MXPA99003968A - Method and security system for processing a security critical activity - Google Patents

Method and security system for processing a security critical activity

Info

Publication number
MXPA99003968A
MXPA99003968A MXPA/A/1999/003968A MX9903968A MXPA99003968A MX PA99003968 A MXPA99003968 A MX PA99003968A MX 9903968 A MX9903968 A MX 9903968A MX PA99003968 A MXPA99003968 A MX PA99003968A
Authority
MX
Mexico
Prior art keywords
security
user
activity
critical
processor
Prior art date
Application number
MXPA/A/1999/003968A
Other languages
Spanish (es)
Inventor
Wettergren Christian
Original Assignee
Wettergren Christian
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wettergren Christian filed Critical Wettergren Christian
Publication of MXPA99003968A publication Critical patent/MXPA99003968A/en

Links

Abstract

The present invention relates to a method, a security system and a security device for data processing a security critical activity in a secure management mode, said processing method comprising the steps of allocating the security device (40) in response to a call from the processor (14) or the input/output devices (4, 6, 8, 12), when in a normal mode, transferring the control of the data processing to the security device (40) and thereby entering the secure management mode, processing, with user involvement, the security critical activity on the security device (40), transferring the result of the data processing of the security critical activity to the processor (14), the input/output devices (4, 6, 8, 12) or within the security device (40), and transferring the control of the input/output devices (4, 6, 8, 12) and the control of the data processing from the security device (40) to the processor (14) and thereby again entering the normal mode.

Description

METHOD AND SECURITY SYSTEM FOR THE PROCESSING OF A CRITICAL SAFETY ACTIVITY BACKGROUND OF THE INVENTION Field of the Invention The present invention relates to a method, a security system and a security device, for processing data of a critical security activity.
Description of the Previous Art Advances in computers and communications technology have increased the flow of information between and within computer networks. This ability to communicate between computers and networks has also made it impossible to develop a wide variety of services that can be performed from your own personal computer. Such services can be for example email, home shopping, home banking, etc. Many of these services include critical safety activities that have to be carried out when REF .: 30135 the computer is online, such as when transferring money through the Internet. Carrying out such critical security activities is, of course, a security risk, since potential intruders can also hear and / or compromise these critical security activities by infiltrating the computer. One of the reasons for this is that the operating systems of the computers were not designed with security in mind, since these were personal and did not connect with any network. Therefore, it is easy to use fake codes, Trojan horses, or similar, to compromise the operating system of a personal computer and, consequently, the critical security activities in these. Also, more secure operating systems such as Unix, they can be engaged with relatively little effort. Nowadays, there is no operating system that protects the user of Trojan horses. To increase the security of an operating system, it has been suggested to provide firewalls between the local network and the available public networks, open to any intruder. Said firewalls filter the communication between the local network and the outside world, by means of allowing only selected services to pass through. If it is required to pass other services through the firewall, they will be enabled only if a valid password is presented. The communication is connected eventually, either with a personal computer or with a server computer, within the local network. This security measure will obviously increase security, but it still does not ensure that critical security activities are carried out in the way that the user originally conceived it. Vulnerabilities in the implementation of allowed, unfiltered services can allow an intruder to infiltrate a personal computer. Another possible security measure is to insert security mechanisms in the operating system, such as requiring passwords to access certain services. The biggest reason why the aforementioned security mechanisms are not completely secure is that they are based on software or software.
Since the software or software always contains faults, it is corruptible and can be consequently compromised by means of exploited security holes, fake codes, software or software of Trojan horses, etc. The security solutions based on software or software are also very fragile, that is, if the security of the operating system is compromised, all the data and all the applications that are executed in it, will also be compromised. . Another common security measure is the use of so-called "active cards" or "smart cards". These cards contain a small computer device that has a processor, memory and communication ports. Said devices may include a secret code, which is used to represent the identity of the user in the networks. The card is used together with a host system and the host system can ask the card that performs critical safety steps in the activities, along with the secret code. The host system can not read the secret code, it is retained inside the smart card. The processor of the smart card can not communicate directly with the user, it does not depend on the host system to relay the communication to the user, without any malicious intervention. As a result, the smart card can do very little to protect itself against software or malicious software on a host system.
On personal computers that use smart cards, any compromised application can cause the smart card to perform any action it would normally do, without having to involve the user. The application can order the smart card to sign any digital document, without the user recognizing it, nor to express any act of will, so that the signature is applied to the document. A different but similar proposal to increase the security of the system is to build a system called multilevel security operating system (LMS). Such systems tag objects and subjects according to a security classification and define rules to determine how information will be allowed to flow through the system. The classification of different security levels and the record that stores, which users have access to different levels of security, is very slow to maintain. Moreover, conventional personal computer applications are not compatible with the operating systems of the multilevel security system (LMS) and all applications must be made especially for the multilevel security system (LMS). This is certainly very expensive.
O94 / 01821 discovers a subsystem of reliable trajectories for workstations, such as personal computers. The system comprises a network computer, which is a computer with multilevel security system (LMS) and a workstation or terminal. The objective of the invention is to provide secure communication between the reliable subsystem of the computer with multilevel security system (LMS) and the workstation. To solve this problem, the personal computer is connected to a subsystem of reliable trajectories, which receives the encrypted data from the computer's reliable system with multilevel security system (LMS) and describes them without involving the workstation. Therefore, the application that is running in the multilevel security system (LMS) will be sure that the data received will be the same as the data sent from the reliable subsystem of the computer with multilevel security system (LMS) and vice versa. However, this system is limited to ensure the exchange of data between the subsystem of a computer with multilevel security system (LMS) and the networked computer, basically propagating the manipulation traces and writes of encrypted pixels from the system application multilevel security (LMS), towards the reliable subsystem of the workstation. Moreover, the application as a whole will be running in a high security environment in the multilevel security system (LMS). A great effort has been made to make sure that the application as a whole is safe. However, if the application is compromised, for example, through security holes in the application itself, or the system administrator attacks the application, the reliable system will not guarantee that the application presents the same information on the "secure" screen. "that when it has been signed more recently, since it lacks means for the involvement of users. Consequently, there are no requirements for the application to obtain an act of will from the user, with the aim of signing a digital document. British Patent Application number GB 2 267 986 discloses a security device for a computer. The purpose of this security device is to isolate the computer from the input / output devices, such as the keyboard and mouse, when critical security activities must be carried out. The security device comprises a processor that stores a plurality of programs for operating the security device, in either a transparent mode or a special management mode. In transparent mode, the data that is entered from the input / output devices, are transmitted by means of the security device, directly to the computer, that is, the security device is in a passive mode. In the special management mode, the security device will perform the data processing itself to execute one of the stored programs, without involving the computer. When the processor of the security device receives a command, which is associated with any program, of the plurality of programs stored there, it will initiate the special operation mode and execute one of the programs. The different programs stored in the security device processor will define all different critical security activities. The program may also, in some cases, require a password or something similar, before any critical security activity is executed. As soon as the password is received, the program will automatically execute the rest of the critical security activities. They can be stored in the security device, new programs, loaded from the computer, without involving any user in the loading process. As a result, no user can be sure of the steps performed within the security device, after loading a new program. Consequently, the application itself may be compromised and since signing a data block does not require any revision or act of will on the part of the user, it is possible that these activities are carried out that the user did not initially intend. Even though this system provides a high degree of security, it has a great disadvantage, that is, it lacks the capacity to involve users.
Brief Compendium of the Invention The ability to engage users is an essential part of performing critical security activities if, for example, the task of these activities is to create a group of legal documents. In the case where a document has to be signed traditionally, that is, on paper, it is required that the person who is going to sign the paper, be first identified by his signature, then read and verify the content of the paper and finally, Put your signature on the paper as an act of will. Thus, digital signature systems must be designed to allow the user to perform the same steps to sign a digital document, as if it were legally on paper. . Surprisingly, the inventor found that the methods used today, to carry out critical safety activities, as previously written, in contrast to this, are oriented towards a system, that is, the system is expected to carry out the activities of critical security and only consult the user occasionally with less important tasks. This routing towards the systems means that the system or application is capable of doing everything a user wants to do. Accordingly, such a system is capable of simulating the user. In a user-oriented system, the user is able to get involved in order to carry out certain steps, that is, the steps can not be simulated by the system or the application. Accordingly, the object problem to be solved by the present invention is to provide a method, a system and a device for processing critical security activities, which are user oriented and strongly involve the user in performing critical security activities.
This problem is solved by a method, a system and a device according to claims 1, 10 and 15, respectively. Preferred embodiments of the invention are defined in dependent claims 2 to 9, 11 to 14 and 16. By using the method according to the present invention, the user will be firmly involved each time a critical safety activity is to be performed, that is, the method is based on the user in contrast to the methods based on the previous art system. This proposal according to the invention, will guarantee that the user always has control over the critical security activity that is being carried out in the security system, since an act of will by the user is required, in order to effect said activities. Moreover, the method according to the invention provides a secure space in which critical security activities are processed. As a consequence of the method according to the present invention, it is possible to perform tasks such as signing documents legally, sending secret emails, making payments, charging cash cards, making secret telephone calls, etc., in a reliable and secure manner, by making use of the steps that involve the user. By providing a security system according to the present invention, together with switching and encryption devices, it is possible to encrypt data going to and coming from the input / output devices and consequently using the existing computer lines, towards the Data tunnel that goes towards the security device. Therefore the security system can be designed with a minimum of changes in a common computer. The only additional equipment needed is the security device, its connection lines and the switching and encryption devices. Accordingly, the security system according to the present invention does not need to create any additional barrier in order to create a secure space in which critical security activities are carried out.
Brief Description of the Drawings The following aspects and other aspects of the following invention will be better appreciated, with respect to the following detailed description of a specific embodiment of the invention, given by way of example only, when read in conjunction with the accompanying drawings, in where. Figure 1 shows a block diagram of the security system according to the present invention. Figure 2 shows a block diagram according to a second embodiment of the present invention. Figure 3 shows a flow chart of the general method, in accordance with the present invention. Figure 4 shows a flow diagram of a security step that verifies the presence of a user. Figure 5 shows a flow diagram of a security step that reconciles data. Figure 6 shows a flow chart of a security step that reveals data. Figure 7 shows a flow chart of a security step that marks the origin of an activity. Figure 8 shows a flow diagram of a security step that verifies the origin, marking it from a predetermined originator. Figure 9 shows a flow diagram of a security step that performs an irrevocable step.
Description of the Preferred Modalities, Figure 1 shows a security system according to one embodiment of the invention. Said system is used to carry out critical security activities when the system is connected to a public network and comprises an arbitrary personal computer 2, input / output devices such as a keyboard 4, a mouse 6, a screen 8 and a smart card read / write (r / w) 12. It should be understood that the number and type of security input / output devices used by the security system according to the invention may vary depending on which critical security activities are performed. Thus, it is not always necessary to use the mouse or the smart card (r / w) and in some cases, it may be desirable to use other input / output devices such as speakers, microphones and the like. Moreover, the personal computer 2 can be replaced by a terminal or the like, without departing from the scope of the invention. Accordingly, when reference is made to the processor of the personal computer 2, it also includes the processor to which the terminal is connected, ie the computer / terminal and the processor running the application, do not necessarily have to be in the same physical location. The personal computer 2 is provided with a processor 14, a read-only memory (ROM) 16 and a random access memory (RAM) 18. Each input / output device 4, 6, 8, 12 is connected to the personal computer 2 through an appropriate communication interface 20, 22, 24, 26, which is already well known to one skilled in the art. As can be seen in Figure 1, the screen 8 is connected to the personal computer 2 through a display device driver 10. Each input / output device 4, 6, 8, 12 is also provided with a switching device. and encryption 28, 30, 32, 34, whose functions will be described later. It is understood that the input / output devices 6, 8, 12 also have device drivers, which are incorporated in the switching and encryption devices 28, 30, 32, in the mode shown. The display device controller 10 comprises a screen control circuit 36 and a screen memory 38. In this embodiment of the present invention, the display device controller 10 is connected to a security device 40, which comprises a processor 42, a PROM memory 44 and a RAM 46. The processor 42 of the security device 40 is connected to the screen control circuit 36 and the screen memory 38 and also, the PROM memory 44 and the RAM 46. The processor 42 is also connected and, in addition, controls the switching and encryption device 34, provided in the screen control circuit 36. In this embodiment, the switching device and Encryption 34 serves as a blocking means, that is, it prevents the processor 14 of the computer 14 from accessing the display device driver 10. However, it should be understood that the security device 40 may also be provided in the personal computer. 2 or in a separate space, as long as the security device 40 is capable, without having to involve the processor 14, to the switching and encryption devices 28, 30, 32, 34, that is, the processor 14 at any time , will be able to take control over the switching and encryption devices 28, 30, 32, 34, which will be described below. Figure 2 shows an alternative embodiment of the security system, in which the security device 40 is incorporated within the personal computer 2. In this embodiment of the invention, the display device driver 10 is duplicated and the switching device and encryption 34 acts as a common and current switch, which is controlled by the security device 40, for the purpose of switching between two display device drivers 10. As mentioned above, the security system is used to effect critical security activities when the security system, that is, the personal computer 2, is connected and in line with a network. If the computer is an isolated computer, there is no need for a security device 40, since no intruder is able to hear or compromise the processed data. Accordingly, the present invention is directed toward computers that are online in networks. Critical security activities are activities that the user wishes to carry out with reservation, that is, without the danger of an intruder hearing or compromising the critical security activity. Examples of such critical security activities are transferring money, signing documents, preparing confidential emails and similar activities.
Security systems that have a configuration as described above can be operated in two different ways. In a first mode, defined as normal mode, the security system operates like a common computer, that is, that the security device 40 is in a passive mode. How a computer connected to a public network operates, is perfectly known by any expert in the art and therefore, will not be described more widely. In a second mode, defined as a safe operation mode, the security device 40 takes control of the data that is being processed, in order to perform, in a very reliable manner, different critical security activities. With reference to Figure 3, the operation of the security system in the secure management mode (SMM) will now be described in detail. In response to a call, in step 200, when the security system is operating in the normal mode, from the processor 14 or any of the input / output devices, i.e., the keyboard 4, the mouse 6, the screen 8 or the read / write smart card 12, the security device 40 will be assigned in step 202. The 404 then switches to those switching and encryption devices 28, 30, 32, 34 associated with the input / output devices 4. , 6, 8, 12 to be used during the safe operation mode in a protected mode in step 204. In order to perform a switching function, the security device 40 is provided with the means to generate signals to the devices of switching and encryption 28, 30, 32, 34. These means are preferably the processor 42 and the program steps stored in the PROM 42 memory. When the required devices of the switching and encryption devices 28, 30, 32, 34 are switched to protected mode, the security device 40 will be in control of the required input / output devices 4, 6, 8, 12 and the processor 14 of the personal computer 2 will not be able to receive No data are protection from it or send any data to it. In the protected mode, the switching and encryption devices 28, 30, 32, 34 will encrypt all the data transmitted from the input / output devices 4, 6, 8, 12. The security device 40 is at all times, the only one device that can control the input and output of protected mode. The unencrypted requests to the switching and encryption devices 28, 30, 34, 36 will not be executed, unless a non-critical security activity is required. Depending on which input / output devices 4, 6, 8, 12 are associated with the switching and encryption devices 28, 30, 32, 34, they can be provided with special functions. This function will be available only from the security device 40 and not from the processor 14, even when the switching and encryption devices 28, 30, 32, 34 are in the normal mode. The switching and encryption device 32, associated with the smart read / write card 12, has a function such that it only allows certain non-critical security requirements to pass through the smart card of read / write 12. If it is not provides this precautionary measure, there is the possibility of being able to manipulate the read / write smart card 12 during the normal mode, with the aim of circumventing the security device 40, in the safe operation mode. As mentioned above, the processor 42 of the security device 40 shown in Figure 1 has a direct access to the display device driver 10 and, consequently, the switching and encryption device 34 needs to perform only a blocking function. and not encryption. In the embodiment shown in Figure 2, the switching and encryption device 34 has the function of a common and current switch. When encrypting the data coming from the input / output devices .4, 6, 8, 12, it is possible to use the lines of the existing personal computer 2, to propagate the data to the security device 40. Consequently, the security system can be designed with a minimum of changes made to a common computer and current. The only additional equipment that is needed is the security device 40, its connection lines and the switching and encryption devices 28, 30, 32, 34. As mentioned above, the security device 40 can be connected to or within the computer in various ways, as shown in Figure 2, or for example provided separate physical lines between the security device 40 and the input / output devices 4, 6, 8, 12. However, the mode shown in Figure 1 is preferred, since the security device 40 within this mode has direct control over the screen memory 38 and the screen control circuit 36, which otherwise would have to be duplicated .
When the switching and encryption devices 28, 30, 32, 34 are not in protected mode, they can act as an ordinary connection between the input / output device and the computer. After taking control over the input / output devices 4, 6, 8, 12, the security device 40 also takes control over all data that is being processed, to be performed in the secure operation mode, in step 206 When operating the security system in this manner, that is, transferring control of the in-process data of an application running on the processor 14 and controlling the input / output devices 4, 6, 8, 12, to the security device 40, a secure space is created in which the critical security activities can be executed. Then, in step 208, the security device 40 will begin to process the critical security activities. During the processing of the critical security activities, the security device 40 will involve the user, that is, the execution steps that are performing the critical security activities, which are stored in the PROM memory 44 of the security device 40, they are not made automatically. Accordingly, in step 210, the security device 40 will verify if the user has been involved. If the answer in step 210 is NO, the security device 40 will verify the period of time during which the user has not been involved in step 212. If the user has not been involved for a certain time limit, after a step that has been carried out, the security device 40 exceeds in time and normal mode is entered in step 214. If the time limit has not been reached, it will be verified again if the user has been involved in the step 210. If the answer in step 210 is YES, it will be verified if the critical safety activity has been completed, in step 216. Yes the answer in step 216 is NO, the processing step 208 and the step of involving the user 210 will be repeated as frequently as necessary. Accordingly, the security device 40 according to the present invention is provided with the means to involve the user. The means for involving the user are the essence of the present invention. This security proposal is completely different, comparing it with the system-oriented proposals used in the previous art, such as GB 2 267 986. The step of involving the user will be described in more detail, below.
When the critical security activities have been processed in step 208 and 210 by means of the security device 40 and the user, the processing will end in step 281 and the result of this will be transferred, in step 220, to the processor 14 of the personal computer 2, to an output device 12, or it will remain in the security device 40, for later use. The transfer of the result is the last step in the safe operation mode of the security system. The security device 40 hereinafter, in step 222, will transfer the control of the input / output devices 4, 6, 8, 12, the switching and encryption devices 28, 30, 32, 34 and the control of the data processing, from the security device 40 to the personal computer 2, by switching the switching and encryption devices 28, 30, 32, 34 to a normal mode. Switching from the protected mode to the normal mode is, as mentioned above, only possible to perform from the 40, and not from the processor 14. In order to further increase, the involve the user, the switching devices and encryption 28, 30, 32, 34 can be manually switched and not by means of the security device 40. In this case, the security device 40 must be capable of reliably and reliably determining, the state of the switching and encryption devices 28, 30, 32, 34, in order to be able to decide when the critical security activity can begin or when it has to be interrupted. The security device 40 may be further provided with an indicator, not shown in the figures, indicating when the security device 40 is in control and the system is operating in the safe operation mode. This indicator will make the user aware of when he can perform critical safety activities. Therefore, the security system and the general method to process a critical security activity have been described. As mentioned above, the essence of the present invention is to involve the user and in order to fully understand the different examples of the steps of the invention to carry out the involvement of the user, they will now be described. All these steps are part of a critical security activity and the interaction with the user will always be carried out by means of the switching and encryption devices 28, 30, 32, 34, in protected mode. Depending on the task to be performed by the critical security activity, different combinations of the steps can be used, mixing together with the steps carried out by means of the security device 40. It should be understood that if the different grounds for involving the user are combined, the dialogue with the user from several steps, can be combined within an interaction. Thus, even though all the examples described below are part of a critical security activity, it should be understood that they should not be in part in all activities or in the same critical security activity. One step of the critical security activity that occurs frequently is to check the presence of the user. This step is shown schematically in Figure 4 and can be effected by allowing the user to present proof of identity, for example through the read / write smart card 12, or by allowing the user to enter a password. Biometrics, such as speech recognition or fingerprinting, can also be used to identify the user's presence. If the user is not present, the additional processing of data in the safe handling mode will be interrupted and will start in the normal mode, if not, the processing of the critical safety activity will continue. It should be understood that the security device 40 may contain information stored about different users. This will allow different users to make use of the same security system. Another step that can be carried out through the critical security activity is to reconcile data. This step is shown schematically in Figure 5. In this step, the user first makes a request for the critical security activity to be performed with a reconciled result, by means of the keyboard 4 or the mouse 6. The requisition is then presented to the user on screen 8 or by the speakers. The user then has to select the recipients of the reconciled result by means of using the keyboard 4 or the mouse 6. Then, a reminder of the critical security activity is executed and the results are reconciled with the selected receivers. Also another step, shown schematically in Figure 6, which may be part of the critical security activity, is to reveal data to the user. When the reconciled data is received in the personal computer 2, the safe operation mode will be initiated, either by user request or automatically if the reconciled data contains a command to call and assign the security device 40. Before the reconciled data will be loaded into the security device 40, the user has to check its presence, in order to ensure that only the data allowed, are loaded in the security device 40. Henceforth, if the user's identity is correct, he must enter his identities and keys, preferably using the smart card of read / write 12. If these are valid, the security device 40 will initiate the processing and the description of the reconciled data and present the received data in an appropriate output device, such as screen 8 or speakers. If the keys are not valid, the normal mode will start. It should be understood that the order in which the presence of the user is checked and the identities and keys are entered can be reversed without changing the result of this step. An additional step of a critical security activity concerns the generation and verification of a mark of origin, shown schematically in Figures 7 and 8. The generation of a mark of origin, begins with the request made by a user, of a activity with source mark through, for example, the keyboard 4 or the mouse 6. The request is then presented to the user on screen 8 or on another output device and if the request is correct, the user accesses the activity . If the answer is not accessed, it will enter the normal mode, but it is accessed, the activity will be executed and the results selected from it, are digitally formed to mark its origin. Depending on the activity that is being carried out, the user will be able to interact during this process. To verify the source mark, the user must first determine and block at least one originator, by using an input device, such as the keyboard 4 or the mouse 6. The at least one originator is then presented to the originator. user on screen 8 or similar, and when signed results are received, each signature is verified to confirm at least one originator. If the signature is valid, processing will continue in the safe operation mode, if not, it will enter the normal mode. An important step in a critical security activity is to allow the generation of an irrevocable step, such as signing the document. In this case, shown schematically in Figure 9, a request to perform said step must first be made. This request together with the arguments of this step, are presented to the user on screen 8 or similar and then, the user has the option to alter or enter new arguments. From here on, the user has to accept or reject the request. In this way it is always guaranteed to involve the user with his signature, before an irrevocable step is made. When the user has made this acceptance, the processing continues. If the user has not made this acceptance, within a pre-established time limit, the normal mode will be entered. Thus, a number of steps involving the user have been described. However, it should be understood that there are other different steps and combinations of these that fall within the scope of the invention. For example, many of the steps described above describe that the user has to enter data in order to ensure that the user is involving their signature, but it will be understood on the contrary that this data can be presented to the user as an option and that then the user will have to confirm with an act of will, that these data are correct. The essence of the invention is that methods are provided to involve the user, that is, in the modality described above, a security device 40 has a processor 42 and a PROM memory 44 in which the steps to involve the user are stored. , described above. At a higher level, the user intervention steps described above, involve tasks such as signing legal documents, sending secret mail, making payments, charging cash cards, making secret phone calls, etc. It is considered that there are numerous other high-level tasks that can be carried out safely by using the user intervention steps described above, and in particular also those tasks that will emerge as the technology advances. When signing legal documents or making payments, the following steps are required, from the user intervention steps mentioned above; check the presence of the user and allow generation. To further increase security, the steps of source marking and reconciliation can also be incorporated. Sending secret emails may involve the steps of reconciling and optionally marking of origin. Charging a cash card may involve the steps of allowing the generation and marking of origin, which may correspond to making a request to load the cash card. When the request is granted, charging the cash card may involve the steps of disclosing the result and verifying the originating mark. Making a secret telephone call may require the steps of reconciling, revealing, marking the origin and verifying the mark of origin, to be continuously involved during the secret telephone call. While this invention has been described in terms of preferred embodiments thereof, it should be appreciated that other forms can be adopted immediately, by any person skilled in the art. Accordingly, the field of this invention should be considered as limited only by the following claims. It is noted that, with regard to this date, the best method known by the requested, to carry out the present invention, is that which is clear from the present, discovering the invention. Having described the invention as above, the content of the following is claimed as property.

Claims (17)

1. A method for processing data from a critical security activity, the critical security activity being part of an application running in a system comprising a processor, input / output devices, and a security device, said processing method characterized because it includes the following 10 steps: assign to the security device, in response to a call from the processor or any of the input / output devices, when in a normal mode; 15 transfer the control of data processing of the application and the control of the input / output devices from the processor, to the security device and, consequently, entering the operating mode 20 secure in which, the processor is unable to access any of the input / output devices; process with the intervention of the user, the critical security activity in the device 25 security; transfer the result of the data processing of the critical security activity to the processor, the input / output devices or within the security device; Y transfer the control of the input / output devices and the control of the data processing from the security device, to the processor and, consequently, entering the normal mode.
The method according to claim 1, characterized in that the step of transferring the control of the input / output devices further comprises the step of switching each required input / output device to a protected mode.
The method according to claim 1 or 2, characterized in that the step of processing the critical security activity with the intervention of the user, additionally comprises the steps of: verify the period of time during which the user has not intervened and if the user has not been involved within a pre-established time limit, conclude the time of the security device and enter the normal mode and if not, continue the processing of the critical security activity.
The method according to any of the preceding claims, characterized in that the step of processing the critical safety activity with the intervention of the 10 user, comprises: allow the user to present his identity test in order to verify the presence of the user and if the user is present, 15 continue processing the critical security activity and if not, enter normal mode.
5. The method according to any of claims 1 to 3, characterized in that the 20 processing step of the critical safety activity with the intervention of the user, includes the steps of: making a request that the critical safety activity must be carried out with the result reconciled, present the request to the user on an output device, allow the user to select or accept the recipients of the reconciled result, through the input device and if it is not selected, enter the norm mode, and if it is not, execute the critical security activity, and reconcile the result of the execution to deliver it to the selected receivers.
The method according to any of claims 1 to 3, characterized in that the step of processing the critical security activity with the intervention of the user, comprises the steps of: load the reconciled data received in the security device, check the validity of the identities and keys and if they are valid, describe the reconciled data and present the received data in an appropriate output device to the user and if it is not, enter normal mode.
The method according to any of claims 1 to 3, characterized in that the step of processing the critical security activity with the intervention of the user, comprises the steps of: making a request for an activity with maraca of origin, present the request to a user, in an appropriate output device, allow the user to access the request and if it is accessed, execute the activity and then mark the selected results of this and if it is not, enter normal mode.
The method according to any of claims 1 to 3, characterized in that the step of processing the critical security activity with the intervention of the user, comprises the steps of: . allow the user to verify and block at least one originator, present the user to at least one originator, verify the signature of the signed results received to verify at least the originator and if it is confirmed, enter normal mode.
The method according to any of claims 1 to 3, characterized in that the step of processing the critical security activity with the intervention of the user, comprises the steps of: make a request for the generation of an irrevocable step, present the request together with the arguments of this step, give the user the option to alter the arguments or to enter new arguments, allow the user to accept or reject the generation request and yes it is accepted, continue processing, including the irrevocable step and if it is rejected, enter normal mode.
A security system to process data from a critical security activity, the critical security activity being part of an application running in the security system, characterized in that it comprises: a processor; some input / output devices; a security device; means for transferring application data processing control and control of the input / output devices from the processor, to the security device and, consequently, entering the secure operation mode in which the processor is incapable to have access to any of the input / output devices; means for processing, with the intervention of the user, the critical security activity in the security device; means for transferring the result of the data processing of the critical security activity to the processor, the input / output devices or within the security device; and means for transferring the control of the input / output devices and the control of the data processing from the security device, to the processor and, consequently, entering the normal mode.
The security system according to claim 10, characterized in that the means for involving the user comprise a processor provided in the security device and a PROM memory provided in the security device, and comprising the programmed user intervention steps.
The security system according to any of claims 10 or 11, characterized in that the security device is connected to a display device controller.
The security system according to any of claims 10 to 12, characterized in that it comprises two display device controllers and wherein the processor and the security device are each connected to one of the display device drivers separately .
14. The security system according to any of claims 10 to 13, characterized in that the means for transferring the control of the input / output devices from the processor to the security device, and vice versa, are switching and encryption devices.
15. A security system comprising means for engaging the user, characterized in that it comprises a processor and a PROM memory 44, having the user intervention steps programmed, which are performed when the device is running a critical security activity.
16. The security system according to claim 15, characterized in that it additionally comprises the means for generating switching signals to be applied to the switching and encryption devices.
17. The security system according to claim 15, characterized in that the means for generating the switching signals comprise a processor and a PROM memory, which is provided with the programmed switching generation steps.
MXPA/A/1999/003968A 1996-10-30 1999-04-28 Method and security system for processing a security critical activity MXPA99003968A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE9603962 1996-10-30

Publications (1)

Publication Number Publication Date
MXPA99003968A true MXPA99003968A (en) 2000-02-02

Family

ID=

Similar Documents

Publication Publication Date Title
EP0825512B1 (en) Method and apparatus for enforcing the use of cryptography in an international cryptography framework
US8341707B2 (en) Near real-time multi-party task authorization access control
CN112513857A (en) Personalized cryptographic security access control in a trusted execution environment
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
EP3788760A1 (en) Systems and methods for adding watermarks using an embedded browser
CA3096504A1 (en) Systems and methods for providing data loss prevention via an embedded browser
KR102107277B1 (en) System and method for anti-fishing or anti-ransomware application
US9871804B2 (en) User authentication
US11061999B2 (en) Systems and methods for dynamically enforcing digital rights management via embedded browser
US6618809B1 (en) Method and security system for processing a security critical activity
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
EP3759629B1 (en) Method, entity and system for managing access to data through a late dynamic binding of its associated metadata
CN106130968A (en) A kind of identity identifying method and system
KR20160110704A (en) Using method for mobile payment and payment service system thereof
MXPA99003968A (en) Method and security system for processing a security critical activity
CN111079109A (en) Local security authorization login method and system compatible with multiple browsers
CN111488620A (en) File processing method and device, mobile terminal and storage medium
US6996840B1 (en) Method for executing a security critical activity
CN116401651B (en) Information storage safety protection method, system and storage medium
CN105141623A (en) Control method of electronic account, control system and mobile terminal
KR20160110706A (en) Using method for mobile payment and payment service system thereof
CN117714151A (en) Access control method, system and medium for encrypted traffic
WO2000038072A1 (en) Method for executing a security critical activity
CN115408097A (en) Docker container management and control method and system
Kayden et al. Heterogeneous workstation to STU-III prototype