WO2001093212A2 - Appareil et procedes pour utiliser une carte intelligente virtuelle - Google Patents

Appareil et procedes pour utiliser une carte intelligente virtuelle Download PDF

Info

Publication number
WO2001093212A2
WO2001093212A2 PCT/US2001/017542 US0117542W WO0193212A2 WO 2001093212 A2 WO2001093212 A2 WO 2001093212A2 US 0117542 W US0117542 W US 0117542W WO 0193212 A2 WO0193212 A2 WO 0193212A2
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
private key
virtual smart
request
key
Prior art date
Application number
PCT/US2001/017542
Other languages
English (en)
Other versions
WO2001093212A3 (fr
Inventor
John Richard Muir
Kurt Uno Rudolf Edgar Lennartsson
Leif Olov Billstrom
Original Assignee
Pointsec Mobile Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pointsec Mobile Technologies, Inc. filed Critical Pointsec Mobile Technologies, Inc.
Priority to AU2001275051A priority Critical patent/AU2001275051A1/en
Publication of WO2001093212A2 publication Critical patent/WO2001093212A2/fr
Publication of WO2001093212A3 publication Critical patent/WO2001093212A3/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/342Cards defining paid or billed services or quantities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/02Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
    • G07F7/025Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices by means, e.g. cards, providing billing information at the time of purchase, e.g. identification of seller or purchaser, quantity of goods delivered or to be delivered

Definitions

  • the present invention relates to computing systems and electronic devices. Specifically, the present invention relates to a virtual smart card for providing data security.
  • WWW World Wide Web
  • portable electronic devices e.g., electronic tokens, smart cards, personal data assistants, cellular phones, and other like devices
  • a problem with the exchange of sensitive data is security.
  • a cryptographic system converts plain, readable data into unreadable encrypted data (“ciphertext”) using complex mathematical algorithms and an encryption key.
  • ciphertext unreadable encrypted data
  • an encryption key To read ciphertext, a decryption process is required, which requires a decryption key.
  • the decryption process converts the ciphertext into readable data using the decryption key along with complex mathematical algorithms.
  • secret key cryptography requires identical encryption and decryption keys that are used to share sensitive data.
  • the secret key is exchanged between users, and used to encrypt and decrypt data.
  • a disadvantage of secret key cryptography is that the secret key has to be exchanged.
  • Public-key cryptography requires a key pair which consists of a public encryption key (“public key”) and a private decryption key (“private key”), which are unique for each user.
  • public key is made available to the public such that any user may use the public key to encrypt data, which can only be decrypted by the private key of a receiving party.
  • the public key is not used in the decryption process. As such, the public key and the private key do not have to be exchanged.
  • the private key may also be used to sign data such that others can verify the originator of the data. For example, a user can create a digital signature with the user's private key to allow others to determine the identity of the user.
  • a user's digital signature is specific data that can only be made by a user of a private key specific to the user.
  • FIG. 1 illustrates a conventional PK security system 50 having a private key 45, which is accessible to a device operating system 25.
  • PK security system 100 may operate within the Microsoft ® Windows ® 2000 Public Key Infrastructure (PKI).
  • PKI Public Key Infrastructure
  • the PKI provides a cryptographic application program interface (crypto API) 30.
  • Crypto API 30 is an interface between the device operating system and cryptographic processes.
  • Cryptographic processes are provided by cryptographic service providers.
  • cryptographic service providers provide software or hardware functions that perform cryptographic algorithms to secure data for a computing system.
  • conventional PK security system 50 shows a computing system 10 including an application 20, device operating system 25, crypto API 30, and memory 40 storing private key 45.
  • Computing system 10 is illustrated as an Internet access device running application 20.
  • application 20 is illustrated as a web browser application.
  • application 20 may be a Netscape ® web browser or a Microsoft ® Internet Explorer ® web browser.
  • Application 20 operates with device operating system 25.
  • device operating system 25 is a Microsoft ® Windows ® family operating system.
  • Application 20 is shown to perform a process that requires use of private key 45 stored in memory 40.
  • application 20 may allow a user to request a digital signature using private key 45 or decrypt data using private key 45.
  • Crypto API 30 is an interface to private key 45 and performs cryptographic processes using private key 45.
  • crypto API 30 may perform cryptographic algorithms to generate a digital signature using private key 45.
  • a user of application 20 can send the digital signature to another user connected in a networking environment with computing system 10.
  • a disadvantage of conventional PK security system 50 is that crypto API 30 is not isolated from the operating system. As a result, private key 45 is exposed to device operating system 25. By being exposed to device operating system 25, private key 45 may be exposed to unauthorized users who may have improperly accessed computing system 10 and device operating system 25. Furthermore, private key 45 may be exposed to computer viruses through device operating system 25 that may attack computing system 10 and destroy or alter private key 45.
  • FIG 2 illustrates another conventional PK security system 70 supporting a smart card interface 50 and a smart card 65.
  • conventional PK security system 70 may operate within a Microsoft ® PC/SC smart card infrastructure. This infrastructure allows cryptographic service providers to provide smart cards that perform cryptographic functions.
  • a smart card may be used to provide a private key for a digital signature.
  • conventional PK security system 70 shows a computing system 10 including an application 20, device operating system 25, smart card interface 50, and smart card reader driver 55.
  • application 20 and device operating system 25 operate in a similar manner as in Figure 1.
  • Smart card reader driver 55 is coupled with an external smart card reader 60 that receives smart card 65.
  • Smart card 65 stores a private key 67.
  • Smart card 65 performs cryptographic functions using private key 67.
  • Smart card 65 communicates with computing system 10 through smart card interface 50, smart card reader driver 55, and smart card reader 60.
  • Smart card 65 is a portable electronic device having embedded micro- circuitry that can store and process electronic data.
  • smart card 65 is the size of a credit card having embedded memory to store data and an embedded processor to process data.
  • Smart card 65 performs a number of functions. For example, smart card 65 may be used to verify a user's identity, permit access to a computer or a network, or purchase goods and services. Smart card 65 may also ensure both authentication and authorization of the user to perform specific functions using private key 67.
  • Smart card reader 60 is a device that interfaces smart card 65 with computing system 10.
  • Computing system 10 and smart card reader 60 communicate with each other through smart card reader driver 55.
  • Smart card reader driver 55 is computer code that is used by device operating system 25 to communicate with smart card reader 60.
  • Device operating system 25 communicates with smart card reader 60 through smart card interface 50.
  • Computing system 10 may be configured through smart card interface 50 to support various smart card interfaces, e.g., PKCS (Public Key Cryptographic Services) 11, Microsoft ® PC/SC, Crypto API for smart cards.
  • PKCS Public Key Cryptographic Services
  • An apparatus includes a smart card interface and a virtual smart card.
  • the virtual smart card is configured to emulate a physical smart card as if a physical smart card were connected with the smart card interface.
  • Figure 1 is an illustration of a conventional public-key key security system having a private key accessible by an operating system
  • FIG. 2 is an illustration of another conventional public-key security system supporting a smart card
  • Figure 3 is an illustration of an exemplary computer system supporting a virtual smart card
  • Figure 4 is a block diagram of one embodiment of a computer system for operating a virtual smart card
  • Figure 5 is an illustration of an exemplary networking environment for using virtual smart cards
  • Figure 6 is an illustration of one embodiment of a memory space having a hidden memory space
  • Figure 7 is an illustration of one embodiment of a virtual smart card driver logic
  • Figure 8 is a flow diagram of one embodiment of a process for configuring a computer system for a virtual smart card
  • Figure 9 is a flow diagram of one embodiment of a process for providing boot security for a computer system using a virtual smart card
  • Figure 10 is a flow diagram of one embodiment of a process for using a private key using a virtual smart card.
  • An apparatus including a smart card interface and a virtual smart card is described.
  • the virtual smart card is configured to emulate a physical smart card.
  • a virtual smart card may perform calculations for security processes such as cryptographic calculations.
  • the virtual smart card is not limited to any particular type of calculation.
  • the virtual smart card may perform a Rivest-Shamir-Adleman (RSA) calculation, Elliptic Curve Cryptography (ECC) calculation, a Digital Signature Algorithm (DSA) calculation, or another type of calculation.
  • the virtual smart card may perform calculations for user authentication, access control, encryption, digital signatures, distributed authentication, secret-key agreement via public key, bulk data encryption, or other functions. Requests for a smart card are intercepted and processed by the virtual smart card.
  • An example of the function of the virtual card is as follows.
  • a request to use a cryptographic function is received by the virtual smart card system.
  • the request may be to use a private key.
  • the private key is stored in a restricted memory space that is configured to be accessible by the virtual smart card.
  • the request is validated by the virtual smart card. If the request is valid, the request is processed by the virtual smart card using the private key stored in the restricted memory space.
  • the virtual smart card allows users to have physical smart card capability without the cost and compatibility issues of physical smart cards.
  • the virtual smart card may be configured to support different types of smart card interfaces.
  • the virtual smart card may further be configured to support dynamic change of virtual smart card types.
  • FIG. 3 is an illustration 100 of an exemplary computing system 110 supporting a virtual smart card 151.
  • Computing system 110 includes virtual smart card 151 that emulates a smart card for computing system 110.
  • virtual smart card 151 operates to perform access device interface (ADI) functions for computing system 110.
  • ADI access device interface
  • virtual smart card 151 may be used to authenticate a user prior to permitting access to the operating system of computing system 110.
  • computing system 110 supports a PK infrastructure that operates with virtual smart card 151.
  • Computing system 110 may operate with any smart card infrastructure.
  • the smart card infrastructure may be a Microsoft ® PC/SC - CAPI smart card infrastructure, or a PKCS#11 infrastructure.
  • computing system 110 may support other types of security infrastructures by adding the appropriate top level application programming interface (API), for example to replace PKCS#11.
  • API application programming interface
  • Computing system 110 includes application 120, device operating system 125, smart card interface 150, and virtual smart card 151.
  • Virtual smart card 151 includes virtual smart card driver 155 and memory 140.
  • Memory 140 is a restricted memory space 170 used for storing private keys 167. Restricted memory space 170 and private key 167 are normally inaccessible to operating system 125 and applications
  • Virtual smart card 151 provides software code, which upon execution, emulates a physical smart card for device operating system 150.
  • Computing system 110 may be a general-purpose computer.
  • computing system 110 may be a computing device such as a personal data assistant (PDA), cellular phone, a laptop computer, workstation, or a server workstation.
  • PDA personal data assistant
  • Computing system 110 operates with virtual smart card 151 believing virtual smart card 151 is a smart card.
  • computing system 110 may operate as an Internet access device running application 120.
  • application 120 is illustrated as a web browser application.
  • application 120 may be a Netscape ® web browser or a Microsoft ® Internet Explorer ® web browser.
  • Alternative applications 120 may be non- Internet related. Any application 120 may request certain smart card functions.
  • Application 120 provides an interface between a user and computing system 110.
  • Application 120 operates with device operating system 125 to perform functions for computing system 110.
  • Device operating system 125 is an interface between applications running on computing device 110, for example, application 120, and input and output devices coupled to computing device 110.
  • Device operating system 125 may be a Microsoft ® Windows ® family operating system.
  • device operating system 125 may be a Palm Pilot ® operating system, or another operating system.
  • device operating system 125 sends commands designated for a smart card to smart card interface 150.
  • a user may use virtual smart card 151 to access computing system 110, as will be described below.
  • a user may further encrypt and decrypt data using virtual smart card 151.
  • a user may request, through application 120, to encrypt data using private key 167.
  • Smart card interface 150 is coupled to virtual smart card 151 through virtual smart card driver 155.
  • Virtual smart card driver 155 is software code, which upon execution, emulates a physical smart card.
  • virtual smart card driver 155 operates to intercept commands from device operating system 125 designated for smart card interface 150 and to process the commands. Virtual smart driver 155 may also perform cryptographic calculations and to send the calculated results to device operating system 125 such that device operating system 125 believes it is receiving results from a smart card.
  • Virtual smart card driver 155 may also provide software code, which upon execution, emulates smart card functions for security and financial transactions.
  • Virtual smart card driver 155 may also provide software code, which upon execution, emulates a smart card in any number of formats such as a PKCS # 11 or a PC/SC - CAPI smart card format.
  • a user may select a desired smart card format to emulate.
  • the smart card format being emulated may be changed on the fly.
  • virtual smart card driver 155 receives a request from a user through application 120.
  • Virtual smart card 151 processes the request and sends a result to application 120.
  • virtual smart card 151 creates a restricted memory space 170 ("hidden memory space"). Space is designated as restricted memory space 170, making it generally inaccessible to the operating system and normal applications running on top of the operating system. For one embodiment, this may be done by altering pointers or marking the sector bad, to indicate to the operating system that the data in that portion of memory is inaccessible. For another embodiment, this may be done by encrypting the data in the space, thus making the data inaccessible to the operating system.
  • Virtual smart card driver 155 uses such restricted memory 170 to store private keys 167. Virtual smart card driver 155 may further use restricted memory space 170 to store encrypted and decrypted data. In one embodiment, the restricted memory space 170 is on the hard drive. In another embodiment, restricted memory space 170 may be any type storage media, i.e. random access memory (RAM), read-only memory (ROM), electrically erasable programmable ROM (EEPROM), flash memory, compact disc (CD), CDROM, floppy, etc.
  • RAM random access memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable ROM
  • flash memory compact disc (CD), CDROM, floppy, etc.
  • Private key 167 is data that is unique to a specific user. Private key 167 may be used in a public-key (PK) infrastructure. Alternatively, private key 167 may be used in a secret key infrastructure. Private key 167 may be used for a number of security functions such as providing digital signatures that are unique to private key(s) 167.
  • PK public-key
  • private key 167 may be used in a secret key infrastructure. Private key 167 may be used for a number of security functions such as providing digital signatures that are unique to private key(s) 167.
  • Restricted memory space 170 may include any number of keys with varying bit lengths. Private keys 167 are used by virtual smart card driver 155 to perform cryptographic calculations. For example, virtual smart card driver 155 may use private keys 167 to perform cryptographic calculations to encrypt or decrypt data or provide digital signatures. Restricted memory space 170 may also include private keys 167 for multiple users. Each user may have a separate private key 167, stored in a separate part of the restricted space.
  • FIG. 4 is a block diagram of one embodiment of computer system 110 for operating virtual smart card 151.
  • Computer system 110 includes processor 202 and digital signal processor 208 operatively connected with random access memory (RAM) 205 and read only memory (ROM) 204 through system bus 203.
  • RAM random access memory
  • ROM read only memory
  • Processor 202 and digital signal processor 208 is also coupled to fixed disk 225, which may also be an optical disk drive or other storage mediums, through input/output bus 201.
  • processor 202 and digital signal processor 208 may be coupled to multiple storage mediums through input/output bus 201.
  • Processor 202 and digital signal processor 208 communicate data using system bus 203 and input/output bus 201.
  • System bus 203 and input/ output bus 201 may also receive inputs from keypad 222, input device 223, and devices connected with PCMCIA interface 224.
  • System bus 203 and input/ output bus 201 may provide outputs to display 220, fixed disk 225, and output device 226 (such as, for example, an audio speaker).
  • Memory and storage media 204, 205 may also include a flash memory, EEPROM, or any combination of the above.
  • Computer system 110 may be controlled by operating system software, which includes a file management system, such as, for example, a disk operating system, which is part of the operating system software.
  • the file management system may be stored in non-volatile storage device 204 and may be configured to cause processor 202 to execute the various functions required by the operating system to input and output data and to store data in RAM 205 and on ROM 204.
  • virtual smart card driver 155 is software executed by processor 202 or digital signal processor 208 to perform functions for virtual smart card 151.
  • virtual smart card driver 155 is stored in fixed disk 225.
  • virtual smart card driver 155 may be stored in RAM 205 or ROM 204.
  • virtual smart card driver 155 may be stored in other memory devices within computer system 110 such as an electrically erasable programmable memory (EEPROM).
  • EEPROM electrically erasable programmable memory
  • FIG. 5 is an illustration of an exemplary networking environment 250 for using virtual smart cards 151.
  • networking environment 250 includes communication medium 255 coupling a plurality of computing devices with virtual smart cards 151.
  • a server 258, laptop computer 259, personal computer 257, and personal data assistant 256 each having a virtual smart card 151 may be coupled to communication medium 255.
  • other types of devices having virtual smart card 151 may be coupled to communication medium 255.
  • an electronic token, cellular phone, and other electronic portable devices having a virtual smart card 151 may be coupled with communication medium 255.
  • Networking environment 250 may operate in any type of computer network.
  • the network may be a local area network (LAN), wide area network (WAN), or Internet network.
  • Networking environment 250 may also support wired or wireless networking devices and environments.
  • Networking environment 250 may include a plurality of networks.
  • any number of devices may be interconnected with communication medium 255.
  • Devices connected in networking environment 250 may include applications providing the ability to surf the Web, send e-mail, transfer files, or perform other functions. Such devices also include network protocol layers and device drivers to format data and to communicate the data on communication medium 255.
  • computing devices coupled to communication medium 255 may include virtual smart card 151 emulating a smart card without using a smart card reader for a smart card.
  • a user of personal data assistant 256 may use virtual smart card 151 to log on to the networking environment 250. Furthermore, a user of personal data assistant 256 may send a user of laptop computer 259 a digital signature using private key 167 stored in virtual smart card 151 of personal data assistant 256. Similarly, other devices may use the virtual smart card 151 for similar functions.
  • Figure 6 is an illustration 300 of one embodiment of a memory space 305 including restricted memory space 170. Operating system 125, virtual smart card driver 155, and memory space 305 are shown. Memory space 305 may include restricted memory space 170. Alternatively, restricted memory space 170 and memory space 305 may be on separate memory devices.
  • memory 305 is a fixed disk in which some "good” or “usable” sectors are marked as "bad.”
  • virtual smart card driver 155 may alter a file allocation table (FAT) to mark a number of sectors "bad” on fixed disk memory 305 for restricted memory space. Similar methods may be used to mark sectors inaccessible for other types of file systems.
  • FAT file allocation table
  • memory 305 may be a ROM, RAM, flash memory or similar device, which is accessed using address pointers.
  • a portion of the memory may be designated as restricted memory space 170 by altering the address pointers used by the operating system to access the memory 305.
  • restricted memory space 170 stores private key 167 (not shown). Because private key 167 is stored in restricted memory space 170, private key 167 is hidden from operating system 125. Restricted memory space 170 may store a plurality of private keys. Restricted memory space 170 may also store other types of data such as encrypted or decrypted data. In one embodiment, a plurality of separate restricted memory spaces may exist. Virtual smart card driver 155 also includes an address pointer 171 to restricted memory space 170. In alternate embodiments, address pointer 171 may point to a number of addresses or locations for restricted memory space 170. In one embodiment, hidden memory space 170 is contiguous. Alternatively, hidden memory space 170 may be non-contiguous. In one embodiment, virtual smart card driver 155 uses address pointer 171 to send data to and retrieve data from restricted memory space 170.
  • FIG 7 is an illustration of one embodiment of virtual smart card logic 156.
  • the following description of virtual smart card logic 156 represents software code functions and process block diagrams. In one embodiment, the functions and processes are performed using virtual smart card driver 155.
  • virtual smart card logic 156 includes operating system interface 410, crypto logic 414, key purge mechanism 423, user interface 412, key generation unit 416, stored data 420, and private key 367.
  • Operating system interface 410 is an interface between operating system 125 and crypto logic 414. Operating system interface 410 receives data and requests from operating system 125. For example, a user of application 120 may request to access data on a smart card. Application 120 forwards the request to operating system 125, which looks for a smart card driver to communicate with a smart card. Operating system interface 410 receives the requests from application 120 via operating system 125. In one embodiment, operating system interface 410 identifies requests to smart card interface 150, and intercepts the request such that virtual smart card logic 156 processes the request being issued.
  • Crypto logic 414 operates to perform cryptographic calculations for virtual smart card.
  • Crypto logic 414 performs cryptographic calculations using private key 422.
  • Private key 422 may be stored encrypted in restricted memory space 367.
  • Operating system interface 410 receives the request and data, and forwards the request and data to crypto logic 414.
  • Crypto logic 414 processes the request by performing cryptographic calculations using private key 422.
  • Crypto logic 414 forwards the result to the requesting application through operating system interface 410.
  • Key generation unit 416 operates to generate a symmetric key using a user password /ID from user interface 412.
  • User interface 412 receives a user password/ID.
  • the user is asked to provide a user password /ID at login.
  • the user provides a password/ID whenever a cryptographic function is requested.
  • the symmetric key generated by key generation unit 416 may be used for encrypting and decrypting private key 367.
  • key generation unit 416 decrypts the encrypted private key 367, and forwards the unencrypted private key to crypto logic 414.
  • crypto logic 414 stores the unencrypted private key from key generation unit 416 as private key 422, and performs calculations using private key 422. In one embodiment, after crypto logic 414 performs a calculation using private key 422, key purge mechanism 423 purges unencrypted private key 422 from crypto logic 414. Alternatively, unencrypted private key 422 may be purged after a period of time, during a shut down process, or when a user logs out of the system.
  • FIG 8 is a flow diagram of a process for installing a virtual smart card system on a computing system 110.
  • process 500 begins at processing block 505.
  • virtual smart card software is installed.
  • virtual smart card software may be obtained via a network, or installed from a CD-ROM, or other medium.
  • virtual smart card 151 software may be pre-installed on computing system 110 or may operate from an external media, and the step of installing virtual smart card 151 software may be omitted.
  • virtual smart card software designates restricted memory space within memory. Restricted memory space is memory allocated in some way so that it is not directly accessible from the operating system.
  • the restricted memory space is in sectors of the hard drive marked as "bad" sectors.
  • virtual smart card software may alter pointers to designate memory such as an EEPROM as restricted memory space 170.
  • Virtual smart card software accesses restricted memory space 170 by using an address pointer that indicates the location of restricted memory space 170.
  • computing system 110 requests from a user a user password/ID.
  • the user password/ID combination may be any type of unique user identification mechanism.
  • a symmetric key is generated from the user password/ID.
  • user password/ID is padded to a known length, and this padded data is used to generate the symmetric key.
  • the user password /ID may be used as-is to generate the symmetric key.
  • key generation unit 416 decrypts an encrypted private key (uploaded with the virtual smart card software) using a key included with virtual smart card software.
  • private key may be "123,” which encrypted may be "345.”
  • the key included with the virtual smart card software may be a digit - 2 function to decrypt "345" into "123.”
  • the now unencrypted private key is encrypted with the symmetric key generated at block 514.
  • private key "123" may be encrypted as "ABC.”
  • the encrypted private key is stored in the restricted memory, for example stored on the disk.
  • the above two steps e.g. decrypting the private key and encrypting the private key with the symmetric key may be performed in a different order, such that there is never a point at which the private key is unencrypted.
  • the symmetric key and unencrypted private key are then purged from the system. At this point, the only way of accessing the private key is be re-generating the symmetric key using the user password /ID.
  • process 500 ends. If the user does wish to use the boot security provided by virtual smart card 151, at processing block 530 virtual smart card driver 155 alters the boot sector for computing system 110 to load the boot security provided by virtual smart card 151 each time computing system 110 is booted. Process 500 then ends.
  • FIG. 9 is a flow diagram of one embodiment of a process 600 for providing boot security for computing system 110 using virtual smart card 151.
  • process 600 begins at processing block 605. The process starts during the computer boot-up process.
  • a user is requested to input a user password /ID.
  • User password/ID refers to any type of user identification, including PIN, Smart Card, Password Generator, biometric identification, etc.
  • Computing system 110 receives the input user password/ID and forwards the user password/ID to virtual smart card logic 155.
  • the user password/ID is padded to a known length. In one embodiment, this step may be skipped.
  • a symmetric key is generated using the padded user password/ID.
  • the encrypted private key is decrypted using the symmetric key generated at block 610.
  • process 600 ends at processing block 616, and the computer does not fully boot up.
  • the process may end at a later time, for example, prior to permitting access to the hard drive, but after completing the booting process.
  • the decryption process will use an incorrect symmetric key and will produce an incorrect private key.
  • the private key may be tested by decrypting some data encrypted with the user's public key.
  • the computing system 110 finishes booting and process 600 ends.
  • the computer system is fully functional and may be used by the user.
  • the private key obtained at block 612 may be stored unencrypted, and used by the user, until the user logs of the system.
  • the private key generated at block 612 may be time limited, and the user may have to enter his or her user ID/password to use any cryptographic functions.
  • FIG 10 is a flow diagram of one embodiment of a process 700 for using virtual smart card.
  • computing system 110 is configured to use virtual smart card driver 155 and process 700 begins at processing block 705.
  • a user sends a cryptographic request from application 120.
  • This application may be any application, such as a browser, an e-mail client, document generating software, or any other application.
  • a user may request through application 120 to sign data using a smart card.
  • Application 120 forwards the request to operating system 125, which looks for a device driver for smart card interface 150.
  • virtual smart card driver 155 determines whether the request is for a smart card. If the request is not for a smart card, at processing block 710, virtual smart card driver 155 does not provide a response to operating system 125. The process then terminates, until a new request is received from the user.
  • virtual smart card driver 155 intercepts the request.
  • the virtual smart card driver 155 provides the user with a user interface to input a user password/ID.
  • the user password/ID may already be in memory.
  • the user password/ID is padded to a known length. In one embodiment, this step may be skipped.
  • a symmetric key is generated from the padded password /ID.
  • private key is decrypted using symmetric key generated at block 716.
  • the process 700 continues to processing block 726.
  • the user is notified that an incorrect password /ID was received. In one embodiment, the user may be asked to re-enter a password/ID. Alternatively, the user is notified that no request was processed. Process 700 then ends.
  • process 700 continues at processing block 722.
  • the request is processed using the private key. For example, if a user requested to sign data using private key 422, crypto logic 414 performs a cryptographic calculation using private key 422 to generate a digital signature unique to private key 422, and thus to user. In another embodiment, crypto logic 414 may perform cryptographic calculations to encrypt data sent from application 120 using private key 422.
  • the result of the request for example, signed data, is returned to the requesting user /application.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • User Interface Of Digital Computer (AREA)
  • Display Devices Of Pinball Game Machines (AREA)
  • Storage Device Security (AREA)

Abstract

Appareil et procédé destinés à une carte intelligente virtuelle. L'appareil comprend une interface de carte intelligente et une carte intelligente configurée pour émuler une carte intelligente physique comme si une carte intelligente était connectée à l'interface de carte intelligente.
PCT/US2001/017542 2000-05-30 2001-05-30 Appareil et procedes pour utiliser une carte intelligente virtuelle WO2001093212A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001275051A AU2001275051A1 (en) 2000-05-30 2001-05-30 Apparatus and methods for using a virtual smart card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US58381500A 2000-05-30 2000-05-30
US09/583,815 2000-05-30

Publications (2)

Publication Number Publication Date
WO2001093212A2 true WO2001093212A2 (fr) 2001-12-06
WO2001093212A3 WO2001093212A3 (fr) 2002-08-08

Family

ID=24334671

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/017542 WO2001093212A2 (fr) 2000-05-30 2001-05-30 Appareil et procedes pour utiliser une carte intelligente virtuelle

Country Status (2)

Country Link
AU (1) AU2001275051A1 (fr)
WO (1) WO2001093212A2 (fr)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1320006A1 (fr) * 2001-12-12 2003-06-18 Canal+ Technologies Société Anonyme Traitement de données
JP2005518035A (ja) * 2001-12-14 2005-06-16 テレビジョン アンド ワイヤレス アプリケーションズ ヨーロッパ アーベー 条件付きアクセスのための方法及びシステム
WO2005107146A1 (fr) * 2004-05-03 2005-11-10 Nokia Corporation Signature securisee dotee de permissions d'acces par cle
WO2006003562A1 (fr) * 2004-06-30 2006-01-12 Koninklijke Philips Electronics N.V. Procede de selection d'un ensemble de donnees parmi plusieurs en cours d'enregistrement dans un dispositif et dispositif correspondant
GB2434661A (en) * 2006-01-13 2007-08-01 Deepnet Technologies Ltd Portable communication device with smart card functionality
EP1890269A1 (fr) 2006-08-10 2008-02-20 Giesecke & Devrient GmbH Mise à disposition d'une fonction d'un mécanisme de sécurité
US7349886B2 (en) 2005-03-25 2008-03-25 Widevine Technologies, Inc. Securely relaying content using key chains
US7356143B2 (en) * 2003-03-18 2008-04-08 Widevine Technologies, Inc System, method, and apparatus for securely providing content viewable on a secure device
US7406174B2 (en) 2003-10-21 2008-07-29 Widevine Technologies, Inc. System and method for n-dimensional encryption
US8055894B2 (en) 1999-11-09 2011-11-08 Google Inc. Process and streaming server for encrypting a data stream with bandwidth based variation
EP2493188A1 (fr) * 2009-11-23 2012-08-29 ZTE Corporation Procédé et terminal pour mise en oeuvre d'une connexion à chaud d'une carte à microprocesseur
GB2463440B (en) * 2007-06-29 2012-08-29 Google Inc Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US8321677B2 (en) 2006-09-21 2012-11-27 Google Inc. Pre-binding and tight binding of an on-line identity to a digital signature
US8325920B2 (en) 2006-04-20 2012-12-04 Google Inc. Enabling transferable entitlements between networked devices
WO2013074041A1 (fr) 2011-11-16 2013-05-23 V-Key Pte. Ltd. Système cryptographique et méthodologie de sécurisation de cryptographie logicielle
US8532075B2 (en) 2005-09-23 2013-09-10 Google Inc. Transitioning to secure IP communications for encoding, encapsulating, and encrypting data
US8621631B2 (en) 2005-09-23 2013-12-31 Google Inc. Method for evolving detectors to detect malign behavior in an artificial immune system
US8683601B2 (en) 2006-04-14 2014-03-25 Google Inc. Audio/video identification watermarking
US8751800B1 (en) 2011-12-12 2014-06-10 Google Inc. DRM provider interoperability
US8868464B2 (en) 2008-02-07 2014-10-21 Google Inc. Preventing unauthorized modification or skipping of viewing of advertisements within content
US20140359714A1 (en) * 2013-05-29 2014-12-04 Marcel Plüss Mobile electronic device with transceiver for wireless data exchange
WO2015131225A1 (fr) * 2014-03-04 2015-09-11 Scramcard Holdings (Hong Kong) Limited Carte à puce pour systèmes de paiement multiples, système de paiement et procédé de paiement
US9609279B2 (en) 2004-09-24 2017-03-28 Google Inc. Method and system for providing secure CODECS
WO2018004784A1 (fr) * 2016-06-29 2018-01-04 Citrix Systems, Inc. Cartes à puce virtuelles à capacité de vérification
US11321704B2 (en) * 2014-05-16 2022-05-03 International Business Machines Corporation Secure management of transactions using a smart/virtual card
EP4024242A1 (fr) * 2020-12-29 2022-07-06 HID Global GmbH Dispositif de lecteur et son procédé de configuration
US11562622B2 (en) 2016-09-23 2023-01-24 Igt Gaming system player identification device
US11967208B2 (en) 2010-02-10 2024-04-23 Igt Virtual players card

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5937068A (en) * 1996-03-22 1999-08-10 Activcard System and method for user authentication employing dynamic encryption variables
EP0936530A1 (fr) * 1998-02-16 1999-08-18 Siemens Nixdorf Informationssysteme AG Carte virtuelle à puce
EP0950972A2 (fr) * 1997-11-12 1999-10-20 Citicorp Development Center, Inc. Système et méthode pour le stockage sécurisé de données électroniques
EP0982692A2 (fr) * 1998-08-26 2000-03-01 International Business Machines Corporation Architecture étendue de communication pour carte à puce et procédure pour la communication entre l'application et le support de données d'une carte à puce

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5937068A (en) * 1996-03-22 1999-08-10 Activcard System and method for user authentication employing dynamic encryption variables
EP0950972A2 (fr) * 1997-11-12 1999-10-20 Citicorp Development Center, Inc. Système et méthode pour le stockage sécurisé de données électroniques
EP0936530A1 (fr) * 1998-02-16 1999-08-18 Siemens Nixdorf Informationssysteme AG Carte virtuelle à puce
EP0982692A2 (fr) * 1998-08-26 2000-03-01 International Business Machines Corporation Architecture étendue de communication pour carte à puce et procédure pour la communication entre l'application et le support de données d'une carte à puce

Cited By (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8055894B2 (en) 1999-11-09 2011-11-08 Google Inc. Process and streaming server for encrypting a data stream with bandwidth based variation
US8386771B2 (en) 1999-11-09 2013-02-26 Google Inc. Process and streaming server for encrypting a data stream with bandwidth based variation
WO2003050661A2 (fr) * 2001-12-12 2003-06-19 Canal+ Technologies Societe Anonyme Traitement de donnees
WO2003050661A3 (fr) * 2001-12-12 2004-07-22 Canal & Technologies Sa Traitement de donnees
KR100917487B1 (ko) * 2001-12-12 2009-09-16 톰슨 라이센싱 암호화된 데이터를 처리하기 위한 장치 및 방법
EP1320006A1 (fr) * 2001-12-12 2003-06-18 Canal+ Technologies Société Anonyme Traitement de données
JP2005518035A (ja) * 2001-12-14 2005-06-16 テレビジョン アンド ワイヤレス アプリケーションズ ヨーロッパ アーベー 条件付きアクセスのための方法及びシステム
US7356143B2 (en) * 2003-03-18 2008-04-08 Widevine Technologies, Inc System, method, and apparatus for securely providing content viewable on a secure device
US7406174B2 (en) 2003-10-21 2008-07-29 Widevine Technologies, Inc. System and method for n-dimensional encryption
US7853793B2 (en) 2004-05-03 2010-12-14 Piotr Cofta Trusted signature with key access permissions
WO2005107146A1 (fr) * 2004-05-03 2005-11-10 Nokia Corporation Signature securisee dotee de permissions d'acces par cle
WO2006003562A1 (fr) * 2004-06-30 2006-01-12 Koninklijke Philips Electronics N.V. Procede de selection d'un ensemble de donnees parmi plusieurs en cours d'enregistrement dans un dispositif et dispositif correspondant
US9609279B2 (en) 2004-09-24 2017-03-28 Google Inc. Method and system for providing secure CODECS
US10691778B2 (en) 2004-09-24 2020-06-23 Google Llc Method and system for providing secure codecs
US7349886B2 (en) 2005-03-25 2008-03-25 Widevine Technologies, Inc. Securely relaying content using key chains
US8621631B2 (en) 2005-09-23 2013-12-31 Google Inc. Method for evolving detectors to detect malign behavior in an artificial immune system
US8532075B2 (en) 2005-09-23 2013-09-10 Google Inc. Transitioning to secure IP communications for encoding, encapsulating, and encrypting data
GB2434661A (en) * 2006-01-13 2007-08-01 Deepnet Technologies Ltd Portable communication device with smart card functionality
US8683601B2 (en) 2006-04-14 2014-03-25 Google Inc. Audio/video identification watermarking
US9392344B2 (en) 2006-04-14 2016-07-12 Google Inc. Audio/video identification watermarking
US8325920B2 (en) 2006-04-20 2012-12-04 Google Inc. Enabling transferable entitlements between networked devices
US8615469B2 (en) 2006-04-20 2013-12-24 Google Inc. Enabling transferable entitlements between networked devices
EP1890269A1 (fr) 2006-08-10 2008-02-20 Giesecke & Devrient GmbH Mise à disposition d'une fonction d'un mécanisme de sécurité
US8321677B2 (en) 2006-09-21 2012-11-27 Google Inc. Pre-binding and tight binding of an on-line identity to a digital signature
US8752194B2 (en) 2007-06-29 2014-06-10 Google Inc. Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
GB2463440B (en) * 2007-06-29 2012-08-29 Google Inc Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US8868464B2 (en) 2008-02-07 2014-10-21 Google Inc. Preventing unauthorized modification or skipping of viewing of advertisements within content
EP2493188A1 (fr) * 2009-11-23 2012-08-29 ZTE Corporation Procédé et terminal pour mise en oeuvre d'une connexion à chaud d'une carte à microprocesseur
EP2493188A4 (fr) * 2009-11-23 2013-10-09 Zte Corp Procédé et terminal pour mise en oeuvre d'une connexion à chaud d'une carte à microprocesseur
US11967208B2 (en) 2010-02-10 2024-04-23 Igt Virtual players card
CN103988467A (zh) * 2011-11-16 2014-08-13 V-Key公司 确保软件加密技术安全的加密系统和方法
WO2013074041A1 (fr) 2011-11-16 2013-05-23 V-Key Pte. Ltd. Système cryptographique et méthodologie de sécurisation de cryptographie logicielle
EP2795829A4 (fr) * 2011-11-16 2015-06-24 V Key Inc Système cryptographique et méthodologie de sécurisation de cryptographie logicielle
US8984285B1 (en) 2011-12-12 2015-03-17 Google Inc. Use of generic (browser) encryption API to do key exchange (for media files and player)
US8891765B1 (en) 2011-12-12 2014-11-18 Google Inc. Method, manufacture, and apparatus for content decryption module
US9129092B1 (en) 2011-12-12 2015-09-08 Google Inc. Detecting supported digital rights management configurations on a client device
US8751800B1 (en) 2011-12-12 2014-06-10 Google Inc. DRM provider interoperability
US9183405B1 (en) 2011-12-12 2015-11-10 Google Inc. Method, manufacture, and apparatus for content protection for HTML media elements
US9223988B1 (en) 2011-12-12 2015-12-29 Google Inc. Extending browser functionality with dynamic on-the-fly downloading of untrusted browser components
US9239912B1 (en) 2011-12-12 2016-01-19 Google Inc. Method, manufacture, and apparatus for content protection using authentication data
US9326012B1 (en) 2011-12-12 2016-04-26 Google Inc. Dynamically changing stream quality when user is unlikely to notice to conserve resources
US9003558B1 (en) 2011-12-12 2015-04-07 Google Inc. Allowing degraded play of protected content using scalable codecs when key/license is not obtained
US9110902B1 (en) 2011-12-12 2015-08-18 Google Inc. Application-driven playback of offline encrypted content with unaware DRM module
US9542368B1 (en) 2011-12-12 2017-01-10 Google Inc. Method, manufacture, and apparatus for instantiating plugin from within browser
US10452759B1 (en) 2011-12-12 2019-10-22 Google Llc Method and apparatus for protection of media objects including HTML
US9686234B1 (en) 2011-12-12 2017-06-20 Google Inc. Dynamically changing stream quality of protected content based on a determined change in a platform trust
US9697363B1 (en) 2011-12-12 2017-07-04 Google Inc. Reducing time to first encrypted frame in a content stream
US9697185B1 (en) 2011-12-12 2017-07-04 Google Inc. Method, manufacture, and apparatus for protection of media objects from the web application environment
US9785759B1 (en) 2011-12-12 2017-10-10 Google Inc. Method, manufacture, and apparatus for configuring multiple content protection systems
US10645430B2 (en) 2011-12-12 2020-05-05 Google Llc Reducing time to first encrypted frame in a content stream
US9875363B2 (en) 2011-12-12 2018-01-23 Google Llc Use of generic (browser) encryption API to do key exchange (for media files and player)
US10572633B1 (en) 2011-12-12 2020-02-25 Google Llc Method, manufacture, and apparatus for instantiating plugin from within browser
US10102648B1 (en) 2011-12-12 2018-10-16 Google Llc Browser/web apps access to secure surface
US10212460B1 (en) 2011-12-12 2019-02-19 Google Llc Method for reducing time to first frame/seek frame of protected digital content streams
US9483417B2 (en) * 2013-05-29 2016-11-01 Legic Identsystems Ag Mobile electronic device with transceiver for wireless data exchange
US20140359714A1 (en) * 2013-05-29 2014-12-04 Marcel Plüss Mobile electronic device with transceiver for wireless data exchange
US10970713B2 (en) 2014-03-04 2021-04-06 Scramcard Holdings (Hong Kong) Limited Multi-scheme payment integrated circuit card, payment system, and payment method
WO2015131225A1 (fr) * 2014-03-04 2015-09-11 Scramcard Holdings (Hong Kong) Limited Carte à puce pour systèmes de paiement multiples, système de paiement et procédé de paiement
US11321704B2 (en) * 2014-05-16 2022-05-03 International Business Machines Corporation Secure management of transactions using a smart/virtual card
US9973498B2 (en) 2016-06-29 2018-05-15 Citrix Systems, Inc. Virtual smart cards with audit capability
WO2018004784A1 (fr) * 2016-06-29 2018-01-04 Citrix Systems, Inc. Cartes à puce virtuelles à capacité de vérification
US11562622B2 (en) 2016-09-23 2023-01-24 Igt Gaming system player identification device
US11861977B2 (en) 2016-09-23 2024-01-02 Igt Gaming system player identification device
EP4024242A1 (fr) * 2020-12-29 2022-07-06 HID Global GmbH Dispositif de lecteur et son procédé de configuration
WO2022144261A1 (fr) * 2020-12-29 2022-07-07 Hid Global Gmbh Dispositif de lecture et son procédé de configuration
AU2021412311B2 (en) * 2020-12-29 2023-12-14 Hid Global Gmbh Reader device and method of configuring the same

Also Published As

Publication number Publication date
AU2001275051A1 (en) 2001-12-11
WO2001093212A3 (fr) 2002-08-08

Similar Documents

Publication Publication Date Title
WO2001093212A2 (fr) Appareil et procedes pour utiliser une carte intelligente virtuelle
US10796009B2 (en) Security engine for a secure operating environment
JP6151402B2 (ja) データセンタへのプラットフォームの内包検証
EP2080311B1 (fr) Système d'authentification de dispositif sûr, et procédé
US5778072A (en) System and method to transparently integrate private key operations from a smart card with host-based encryption services
US8898477B2 (en) System and method for secure firmware update of a secure token having a flash memory controller and a smart card
US8539551B2 (en) Trusted virtual machine as a client
US20050138389A1 (en) System and method for making password token portable in trusted platform module (TPM)
US6839437B1 (en) Method and apparatus for managing keys for cryptographic operations
EP2634703B1 (fr) Dispositif à mémoire amovible et système et procédé de traitement de données basés sur le dispositif
US20060174352A1 (en) Method and apparatus for providing versatile services on storage devices
US8156331B2 (en) Information transfer
US20110280402A1 (en) Methods and systems for utilizing cryptographic functions of a cryptographic co-processor
CN102404314A (zh) 远程资源单点登录
US20030061494A1 (en) Method and system for protecting data on a pc platform using bulk non-volatile storage
JP3579882B2 (ja) 複数の暗号アルゴリズムをサポートする証明書を認証するプログラムが記録された記録媒体および方法
George User Authentication with Smart Cards in Trusted Computing Architecture.
GB2372592A (en) Information system
EP1933523A1 (fr) Traitement cryptographique délégué
Piščević Reducing E-commerce risks using digital certificates
Hutter et al. Touch’n trust: An NFC-enabled trusted platform module
CN117807615A (zh) 一种存储设备的访问方法、计算设备及可读存储介质
Wilson A vulnerability assessment of roaming soft certificate PKI solutions
KR20170100235A (ko) 공인 인증서 보안 시스템 및 그 방법
Laidi Using smart card in e-business applications: an e-business model

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP