WO2000011535A1 - Improvements in and relating to data processing apparatus and verification methods - Google Patents
Improvements in and relating to data processing apparatus and verification methods Download PDFInfo
- Publication number
- WO2000011535A1 WO2000011535A1 PCT/GB1999/002669 GB9902669W WO0011535A1 WO 2000011535 A1 WO2000011535 A1 WO 2000011535A1 GB 9902669 W GB9902669 W GB 9902669W WO 0011535 A1 WO0011535 A1 WO 0011535A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- input channel
- input
- password
- data processing
- security device
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
Definitions
- the present invention relates to data processing apparatus and to verification methods.
- the present invention aims to provide in preferred embodiments thereof, data processing apparatus and verification methods that address at least one of these problems .
- a data processing apparatus comprising a first input channel and a second input channel each for inputting signals, a security device for verifying a password, and means for determining whether the password input to the security device comes from the second input channel, in which the security device will verify a correct password from the first input channel, but not from the second input channel, in which the security device is configured to receive signals from the first input channel and configured not to receive signals from the second input channel .
- the device determines whether the password input thereto comes from the second input channel, ie it physically cannot come from this channel .
- the device receives signals only from the first input channel.
- the device cannot receive signals from the second input channel .
- the apparatus further comprises means to determine whether the security device has verified the password and, if not, to vary operation of the apparatus.
- the variation will be a restriction in operation, typically it will render the apparatus unusable.
- the first input channel comprises a first peripheral input device.
- the first peripheral input device comprises a keyboard and the security device is located to receive signals from the keyboard and transmit them to a keyboard controller or to a bus.
- the device is located between the keyboard controller and the keyboard bus.
- “between” is in the electronic sense, ie receives output from the keyboard controller and generates an input for the keyboard bus. The device thus acts as an interface between the keyboard controller and the bus .
- the apparatus further comprises a control unit (such as a CPU) which interrogates the security device to determine whether a correct password has been entered.
- a control unit such as a CPU which interrogates the security device to determine whether a correct password has been entered.
- a password protected operation is performed only if the control unit receives such verification.
- the device encrypts all signals it receives.
- a decryption tool is provided between the output of the device and the application to which they key presses comprise instructions.
- a method of verifying which of a first input channel and a second input channel is used in data processing apparatus comprising the steps of upon input of a password to the apparatus, a security device receiving input from the first input channel not from the second input channel declining password authorisation, if the input is through the second input channel, and if the correct password is input through the first input channel providing a password verification.
- the method includes the step of determining whether the security device has verified the password and, if not, varying the operation of the apparatus. Normally, the variation will be a restriction in operation. Typically, it will render the apparatus unusable.
- a control unit such as a CPU interrogates the security device to determine whether the correct password has been entered.
- the method includes the step of receiving signals only from the first input channel.
- the data processing apparatus includes a device for receiving signals.
- the device cannot receive signals from the second input channel .
- the first input channel comprises a first peripheral input device.
- the first peripheral input device comprises a keyboard and the security device is located to receive signals from the keyboard and transmit them to a keyboard controller or to a bus.
- the device is located between the keyboard controller and the keyboard bus.
- “between” is in the electronic sense, ie receives output from the keyboard controller and generates an input for the keyboard bus. The device thus acts as an interface between the keyboard controller and the bus .
- the apparatus further comprises a control unit (such as a CPU) which interrogates the security device to determine whether a correct password has been entered.
- a control unit such as a CPU which interrogates the security device to determine whether a correct password has been entered.
- a password protected operation is performed only if the control unit receives such verification.
- an electronic data processing apparatus typically a personal computer (“PC") 2.
- the PC 2 receives input signals from peripheral input devices (eg keyboard, data socket, pen, voice recognition microphone etc) .
- peripheral input devices eg keyboard, data socket, pen, voice recognition microphone etc.
- the PC includes a keyboard 4 having an associated bus 6 and a keyboard controller 8 forming a first input channel from the keyboard 4.
- the PC 2 also has at least one further input channel 10 for signals corresponding to those from the keyboard 4.
- this further input channel 10 will comprise a data socket for receipt of digital signals transmitted from a remote modem (not shown) .
- the PC 2 generally treats signals received via the data socket in the same way as those received from the keyboard 4, except as set out below.
- a security device 12 is located between the keyboard controller 8 and the bus 6. That is, the security device 12 is located to receive signals from the first input channel (the keyboard 4) , but not from the further input channel (the data socket 10) .
- the security device 12 has the following characteristics.
- the security device 12 is typically embodied in a board (not shown) including a microprocessor.
- the board may be integral to the PC 2 or be a separate plug-in board.
- the security device 12 requires a password to be input to pass keyboard signals to the bus 8. If the password is not provided on demand (a limited number of tries may be permitted before a lock-out) the security device 12 will either block signals or vary them, for instance by encryption, to be unusable.
- the security device 12 is configured so that upon receipt of the correct password it is activated for a predetermined period of time, according to the in-built real-time clock. The period of time can be varied based upon the password or other authorisation received. While activated, the security device 12 transmits keyboard signals unaltered. When not activated it is in the encryption state and encrypts signals passing therethrough (or may block them) . Thus, while in the encryption state the central processing unit (“CPU") of PC 2 cannot understand the output of keyboard 8.
- CPU central processing unit
- the security device 12 when activated and authorised receives input signals from the keyboard bus and outputs them to the keyboard controller.
- the delay is insignificant .
- the PC 2 is configured to require a password before permitting access to certain functions or data (which may be all functions and/or data) .
- a word-processing file may be password protected.
- the PC CPU Before permitting access to the file, the PC CPU requires confirmation from the security device 12 that the correct password has been entered. Only if the CPU receives verification from the security device that the correct password has been entered will it perform the password protected operation. Since the security device 12 can only receive inputs from the keyboard, it is not possible to enter the password from any other source .
- data will be encrypted and decryption will only be permitted upon verification from the security device 12.
- key logging attacks This is where a hacker loads a short application on to a PC to be attached which application interrogates the operating system to determine each keystroke as it is pressed. A record of keystrokes can be used to inspect confidential information and/or retrieve passwords .
- the security device 12 can be set to encrypt all key presses according to a predetermined encryption algorithm.
- An encryption algorithm is used to ensure that generally a given key press when repeated does not generate as an output from the security device 12 the same output.
- a tool is additionally provided between the operating system and the application to be controlled by the key presses to decrypt the encrypted key press data. Therefore since the key press information available to the operating system is encrypted it is of no use to a key logger.
- password that can comprise any signal or combination of signals and need not be a "word” at all.
- the apparatus may only verify input from other inputs, usually being peripheral input devices .
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP99939540A EP1105783A1 (en) | 1998-08-20 | 1999-08-12 | Improvements in and relating to data processing apparatus and verification methods |
AU53809/99A AU5380999A (en) | 1998-08-20 | 1999-08-12 | Improvements in and relating to data processing apparatus and verification methods |
JP2000566733A JP2002523823A (en) | 1998-08-20 | 1999-08-12 | Improvements in data processing devices and confirmation methods and related improvements |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9818184.5 | 1998-08-20 | ||
GB9818184A GB9818184D0 (en) | 1998-08-20 | 1998-08-20 | Improvements in and relating to data processing apparatus and verification methods |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000011535A1 true WO2000011535A1 (en) | 2000-03-02 |
Family
ID=10837584
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1999/002669 WO2000011535A1 (en) | 1998-08-20 | 1999-08-12 | Improvements in and relating to data processing apparatus and verification methods |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1105783A1 (en) |
JP (1) | JP2002523823A (en) |
AU (1) | AU5380999A (en) |
GB (1) | GB9818184D0 (en) |
WO (1) | WO2000011535A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050015611A1 (en) * | 2003-06-30 | 2005-01-20 | Poisner David I. | Trusted peripheral mechanism |
JP2018063563A (en) * | 2016-10-12 | 2018-04-19 | Jns株式会社 | Computer device and computer system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0549511A1 (en) * | 1991-12-26 | 1993-06-30 | International Business Machines Corporation | Method and system for delaying the activation of inactivity security mechnanisms in a multimedia data processing system |
US5355414A (en) * | 1993-01-21 | 1994-10-11 | Ast Research, Inc. | Computer security system |
WO1995026085A1 (en) * | 1994-03-18 | 1995-09-28 | Innovonics, Inc. | Methods and apparatus for interfacing an encryption module with a personal computer |
WO1997046931A1 (en) * | 1996-06-05 | 1997-12-11 | Ckd (S.A.) | Device for ensuring the safety of computerised transactions, in particular for electronic payment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05158879A (en) * | 1991-12-05 | 1993-06-25 | Nec Corp | Keyboard lock type secrecy protecting device |
JPH0619568A (en) * | 1992-06-30 | 1994-01-28 | Sanyo Electric Co Ltd | Data input controller |
JPH0651886A (en) * | 1992-07-31 | 1994-02-25 | Hitachi Ltd | Keyboard with security function |
TW320697B (en) * | 1997-05-30 | 1997-11-21 | Winbond Electronics Corp | Security control circuit for computer system power switch |
-
1998
- 1998-08-20 GB GB9818184A patent/GB9818184D0/en not_active Ceased
-
1999
- 1999-08-12 AU AU53809/99A patent/AU5380999A/en not_active Abandoned
- 1999-08-12 EP EP99939540A patent/EP1105783A1/en not_active Ceased
- 1999-08-12 WO PCT/GB1999/002669 patent/WO2000011535A1/en active Application Filing
- 1999-08-12 JP JP2000566733A patent/JP2002523823A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0549511A1 (en) * | 1991-12-26 | 1993-06-30 | International Business Machines Corporation | Method and system for delaying the activation of inactivity security mechnanisms in a multimedia data processing system |
US5355414A (en) * | 1993-01-21 | 1994-10-11 | Ast Research, Inc. | Computer security system |
WO1995026085A1 (en) * | 1994-03-18 | 1995-09-28 | Innovonics, Inc. | Methods and apparatus for interfacing an encryption module with a personal computer |
WO1997046931A1 (en) * | 1996-06-05 | 1997-12-11 | Ckd (S.A.) | Device for ensuring the safety of computerised transactions, in particular for electronic payment |
Also Published As
Publication number | Publication date |
---|---|
GB9818184D0 (en) | 1998-10-14 |
AU5380999A (en) | 2000-03-14 |
JP2002523823A (en) | 2002-07-30 |
EP1105783A1 (en) | 2001-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5844497A (en) | Apparatus and method for providing an authentication system | |
CN100401271C (en) | Data access method and apparatus for storing safety key enciphering (SAKE) equipment to control network | |
US8707049B2 (en) | Authentication method and key device | |
US6480958B1 (en) | Single-use passwords for smart paper interfaces | |
CN101689237B (en) | Activation system architecture | |
US9003177B2 (en) | Data security for digital data storage | |
US7096370B1 (en) | Data security for digital data storage | |
US20040255119A1 (en) | Memory device and passcode generator | |
EP1338940A1 (en) | Universal password generator | |
CN1529856A (en) | Internet third-pard authentication using electronic ticket | |
US20070271465A1 (en) | Method of Authentication by Challenge-Response and Picturized-Text Recognition | |
CN102077208A (en) | Licensing protected content to application sets | |
EP1025503A2 (en) | Reconfigurable secure hardware apparatus and method of operation | |
KR100332690B1 (en) | Secret key security device with USB port | |
CN100492247C (en) | Method for protection against fraudulent modification of data and corresponding equipment and intelligent card | |
JP2005535026A (en) | Universal user information registration method and system via network | |
CN102222195A (en) | E-book reading method and system | |
KR101116607B1 (en) | Printing apparatus having security funcition and method for the same | |
EP1105783A1 (en) | Improvements in and relating to data processing apparatus and verification methods | |
EP1104554A1 (en) | Improvements in and relating to electronic security devices | |
JPH11265318A (en) | Mutual certification system, its method and recording medium | |
KR100458281B1 (en) | Method for inhibiting unlawful usage of a software, contents or information using source security technology | |
JP2009003700A (en) | Program for permitting prescribed processing of application | |
WO2001095074A2 (en) | A method and system for securely displaying and confirming request to perform operation on host | |
KR20030087874A (en) | Multi-level Security Method for Data on Computing Device based on security levels assigned to data or applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1999939540 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09763105 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1999939540 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |