WO2003003170A1 - Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur - Google Patents

Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur Download PDF

Info

Publication number
WO2003003170A1
WO2003003170A1 PCT/EP2001/007331 EP0107331W WO03003170A1 WO 2003003170 A1 WO2003003170 A1 WO 2003003170A1 EP 0107331 W EP0107331 W EP 0107331W WO 03003170 A1 WO03003170 A1 WO 03003170A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
output mode
user device
secured
personal
Prior art date
Application number
PCT/EP2001/007331
Other languages
English (en)
Inventor
Nadarajah Asokan
Valtteri Niemi
Janne MÄNTYLÄ
Jaakko Lipasti
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Priority to PCT/EP2001/007331 priority Critical patent/WO2003003170A1/fr
Publication of WO2003003170A1 publication Critical patent/WO2003003170A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices

Definitions

  • the invention relates to a personal user device with a user interface and with selection means for selecting a secured user input/output mode, which secured user input/output mode enables a transfer of data between said user interface and at least one trusted component of said personal user device or connected to said personal user device, wherein said data is protected from an access by an unauthorised application.
  • the invention equally relates to a method for selecting a secured user input/output mode in a personal user device.
  • the term personal user device denotes any end user terminal like a mobile phone, a personal computer or a hand-held computer.
  • a personal user device can be designed to provide a rich functionality by employing a general-purpose operating system which can run applications from different sources.
  • a personal user device can be operating as a personal trusted device.
  • Such a trusted device can be used for example for mobile commerce and other security-sensitive applications over an open network.
  • a personal user devices is equipped for both aspects.
  • a personal user device In its function as a trusted device, a personal user device has to be able to exchange sensitive data with other units over open networks in a protected way.
  • a protected transfer can be achieved e.g. by encrypting sensitive data with cryptographic algorithms and protocols using secret cryptographic keys before they are transmitted.
  • Different known communication security protocols, security mechanisms and cryptographic algorithms that can be employed for exchanging sensitive data are mentioned for example in "Development of a Secure Electronic Marketplace for Europe"; in the proceedings of ESORICS '96 (4th European Symposium on Research in Computer Security) , Rome, LNCS 1146, Springer- Verlag, Berlin 1996, 1-14, by Michael Waidner.
  • a common protection against such threats is to keep the cryptographic keys and functionality in tamper-evident devices which thus can constitute a trusted component.
  • An example for such a trusted component is a smartcard.
  • a smartcards can store a secret key and can be connected to a personal user device, e.g. a PC or a mobile phone.
  • the personal user device to which a smartcard is connected cannot access the stored secret keys, but it can ask the smartcart to perform a cryptographic function for which the key is needed, like calculating a digital signature or decrypting a message.
  • the access to smartcards is moreover protected by personal identification numbers (PINs) .
  • PINs personal identification numbers
  • smartcards do not alleviate the problem entirely either. For example, a malicious payment application could ask the user to approve a payment of $10 by typing in the PIN, but once the PIN is available, ask the smartcard to sign a payment message for $100.
  • This inadequacy of smartcards has been pointed out in several documents, e.g. in the above cited document "Development of a Secure Electronic Marketplace for Europe", and in “Hand-held computers can be better smart cards", Usenix security symposium, 1999, by Dirk Balfanz and Edward W. Felten.
  • a solution to such problems involving smartcards or other trusted components storing secret data is a personal user device with a trusted input/output path to the user, which trusted input/output path cannot be accessed by any unauthorised application.
  • trusted devices can be implemented on PDAs (personal digital assistant) or Communicator type combined PDA/phones.
  • the trusted device is preferably combined with a general personal user device with a rich functionality as mentioned above, the personal user devices usually runs extensible operating systems like EPOC, Windows CE or Palm OS. Therefore, the trusted user input/output path has to be able to work in conjunction with a general-purpose operating system.
  • the trusted user input/output path cannot be used exclusively, since many applications which are not security sensitive require a direct access to a user input/output interface.
  • SEMPER project described in the cited document "Development of a Secure Electronic Marketplace for Europe” therefore a trusted user interface was suggested.
  • a trusted user interface runs as a high priority component in a general personal user device. Only this high priority component has access to critical resources like cryptographic keys, while ordinary applications wishing to use the critical resources have to make their requests via this component. In a secure mode, the high priority component has moreover control of the user input/output devices, and no other ordinary application can access the same input/output devices. Therefore, when the personal user device is in secure mode, a user of the personal user device can safely enter sensitive information, such as PINs, and/or be guaranteed that the information displayed on the screen or on another output device is trustworthy.
  • sensitive information such as PINs
  • the trusted user interface can be implemented as a separate operating system. In this case, the hardware should ensure the above features. Alternatively, it can be implemented as a separate process in the same operating system. In this case, the operating system should ensure these features.
  • a problem with this architecture is how to ensure that the user clearly knows when the trusted user interface is active.
  • a personal user device with a user interface and with selection means for selecting a secured user input/output mode.
  • the secured user input/output mode enables a transfer of data protected from an access by an unauthorised application between said user interface and at least one trusted component of said personal user device or connected to said personal user device.
  • the personal user device further includes activating means which enable a user of said personal user device to cause said selection means to select said secured user input/output mode.
  • activating means which enable a user of said personal user device to cause said selection means to select said secured user input/output mode.
  • the stated object is reached with a method for selecting a secured user input/output mode in a personal user device, which secured user input/output mode enables a transfer of data protected from an access by an unauthorised application between a user interface of said personal user device and at least one trusted component of said personal user device or connected to said personal user device.
  • the secured user input/output mode is selected according to the invention upon request by a user.
  • the invention proceeds from the idea that the most reliable way to ensure that a user knows whether a secured input/output mode has been selected or not is to let this mode be activated by the user himself.
  • a human user can activate the selection of the secured input/output mode which provides a trusted input/output path between the user and trusted components of the system.
  • a user In order to guarantee a maximum protection, at least for certain actions, like e.g. a digital signing of messages, exclusively a user should be able to activate the selection of the secured user input/output mode. In these cases, activating the secured input/output mode should not be possible for normal and potentially untrusted applications on the device, which makes the device more secure.
  • the personal user device can select the secured user input/output mode by informing the operating system and/or the hardware of the personal user device about the requested change of mode.
  • the activating means preferably include a dedicated security button on the personal user device that has to be pressed by a user in order to cause a selection of the secured input/output mode.
  • a security button should be clearly identifiable by a user.
  • a security button can moreover be provided with a dedicated driver which is completely unaccessible through user-level programs. If the driver is residing in a flash memory, it is preferably signed by a root key. It is further preferred that the security is based on signed ROM (Read Only Memory) images and keys residing on CPU-ASICs (Central Processing Unit - Application Specific Integrated Circuits) .
  • the security button could be for example the power button or a similarly implemented button that does not utilise the keyboard driver. With a security button as activating means, it is thus possible to achieve a particularly high security.
  • the activating means can be based on existing devices. It can be requested, e.g. that a specific sequence of keys is pressed, or an option is popping up on the display of the personal user device forming part of the user input/output interface when a predetermined button like a power on/off button is pressed.
  • the display of such an option may also be caused by an application requesting an action that requires a secured input/output mode.
  • the option can be selected by the user again using either a dedicated security button, one or more of regular keys or any other suitable input means .
  • che secured input/output mode can only be activated by the user for predetermined actions requested by an application.
  • predetermined actions can be for example signing or decrypting a received message.
  • deactivating means enabling a user to deactivate a secured input/output mode in order to prevent that the user thinks he is still in the secured input/output mode, even though all actions for which the secured input/output mode was selected have been completed and the personal user device has already switched back to a normal mode.
  • the personal user device indicates in addition in some way to the user that a secure mode is active.
  • a secure mode may be achieved either by hardware, for example by a special LED of the personal user device, or by software.
  • a background pattern may be displayed, or colours etc . which are recognisable by the user and not available to untrusted applications. Such a background may even be selectable by the user.
  • the secured user input/output mode is realised similar as described in the background of the invention, i.e. a dedicated process is run by the selection means.
  • This dedicated process corresponds to the mentioned high priority component run by the trusted user interface.
  • only the dedicated process is considered to be authorised, while all other applications are considered to be unauthorised.
  • only the dedicated process has access to a user interface while the secured user input/output mode is activated.
  • any application may be considered authorised, as long as it can be identified by some characteristic to be authorised, e.g. by a code signing and/or by the location from which the application is loaded, like an integrated disk of a personal user device, a CD-ROM, or some external server.
  • code signing it can be checked in particular whether there is any signing at all and, in addition, whether the code signature matches to a specific memory- image text segmen .
  • Some check sum can moreover be checked for determining whether the binary image of the executable program of an application was changed compared to the original binary image, e.g. because they contain a virus.
  • Applications with a changed binary image of their executable program should be considered to be unauthorised regardless of other criteria.
  • a secured user input/output mode is then guaranteed by preventing the secured input/output mode to be selected when any unauthorised application is running. All unauthorised applications detected to be active might be terminated in order to be able to select said secured user input/output mode.
  • the executable programs of all applications currently running in the personal user device are first checked for determining whether there is a change in the binary image of the respective executable program, before a secure mode can be selected.
  • the user can then be offered that all applications of which the executable program is considered to have changed are terminated.
  • all or selected ones of these applications are terminated.
  • a change of the binary image can be detected e.g. by comparing a disk image check sum or signature with a memory image check sum or signature.
  • the invention can be used in all end user terminals which support security features for which an interaction by the user is needed, like e.g. for e-payments.
  • Such terminals may be for example mobile phones or PCs.
  • the only figure depicts components of a personal user device that can be used equally for general purposes and for security sensitive transactions. Moreover, the figure shows a user U of this personal user device.
  • the personal user device includes a general purpose operating system 1, a hardware 2 and a trusted user interface 3 comprising a security button.
  • the personal user device includes a regular user interface comprising a display and different keys, which is not depicted in the figure. Some elements of the trusted user device 3 and the regular user device are used in common by both devices, e.g. the display. Further, a first application 4 and other applications 5 are installed on the personal user device.
  • a smart card with critical resources 6 like cryptographic keys has been detachably connected to the personal user device by the user U.
  • Operating system 1 hardware 2 and critical resources 6 are connected to the trusted user interface 3, to the regular user interface and to the applications 4, 5 via a kernel interface 7. Only a high priority component run by the trusted user interface 3, however, has access to connected critical resources 6.
  • the regular and the trusted user interface 3 are further connected with the installed applications 4, 5 via an application program interface 8.
  • the personal user device has access to other devices, servers or any other kind of systems via an open network.
  • the interface of the personal user device to the open network is not depicted in the figure.
  • the operating system 1 of the personal user device is a general-purpose operating system which can run applications from different sources, i.e. either from the personal user device itself or from some remote location connected to the personal user device via the open network.
  • applications 4, 5 are able to exchange data directly with the input/output means of the regular user interface via the application program interface 8.
  • the application program interface 8 comprises several functions that are responsible for initiating a secured user input/output mode for different security sensitive actions that may be requested by one of the applications 4, 5.
  • One of these functions is for example a sign() function, which initiates a secured user input/output mode, in case an application 4, 5 requests a message to be signed by the user U.
  • Another function may be a decrypt () function, which initiates a secured user input/output mode, in case an application 4, 5 provides an encrypted message that has to be decrypted before it can be read by the user U.
  • the first application 4 invokes the sign() function in the application program interface 8 with the message that is to be signed as a parameter.
  • the application program interface 8 knows now that a secured user input/output mode might be about to be selected by the user U. Invoking the sign() function in the application program interface 8 automatically results in two different actions.
  • the implementation of the sign() primitive displays an information to the user U on the display of the regular user interface via a mailbox type messaging mechanism. The information states that a signature request was received from an application 4 and that signing requires the user U to activate a trusted mode.
  • the function call is registered with the trusted user interface 3, which is implemented in this example as a separate operating system.
  • the user U does not want to sign the message, he presses some predetermined key or keys of the regular user interface. As a result, the application program interface 8 is informed that the requested secured user input/output mode was not selected by the user U and that the normal mode operation continues. The function call registered with the trusted user interface 3 is cancelled. If, in contrast, the user U considers signing the message, he now has to press the security button of the trusted user interface 3 on the personal user device. In an alternative implementation, he might have to press a predetermined sequence of the regular keys of the regular user interface.
  • the trusted user interface 3 of the personal user device is informed. To this end, a message including information about the requesting application and about the purpose of the requested secure mode could be written for example to a predetermined location to which the trusted user interface has access. Possibly, the trusted user interface 3 has to be activated first. The trusted user interface 3 now switches to the secured input/output mode. In this mode, only the high priority component of the trusted user interface 3 has control of the user input/output means, as indicated by the dashed line between the user U and the trusted user interface 3. None of the applications 4, 5 can access the user input/output means until the normal input/output mode is re-established.
  • the secured input/output mode is further indicated to the user U by activating the LED included for this purpose in the personal user device.
  • the high priority component of the trusted user interface 3 handles the registered function call by displaying the message that is to be signed to the user U on the display now forming part of the trusted user interface, and by asking the user U whether the message should be signed.
  • the user U checks the message and if he decides to sign it, presses a key in the standard user interface indicated in the display together with the message and enters a specific password chosen by the user U at an earlier point of time.
  • the high priority component of the trusted user interface 3 then invokes a sign() system call on the kernel interface 7, including as parameter the message that is to be signed and the password entered by the user U.
  • the kernel interface 7 comprises several such system functions corresponding to the functions of the application programme interface.
  • the smartcard with the critical resources 6 checks the password and, if the password turns out to be correct, calculates the digital signature of the user U for the received message.
  • the high priority component of the trusted user interface 3 receives this digital signature as return value from the critical resources 6 and passes it on to the first application 4 via the application program interface 8. Dashed lines between the critical resources 6 and the first application 4 in the figure indicate the indirect access of the application 4 to the critical resources 6 that was thus realised via the trusted user interface 3.
  • the high priority component of the trusted user interface 3 moreover indicates to the application program interface 8 that the secure mode operation has been completed.
  • the personal user device turns off the LED indicating the secure mode and re-activates the access of the applications 4, 5 to the regular user interface.
  • the first application 4 and the other applications 5 can now proceed with their normal operation.
  • the activating means are realised in this example by the security button and functions in the trusted user interface that are able to interpret a pressing of this button.
  • the selection means are realised by the trusted user interface, which informs the operating system and the hardware about the trusted mode activated by the user.
  • the secure input/output mode can also be activated by a user, but the selection of the secure user input/output mode is realised in a different way.
  • the personal user device of the second embodiment has a similar design as the personal user device of the first embodiment.
  • a user wants to set the personal user device into the secure input/output mode he presses the security button.
  • the operating system checks whether any unauthorised applications are currently active. This is done by checking, whether the application has a code signing that can be verified by the personal user device.
  • the operating systems presents an option to the user on a display to terminate all unauthorised applications. In case the user selects this option, all unauthorised applications are terminated.
  • the operating system turns on a green LED indicating to the user that the secured input/output mode was selected. While the green LED is on, the operating software prevents that any unauthorised application starts.
  • the green LED is not turned on. Thereby, the user knows that the device is in unsecure mode, and that he should not make any payments with the personal user device or carry out any other security sensitive actions.
  • the user can be given a list of detected unauthorised applications that might contain viruses on the display.
  • An option is presented to the user to erase all or selected ones of these listed applications.
  • the user decides to erase one or several of the listed applications, he chooses the presented option indicating the applications selected for erasure, and as consequence, the applications are erased.
  • the security button Before choosing the option, however, he should again press the security button in order to activate the secure input/output mode, since otherwise, the kill prompt windows might be captured.
  • the first and the second presented embodiments of the invention therefore both enable a selection of a secured input/output mode upon request of a user of a personal user device, only the realisation of the secured input/output mode is different.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

La présente invention concerne un dispositif personnel d'utilisateur qui comprend une interface utilisateur et un/des moyens (3) de sélection permettant de sélectionner un mode d'entrée/sortie sécurisé pour l'utilisateur. Le mode d'entrée/sortie sécurisé pour l'utilisateur autorise un transfert de données entre ladite interface utilisateur et au moins un constituant de confiance (6) qui fait partie dudit dispositif personnel d'utilisateur ou qui est relié à ce dernier, les données, pendant le transfert, étant protégées et ne pouvant être captées par une application non autorisée (4, 5). Afin de s'assurer qu'un utilisateur (U) d'un dispositif personnel d'utilisateur est parfaitement au courant qu'un mode d'entrée/sortie sécurisé pour l'utilisateur est sélectionné, il est proposé qu'un/des moyens (3) d'activation inclus dans le dispositif personnel d'utilisateur, permettent à un utilisateur (U) dudit dispositif personnel d'activer ledit/lesdits moyens (3) de sélection pour sélectionner le mode d'entrée/sortie sécurisé pour l'utilisateur. Cette invention concerne également le procédé correspondant.
PCT/EP2001/007331 2001-06-27 2001-06-27 Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur WO2003003170A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2001/007331 WO2003003170A1 (fr) 2001-06-27 2001-06-27 Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2001/007331 WO2003003170A1 (fr) 2001-06-27 2001-06-27 Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur

Publications (1)

Publication Number Publication Date
WO2003003170A1 true WO2003003170A1 (fr) 2003-01-09

Family

ID=8164470

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2001/007331 WO2003003170A1 (fr) 2001-06-27 2001-06-27 Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur

Country Status (1)

Country Link
WO (1) WO2003003170A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003100580A1 (fr) * 2002-05-28 2003-12-04 Symbian Limited Interface utilisateur de confiance pour dispositif sans fil mobile securise
WO2005106679A1 (fr) 2004-04-30 2005-11-10 Research In Motion Limited Systeme et procede de protection de contenu sur un dispositif informatique
WO2008012567A1 (fr) 2006-07-28 2008-01-31 Hewlett-Packard Development Company, L.P. Utilisation sécurisée de secrets utilisateur sur une plate-forme informatique
JP2008546288A (ja) * 2005-05-25 2008-12-18 クゥアルコム・インコーポレイテッド 無線デバイス上のデータを保護する装置及び方法
GB2453518A (en) * 2007-08-31 2009-04-15 Vodafone Plc Telecommunications device security
JP2010118010A (ja) * 2008-11-14 2010-05-27 Nomura Research Institute Ltd 情報取得仲介プログラム、オペレーティングシステム、情報取得仲介方法
US7831840B1 (en) * 2005-01-28 2010-11-09 Novell, Inc. System and method for codifying security concerns into a user interface
US8156488B2 (en) 2004-10-20 2012-04-10 Nokia Corporation Terminal, method and computer program product for validating a software application
US9734313B2 (en) 2014-06-16 2017-08-15 Huawei Technologies Co., Ltd. Security mode prompt method and apparatus
WO2024069090A3 (fr) * 2022-09-30 2024-05-23 Ledger Terminal connecté comprenant des moyens pour incruster une image sécurisée dans une image non sécurisée

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0587375A2 (fr) * 1992-09-04 1994-03-16 ALGORITHMIC RESEARCH Ltd. Unité de sécurité pour systèmes de traitement de données
US5822435A (en) * 1992-07-10 1998-10-13 Secure Computing Corporation Trusted path subsystem for workstations
WO2001010079A1 (fr) * 1999-07-29 2001-02-08 Safe Technology Co., Ltd. Adaptateur avec fonction sure et systeme informatique sur utilisant celui-ci

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5822435A (en) * 1992-07-10 1998-10-13 Secure Computing Corporation Trusted path subsystem for workstations
EP0587375A2 (fr) * 1992-09-04 1994-03-16 ALGORITHMIC RESEARCH Ltd. Unité de sécurité pour systèmes de traitement de données
WO2001010079A1 (fr) * 1999-07-29 2001-02-08 Safe Technology Co., Ltd. Adaptateur avec fonction sure et systeme informatique sur utilisant celui-ci

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003100580A1 (fr) * 2002-05-28 2003-12-04 Symbian Limited Interface utilisateur de confiance pour dispositif sans fil mobile securise
US8190913B2 (en) 2004-04-30 2012-05-29 Research In Motion Limited System and method for content protection on a computing device
WO2005106679A1 (fr) 2004-04-30 2005-11-10 Research In Motion Limited Systeme et procede de protection de contenu sur un dispositif informatique
EP1743246A1 (fr) * 2004-04-30 2007-01-17 Research In Motion Limited Systeme et procede de protection de contenu sur un dispositif informatique
EP1743246A4 (fr) * 2004-04-30 2007-11-07 Research In Motion Ltd Systeme et procede de protection de contenu sur un dispositif informatique
US8700920B2 (en) 2004-04-30 2014-04-15 Blackberry Limited System and method for content protection on a computing device
US8584118B2 (en) 2004-10-20 2013-11-12 Nokia Corporation Terminal, method and computer program product for validating a software application
US8156488B2 (en) 2004-10-20 2012-04-10 Nokia Corporation Terminal, method and computer program product for validating a software application
US7831840B1 (en) * 2005-01-28 2010-11-09 Novell, Inc. System and method for codifying security concerns into a user interface
JP2008546288A (ja) * 2005-05-25 2008-12-18 クゥアルコム・インコーポレイテッド 無線デバイス上のデータを保護する装置及び方法
WO2008012567A1 (fr) 2006-07-28 2008-01-31 Hewlett-Packard Development Company, L.P. Utilisation sécurisée de secrets utilisateur sur une plate-forme informatique
US8332930B2 (en) 2006-07-28 2012-12-11 Hewlett-Packard Development Company, L.P. Secure use of user secrets on a computing platform
CN101523401B (zh) * 2006-07-28 2013-03-06 惠普开发有限公司 用户秘密在计算平台上的安全使用
GB2453518A (en) * 2007-08-31 2009-04-15 Vodafone Plc Telecommunications device security
US9049597B2 (en) 2007-08-31 2015-06-02 Vodafone Group Plc Telecommunications device security
JP2010118010A (ja) * 2008-11-14 2010-05-27 Nomura Research Institute Ltd 情報取得仲介プログラム、オペレーティングシステム、情報取得仲介方法
US9734313B2 (en) 2014-06-16 2017-08-15 Huawei Technologies Co., Ltd. Security mode prompt method and apparatus
US9892246B2 (en) 2014-06-16 2018-02-13 Huawei Technologies Co., Ltd. Security mode prompt method and apparatus
WO2024069090A3 (fr) * 2022-09-30 2024-05-23 Ledger Terminal connecté comprenant des moyens pour incruster une image sécurisée dans une image non sécurisée

Similar Documents

Publication Publication Date Title
US7313705B2 (en) Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
US10229410B2 (en) Method and device for end-user verification of an electronic transaction
US7366916B2 (en) Method and apparatus for an encrypting keyboard
EP1159662B2 (fr) Interface d'utilisateur de carte intelligente pour plate-forme de calcul securisee
US9336393B2 (en) System and method for protecting files stored on an electronic device
EP2648129B1 (fr) Procédé et appareil permettant de sécuriser une entrée tactile
EP1085396A1 (fr) Fonctionnement de l'état sécurisé sur une plate-forme d'ordinateur
US20030200445A1 (en) Secure computer system using SIM card and control method thereof
JP2006179011A (ja) データ処理装置、通信端末機器、および、データ処理装置を用いたデータ処理方法
EP1749261A2 (fr) Systeme de securite multi-facteurs a dispositifs portatifs et noyaux de securite
WO2006000369A2 (fr) Interface utilisateur fiable non intrusive
CN116097692A (zh) 经由基于nfc的认证的增强现实信息显示与交互
JP4270398B2 (ja) ディスプレイ上にセキュア状態インジケータを表示するシステムおよび方法
US8135383B2 (en) Information security and delivery method and apparatus
WO2023040451A1 (fr) Transfert de ressources
WO2003003170A1 (fr) Dispositif personnel d'utilisateur et procede de selection d'un mode d'entree/sortie securise dans un dispositif personnel d'utilisateur
EP1331600A2 (fr) Carte à mémoire
Spalka et al. Protecting the creation of digital signatures with trusted computing platform technology against attacks by trojan horse programs
CN113127844A (zh) 一种变量访问方法、装置、系统、设备和介质
WO2005119397A1 (fr) Controle d'acces a un dispositif securise par l'intermediaire d'un dispositif de securite amovible
US12002040B2 (en) Device driver for contactless payments
US11507958B1 (en) Trust-based security for transaction payments
US10845990B2 (en) Method for executing of security keyboard, apparatus and system for executing the method
CN110830479A (zh) 基于多卡的一键登录方法、装置、设备及存储介质
CN114219055A (zh) 一种条码生成方法、条码验证方法及支付系统

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP