WO2001055820A2 - Systeme de traitement de donnees - Google Patents

Systeme de traitement de donnees Download PDF

Info

Publication number
WO2001055820A2
WO2001055820A2 PCT/DE2001/000017 DE0100017W WO0155820A2 WO 2001055820 A2 WO2001055820 A2 WO 2001055820A2 DE 0100017 W DE0100017 W DE 0100017W WO 0155820 A2 WO0155820 A2 WO 0155820A2
Authority
WO
WIPO (PCT)
Prior art keywords
data processing
processing device
program
program object
processing system
Prior art date
Application number
PCT/DE2001/000017
Other languages
German (de)
English (en)
Other versions
WO2001055820A3 (fr
Inventor
Bernd Hochdorfer
Original Assignee
Infineon Technologies Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infineon Technologies Ag filed Critical Infineon Technologies Ag
Publication of WO2001055820A2 publication Critical patent/WO2001055820A2/fr
Publication of WO2001055820A3 publication Critical patent/WO2001055820A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • the invention relates to a data processing system, in particular a data processing system with two communicating data processing devices.
  • a dongle that is connected, for example, to the parallel interface of a data processing system or more recently to the Universal Serial Bus (USB) is a component that uses suitable hardware to carry out logical tasks such as encrypting and counting system starts, for example, and a program, which controls this hardware, confirms the licensing of a program.
  • the program to be executed on the computer sends a request to the dongle and sends an answer back to the program. If this answer is the expected one, the program can carry out its tasks in the computer so that it can be used by the user.
  • a dongle is therefore limited to sending a type of "OK" signal without otherwise interfering with the functionality of the program.
  • the program on the computer is working or is not working entirely.
  • the program to be performed contains places in which the query of the dongle is programmed. By tracking this down Query points in the program can be removed from the program using suitable programming tools. A program modified in this way can therefore be reproduced without having to use the software protection (dongle) provided.
  • a further disadvantage is that it is possible to use replicas of the dongle used for a program in order to deceive the querying program about the true license status.
  • the program provider may charge a different price.
  • Word processing software is used only once a month or permanently.
  • the present invention is therefore based on the object of avoiding the disadvantages outlined in the prior art, outlined above, by providing a new type of flexible software management.
  • the invention relates to a system in which parts of the software are outsourced to an external system which is inaccessible to the user.
  • the invention relates to at least two data processing devices, on each of which Program projects run that can only achieve the functionality of an application program in connection with each other.
  • the invention in another aspect, relates to a billing system which is located in an external data processing device shielded by the user.
  • the invention is therefore directed to a data processing system having a first data processing device with at least a first program object, an interface device connected to the first data processing device and a second data processing device connectable to the interface device, which contains a read-only memory with at least one second program object located therein, the first and the second program object has program interfaces for communication with one another and the first program object is only fully functional if the communication of the program objects by
  • Connection of the second data processing device to the interface device is made possible.
  • a data processing device in the sense of the present invention is to be understood as a unit which is suitable for independent data processing. This must therefore consist of a computing unit which is able to process program codes, a memory in which such a program code is located and in which, if applicable. Data are stored, as well as input and
  • Output interfaces for communication of the data processing device with its environment such as for example input / output channels for controlling
  • a program object in the sense of the present invention is to be understood as a program code (sequence of commands to the computing unit), which forms a self-contained functional unit and is capable of processing the program code on request from outside, for example by other program objects Calculate results on the computing unit and pass them on to other program objects, or display them on output media.
  • a program object is decoded step by step from a memory in the computing unit and executed there. The delimitation of a program object is not always easy, since a program object can have several functions, which in turn can be carried out by partial program objects of a program object. However, the term program object and its use are sufficiently familiar to the person skilled in the art.
  • An interface device in the sense of the present invention is to be understood as a physical unit which is able to connect at least two but also more data processing devices to one another in such a way that data between these data processing devices is transported in at least one direction, but preferably in both directions can be.
  • a program interface in the sense of the present invention includes defined data structures or
  • a read-only memory in the sense of the present invention is any memory which is capable of receiving program code or data, which can not be changed by the user of a program and a first data processing device without undue effort.
  • a read-only memory can be a ROM which does not permit changes to the data stored therein. These are therefore not accessible to a user.
  • the read-only memory be programmable one or more times. However, this is done by special programming devices that are not accessible to the user or by
  • Program objects stored in the data processing device can also analyze the functionality on which they are based.
  • the sequence of the interaction of the first data processing device and the second data processing device follows the following general flow diagram.
  • program part which has been outsourced to a second data processing device; Transfer of parameters via the interface;
  • the parameters and the results can also be transferred in encrypted form in order to reliably prevent manipulation of the mechanism by unauthorized persons.
  • the first data processing device preferably has an application program with a plurality of first program objects.
  • An application program typically consists of a large number of functional units, which can be referred to here as program objects and which can interact with one another and with program objects which are stored on the second data processing device.
  • the at least second program object can have functions which can be called up by at least one first program object via the interface and which are necessary for the full functionality of the first program object.
  • the program that is to run on the first data processing device for example, cannot be started at all, if not the second
  • the second data processing device fulfills a function similar to the dongle, albeit a more complex one.
  • the "full functionality" can consist in that the second data processing device has at least one
  • the program is basically also without the connection to the second
  • Data processing device has limited executability.
  • data processing devices can be used to allow different program versions to be created through specifically outsourced functionality components, although only a single program has to be distributed and installed on the computer (first data processing device).
  • the performance features can thus be generated in the desired composition.
  • the "full functionality" of the first program object can relate to the fact that the second data processing device contains at least one program object which replaces the functionality of at least one corresponding first program object.
  • Program objects of the first data processing device and program objects of the second data processing device can take place.
  • Data processing device opens up completely new possibilities in the service design of a software provider. It is thus possible to design the program on the first data processing device in such a way that the first data processing device has a program object which can store error messages from the first data processing device and / or further program objects located on the first data processing device in a memory of the second data processing device.
  • a corresponding program object can be provided on the second data processing device, which accepts the data from the first program object on the first data processing device and stores it in a memory (which of course cannot then be a read-only memory).
  • the second data processing device at least one
  • Data processing device has a program object which can read and identify at least one license key stored in a memory of the second data processing device. Since the second data processing device is an independent data processing device with a computing unit and suitable program objects, it is possible to use a dongle functionality of the second, if desired
  • Such a licensing system can include different modes of billing the use of the software license. For example, the number of operations called, the number of system initializations, system starts, date limits, for example an expiry date of the license, the duration of the programs or the computing power consumed when deciding whether the license is still valid or has already expired can be taken into account.
  • the license key is then currently calculated in the second data processing device based on such criteria and output to a first program object on the first data processing device. It is therefore no longer a classic in the classic sense
  • License key but more about information as to whether the program object may start correctly depending on various evaluation parameters.
  • Data processing device simply have a program object which, on request of a program object of the first data processing device, can transmit a license key or a consent signal to the first data processing device.
  • the data processing system can be characterized in that the second
  • Data processing device has at least one second program object which is able to determine how long and / or how often first program objects of the first data processing device are used and which can store the corresponding information.
  • the invention is preferably limited to one
  • Data processing device has a program object, which on request of a program object of the first
  • Data processing device can transmit a version key to the first data processing device.
  • the second data processing device is a transportable unit.
  • a transportable unit is to be understood as one which can be carried out without great effort
  • Interface device can be removed and can be sent back and forth between users and software manufacturers via usual transport routes, for example by post.
  • the second data processing device is a chip card.
  • Chip card is usually a flat card, for example in the format of a check card, on which an integrated circuit as a computer unit and a memory, etc. which is located at the top of the
  • the computing unit on the chip card makes it possible to
  • Data processing device houses, numerous possibilities are available.
  • the second data processing device is permanently installed in the computer or so with the computer (first
  • a plug-in board that implements the second data processing device or that embodies the second data processing device in the form of an installation housing for a hard disk insert.
  • the card to be installed must be adapted to the bus system used in the computer, for example PCI, Future Bus or Nubus.
  • a second data processing device installed in the first data processing device in the form of a standalone built-in housing can be used via conventional internal
  • Channel systems are connected to the first data processing device, for example via SCSI connections or
  • USB Universal Serial Bus
  • serial or parallel interfaces or even via conventional network connections such as the Internet or token ring.
  • conventional network connections such as the Internet or token ring.
  • the alternative to a fixed installation in the computer or directly on the computer is to install the second data processing device in a mobile manner.
  • the connection between the first and second data processing device is designed such that it can be easily canceled, preferably even during operation, as is possible with modern bus systems such as Firewire or USB.
  • the interface device is also possible to design the interface device as an external unit, for example in the form of a chip card reader or a PCMCIA connection or via a connection to another interface. Accordingly, chip cards or PCMCIA or other logic cards must be used.
  • the data processing system according to the invention with a connectable second data processing device has numerous advantages and gives software developers a completely new flexibility in distribution, maintenance and Licensing your software. Will be the second
  • Carried out data processing device portable for example, a program can be installed on several computers, after connecting the second data processing device to the respective computer
  • Parts of a program being tested do not need to be installed with the installation of the main program on the first data processing device, but can be stored in the second data processing device, so that after the completion of a corresponding program part, the second part can be replaced
  • Data processing device is sufficient to provide error-free functionality to the user. A partial reinstallation of the program on the first data processing device is therefore not necessary.
  • Figure 1 shows a highly schematic embodiment of the present invention. This becomes a mobile one System shown in which a computer 1 is the first
  • the interface device 2 has a contact strip with contacts 3 and screws 4, which can be screwed into corresponding screw holes at the interface of the first data processing device 1 by means of their end pieces 5.
  • the interface device 2 also has a receptacle 6 into which a second data processing device, here a chip card 7, can be inserted.
  • the interface device 2 can also be equipped with a plurality of receptacles 6.
  • the second data processing device 7 is a so-called smart lock card and has an interface with which a coupling to the interface device is possible, a logic unit, a program memory and a memory for data.
  • the power supply also takes place via the interface device 2.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

La présente invention concerne un système de traitement de données, qui comprend un premier dispositif de traitement de données (1), incluant au moins un premier objet programme, un dispositif d'interface (2), connecté au premier dispositif de traitement de données (1), ainsi qu'un second dispositif de traitement de données (7), pouvant être connecté au dispositif d'interface (2) et comprenant une mémoire morte qui inclue au moins un second objet programme. Selon cette invention, le premier objet programme et le second objet programme présentent des interfaces programmes permettant la communication entre eux. Le premier objet programme n'est complètement fonctionnel que lorsque la communication des objets programmes est permise par la connexion du second dispositif de traitement de données (7) au dispositif interface (2). Le second dispositif de traitement de données est de préférence portable, par exemple une carte à puce, alors que le premier dispositif de traitement de données peut être un ordinateur courant.
PCT/DE2001/000017 2000-01-25 2001-01-05 Systeme de traitement de donnees WO2001055820A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10003086.6 2000-01-25
DE2000103086 DE10003086A1 (de) 2000-01-25 2000-01-25 Datenverarbeitungssystem

Publications (2)

Publication Number Publication Date
WO2001055820A2 true WO2001055820A2 (fr) 2001-08-02
WO2001055820A3 WO2001055820A3 (fr) 2002-06-20

Family

ID=7628650

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2001/000017 WO2001055820A2 (fr) 2000-01-25 2001-01-05 Systeme de traitement de donnees

Country Status (2)

Country Link
DE (1) DE10003086A1 (fr)
WO (1) WO2001055820A2 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2835331B1 (fr) * 2002-01-28 2008-08-22 Gemplus Card Int Procede de controle de l'exploitation de contenus numeriques par un module de securite ou une carte a puce comprenant ledit module
DE102004056635A1 (de) * 2004-11-23 2006-05-24 MICON Verein zur Förderung der Mobilität im Internet und in Kommunikationsnetzen e.V. Verfahren zur Softwaredistribution

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997003398A1 (fr) * 1995-07-13 1997-01-30 Sigbjoernsen Sigurd Protection d'un logiciel contre une utilisation sans autorisation
WO1999066387A1 (fr) * 1998-06-12 1999-12-23 Gemplus Procede de controle de l'execution d'un produit logiciel

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3633297A1 (de) * 1986-09-30 1988-03-31 Siemens Ag Hochwirksamer schutz von software gegen unerlaubtes oder missbraeuchliches benutzen auf anderen als auf dem oder den mit schutz ausgelieferten rechnersystem oder rechnersystemen
DE4302634A1 (de) * 1993-01-30 1994-08-04 Ralf Waldorf Stahringer Rechner

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997003398A1 (fr) * 1995-07-13 1997-01-30 Sigbjoernsen Sigurd Protection d'un logiciel contre une utilisation sans autorisation
WO1999066387A1 (fr) * 1998-06-12 1999-12-23 Gemplus Procede de controle de l'execution d'un produit logiciel

Also Published As

Publication number Publication date
DE10003086A1 (de) 2001-08-02
WO2001055820A3 (fr) 2002-06-20

Similar Documents

Publication Publication Date Title
DE19612999C2 (de) System zur Sicherung geschützter Software gegen unbefugte Benutzung in Rechnernetzwerken
DE69531082T2 (de) Verfahren und Vorrichtung mit einem Verschlüsselungskopfteil, die es ermöglicht, Software zu erproben
DE3809170C2 (fr)
DE112007003231B4 (de) Programmierbare Anzeigevorrichtung und Steuersystem
EP0928444B1 (fr) Dispositif pour proteger un appareil electronique
WO2008095866A2 (fr) Procédé pour autoriser l'accès à au moins un élément d'automatisation d'une installation technique
DE102007063528A1 (de) System und Verfahren zum Schützen eines Sicherheitsbereichs eines Systems
EP1164456A1 (fr) Mécanisme pour la protection de logiciels
EP1226484A2 (fr) Appareil electronique
WO2001055820A2 (fr) Systeme de traitement de donnees
DE60125854T2 (de) Abnehmbare elektronische Vorrichtung zur Erhöhung der Funktionalität eines Hauptprozessors und Steuerungsverfahren dazu
EP0464320A2 (fr) Méthode pour protéger individuellement des supports de données contre une utilisation non autorisée
DE60316183T2 (de) Verfahren und vorrichtung zur abwechselnden aktivierung einer austauschbaren hardwareeinheit
DE19533209C2 (de) Vorrichtung zur Zuordnung der Benutzer in einem Computer-Netzwerk
DE10001126A1 (de) Chipkarte als Dongle
DE10200184A1 (de) Verfahren zur Lizenzierung von Softwareprogrammen
DE4103173C5 (de) Vorrichtung zum Schutz gegen unautorisierte Benutzung von Software
DE19537074A1 (de) Testgerät insbesondere für elektronische Steuergeräte in Kraftfahrzeugen
EP1288768A2 (fr) Clé électronique intelligente
WO1993023807A1 (fr) Procede de protection de programme assurant la protection d'un systeme informatique
DE4302634A1 (de) Rechner
EP0184023A1 (fr) Procédé et appareil de protection contre l'exécution non autorisée de programmes protégés dans un micro-ordinateur
DE102004047191A1 (de) Manipulationsgeschütztes Mikroprozessorsystem und Betriebsverfahren dafür
DE102015119140A1 (de) Verfahren zum Steuern des Zugriffs auf verschlüsselte Dateien und Computersystem
EP1460510B1 (fr) Procédé de communication sécurisée entre un calculateur électronique et un équipement de sécurité

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): BR CN IN JP KR MX RU UA US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): BR CN IN JP KR MX RU UA US

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP