WO2003010723A1 - Hsm-key und hsm-adapter (extern + intern) - Google Patents
Hsm-key und hsm-adapter (extern + intern) Download PDFInfo
- Publication number
- WO2003010723A1 WO2003010723A1 PCT/DE2000/000923 DE0000923W WO03010723A1 WO 2003010723 A1 WO2003010723 A1 WO 2003010723A1 DE 0000923 W DE0000923 W DE 0000923W WO 03010723 A1 WO03010723 A1 WO 03010723A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- user
- hsm
- key
- recording
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/10—Digital recording or reproducing
- G11B20/12—Formatting, e.g. arrangement of data block or words on the record carriers
Definitions
- HSM - KEY and HSM - adapter (external + internal)
- Digital data can be stored on different media e.g. B. for a transport or just for data backup.
- media e.g. B. for a transport or just for data backup.
- a fixed, predetermined data format and / or recording protocol that cannot be changed by the user is used for this purpose.
- the inventions underlying claim 1 are based on the problem that everyone who is informed about the data format and the recording protocol of the manufacturer can read out and evaluate all user data from all users. Even if the user tries to protect this data using an encryption algorithm, an unauthorized person can still at least clearly separate the primary user data from the secondary protocol data when reading the storage media, which are only necessary for storing user data on the respective data carrier. The user data determined in this way can then be e.g. a decoding algorithm can be applied.
- the advantages achieved by the invention are, in particular, that instead of a fixedly specified data and / or recording format on the internal or external HSM key with the help of the internal or external HSM adapter, individually parameterizable and freely definable recording and data formats are used by the user can. While in inventions according to claim 1 mostly two different signal levels and a continuous and fixed predetermined synchronization signal are used to store the data, in the invention according to claim 2 any number of signal levels can be used in parallel and stored on the HSM key. It is also possible to change the data format or the recording format at any time during data storage or to save completely useless information in between. A second person who does not have the data format and the recording log is informed, only gets a certain number of different signal levels for unauthorized access.
- an HSM key created with an HSM adapter can be used with any system and under any platform, provided that they are able to store data in any form send and receive.
- the HSM key can be removed from the HSM adapter and taken with you after data has been saved or after a reading process.
- the data are stored in a non-volatile memory and are therefore not dependent on any further energy supply.
- An advantageous embodiment of the invention is specified in claim 2.
- the development according to claim 2 makes it possible to combine different types of data, possibly with different recording parameters, on a data carrier.
- This enables the HSM key to e.g.
- various information which is accommodated on various systems according to the current state of the art, is combined on a storage medium.
- An HSM key could e.g. can be used as a complete replacement for the following systems or parts thereof:
- Radio activation card e.g. keycards
- the access authorization is the data format and recording system known only to the user.
- Various passwords of any length can also be used to access the various functions.
- the passwords can also be set by the user and not only by the card issuer and can be freely changed at any time.
- User information can be stored on EC cards or similar magnetic strips attached to media in order to e.g. enable the withdrawal of money from the EC machine or make it easier for doctors to collect customer data as a substitute for health vouchers.
- the customer is given a password by the bank. This password cannot be changed by the customer, it always has 4 digits and consists only of digits.
- Each card can only fulfill one task.
- the magnetic stripe on the card can scratch or scratch, which makes it impossible to use the card again.
- the card can e.g. crease, which would also destroy it.
- the user himself can assign any number and any length of password from any characters or symbols.
- the user himself determines which passwords are intended for which information on the card. For example, Hessen also set up areas that are only accessible with several passwords to be entered one after the other.
- the user can determine in which data format and or in which recording format the data should be saved on the card.
- the location on the map can also be freely determined.
- emergency information e.g. in the event of an accident, indications of a diabetes or blood group or an emergency telephone number
- a common, standardized data format and recording format e.g. binary storage with 8 bits and stop bit and synchronization pulse
- Store the password on the key while high-security information such as account access authorizations can be stored in any data format specified by the user (e.g. trinary storage with 29 bits and various stop bit levels without synchronization pulse) and with an 18-digit password on the HSM key.
- a dongle uses existing interfaces on the PC and can cause incompatibilities, e.g. if the dongle is installed between the PC and the printer, or if several dongle from different programs have to be plugged into each other.
- the dongle is the only access authorization to the program. For this reason, a dongle must be kept in the safe in the evening to prevent theft.
- no user-specific data can be accommodated in the dongle, which enables individual users to be identified.
- the user must remove and lock the dongle or lock from the computer when handling highly sensitive data or call in a reliable supervisor.
- the computer usually has to be shut down and the dongle unscrewed.
- Program demo versions limited use of the program or runtime-dependent program versions.
- a new program version must be created for each of these program sub-versions. Even if the potential customer wants to switch from a demo version to a full program version or only from a program version to an update, it is usually necessary to send a new dongle in addition to a new software CD.
- HSM key can be easily carried on the keychain.
- the HSM key is hot-pluggable, which means that it can be removed and plugged in while the computer is running.
- the user can also assign any number and any length of password from any characters or symbols. The user himself determines which passwords are intended for which information on the card. For example, areas can be set up that are only accessible with several passwords to be entered one after the other.
- the user can determine in which data format and or in which recording format the data should be saved on the card. In this way, every program user creates his or her individual dongle. It is no longer possible for unauthorized persons to put the program versions of all program users into operation by simply copying them.
- the user can also save any individual data such as address or telephone lists on the HSM key.
- the HSM key in cooperation with the additional software HD-Save or SW-Save, protects locally working storage media with RVW status, which can work under different operating systems, against unauthorized access.
- the storage medium is made unusable for unauthorized persons. Only a limited number of people can use the HSM key to make the storage medium usable again. In the event of theft or unauthorized access, the storage medium appears to be non-existent or unusable.
- the backup is e.g. started with the HD - Save software, specifying the medium to be backed up (e.g. drive C:) and options. Possible options are (one each):
- the backup is carried out by writing the selected areas of the storage medium to the backup diskette and deleting the selected areas on the storage medium.
- An HSM adapter is installed in each door and either a central computer or the HSM key notes which door can be opened with which HSM key. This has the advantage of a fully configurable locking system:
- ⁇ there can be a master area in which the customer-specific data such as name and address are located. There can also be any number of sub-areas in which the additional information is for individual tasks or institutions.
- Withdraw money (EC cards, VISACard, AmericanExpress, Mastercard, etc.)
- the user himself can assign any number and any length of password from any characters or symbols.
- the user himself determines which passwords are intended for which information on the card. For example, also set up areas that are only accessible with several passwords to be entered one after the other.
- the user can determine in which data format and or in which recording format the data should be saved on the card. For example, emergency information (e.g. for a possible accident, indications of a diabetes or blood group or an emergency telephone number) could be stored on the HSM key without a password in a common, standardized data format and recording format (e.g. binary storage with 8 bits and stop bit and synchronization pulse) , while high security information such as account access authorizations in any data format specified by the user (e.g. trinary storage with 29 bits and different stop bit levels without Synchronization pulse) and can be stored on the HSM key with a password.
- emergency information e.g. for a possible accident, indications of a diabetes or blood group or an emergency telephone number
- high security information such as account access authorizations in any data format specified by the user (e.g. trinary storage with 29 bits and different stop bit levels without Synchronization pulse) and can be stored on the HSM key with a password.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003516024A JP2004521432A (ja) | 2000-03-25 | 2000-03-25 | デイジタルデータの記憶 |
AU2000280404A AU2000280404A1 (en) | 2000-03-25 | 2000-03-25 | Hsm-key and hsm-adapter (external + internal) |
EP00916817A EP1340201A1 (de) | 2000-03-25 | 2000-03-25 | Hsm-key und hsm-adapter (extern + intern) |
PCT/DE2000/000923 WO2003010723A1 (de) | 2000-03-25 | 2000-03-25 | Hsm-key und hsm-adapter (extern + intern) |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/DE2000/000923 WO2003010723A1 (de) | 2000-03-25 | 2000-03-25 | Hsm-key und hsm-adapter (extern + intern) |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003010723A1 true WO2003010723A1 (de) | 2003-02-06 |
Family
ID=5647543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2000/000923 WO2003010723A1 (de) | 2000-03-25 | 2000-03-25 | Hsm-key und hsm-adapter (extern + intern) |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1340201A1 (de) |
JP (1) | JP2004521432A (de) |
AU (1) | AU2000280404A1 (de) |
WO (1) | WO2003010723A1 (de) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4291222A (en) * | 1977-12-29 | 1981-09-22 | Gao Gesellschaft Fur Automation Und Organisation Mbh | Method and apparatus for card authentication using display of symbols for identification of a personal code word |
EP0664506A2 (de) * | 1994-01-21 | 1995-07-26 | International Business Machines Corporation | System und Verfahren zur Bestimmung des physikalischen Format eines Datenspeichers durch den Benutzer |
FR2730330A1 (fr) * | 1995-02-02 | 1996-08-09 | Cohen Solal Bernard Simon | Systeme d'information universel interactif par appareil et carte multi-services |
WO1998039744A2 (de) * | 1997-03-06 | 1998-09-11 | Deutsche Telekom Ag | Datenträger zum erwerb und zur speicherung von berechtigungen und verfahren zur speicherung der berechtigungen |
US5884271A (en) * | 1994-06-20 | 1999-03-16 | Pitroda; Satyan G. | Device, system and methods of conducting paperless transactions |
EP0961241A2 (de) * | 1998-03-30 | 1999-12-01 | Citicorp Development Center, Inc. | Persönliches Überweisungsystem mittels Chipkarten mit mehrfachiger Speicher |
-
2000
- 2000-03-25 WO PCT/DE2000/000923 patent/WO2003010723A1/de not_active Application Discontinuation
- 2000-03-25 JP JP2003516024A patent/JP2004521432A/ja active Pending
- 2000-03-25 EP EP00916817A patent/EP1340201A1/de not_active Withdrawn
- 2000-03-25 AU AU2000280404A patent/AU2000280404A1/xx active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4291222A (en) * | 1977-12-29 | 1981-09-22 | Gao Gesellschaft Fur Automation Und Organisation Mbh | Method and apparatus for card authentication using display of symbols for identification of a personal code word |
EP0664506A2 (de) * | 1994-01-21 | 1995-07-26 | International Business Machines Corporation | System und Verfahren zur Bestimmung des physikalischen Format eines Datenspeichers durch den Benutzer |
US5884271A (en) * | 1994-06-20 | 1999-03-16 | Pitroda; Satyan G. | Device, system and methods of conducting paperless transactions |
FR2730330A1 (fr) * | 1995-02-02 | 1996-08-09 | Cohen Solal Bernard Simon | Systeme d'information universel interactif par appareil et carte multi-services |
WO1998039744A2 (de) * | 1997-03-06 | 1998-09-11 | Deutsche Telekom Ag | Datenträger zum erwerb und zur speicherung von berechtigungen und verfahren zur speicherung der berechtigungen |
EP0961241A2 (de) * | 1998-03-30 | 1999-12-01 | Citicorp Development Center, Inc. | Persönliches Überweisungsystem mittels Chipkarten mit mehrfachiger Speicher |
Non-Patent Citations (2)
Title |
---|
"FOCUS ON: CD ROM STANDARDS AND APPLICATIONS", ELEKTOR ELECTRONICS,GB,ELEKTOR PUBLISHERS LTD. CANTERBURY, vol. 21, no. 231, 1 March 1995 (1995-03-01), pages 16 - 20, XP000498427, ISSN: 0268-4519 * |
BUCHHEIT M: "SOFTWARE-KOPIERSCHUTZ", ELEKTRONIK,DE,FRANZIS VERLAG GMBH. MUNCHEN, vol. 41, no. 14, 7 July 1992 (1992-07-07), pages 68 - 74, XP000307635, ISSN: 0013-5658 * |
Also Published As
Publication number | Publication date |
---|---|
JP2004521432A (ja) | 2004-07-15 |
AU2000280404A1 (en) | 2003-02-17 |
EP1340201A1 (de) | 2003-09-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69531082T2 (de) | Verfahren und Vorrichtung mit einem Verschlüsselungskopfteil, die es ermöglicht, Software zu erproben | |
DE2560688C2 (de) | ||
DE2760487C2 (de) | ||
DE69433471T2 (de) | Kartenartiges Speichermedium und Ausgabeapparat für kartenartiges Speichermedium | |
DE3704814C3 (de) | Karte mit integrierter Schaltung | |
DE2738113A1 (de) | Vorrichtung zur durchfuehrung von bearbeitungsvorgaengen mit einem in eine aufnahmeeinrichtung der vorrichtung eingebbaren identifikanden | |
DE2612693A1 (de) | Bargeldausgabevorrichtung | |
EP1410128A1 (de) | Datenverarbeitungsvorrichtung | |
EP0224639B1 (de) | Verfahren zum Kontrollieren eines Speicherzugriffs auf einer Chipkarte und Anordnung zur Durchführung des Verfahrens | |
DE10023820B4 (de) | Software-Schutzmechanismus | |
DE4404841C2 (de) | Speicher- und selektives Informationsübermittlungssystem für persönliche Daten | |
EP3531333A1 (de) | Manipulationsgeschützte speicherung beweiserheblicher daten | |
DD292987A5 (de) | Verfahren zur kontrolle der nutzung eines informationstraegers insbesondere eines magnetischen oder optisch-magnetischen, und systeme fuer seine verwendung | |
DE10126138A1 (de) | Sabotagesichere und zensurresistente persönliche elektronische Gesundheitsakte | |
WO2001059548A2 (de) | Vorrichtung zum zugriffsgeschützten behandeln elektronischer daten | |
DE2921878A1 (de) | Datenuebertragungssystem | |
WO2003010723A1 (de) | Hsm-key und hsm-adapter (extern + intern) | |
EP0970449B1 (de) | Tragbarer datenträger und verfahren zu dessen kryptographisch gesicherten benutzung mit austauschbaren kryptographischen schlüsseln | |
DE19508288A1 (de) | Verfahren und Anordnung zur Verhinderung der unberechtigten Nutzung eines Rechners | |
EP0818749A2 (de) | Verfahren und System zum Sichern von Daten | |
EP1288768A2 (de) | Intelligenter Dongle | |
DE4027735A1 (de) | Verfahren und vorrichtung zur gesicherten datenfernuebermittlung | |
DE102018113148A1 (de) | Verfahren zur revisionssicheren Speicherung von Daten | |
EP1650716A1 (de) | Verfahren zur Verwaltung von Benutzerrechten für ein codegesichertes Objekt | |
DE10003309A1 (de) | Frankiermaschine mit Zugangssicherung |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2000916817 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10239984 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2003 516024 Kind code of ref document: A Format of ref document f/p: F Ref document number: 2003516024 Country of ref document: JP Kind code of ref document: A Format of ref document f/p: F |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AU BA BB BG BR CA CU CZ EE GE HU IS JP KP KR LC LK LT LV MG MK MN MX NO NZ PL RO SG SK SL TR TT UA US UZ VN YU Kind code of ref document: A1 Designated state(s): AL AU BA BB BG BR CA CN CU CZ EE GE HU IS JP KP KR LC LK LR LT LV MG MK MN MX NO NZ PL RO SG SI SK SL TR TT UA US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ ZW AT BE CH CY DE DK ES FI GB GR IE IT LU MC NL PT SE BJ CF CG CI CM GA GN GW ML MR SN TD TG Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 2000916817 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000916817 Country of ref document: EP |