FR3068168A1 - Permanent memory having a security device - Google Patents

Permanent memory having a security device Download PDF

Info

Publication number
FR3068168A1
FR3068168A1 FR1700403A FR1700403A FR3068168A1 FR 3068168 A1 FR3068168 A1 FR 3068168A1 FR 1700403 A FR1700403 A FR 1700403A FR 1700403 A FR1700403 A FR 1700403A FR 3068168 A1 FR3068168 A1 FR 3068168A1
Authority
FR
France
Prior art keywords
zone
characterized
memory
memory according
comprises
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
FR1700403A
Other languages
French (fr)
Inventor
Benito Pennella
Original Assignee
Benito Pennella
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Benito Pennella filed Critical Benito Pennella
Priority to FR1700403A priority Critical patent/FR3068168A1/en
Publication of FR3068168A1 publication Critical patent/FR3068168A1/en
Application status is Pending legal-status Critical

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/22Safety or protection circuits preventing unauthorised or accidental access to memory cells
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C7/00Arrangements for writing information into, or reading information out from, a digital store
    • G11C7/24Memory cell safety or protection circuits, e.g. arrangements for preventing inadvertent reading or writing; Status cells; Test cells

Abstract

The pressing invention relates to a permanent memory comprising a security device, a smartphone, a computer or a server having such a memory. The pressing invention is primarily concerned with a permanent memory comprising a first zone (2, 102, 202) and a second zone (4, 104, 203), the first zone (2, 102, 202) and the second zone (4, 104, 203) being readable, the second zone (4, 104, 203) being writable, characterized in that it further comprises material means (3) for write protection in said first zone (2, 102, 202). The present invention applies to security, computing and telecommunications. It applies more particularly to securing IT and / or economic transactions, access control, authentication of persons or the like.

Description

Permanent memory with a security device

The pressing invention relates to a permanent memory comprising a security device, a smartphone, a computer or a server having such a memory.

Floppy disks and memory cards for known type cameras have a write-preventing latch. All the capacity of these permanent memories is not writable once the latch is activated. It is also known to secure transactions by sending by SMS a validation code to enter to authorize the transaction. Similarly, FR 1202164 describes a transaction security system based on the input on, for example a smartphone of a transaction validation key. Unfortunately the smartphone does not have its own security device preventing any hacking. In general, the security programs stored in known type memories are not protected against a modification unwanted by the user. These programs may therefore be modified fraudulently and / or maliciously.

It is therefore an object of the present invention to provide a system for securing transactions, protecting transmission and / or information processing devices such as smartphones, computers or servers against piracy, modifications unwanted, identity theft or the like.

These objects are achieved by the implementation of a permanent memory having a first zone and a second zone the first zone and the second zone being readable, the second zone being accessible in writing, characterized in that it comprises in addition to writing protection means in said first zone. Memory according to the invention characterized in that the first zone requires a write voltage greater than the write voltage in the second zone. Memory according to the invention characterized in that the first zone is made in EEPROM technology. Memory according to the invention characterized in that the second zone is made in flash EEPROM technology. The invention relates to a permanent memory having a first zone and a second zone accessible in reading, in said first zone. The invention also relates to a smartphone characterized in that it comprises a memory according to the invention. The invention also relates to a computer characterized in that it comprises a memory according to the invention. The invention also relates to a server characterized in that it comprises a memory according to the invention. The subject of the invention is also a recording reader characterized in that it comprises means capable of writing, in the first zone comprising material write inhibition means, memory according to the invention, despite the presence of said hardware means for writing inhibition. the invention also has for oojet a transaction securing process characterized in that i) comprises a step of storing custom transaction validation data in the first area of a memory according to the invention. The invention also relates to a transaction security method characterized in that it comprises a step of storing transaction validation programs in the first area of a memory according to the invention. The invention will be better understood from the following figures: FIG. 1 is a diagram illustrating an embodiment of a memory according to the invention; FIG. 2 is a diagram illustrating an exemplary embodiment of a smartphone according to the invention; FIG. 3 is a diagram illustrating an exemplary embodiment of a computer according to the invention; FIG. 4 is a diagram illustrating an exemplary embodiment of a set of servers according to the invention.

In Figure 1, we can see a permanent memory 1 (memory that stores the data stored until erasure even without power), having a first zone 2 protected on the hardware command 3 write but readable.

In a variant, the zone 2 is protected on hardware control 3 in reading and in writing, advantageously the zone 2 is not visible (detectable) before the activation of the hardware control 3.

The implementation of memories comprising several protected zones 2 is not outside the scope of the present invention. The memory 1 further comprises a zone 4 accessible for reading and writing,

The control or the means 3 for authorization or, on the contrary, of write inhibition in the protected zone 2 comprises, for example, a hardware device advantageously of the electric switch or mechanical switch type that can be associated with a position detector of the said switch. mechanical with its write management software of the host device for receiving the memory according to the invention. For example, it implements for the control 3 a mechanical switch of the type prohibiting writing on the SD memory cards. In a second variant embodiment, the hardware control 3 for inhibiting or authorizing writing in zone 2 comprises at least one additional connection (control bus) that is absent from the connector of the host device of memory 1 (typically a smartphone 5). (Fig. 2), a tablet, a standard memory card reader, a computer or the like). Advantageously, the additional connection allowing the writing in the protected area 2 is disposed on one side of the memory 1 opposite to the face of this memory carrying the other connections ensuring the reading of the protected area 2 and reading and writing in the unprotected zone 4. The complementary connection of the connection of the hardware control 3 for inhibiting or authorizing writing in zone 2 is arranged in a specific recording reader that can be connected, for example to an internal port or external (USB, SATA or similar) a secure computer intended and authorized to modify the s. 2. In a third embodiment, the hardware control 3 for inhibiting or authorizing writing in the zone 2 corresponds to a difference of write signals in the protected zone 2, for example a frequency or a write voltage greater than that required for writing in the unprotected zone 4. The evolution of the permanent electronic memories of the EEPROM (1SV) / then flash EEPROM (5V then 3V) has allowed a drop in voltage writing and erasure. The USB bus provides a voltage between 4.4 V and 5.25 V for the data between the V bus and the earth, the charging voltage of up to 20 V is never applied to memory card readers that regulate voltages. electrical devices applied to memory cards. The implementation, from the design stage, of a higher write voltage (or frequency) for the protected zone 2 inherently prevents the modification of the data recorded in this zone without affecting the possibility of reading this zone. For example, Zone 2 writes and reads Zone 2. For example, Zone 2 is etched with High Voltage Erase (EEPROM) technology while allowing playback with a standard drive. It is also possible to approach without reaching the write voltage of the unprotected zone 4. Advantageously, the unprotected zone 4 is made in a technology allowing reading and writing at low voltage (or frequency) while by supporting the write voltage (or frequency) of the protected zone 2 without damage. In any case, a write instruction in zone 2 by the host device will have no effect. Within the scope of the present invention, it is possible to combine the various control variants 3 for writing the protected area.

A specific recorder reader 105 (FIG. 3) adapted to the memory according to the invention 1,101,202 comprises the means for reading and writing in the zones 2 and 4. According to the variant or variants adopted, the specific recording reader 105 comprises the connections complementary to those of the memory according to the invention, means for selectively applying a voltage and / or frequency required only to the protected area 2 (to avoid any risk of destruction of the zone 4 if the write voltage of zone 2 is greater than the maximum voltage supported by zone 4 or the rest of the circuit of memory 1). It is understood that the implementation of specific recorder reader internal to the computer 100 is not beyond the scope of the present invention. For example, the end user wishing to write in the protected area 102 presses a hardware switch 107 (not activatable by the programs and thus protected from remote hacking) for temporary activation of the writing means in the protected area 102 of the memory 101. Advantageously, the switch 107 interrupts external access to the computer (internet, USB, ...) or even access to the mass memories other than the memory 101 when activating the device. in the protected area 102. The memory according to the invention is for example made in the so-called "micro SD" format allowing its introduction into a smartphone 5. However, it is understood that devices, including smartphones, not having memory permanent removable card reader or "micro SD" are not beyond the scope of the present invention. These devices are, according to the invention, provided with hardware means (hardware in English terminology) allowing, on command external to the smartphone 5, to activate the writing in the protected area 2. The protected area may store programs or data that can only be modified (or updated) by order of the legitimate user, such as the smartphone operating system, security programs or identification data (biometric, bank identification, codes or the like).

We will now describe the preferential mode of carrying out commercial, financial, computer or other transactions according to the invention. When subscribing to a contract, for example, to provide a bank card (credit card, debit card, withdrawal card, etc.) between a bank and an end user, the bank makes a 1.101 memory according to the custom invention by loading in the protected zone 2 the security program and / or the personal data enabling it to validate an operation to be secured. Advantageously, the program and the data are in accordance with those described in FR 1202164. The writing is carried out using a specific recording reader. Advantageously, the program stored in the protected zone 2 comprises an algorithm for receiving by a smartphone 5 an SMS telephone service message from the bank indicating the transaction in progress to be validated as well as a validation request. The program stored in zone 2 and executed on the smartphone 5 generates a validation code from the transaction data received and the personalized data stored in the protected zone 2. The code is either entered manually on the terminal (cash dispenser, payment terminal, computer or tablet making purchases via the Internet or the like). Advantageously, the code is transmitted by the device containing the memory according to the invention, typically a smartphone 5 retransmitting an SMS to the security server of the bank. It should be noted that the system according to the invention provides an additional level of security compared to known type systems in which the validation code is transmitted to the smartphone 5 of the end user, systems in which any interception of the code by a criminal allows him to validate a fraudulent operation. On the contrary, according to the invention, the code is generated in the smartphone 5 and can not be intercepted from a transmission between the bank and the end user. In addition, advantageously, the validation code is generated only if the end user presses the validation key agreed with the bank and stored in the protected area 2, for example a letter of the alphanumeric keyboard or a number of the keypad displayed on the smartphone screen 5.

Entering all other keys generates a repudiation code for the operation. Thus the theft of the smartphone 5 does not validate the operations without knowing the validation key triggering the generation of the validation code. This protection is advantageously enhanced by an encryption of personal data, including the key to enter and code generation data such as generating polynomials of a pseudo-random code generator. For particularly important operations, or randomly, the code generation program may require the acquisition of biometric data from the end customer, for example through the camera of the smartphone 5.

We will now describe, with reference to Figure 3, the preferred embodiment of the invention for the delivery to a previous configuration of a computer, including a personal computer for example after a decline in performance or a viral attack . The computer 100 comprises a permanent memory according to the invention, typically a magnetic hard disk (HD) or static (SSD) having a write protected area 102 and a working area 104 unprotected neither in writing nor in reading. The computer 100 is delivered to the final client with stored in the protected area 102 the data (drivers, partition image to be restored or the like) and computer restoration programs (partition copy software, operating system, software office or other delivered with the computer, startup program (MBR, ...) or the like). The memory zone 102 is write protected neither these data nor these programs can be modified accidentally or maliciously (virus, Trojan, ...).

When the user has performed a successful installation, typically a device (print, scan, ..), an update of the operating system or a program that he wants to be able to reinstall, he turns off the computer, sets the memory 101 in a specific recorder reader 105 and starts the computer 100. Advantageously the protected zone 102 bootable and has its own MBR. The selection of the boot partition is typically done during the BIOS boot test (POST) by entering a key of a foreman 106 and then choosing from a menu. Advantageously, the computer starts on the protected area 102. The user performs the writing (advantageously incremental, for example in the form of restore points) in the protected area 102 updates that can subsequently be reinstalled from preferably in work area 104 (or on another hard disk) or the like.

In case of a problem, for example following an unsuccessful program installation (failure, incompatibility, ...) or unwanted (virus), the end user reinstalls his default boot partition in the unprotected zone 104 of the memory 101 from the healthy data stored in the protected area 102. For example, the user enters the BIOS access key during startup and selects to start (boot) on the boot partition of the protected area 102. From of this zone 102 the user selects the version to be reinstalled (return to the factory configuration or a later restore point) then starts reinstallation, advantageously automatic of the default boot partition of the unprotected area of the memory 101. The operation can be performed as many times as necessary in case of successive viral infections or to safely try a particular configuration of the computer or a program. amme to try.

In FIG. 4, there may even be a WEB server 200 comprising a permanent memory 201, according to the invention, comprising a zone 202 that is materially protected in writing and a zone 203 that is not protected in writing. The zone 202 protected in stock write the contents of Web sites, Internet, Intranet or others which must not be able to be modified by hackers, such as the home pages of the sites, the slogans, the texts and the images. The unprotected zone in write stores your modified data, the information provided by the users connected to the site and the other data collected by the server 200. The memory 201 benefits from a software protection against the piracy, which unfortunately can prove Insufficient . In addition, zone 202 has hardware protection that can not be hacked remotely. Thus the server 200 according to the invention can operate autonomously, without human supervision, or with reduced supervision. The legitimate user updates or modifies the contents of the area 202 of the memory 201 by physically extracting this memory 201 from the server 200 and inserting it into a specific record reader 105 (FIG. the protected area 202. Advantageously, the computer 100 used for the update is secure against hacking and / or isolated computer networks. Advantageously, before putting on-line the modified content of the zone 202 is verified by a computer without writing means in this zone. The memory 201 is reinserted in the server 200, which restarts and is connected to the Internet. It is understood that the implementation of specific recorder reader internal to the computer 100 or the server 200 is not beyond the scope of the present invention.

During the update of the memory 201 of the server 200 another server, advantageously having the same level of security takes over the WEB as symbolized by the switch 204 in Figure 4.

The present invention applies to security, computing and telecommunications. It applies more particularly to securing IT and / or economic transactions, access control, authentication of persons or the like.

Claims (10)

  1. claims
    1. Permanent memory comprising a first zone (2,102,202) and a second zone (4,104,203) the first zone (2,102,202) and the second zone (4,104,203) being readable, the second zone (4,104,203) being writable, characterized in that it further comprises material means (3) for write protection in said first zone (2, 102, 202).
  2. 2. Memory according to claim 1 characterized in that the first zone (2,102,202) requires a write voltage greater than the write voltage in the second zone (4,104, 203).
  3. 3. Memory according to claim 1 or 2 characterized in that the first zone (2,102,202) is performed in EEPROM technology.
  4. 4. Memory according to claim 1, 2 or 3, characterized in that the second zone (4, 104, 203) is produced using flash EEPROM technology.
  5. 5. Smartphone characterized in that it comprises a memory according to claim 1,2,3 or 4.
  6. 6. Computer characterized in that it comprises a memory according to claim 1,2,3 or 4.
  7. 7. Server characterized in that it comprises a memory according to claim 1,2,3 or 4.
  8. 8. Recorder reader characterized in that it comprises means capable of writing in the first zone (2,102,202) comprising material means for writing inhibition, the memory according to claim 1,2,3 or 4, despite the presence of said material means of writing inhibition.
  9. 9. Transaction security method characterized in that it comprises a step of storing custom transaction validation data in the first area of a memory according to claim 1, 2,3 or 4.
  10. 10. Transaction security method characterized in that it comprises a step of storing transaction validation programs in the first area of a memory according to claim 1, 2, 3 or 4.
FR1700403A 2017-06-22 2017-06-22 Permanent memory having a security device Pending FR3068168A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
FR1700403A FR3068168A1 (en) 2017-06-22 2017-06-22 Permanent memory having a security device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FR1700403A FR3068168A1 (en) 2017-06-22 2017-06-22 Permanent memory having a security device

Publications (1)

Publication Number Publication Date
FR3068168A1 true FR3068168A1 (en) 2018-12-28

Family

ID=60302140

Family Applications (1)

Application Number Title Priority Date Filing Date
FR1700403A Pending FR3068168A1 (en) 2017-06-22 2017-06-22 Permanent memory having a security device

Country Status (1)

Country Link
FR (1) FR3068168A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4811293A (en) * 1985-04-20 1989-03-07 Sartorius Gmbh Method for storing data in an electrically erasable memory for carrying out this method
EP0707290A1 (en) * 1994-10-11 1996-04-17 Cp8 Transac Method and apparatus for loading a protected memory zone in data processing equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4811293A (en) * 1985-04-20 1989-03-07 Sartorius Gmbh Method for storing data in an electrically erasable memory for carrying out this method
EP0707290A1 (en) * 1994-10-11 1996-04-17 Cp8 Transac Method and apparatus for loading a protected memory zone in data processing equipment

Similar Documents

Publication Publication Date Title
US7346781B2 (en) Initiating execution of a computer program from an encrypted version of a computer program
DE69819485T2 (en) Method and device for the safe processing of cryptographic keys
CN1229705C (en) Biometric-based device and system and associated safety system
US8332650B2 (en) Systems and methods for setting and resetting a password
US5293424A (en) Secure memory card
US9202059B2 (en) Methods, systems, and apparatuses for managing a hard drive security system
US5515440A (en) Preboot protection of unauthorized use of programs and data with a card reader interface
US20070280510A1 (en) Systems and methods for performing secure network communication
US20040123127A1 (en) System and method for securing portable data
JP4720819B2 (en) Secure remote access system
US20100258625A1 (en) Dynamic Card Verification Values and Credit Transactions
US8843757B2 (en) One time PIN generation
KR100299954B1 (en) Secure bios
US8458484B2 (en) Password generator
US20100088527A1 (en) Memory protection system and method
EP1085396A1 (en) Operation of trusted state in computing platform
TWI221580B (en) Pre-boot authentication system
EP2143028B1 (en) Secure pin management
US9832019B2 (en) Authentication in ubiquitous environment
JP2005166049A (en) Memory storage device having fingerprint sensor, and method for protecting data stored therein
US7447911B2 (en) Electronic identification key with portable application programs and identified by biometrics authentication
KR100871181B1 (en) Protection against memory attacks following reset
US7303136B2 (en) Storage device
US7526652B2 (en) Secure PIN management
US20050044377A1 (en) Method of authenticating user access to network stations

Legal Events

Date Code Title Description
PLSC Search report ready

Effective date: 20181228

PLFP Fee payment

Year of fee payment: 3