • the security element can be removed from the mass data storage or can be replaced.
  • a user always has the assurance that the security element actually authenticates the mass storage device that is intended for it.
  • the mass data storage and the security element are arranged on a circuit board.
  • This has the advantage that the mass data storage and the security element are integrally formed in such a way that they are provided as a single module and can also rely on a single bus system.
  • a particularly hardware-efficient implementation of the proposed memory arrangement takes place.
  • a board is not one rather, a block of the mass data memory can be used to integrate the security element.
  • a board is thus to be understood as merely exemplary, since typically a mass data memory has a corresponding board.
  • the mass data memory and the security element are each controllable by means of separate control commands.
  • This has the advantage that different drivers can be installed, which operate either the mass data storage or the security element.
  • a separate functionality can be implemented such that no attacks on the respective other device are possible.
  • the mass data memory can be implemented by means of conventional control commands, and the security element can be operated with a particularly secure software or control commands.
  • the mass data storage and the security element are controlled by separate operating systems.
  • control commands operating the security element are interchangeable. This has the advantage that the control logic of the security element are not hard-coded deposited, but rather that corresponding updates of the control commands can be recorded.
  • the proposed security feature differs from known methods that provide hardware security mechanisms that, however, can not be overwritten.
  • the replacement of the control commands that is to say an update
  • the updating of the control commands can also be carried out by components which are arranged externally of the memory arrangement.
  • the security element provides a list comprising computational components with respect to which the mass data storage is authenticated.
  • a so-called whitelist can be provided, indicating a list of trusted external components that can contact the mass data store.
  • untrusted terminals are excluded in such a way that they can not pass through an authentication process with respect to the mass data store in a positive manner and thus also have no access to the mass data storage. received memory. In the other direction, the mass data store can not pass data to such untrusted external components.
  • access to the mass data storage in dependence on a release by the security element is feasible.
  • the security element can control the access to the mass data storage and, if necessary, implement a rights management.
  • the security element is secured against manipulation by means of control commands and / or structural features.
  • This has the advantage that both structural features and control commands can be provided which prevent manipulation of the security element.
  • a separate security element is provided, which can be secured with greater technical effort than the mass data storage itself. In this form, the effort is then limited to the security element, and it can be retrofitted, for example, conventional media.
  • the mass data storage is present as a solid state disk and / or a magnetic disk hard disk.
  • a solid-state disk or a magnetic disk hard disk ie a conventional hard disk, can be present.
  • the mass data storage as a hybrid hard disk of to implement a flash memory is provided and also provided structural features of a conventional hard drive.
  • structural features of both hard disk types of both SSD and HDD are provided.
  • the person skilled in the art also recognizes that he can secure further mass data stores with the security element according to the invention.
  • the mass data storage comprises at least one interface of a group of interfaces, comprising: M.2, SATA, mSATA, PCI, PCIe and USB.
  • M.2, SATA, mSATA, PCI, PCIe and USB This has the advantage that conventional interfaces with respect to the mass data storage can find reuse.
  • the person skilled in the art recognizes that the enumeration is merely an example enumeration. All data memories or interfaces which are compatible with the listed standards are also relevant. In particular, only one family name is used for each standard.
  • USB for example, USB 1.0, USB 2.0, USB 3.0 and other versions are called.
  • the proposed interface refers to all common interfaces, such as those installed in personal computers.
  • the data interface does not have to be wired, but rather an air interface can be used.
  • the memory contents of the mass data storage are encrypted or decrypted.
  • further functions or functional extensions and functional changes can be safely added, changed or removed by so-called applets in the SE.
  • data of the mass memory can be signed or a possibly present signature can be checked.
  • external media e.g., external media, storage media, virtual media, etc.
  • SE external media
  • security element SE for corresponding functions outside the device operating system, e.g. UEFI BIOS, microcontroller firmware, etc. are suggested.
  • the corresponding file should remain encrypted or the opening should be denied by withdrawing or, if the validity of keys for signature or for encryption or decryption is expiring, expiring.
  • the object is also achieved, according to an aspect of the present invention, by a method for providing a memory arrangement for secure authentication, comprising providing a mass data memory, wherein a provision of a security element is provided, which is communicatively coupled to the mass data memory, and the security element a unique authentication information provides, based on which the mass data storage is clearly authenticated against other computational components.
  • a computer program product with control commands which implement the proposed method or operate the proposed memory arrangement.
  • the structural features of the memory arrangement can also be implemented as corresponding method steps.
  • the proposed method is suitable for operating the memory arrangement, for which purpose the proposed control commands can be used, for example.
  • FIG. 1 shows a memory arrangement according to one aspect of the present invention
  • FIG. 2 shows a schematic flow chart of a method for providing or for operating the memory arrangement according to the invention.
  • Fig. 1 shows a schematic diagram in which the mass data memory is formed as a so-called solid-state disk SSD.
  • the security element SE is arranged on a board with the mass data storage.
  • the data communication takes place via a bus system, for which purpose corresponding feet are arranged on the security element.
  • the card shown in FIG. 1 may be referred to as a mass data memory or else as a memory arrangement. So it is possible that the card shown completely acts as a mass storage, with only the security element is put on. It is further possible to refer to the large, essentially central block as mass data storage.
  • the combination of mass data storage SSD with a secure element is shown by way of example on an M.2 SATA plug-in module.
  • a secure identification of a device in a network.
  • secure authentication / authentication between built-in secure element and customary authentication / authentication measures such as user name and password, smart card and password, OTP and password or even OTP can be implemented.
  • Two synchronized OTP mechanisms can also be implemented, for example as an internal security element and external device (smartphone with OTP function, embedded security element) or the like.
  • validation of the device may be done during a process.
  • a software license anchor ie a memory with license information
  • a key generation in the device for data signing and secure product identification according to the keyword Industry 4.0 is also possible.
  • identities of IoT sensors or devices can be coded. It is also possible to sign system changes, such as in an update.
  • the encryption of data and data carriers or partitions and storage of the secret in the security element is also advantageous.
  • a whitelist of permitted external devices can be be attached, which, for example, a USB stick, a cell phone, a keyboard, a mouse, a display or the like, which may be connected to the PC. Thus, a backup against a "bad USB device" such as keyloggers can be done.
  • various applications can be realized. As is usual with a smartcard, it can be managed remotely.
  • the PC applications including the operating system, can be securely integrated via a middleware software and / or a driver with the security element.
  • the device boot process can be secured through interaction between the signed UEFI / EFI BIOS and the security element. Both identify each other. Only then does the system start including the operating system.
  • conventional mass data storage devices have no secure elements SE and thus unambiguous, secure identification is not possible if a security mechanism that is implemented in terms of hardware technology is lost.
  • the secret of a smart card terminal is typically implemented in software only and not as hardware. Other known methods such as TPM, TrustZone are not updatable and unmanageable.
  • FIG. 2 shows a schematic flowchart of a method for providing a memory arrangement for secure authentication, comprising providing 100 of a mass data storage SSD, wherein providing 101 a security element SE is provided, which is communicatively coupled to the mass data storage SSD 102, and Security element SE provides a unique authentication information, provides 103, based on which the mass data storage SSD is compared with other computing components clearly authenticated 104.
  • a security element SE is provided, which is communicatively coupled to the mass data storage SSD 102
  • Security element SE provides a unique authentication information, provides 103, based on which the mass data storage SSD is compared with other computing components clearly authenticated 104.

Abstract

La présente invention concerne un ensemble de stockage permettant une authentification sécurisée, lequel comprend une unité de stockage de mégadonnées et un élément de sécurité permettant d'authentifier de manière sécurisée un dispositif de stockage auprès d'autres composants matériels sans grande complexité technique. L'invention concerne en outre un procédé conçu de manière correspondante pour fournir ou fabriquer l'ensemble de stockage selon l'invention ainsi qu'un produit-programme d'ordinateur comprenant des instructions de commande qui mettent en œuvre le procédé selon l'invention.
EP17809189.8A 2016-12-09 2017-11-30 Ensemble de stockage sécurisé Pending EP3552142A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102016014667 2016-12-09
PCT/EP2017/001398 WO2018103883A1 (fr) 2016-12-09 2017-11-30 Ensemble de stockage sécurisé

Publications (1)

Publication Number Publication Date
EP3552142A1 true EP3552142A1 (fr) 2019-10-16

Family

ID=60582541

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17809189.8A Pending EP3552142A1 (fr) 2016-12-09 2017-11-30 Ensemble de stockage sécurisé

Country Status (5)

Country Link
US (1) US11443075B2 (fr)
EP (1) EP3552142A1 (fr)
AU (1) AU2017370818B2 (fr)
DE (1) DE102017011099A1 (fr)
WO (1) WO2018103883A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102018009365A1 (de) * 2018-11-29 2020-06-04 Giesecke+Devrient Mobile Security Gmbh Sicheres Element als aktualisierbares Trusted Platform Module

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0118573D0 (en) 2001-07-31 2001-09-19 Stonewood Electronics Ltd Flag stone
US9081946B2 (en) * 2006-03-29 2015-07-14 Stmicroelectronics, Inc. Secure mass storage device
US8156322B2 (en) 2007-11-12 2012-04-10 Micron Technology, Inc. Critical security parameter generation and exchange system and method for smart-card memory modules
GB2460275B (en) * 2008-05-23 2012-12-19 Exacttrak Ltd A Communications and Security Device
WO2014052474A1 (fr) 2012-09-25 2014-04-03 Google Inc. Protection de numéros d'identification personnels pour des applications de paiement mobiles par combinaison avec des composantes aléatoires
US10177933B2 (en) * 2014-02-05 2019-01-08 Apple Inc. Controller networks for an accessory management system
US9871663B2 (en) 2015-03-25 2018-01-16 Intel Corporation Challenge response authentication for self encrypting drives
US10642962B2 (en) * 2015-07-28 2020-05-05 Western Digital Technologies, Inc. Licensable function for securing stored data

Also Published As

Publication number Publication date
WO2018103883A1 (fr) 2018-06-14
AU2017370818A1 (en) 2019-07-11
DE102017011099A1 (de) 2018-06-14
AU2017370818B2 (en) 2022-09-29
US11443075B2 (en) 2022-09-13
US20200012823A1 (en) 2020-01-09

Similar Documents

Publication Publication Date Title
DE112018002031B4 (de) Sichern einer betriebssystemkonfiguration unter verwendung von hardware
DE102009013384B4 (de) System und Verfahren zur Bereitstellung einer sicheren Anwendungsfragmentierungsumgebung
US8856553B2 (en) Managing self-encrypting drives in decentralized environments
DE102017205948A1 (de) Nachrichtenauthentifizierung mit sicherer Codeverifikation
DE112009004762T5 (de) System und verfahren zum durchführen einer verwaltunosoperation
DE112009004491T5 (de) System und Verfahren zum sicheren Speichern von Daten in einem elektronischen Gerät
DE10393662T5 (de) Bereitstellen eines sicheren Ausführungsmodus in einer Preboot-Umgebung
DE102015209108A1 (de) Verfahren und Entscheidungsgateway zum Autorisieren einer Funktion eines eingebetteten Steuergerätes
US10735190B1 (en) Persistent TPM-based identifier and key pair
US10360370B2 (en) Authenticated access to manageability hardware components
DE112020005459T5 (de) Delegation eines kryptografischen schlüssels an ein speichersubsystem
DE112015007220T5 (de) Techniken zum Koordinieren von Vorrichtungshochfahrsicherheit
US10678953B1 (en) Self-contained key management device
EP3337085B1 (fr) Rechargement des instructions du programme cryptographique
EP1705592A2 (fr) Procédé et dispositif de commande destinés à la commande d'accès à des données
DE102005043043A1 (de) Computer mit mindestens einer Anschlussmöglichkeit für ein Wechselspeichermedium und Verfahren zum Starten und Betreiben eines Computers mit einem Wechselspeichermedium
DE102009008362B4 (de) Verfahren der Handhabung von Speicherschlüsseln in einem sicheren System
EP3552142A1 (fr) Ensemble de stockage sécurisé
DE102015202215A1 (de) Vorrichtung und Verfahren zum sicheren Betreiben der Vorrichtung
EP3754530B1 (fr) Procédé pour recharger un logiciel sur une carte à puce par l'intermédiaire d'un dispositif automatique de rechargement
DE112020000235T5 (de) Anmeldung einer vorautorisierten vorrichtung
EP2524333B1 (fr) Procédé pour permettre d'obtenir un compteur fiable sur un appareil terminal
DE102009048756B4 (de) Verfahren und Schlüsselgerät zur Verbesserung der Sicherheit eines verschlüsselten Datenspeichers, von dem ein Computer bootet
DE112021000149T5 (de) Verschlüsselung einer datenspeicherungsvorrichtung
DE102021126509B4 (de) Tragbare Chipvorrichtung und Verfahren zum Ausführen eines Softwaremodul-Updates in einer tragbaren Chipvorrichtung

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190702

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20210511

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS