EP3765984A1 - Sichere datenverarbeitung - Google Patents

Sichere datenverarbeitung

Info

Publication number
EP3765984A1
EP3765984A1 EP19714232.6A EP19714232A EP3765984A1 EP 3765984 A1 EP3765984 A1 EP 3765984A1 EP 19714232 A EP19714232 A EP 19714232A EP 3765984 A1 EP3765984 A1 EP 3765984A1
Authority
EP
European Patent Office
Prior art keywords
security processor
security
execution
data
instructions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19714232.6A
Other languages
English (en)
French (fr)
Inventor
Olivier Tomaz
Nicolas Bacca
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ledger SAS
Original Assignee
Ledger SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ledger SAS filed Critical Ledger SAS
Publication of EP3765984A1 publication Critical patent/EP3765984A1/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0679Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the invention relates to the secure processing of data. More specifically, it relates to a security processor of the type comprising a read-only memory, a random access memory, a calculator capable of performing cryptographic functions, and a monotonic counter management unit associated with at least one monotonic counter, a set of processing secure data system comprising such a security processor and, with connection means, an external memory, a secure data processing infrastructure comprising a plurality of security processors, and finally, a method of implementing such a set of processing secure data.
  • securing is the maintenance and control of the integrity of a program consisting of instructions and the context relating thereto, as well as the authentication of persons giving execution orders. said program.
  • Context should be understood as a set of parameters, instructions and conditions, and more broadly any set of instructions, code or data under which the program can be implemented.
  • administrator means on the one hand the initial enlisted administrator and on the other hand any other subsequent enlisted administrator.
  • enlisted is understood to be registered, registered, or, in other words, authorized to give instructions.
  • authentication of an enrolled administrator is meant the process by which it is verified that a person giving instructions is an enrolled administrator and the execution of the instructions in question is authorized by the security processor.
  • enrolled administrator authentication is meant a similar process applied individually to several persons and to enlisted administrators.
  • the document FR2906380 describes a system for securing data stored on a physical medium and the method of its implementation.
  • the data security system is embedded in a device such as a mobile phone including a housing provided with a keyboard, a screen, a microphone, a builder, an electronic card, a module for sending and receiving data, a subscriber identification module and a battery for the power supply.
  • the electronic card comprises at least one microcontroller, a random access memory, a flash memory, and a bus system.
  • the operation of the phone is managed by an operating system and a set of applications loaded for example in a memory of this phone.
  • the security system comprises, as a whole, a computing entity (such as a microprocessor) with system resources, such as a RAM, a monotone counter (which can only increment itself by one unit), a system key (a cryptographic key accessible only to entities authorized by the system), and a physical data medium ensuring the persistent storage of computer data (such as a hard disk, a flash memory, etc.).
  • This physical data medium comprises at least one data block and two master blocks, the sizes of which are configurable.
  • the implementation method uses an authentication key.
  • the data security system and the method of implementing it in document FR2906380 aim to solve a problem of security against, on the one hand, replay (fraudulent access to data by illicit copying of the previous content of a data protection system). data management) and, on the other hand, the alterations or modifications induced in particular by sudden service interruptions (such as a cut in the power supply current or an untimely reboot of the system). This document does not provide authentication for administrators.
  • Document US 2004/0187006 relates to the field of data security and more particularly to reliable data recovery from an unsecured external memory being located outside a secure environment.
  • the data security system includes a computing entity and the use of a monotonic counter to determine, in the secure environment, whether a request to the external memory returns the most recent data.
  • the monotone counter is incremented each time a main element is written to the memory.
  • a control entry records the time of the last modification of the element attached to it.
  • the value of the monotone counter stays the same until the next data is written to the memory. If this document refers to the implementation of a monotonous counter, it is not intended to provide security object (invention.
  • US2014 / 0137178 relates to a method comprising the steps of receiving, by a secure TPM platform module of a computing device, a request from a program of the computing device to access information contained in a protected object; determine whether conditions permitting the program to access the information are met; allow the program to access the information in response to the conditions met; deny the program access to information in response to unfulfilled conditions; and locking, in response to an unfulfilled condition for a threshold number of requests from the program, the information for an indefinite period of time to prevent the program from accessing the information.
  • Objects are maintained by a secure platform module. Each of the objects stores information and is associated with a policy identifying the conditions that a program must satisfy for the program to access the information.
  • the secure platform module For each of the objects, the secure platform module maintains a monotone counter associated with the object.
  • the monotone counter is used to determine whether a threshold number of object information access requests are made that do not satisfy the conditions of the policy associated with the object.
  • the secure platform module provides secure storage and / or secure processing functionality to the computing device.
  • Secure storage refers to a nonvolatile memory that is protected by, and accessible only by, particular functions or other components of the secure platform module.
  • the information is stored in a data structure or object referred to as an object protected by the module and can take various forms, such as a cryptographic key. Access to information can take different forms, such as reading information, writing or modifying it, and so on.
  • the non-volatile memory includes one or more monotone counters and one or more protected objects (see Figure 1 of the document).
  • TPM Trusted Platform Module
  • the TPM is a chip that provides cryptographic features such as RSA encryption and secure key storage.
  • Each TPM has a unique key pair called a validation key, created internally by the TPM, after manufacturing but before shipping to customers.
  • the key pair uniquely identifies the TPM and can never be changed.
  • the private party never quits the TPM and the public part is used in an authentication certificate, a non-volatile memory and a volatile memory are provided.
  • Nonvolatile memory is used to store persistent identity and state data and internal keys. With the permission of the owner, it is possible to write and read persistent and opaque data (which the TPM does not have access to or can not use) to and from the TPM.
  • the volatile memory is mainly used internally by the TPM.
  • the problem underlying the invention is, in the case of a security processor comprising a read-only memory a random access memory, a computer capable of performing cryptographic functions, and a monotonic counter management unit associated with at least one monotone counter, to ensure the security of its use, to to know how to maintain and control the integrity of the programs that it executes and the related contexts, as well as the authentication of the enlisted administrators giving the order to execute said programs.
  • the invention provides a solution to this problem, in particular by providing that the processor does not include any other storage memory, so that it does not store any program or external data.
  • the storage is "extemalized" with respect to the processor, the execution system being separated and isolated from the data to be executed, so as to maintain perfect integrity.
  • the subject of the invention is a security processor comprising at least one read-only memory, a random access memory, a computer capable of performing cryptographic functions and a monotonic counter management unit associated with at least one monotonic counter.
  • This security processor is such that:
  • the RAM is able to load a set of data, such as a context, and instructions that can be authenticated by a public key cryptographic module,
  • Such a security processor makes it possible, as part of a set of secure data processing comprising such a security processor and an external memory, to automatically execute a sequence of operations in a secure manner.
  • the security processor is emulated as a virtual machine.
  • the subject of the invention is a set of secure data processing comprising a security processor as just described and, in addition, at least one memory external to this security processor and at least one connection means adapted to connect this at least one external memory to the security processor, such as in particular via an electronic communication network.
  • the set of secure data processing comprises a plurality or at least two external memories connected to the security processor.
  • the at least one external memory of the set of secure data processing is authenticated vis-à-vis the security processor.
  • the external memory of the set of secure data processing is configured to be adapted and specially intended for:
  • the at least one context may include a reference value adapted to allow the security processor to verify the synchronization of the at least one context with the last state of a monotone counter.
  • the subject of the invention is a secure data processing infrastructure which comprises a plurality of at least two security processors such as those previously described and at least one external memory such as that previously described in connection with the set of secure data processing, the infrastructure being such that each security processor of the plurality of security processors is connected to at least one external memory.
  • the secure data processing infrastructure comprises a plurality of at least two external memories, each security processor of the plurality of security processors being connected to at least one external memory of the plurality of external memories.
  • the secure data processing infrastructure comprises a plurality of at least two external memories synchronized with each other, each of the security processors of the plurality of security processors being able to use one or the other external memories of the plurality of external memories.
  • the secure data processing infrastructure comprises several pairs, trios, quartets or more of external memories, each of the security processors being associated with a pair, a trio, a quartet or more of external memories synchronized with each other .
  • the security processor does not include any other storage memory.
  • One or more such storage memories are external to the security processor to form a secure data processing set or a secure data processing infrastructure.
  • the subject of the invention is a method for secure execution of a sequence of operations by a set of secure data processing which comprises at least the execution of the following steps:
  • ⁇ - A an administrator with an external memory connected to the security processor activates the security processor
  • the security processor once activated retrieves a public key from an external memory in order to authenticate it with a public key cryptographic module
  • the security processor If the security processor authenticates the administrator who activated it as a later enrolled administrator, it loads a set of data and instructions authenticated by that later enrolled administrator and executes it.
  • This execution by the security processor produces a set of data some of which can be authenticated, and this set of data once produced by the security processor is stored in the external memory used by the subsequent enrolled administrator.
  • the method just described is executed with two subsequent enrolled administrators, and more generally a plurality of at least two subsequent enrolled administrators, each having an external memory .
  • the method also includes performing initial steps in which an initial enrolled administrator has a set of secure data processing and enrolls a subsequent enrolled administrator.
  • the method then comprises the execution of the following enrollment steps; - A ': a first set of data and instructions authenticated and verified by means of the public key stored in the read-only memory is loaded into the RAM of the security processor in order to enable it to execute an authorization program of a later enlisted administrator and load another set of data and instructions and have it run by the security processor,
  • the enrollment steps that have just been described are such that an initial enrolled administrator enrolls at least two subsequent enrolled administrators, and more generally a plurality of at least two subsequent enlisted administrators.
  • the three steps A ', B' and C '' previously described can be repeated several times so as to make it possible to enroll different groups of subsequent enrolled administrators, to load and to execute different sets of data and instructions, all in order to be able to execute by the security processor and transmit to any electronic device or external network a sequence of operations.
  • the execution by the security processor of the set of data and instructions generates a second encrypted and signed file including data related to the execution of the code and which is saved and stored only by each of these administrators enlisted later outside the security processor, in the external memory, and which can cause the incrementation of one or more monotonous counters.
  • the set of data and instructions once loaded into the RAM of the security processor, can be executed only after the security processor has validated the authentication all subsequent enlisted administrators by the previous set of data and instructions.
  • FIG. 1 schematically represents the various constituent components of an elementary security processor according to the invention.
  • the security processor comprises only a read-only memory, a random access memory, a computer, a monotonic counter management unit associated with a monotone counter and that it does not include any other storage memory, so that it does not store any programs or external data.
  • FIG. 2 schematically represents the various constitutive components of a set of secure data processing elements according to the invention, comprising a security processor such as that of FIG. 1, a memory external to the security processor, and means connection able to connect this security processor and this external memory to him, as via an electronic communication network.
  • Figures 3 and 4 show schematically the various constituent components of two secure data processing infrastructure according to the invention.
  • the infrastructure comprises two security processors such as those of FIGS. 1 and 2 and processed external memories such as that of FIG. 2, synchronized with each other, each of the security processors being able to use in an undifferentiated manner one of three external memories.
  • the infrastructure comprises two security processors such as those of FIGS. 1 and 2 and two pairs of external memories such as that of FIG. 2, each of the security processors being associated with a pair of memories outside, synchronized with each other.
  • FIG. 5 presents a general view of the steps of execution of a set of secure data processing according to the invention.
  • Figure 6 shows the different enlistment steps of two subsequent enlisted administrators.
  • a security processor PS comprises (FIG. 1) a ROM, a random access memory RAM, a UE capable of performing cryptographic functions, a monotonic counter unit UG associated with at least one monotonic counter CM .
  • a CP public dice for authenticating at least one initial enrolled administrator Al is stored before its first use in the ROM.
  • RAM RAM is able to load a set of data - such as a context - and instructions, which can be authenticated by a cryptographic module MC public key that includes the security processor PS.
  • the execution by the UE computer, after their authentication, of certain instructions can increment a monotone counter CM.
  • the security processor PS is emulated as a virtual machine.
  • the security processor PS does not include any other storage memory, permanent so that the security processor PS does not permanently store any program, context - instructions, code, data - or external data.
  • the security processor PS consists of the read-only memory ROM, the RAM RAM, the UE computer, the management unit UG, the at least one monotone counter CM and the cryptographic module MC.
  • At least one such storage memory ME is external to the security processor PS and not part of him and physically integrated with him.
  • the security processor PS can, in such a set ETS secure data processing or in such infrastructure ITS secure data processing, automatically execute a sequence of operations in a secure manner. This means maintaining and controlling the integrity of the program and the related context, as well as the authentication of enrolled administrators, as previously defined.
  • the characteristic that the memory ME is external to the security processor PS results, on the one hand, not to limit the data processing capacity of the processor PS, on the other hand, to guarantee the immutability, and therefore the integrity, processor processing, because the external memory, permanent, has no effect or influence on the security processor PS as such.
  • the invention also relates to all other different means of an external storage memory ME as described above, but which fulfill the same function and provide a similar result as what has just been explained.
  • An ETS set of secure data processing comprises (FIG. 2) a PS security processor as described and, in addition, an external memory ME, as previously defined.
  • the set ETS also comprises at least one connection means CO, able to connect the external memory ME to the security processor PS, such as in particular via an electronic communication network.
  • the ETS set of secure data processing may comprise only one external memory ME. But, if it is desired, for security reasons, that no application decision can be executed by a single person, it is expected that the set of secure data processing ETS comprises at least two external memories ME for at least two subsequent enlisted directors AU.
  • connection means CO may allow in the sense PS security processor to the external memory ME, an encrypted storage and in the external memory ME to PS security processor, an encrypted recovery.
  • the content of the external memory (s) ME of the set ETS of secure data processing is authenticated vis-à-vis the security processor PS.
  • An external memory ME is configured to be adapted and specially adapted to store at least one program and at least one context - instructions, code, data - intended to be loaded into the RAM RAM of the security processor PS, and to be able to receive and storing any authenticated data set resulting from the execution by the PS security processor of such a program and such context that has been temporarily loaded into the RAM, as just discussed.
  • a context (set of parameters and conditions under which the program may be implemented) may include a reference value adapted to allow the PS security processor to check the context synchronization with the last state of a monotone counter CM.
  • An ITS secure data processing infrastructure comprises (FIGS. 3 and 4) a plurality of at least two PS security processors as just described, for example PS1 and PS2, and, in addition, at least one memory external ME, as just described. But, as for the secure data processing set ETS, it can be expected that the secure data processing ITS infrastructure comprises a plurality of at least two (or more) of external memories ME.
  • the ITS infrastructure also comprises, like the ETS set, at least one CO connection means, able to connect an external memory ME to a security processor PS.
  • each of the security processors PS is connected to at least one external memory ME.
  • a security processor PS is connected to a single external memory ME or contrary to several external memories ME and an external memory ME is connected to a single security processor PS or on the contrary to several security processors PS.
  • an ITS secure data processing infrastructure can be seen as the structuring of several ETS sets of secure data processing, combined with one another, where appropriate having in common one or more security processors PS and / or one or more memories. ME outdoor.
  • the ITS secure data processing infrastructure comprises several security processors PS1, PS2 and several external memories ME1, ME2, ME3, synchronized with each other, so that each of the security processors PS1, PS2 may use one or the other of the external memories ME1, ME2, ME3 in an undifferentiated manner.
  • Such a structure has the advantage of having high fault resistance.
  • the ITS secure data processing infrastructure comprises several security processors PS1, PS2 and several pairs, for example ME1a and ME1b, on the one hand, ME2a and ME2b, on the other hand on the other hand, or several trios, quartets or more of external memories ME, so that each of the security processors PS1, PS2, is associated with a pair, a trio, a quartet ... of external memories ME, synchronized with each other .
  • Such a structure has the advantage of improving the performance of the system by creating groups of data, by partitioning.
  • step A the two subsequent enrolled administrators AU1 and AU2, each having an external memory ME connected to the security processor PS, activate said security processor PS.
  • This step A therefore comprises the following operations:
  • A1 retrieving the context of the AU1 enrolled administrator
  • A3 activation by the AU1 enrolled administrator of the security processor PS,
  • ⁇ A4 activation by the AU2 enrolled administrator of the PS security processor.
  • a step B the security processor PS once activated retrieves a public key CP in a memory in order to authenticate them by the cryptographic module MC implementing a public key algorithm.
  • a step C if the security processor PS authenticates the enrolled administrators AU1 and AU2, it loads a set of data and instructions authenticated by these enrolled administrators AU1 and AU2 (operations C1 and C2 for the enrolled administrators AU1 and AU2) and execute it (operation C3).
  • this execution (operation C3) by the security processor PS produces a set of data some of which can be authenticated.
  • This set of data once produced by the security processor PS is stored in the external memory ME or memories used by the AU1 or AU2 enrolled administrator or administrators.
  • This step D therefore comprises the following operations:
  • D4 storage of data related to the enrolled administrator AU2 in the external memory ME.
  • the method also includes the following initial enrollment steps, in which an initial enrolled administrator A1 has a secure data processing set ETS and enrolls at least one subsequent enrolled administrator AU.
  • an initial enrolled administrator Al enrolls two or at least two subsequent enrolled administrators AU, respectively AU1 and AU2 for two subsequent enlisted administrators.
  • the description of the enrollment process is made in connection with an implementation with two subsequent enrolled administrators AU1 and AU2. However, as has been indicated, this feature of the number of subsequent enlisted administrators is not limiting. Also, more generally, an initial enrolled administrator Al can enlist a plurality of at least two subsequent enrolled administrators (AU).
  • the enrollment of these two subsequent enrolled administrators AU constitutes a first set participating in the definition of a first authentication context used for the subsequent executions.
  • the initial enlisted administrator Al may, at a later date, change any subsequent AU enlisted administrator who was previously enlisted. It can add one or more subsequent enlisted AU administrators. It can delete one or more subsequent enlisted AU administrators. It can modify the rights of one or more administrators later AU. In case of a subsequent change of any subsequent enlisted AU administrator who had been previously enlisted, the initial enlisted administrator Al implements the corresponding matching process. The updated context is then retrieved and the monotonic counter or counters incremented. Referring now to FIG. 6, the various enrollment steps of two subsequent enlisted administrators AU1 and AU2 are described.
  • This step A 'therefore comprises the following operations:
  • A'3 similarly, recovery of the authentication elements of the subsequent administrator AU2, A'4: transmission of the authorization program and authentication elements to the security processor PS.
  • a step B ' the execution by the security processor PS of the first set of data and instructions generates an encrypted and signed file comprising the authentication elements of the subsequent enrolled administrators AU1 and AU2, which is saved and stored. on an external memory ME to the security processor PS by each of said subsequent administrators AU1, AU2.
  • This step B 'therefore comprises the following operations:
  • step B ⁇ execution by the security security processor PS of the first set of data and instructions, at the same time as step C which will be discussed later,
  • step C ' the execution by the security processor PS of the first set of data and instructions (operation B ⁇ ) entails, at the same time, the incrementation of a monotone counter CM.
  • the three steps A ', B' and C, previously described, can be repeated several times to allow different groups of administrators to be subsequently enrolled AU, to load and to execute different sets of data and to instructions, all in order to be able to execute by the security processor PS and transmit to any electronic device or external network a sequence of operations.
  • This step is not mandatory, but only optional. It aims to ensure double security. If we want to double security, we realize this step.
  • the execution by the PS security processor of the set of data and instructions generates a second encrypted and signed file including data related to the execution of the code and which is saved and stored only by each of these later enrolled administrators AU1 and AU2, outside the security processor PS, in the external memory ME, which can cause the incrementation of one or more monotone counters CM.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
EP19714232.6A 2018-03-14 2019-03-13 Sichere datenverarbeitung Pending EP3765984A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1870286A FR3079044B1 (fr) 2018-03-14 2018-03-14 Traitement securise de donnees
PCT/FR2019/000033 WO2019175482A1 (fr) 2018-03-14 2019-03-13 Traitement sécurisé de données

Publications (1)

Publication Number Publication Date
EP3765984A1 true EP3765984A1 (de) 2021-01-20

Family

ID=63145118

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19714232.6A Pending EP3765984A1 (de) 2018-03-14 2019-03-13 Sichere datenverarbeitung

Country Status (10)

Country Link
US (1) US11822795B2 (de)
EP (1) EP3765984A1 (de)
JP (1) JP7374112B2 (de)
KR (1) KR102625023B1 (de)
CN (1) CN112470153A (de)
AU (1) AU2019233753B2 (de)
CA (1) CA3093385A1 (de)
FR (1) FR3079044B1 (de)
SG (1) SG11202008989UA (de)
WO (1) WO2019175482A1 (de)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102019108049A1 (de) * 2019-03-28 2020-10-01 Pilz Gmbh & Co. Kg Zugriffssteuerungssystem zur Steuerung eines Zugriffs eines Nutzers auf eine oder mehrere Betriebsfunktionen einer technischen Anlage

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7325130B2 (en) * 2003-03-21 2008-01-29 International Business Machines Corporation Method for guaranteeing freshness of results for queries against a non-secure data store
US8332653B2 (en) * 2004-10-22 2012-12-11 Broadcom Corporation Secure processing environment
FR2906380B1 (fr) 2006-09-27 2008-12-19 Trusted Logic Sa Systeme et procede de securisation de donnees.
JP5001123B2 (ja) * 2006-12-07 2012-08-15 パナソニック株式会社 記録デバイス、集積回路、アクセス制御方法、プログラム記録媒体
JP5052878B2 (ja) * 2006-12-12 2012-10-17 株式会社バッファロー 記憶装置及び利用者認証方法
US8589667B2 (en) * 2010-04-19 2013-11-19 Apple Inc. Booting and configuring a subsystem securely from non-local storage
CN102270285B (zh) * 2010-06-01 2013-12-04 华为技术有限公司 密钥授权信息管理方法及装置
US9202059B2 (en) * 2011-03-01 2015-12-01 Apurva M. Bhansali Methods, systems, and apparatuses for managing a hard drive security system
US9323950B2 (en) * 2012-07-19 2016-04-26 Atmel Corporation Generating signatures using a secure device
US8839353B2 (en) * 2012-11-09 2014-09-16 Microsoft Corporation Attack protection for trusted platform modules
JP6473674B2 (ja) * 2015-07-28 2019-02-20 ルネサスエレクトロニクス株式会社 通信端末およびプログラム
US11770373B2 (en) * 2017-09-25 2023-09-26 Telefonaktiebolaget Lm Ericsson (Publ) Provisioning of vendor credentials

Also Published As

Publication number Publication date
AU2019233753A1 (en) 2020-10-15
US11822795B2 (en) 2023-11-21
CN112470153A (zh) 2021-03-09
US20210042043A1 (en) 2021-02-11
FR3079044A1 (fr) 2019-09-20
AU2019233753B2 (en) 2024-03-28
SG11202008989UA (en) 2020-10-29
CA3093385A1 (fr) 2019-09-19
KR20210015757A (ko) 2021-02-10
KR102625023B1 (ko) 2024-01-15
JP2021517688A (ja) 2021-07-26
JP7374112B2 (ja) 2023-11-06
FR3079044B1 (fr) 2020-05-22
WO2019175482A1 (fr) 2019-09-19

Similar Documents

Publication Publication Date Title
US9477833B2 (en) Systems and methods for updating possession factor credentials
EP2100250B1 (de) System und verfahren zur datensicherung
EP3022867A1 (de) Strenges authentifizierungsverfahren
EP1494460A1 (de) Verfahren oder Vorrichtung zur Authentifizierung digitaler Daten mittels eines Authentifizierungs-Plugins
EP3586258A1 (de) Segmentiertes schlüsselauthentifikationssystem
WO2019175482A1 (fr) Traitement sécurisé de données
EP2285042A1 (de) Software-Sicherheitsmodul mit Verwendung einer Verschlüsselung des Hashwertes eines mit einer Saat verketteten Passworts
WO2004084525A2 (fr) Procede de protection d’un terminal de telecommunication de type telephone mobile
EP2492834A1 (de) Authentifizierungsverfahren eines Benutzers
WO1997040474A1 (fr) Systeme securise de controle d'acces permettant le transfert d'habilitation a produire des cles
CA2647239C (fr) Procede et serveur pour l'acces a un coffre-fort electronique via plusieurs entites
EP3166252B1 (de) Verfahren zur sicheren speicherung von daten, entsprechendes gerät und programm
EP3588337A1 (de) Steuerung einer datenspeichervorrichtung
FR2747813A1 (fr) Systeme securise de controle d'acces permettant l'invalidation automatique de cles electroniques volees ou perdues et/ou le transfert d'habilitation a produire des cles
EP1494461B1 (de) Verfahren oder Vorrichtung zur Authentifizierung digitaler Daten mittels eines Authentifizierungs-Plugins
EP3899765B1 (de) Neuinitialisierung eines anwendungsgeheimnisses über das endgerät
EP3179400B1 (de) Verfahren zum hochladen einer it-ressource in einem elektronischen gerät, elektronisches modul und entsprechendes computerprogramm
CA3098631A1 (fr) Authentification mutuelle d'un dispositif ou d'un systeme contenant des donnees sensibles ou confidentielles commandable par un utilisateur
WO2011000722A1 (fr) Procédé de validation distante d'un code exécutable
CH716300A2 (fr) Procédé de signature d'une transaction destinée à une blockchain, au moyen d'une clé cryptographique distribuée parmi les noeuds d'un réseau pair-à-pair sur lequel est déployée cette blockchain.
FR2789774A1 (fr) Procede de comparaison securise de deux registres memoire, et module de securite mettant en oeuvre ce procede
FR3068168A1 (fr) Memoire permanente comportant un dispositif de securite
FR3026875A1 (fr) Procedes de configuration d'un peripherique de type terminal connecte a un reseau afin de permettre une authentification forte d'un utilisateur
FR2762111A1 (fr) Procede et systeme de protection contre la copie et l'utilisation illicites d'un fichier informatique
EP2163030A2 (de) Zugangsverwaltungsverfahren

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20200922

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)