WO2005050456A1 - Security arrangement - Google Patents

Security arrangement Download PDF

Info

Publication number
WO2005050456A1
WO2005050456A1 PCT/IB2004/052456 IB2004052456W WO2005050456A1 WO 2005050456 A1 WO2005050456 A1 WO 2005050456A1 IB 2004052456 W IB2004052456 W IB 2004052456W WO 2005050456 A1 WO2005050456 A1 WO 2005050456A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage device
computer system
security arrangement
data
processor unit
Prior art date
Application number
PCT/IB2004/052456
Other languages
French (fr)
Inventor
Marc Gerhard Welz
Alan Wilson-Langman
Original Assignee
Marc Gerhard Welz
Alan Wilson-Langman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Marc Gerhard Welz, Alan Wilson-Langman filed Critical Marc Gerhard Welz
Publication of WO2005050456A1 publication Critical patent/WO2005050456A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • the present invention relates to a security arrangement.
  • the present invention relates to a security arrangement for a computer system.
  • Computer systems are widely used to store confidential information and to access secure environments such as for Internet banking. It is difficult to secure such computer systems against unauthorised access or tampering because of a number of factors, such as: • Modern computer systems are large, complex and normally attached to large networks and to the internet; • Information is stored on the computer systems in a digital format, which his easily copied; and • Workstations are easily compromised, whether via local hardware modification or remote installation of spyware.
  • One method of securing a computer system is by implementing a software security system that requires passwords to be entered before allowing access to the computer. This is not always secure as the passwords can be circumvented or recorded by attackers.
  • peripheral hardware identification means can include cryptographic keys, biometric information such as fingerprints, or other credentials (as described in US 5,949,822 and US 6,275,933). While reasonably effective at protecting a computer against unauthorised users, these proposals do not offer protection against flawed or even compromised computer hosts, including those infected by viruses and worms. This limited protection and the costs associated with deploying hardware tokens causes the above means to be used infrequently.
  • a security arrangement for a computer system includes a removable storage device adapted to be operatively joined to a computer system; storage memory provided on the storage device for storing data; a processor unit being adapted to control access to the storage memory; authentication means associated with the processor unit and being adapted to receive from a user and validate an authentication credential prior to allowing access to the storage memory; and computer software associated with the processor unit and being adapted to be loaded onto the computer system prior to allowing access to the storage memory.
  • a storage device adapted to be operatively joined to a computer system, includes storage memory for storing information; a processor unit being adapted to control access to the storage memory; authentication means associated with the processor unit and being adapted to receive from a user and validate authentication credentials prior to allowing access to the storage memory; and computer software associated with the processor unit and being adapted to be loaded onto the computer system prior to allowing access to the storage memory.
  • the computer system may be selected from a personal computer, a network workstation, an operating system in a motor vehicle, and an access management system for a building.
  • the data may be information or documents stored on or generated by the storage device.
  • At least a part of the storage memory may allow read-only access.
  • the storage memory may be flash memory.
  • the processor unit may be a cryptographic processor.
  • the processor unit may include a hardened, tamper resistant storage.
  • the processor unit may be adapted to digitally sign the data.
  • the authentication means may be integrally provided on the storage device.
  • the authentication means may be adapted to be operated separately from a computer system to which the removable storage device is operatively joined.
  • the authentication credential may be adapted to be input via both the storage device and the computer system.
  • the authentication credential may be adapted to be input on the storage device whereafter feedback of the authentication credential is provided by the computer system.
  • the authentication credential may be adapted to be input on the computer system in response to a randomised selection list generated by the storage device.
  • the authentication credential may be adapted to be validated against a master credential stored on the storage device.
  • the master credential may be secretly stored on the storage device and may not be disclosed during use to the computer system.
  • the computer software may include an operating system.
  • the computer software may include a program application.
  • the storage device may be adapted to be joined to the computer system via a standard computer interface.
  • the interface may be selected from universal serial bus (USB - wired or wireless), Firewire, wireless LAN, Bluetooth or Zigbee.
  • the removable storage device may be adapted to be retained by a user for their exclusive use.
  • the invention extends to a computer system provided with a security arrangement as set out herein.
  • the computer system may be adapted to be inoperable when the removable storage device is not operatively joined to one of its communication interfaces.
  • a method of securing data includes the steps of operatively joining a removable storage device to a computer system; of storing data on the removable storage device; of encrypting the data; of providing processing means on the removable storage device for decrypting the data; of requiring a user to input an authentication credential to operate the processing means; and of loading computer software that is associated with the processor unit onto the computer system prior to allowing access to the data.
  • the method may include the step storing the computer software on the storage device in a compressed state and of decompressing the computer software prior to loading it on the computer system.
  • the method may be applied on a computer system selected from a personal computer, a network workstation, an operating system in a motor vehicle, and an access management system for a building.
  • the data may be information or documents stored on or generated by the storage device.
  • the method may include the step of having the processor unit digitally sign the data.
  • the method may include the step of inputting the authentication credential via both the storage device and the computer system.
  • the method may include the step of inputting the authentication credential on the storage device whereafter feedback of the authentication credential is provided by the computer system.
  • the method may include the step of inputting the authentication credential on the computer system in response to a randomised selection list generated by the storage device.
  • the method may include the step of validating the authentication credential against a master credential stored on the storage device.
  • the method may include the step of secretly storing the master credential on the storage device and, during use, not disclosing the master credential to the computer system.
  • the computer software may include an operating system.
  • the computer software may include a program application.
  • the security arrangement 10 includes a removable storage device 12 adapted to be operatively joined to a computer system 14.
  • the storage device 12 is provided with storage memory 16 for storing information and a cryptographic processor 18 for controlling access to the stored information.
  • the storage memory 16 can be flash memory, which is partitioned by the cryptographic processor 18 into a) no access, b) read-only, c) write-only and d) read/write regions. These regions can be encrypted with different encryption keys that are held by the cryptographic processor 18, to prevent unauthorised users from physically bypassing the cryptographic processor 18 in an attempt to retrieve the stored data from the storage memory 16.
  • the storage device 12 further includes authentication means 20 for acquiring a user's authentication credentials and for validating the authentication credential against a master credential provided on the authentication means 20.
  • the authentication means 20 can be integrally formed with the storage device 12 and can include a display, a keypad, a fingerprint reader or a retinal scanner.
  • a user will retain the removable storage device 12, preferably in their possession at all times, for their exclusive use.
  • the storage device 12 is operatively joined to the computer system 14 by connecting the storage device 12 to the computer system 14 via a peripheral interface, such as a USB port.
  • the computer system 14 is thereafter rebooted and an operating environment is loaded from the storage memory 16.
  • the authentication means 20 requests the user to input an authentication credential, such as a password, which is validated against the master credential.
  • the authentication credential can be provided in one of two ways. Either the authentication credential can be input on the storage device 12 whereafter feedback of the authentication credential is provided by the computer system. Alternatively, the authentication credential can be input on the computer system in response to a randomised selection list displayed on the computer's screen by the storage device 12.
  • the cryptographic processor 18 decrypts the information stored in the storage memory 16 for access thereto by the user and use for performing functions such as gaining access to remote systems, electronically signing documents, approving transactions, or encoding or decoding text documents.
  • the storage device 12 is removed from the peripheral interface of the computer system 14.
  • the authentication means 20 is integrally formed with the storage device 12, it is more difficult for another person to intercept, copy or decipher the authentication credential from the computer system 14.
  • the computer system 14 can be inoperable when the storage device 12 is not operatively joined to the USB port.
  • the security arrangement 10 can be used for various applications, such as online banking, diskless workstations and servers, and secure remote access to networks or the Internet from public access points such as kiosks and Internet cafes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a security arrangement for a computer system including a removable storage device being adapted to be operatively joined to a computer system. The storage device has storage memory for storing data and a processor unit being adapted to control access to the storage memory. Authentication means is associated with the processor unit and is adapted to receive from a user and validate an authentication credential prior to allowing access to the storage memory. Furthermore, computer software is associated with the processor unit and is adapted to be loaded onto the computer system prior to allowing access to the storage memory.

Description

SECURITY ARRANGEMENT
FIELD OF INVENTION
The present invention relates to a security arrangement.
More particularly, the present invention relates to a security arrangement for a computer system.
BACKGROUND TO INVENTION
Computer systems are widely used to store confidential information and to access secure environments such as for Internet banking. It is difficult to secure such computer systems against unauthorised access or tampering because of a number of factors, such as: • Modern computer systems are large, complex and normally attached to large networks and to the internet; • Information is stored on the computer systems in a digital format, which his easily copied; and • Workstations are easily compromised, whether via local hardware modification or remote installation of spyware.
One method of securing a computer system is by implementing a software security system that requires passwords to be entered before allowing access to the computer. This is not always secure as the passwords can be circumvented or recorded by attackers.
Another method of securing a computer system uses peripheral hardware identification means to identify a user. Such hardware identification means can include cryptographic keys, biometric information such as fingerprints, or other credentials (as described in US 5,949,822 and US 6,275,933). While reasonably effective at protecting a computer against unauthorised users, these proposals do not offer protection against flawed or even compromised computer hosts, including those infected by viruses and worms. This limited protection and the costs associated with deploying hardware tokens causes the above means to be used infrequently.
It is an object of the invention to suggest a security arrangement, which will assist in overcoming these problems.
SUMMARY OF INVENTION
According to the invention, a security arrangement for a computer system includes a removable storage device adapted to be operatively joined to a computer system; storage memory provided on the storage device for storing data; a processor unit being adapted to control access to the storage memory; authentication means associated with the processor unit and being adapted to receive from a user and validate an authentication credential prior to allowing access to the storage memory; and computer software associated with the processor unit and being adapted to be loaded onto the computer system prior to allowing access to the storage memory.
Also according to the invention, a storage device adapted to be operatively joined to a computer system, includes storage memory for storing information; a processor unit being adapted to control access to the storage memory; authentication means associated with the processor unit and being adapted to receive from a user and validate authentication credentials prior to allowing access to the storage memory; and computer software associated with the processor unit and being adapted to be loaded onto the computer system prior to allowing access to the storage memory.
The computer system may be selected from a personal computer, a network workstation, an operating system in a motor vehicle, and an access management system for a building. The data may be information or documents stored on or generated by the storage device.
At least a part of the storage memory may allow read-only access.
The storage memory may be flash memory.
The processor unit may be a cryptographic processor.
The processor unit may include a hardened, tamper resistant storage.
The processor unit may be adapted to digitally sign the data.
The authentication means may be integrally provided on the storage device.
The authentication means may be adapted to be operated separately from a computer system to which the removable storage device is operatively joined.
The authentication credential may be adapted to be input via both the storage device and the computer system.
The authentication credential may be adapted to be input on the storage device whereafter feedback of the authentication credential is provided by the computer system.
The authentication credential may be adapted to be input on the computer system in response to a randomised selection list generated by the storage device.
The authentication credential may be adapted to be validated against a master credential stored on the storage device.
The master credential may be secretly stored on the storage device and may not be disclosed during use to the computer system. The computer software may include an operating system.
The computer software may include a program application.
The storage device may be adapted to be joined to the computer system via a standard computer interface.
The interface may be selected from universal serial bus (USB - wired or wireless), Firewire, wireless LAN, Bluetooth or Zigbee.
The removable storage device may be adapted to be retained by a user for their exclusive use.
The invention extends to a computer system provided with a security arrangement as set out herein.
The computer system may be adapted to be inoperable when the removable storage device is not operatively joined to one of its communication interfaces.
Further according to the invention, a method of securing data includes the steps of operatively joining a removable storage device to a computer system; of storing data on the removable storage device; of encrypting the data; of providing processing means on the removable storage device for decrypting the data; of requiring a user to input an authentication credential to operate the processing means; and of loading computer software that is associated with the processor unit onto the computer system prior to allowing access to the data.
The method may include the step storing the computer software on the storage device in a compressed state and of decompressing the computer software prior to loading it on the computer system. The method may be applied on a computer system selected from a personal computer, a network workstation, an operating system in a motor vehicle, and an access management system for a building.
The data may be information or documents stored on or generated by the storage device.
The method may include the step of having the processor unit digitally sign the data.
The method may include the step of inputting the authentication credential via both the storage device and the computer system.
The method may include the step of inputting the authentication credential on the storage device whereafter feedback of the authentication credential is provided by the computer system.
The method may include the step of inputting the authentication credential on the computer system in response to a randomised selection list generated by the storage device.
The method may include the step of validating the authentication credential against a master credential stored on the storage device.
The method may include the step of secretly storing the master credential on the storage device and, during use, not disclosing the master credential to the computer system.
The computer software may include an operating system.
The computer software may include a program application.
BRIEF DESCRIPTION OF DRAWING
The invention will now be described by way of example with reference to the accompanying schematic drawing. In the drawing there is shown a schematic diagram of a security arrangement according to the invention.
DETAILED DESCRIPTION OF DRAWING
Referring to the drawing, a security arrangement for a computer system, generally indicated by reference numeral 10, is shown. The security arrangement 10 includes a removable storage device 12 adapted to be operatively joined to a computer system 14.
The storage device 12 is provided with storage memory 16 for storing information and a cryptographic processor 18 for controlling access to the stored information. The storage memory 16 can be flash memory, which is partitioned by the cryptographic processor 18 into a) no access, b) read-only, c) write-only and d) read/write regions. These regions can be encrypted with different encryption keys that are held by the cryptographic processor 18, to prevent unauthorised users from physically bypassing the cryptographic processor 18 in an attempt to retrieve the stored data from the storage memory 16.
The storage device 12 further includes authentication means 20 for acquiring a user's authentication credentials and for validating the authentication credential against a master credential provided on the authentication means 20. The authentication means 20 can be integrally formed with the storage device 12 and can include a display, a keypad, a fingerprint reader or a retinal scanner.
In use, a user will retain the removable storage device 12, preferably in their possession at all times, for their exclusive use. When data stored on the storage device 12 needs to be accessed, the storage device 12 is operatively joined to the computer system 14 by connecting the storage device 12 to the computer system 14 via a peripheral interface, such as a USB port. The computer system 14 is thereafter rebooted and an operating environment is loaded from the storage memory 16. The authentication means 20 requests the user to input an authentication credential, such as a password, which is validated against the master credential. The authentication credential can be provided in one of two ways. Either the authentication credential can be input on the storage device 12 whereafter feedback of the authentication credential is provided by the computer system. Alternatively, the authentication credential can be input on the computer system in response to a randomised selection list displayed on the computer's screen by the storage device 12.
After the authentication credential is validated, the cryptographic processor 18 decrypts the information stored in the storage memory 16 for access thereto by the user and use for performing functions such as gaining access to remote systems, electronically signing documents, approving transactions, or encoding or decoding text documents.
After the user has finished using the data, the storage device 12 is removed from the peripheral interface of the computer system 14.
As the authentication means 20 is integrally formed with the storage device 12, it is more difficult for another person to intercept, copy or decipher the authentication credential from the computer system 14.
The computer system 14 can be inoperable when the storage device 12 is not operatively joined to the USB port.
The security arrangement 10 can be used for various applications, such as online banking, diskless workstations and servers, and secure remote access to networks or the Internet from public access points such as kiosks and Internet cafes.

Claims

1. A security arrangement for a computer system including a removable storage device adapted to be operatively joined to a computer system; storage memory provided on the storage device for storing data; a processor unit being adapted to control access to the storage memory; authentication means associated with the processor unit and being adapted to receive from a user and validate an authentication credential prior to allowing access to the storage memory; and computer software associated with the processor unit and being adapted to be loaded onto the computer system prior to allowing access to the storage memory.
2. A security arrangement as claimed in claim 1, in which the computer system is selected from a personal computer, a network workstation, an operating system in a motor vehicle, and an access management system for a building.
3. A security arrangement as claimed in claim 1 or 2, in which the data is information or documents stored on or generated by the storage device.
4. A security arrangement as claimed in any one of the preceding claims, in which at least a part of the storage memory allows readonly access.
5. A security arrangement as claimed in any one of the preceding claims, in which the storage memory is flash memory.
6. A security arrangement as claimed in any one of the preceding claims, in which the processor unit is a cryptographic processor.
7. A security arrangement as claimed in any one of the preceding claims, in which the processor unit includes a hardened, tamper resistant storage.
8. A security arrangement as claimed in any one of the preceding claims, in which the processor unit is adapted to digitally sign the data.
9. A security arrangement as claimed in any one of the preceding claims, in which the authentication means is integrally provided on the storage device.
10. A security arrangement as claimed in any one of the preceding claims, in which the authentication means is adapted to be operated separately from a computer system to which the removable storage device is operatively joined.
11. A security arrangement as claimed in any one of the preceding claims, in which the authentication credential is adapted to be input via both the storage device and the computer system.
12. A security arrangement as claimed in any one of the preceding claims, in which the authentication credential is adapted to be input on the storage device whereafter feedback of the authentication credential is provided by the computer system.
13. A security arrangement as claimed in any one of the preceding claims, in which the authentication credential is adapted to be input on the computer system in response to a randomised selection list generated by the storage device.
14. A security arrangement as claimed in any one of the preceding claims, in which the authentication credential is adapted to be validated against a master credential stored on the storage device.
15. A security arrangement as claimed in claim 14, in which the master credential is secretly stored on the storage device and is not disclosed during use to the computer system.
16. A security arrangement as claimed in any one of the preceding claims, in which the computer software includes an operating system.
17. A security arrangement as claimed in any one of the preceding claims, in which the computer software includes a program application.
18. A security arrangement as claimed in any one of the preceding claims, in which the storage device is adapted to be joined to the computer system via a standard computer interface.
19. A security arrangement as claimed in claim 18, in which the interface is selected from universal serial bus (USB - wired or wireless), Firewire, wireless LAN, Bluetooth or Zigbee.
20. A security arrangement as claimed in any one of the preceding claims, in which the removable storage device is adapted to be retained by a user for their exclusive use.
21. A computer system provided with a security arrangement as claimed in any one of claims 1 to 20.
22. A computer system as claimed in claim 21, which is adapted to be inoperable when the removable storage device is not operatively joined to one of its communication interfaces.
23. A storage device adapted to be operatively joined to a computer system, the storage device including storage memory for storing information; a processor unit being adapted to control access to the storage memory; authentication means associated with the processor unit and being adapted to receive from a user and validate authentication credentials prior to allowing access to the storage memory; and computer software associated with the processor unit and being adapted to be loaded onto the computer system prior to allowing access to the storage memory.
24. A storage device as claimed in claim 23, in which the data is information or documents stored on or generated by the storage device.
25. A storage device as claimed in any one of claims 23 or 24, in which at least a part of the storage memory allows read-only access.
26. A storage device as claimed in any one of claims 23 to 25, in which the storage memory is flash memory.
27. A storage device as claimed in any one of claims 23 to 26, in which the processor unit is a cryptographic processor.
28. A storage device as claimed in any one of claims 23 to 27, in which the processor unit includes a hardened, tamper resistant storage.
29. A storage device as claimed in any one of claims 23 to 28, in which the processor unit is adapted to digitally sign the data.
30. A storage device as claimed in any one of claims 23 to 29, in which the authentication means is integrally provided on the storage device.
31. A storage device as claimed in any one of claims 23 to 30, in which the authentication credential is validated against a master credential stored on the storage device.
32. A storage device as claimed in claim 31, in which the master credential is secretly stored on the storage device and, during use, is not disclosed to the computer system.
33. A storage device as claimed in any one of claims 23 to 32, in which the computer software includes an operating system.
34. A storage device as claimed in any one of claims 23 to 33, in which the computer software includes a program application.
35. A storage device as claimed in any one of claims 23 to 34, in which the storage device is adapted to be joined to a computer system via a standard computer interface.
36. A storage device as claimed in claim 35, in which the interface is selected from universal serial bus (USB - wired or wireless), Firewire, wireless LAN, Bluetooth or Zigbee.
37. A storage device as claimed in any one of claims 23 to 36, in which the removable storage device is adapted to be retained by a user for their exclusive use.
38. A method of securing data including the steps of operatively joining a removable storage device to a computer system; of storing data on the removable storage device; of encrypting the data; of providing processing means on the removable storage device for decrypting the data; of requiring a user to input an authentication credential to operate the processing means; and of loading computer software that is associated with the processor unit onto the computer system prior to allowing access to the data.
39. A method of securing data as claimed in claim 38, which includes the step storing the computer software on the storage device in a compressed state and of decompressing the computer software prior to loading it on the computer system.
40. A method of securing data as claimed in claim 38 or 39, in which the computer system is selected from a personal computer, a network workstation, an operating system in a motor vehicle, and an access management system for a building.
41. A method of securing data as claimed in any one of claims 38 to 40, in which the data is information or documents stored on or generated by the storage device.
42. A method of securing data as claimed in any one of claims 38 to 41, which includes the step of having the processor unit digitally sign the data.
43. A method of securing data as claimed in any one of claims 38 to 42, which includes the step of inputting the authentication credential via both the storage device and the computer system.
44. A method of securing data as claimed in any one of claims 38 to 43, which includes the step of inputting the authentication credential on the storage device whereafter feedback of the authentication credential is provided by the computer system.
45. A method of securing data as claimed in any one of claims 38 to 44, which includes the step of inputting the authentication credential on the computer system in response to a randomised selection list generated by the storage device.
46. A method of securing data as claimed in any one of claims 38 to 45, which includes the step of validating the authentication credential against a master credential stored on the storage device.
47. A method of securing data as claimed in claim 46, which includes the step of secretly storing the master credential on the storage device and, during use, not disclosing the master credential to the computer system.
48. A method of securing data as claimed in any one of claims 38 to 47, in which the computer software includes an operating system.
49. A method of securing data as claimed in any one of claims 38 to 48, in which the computer software includes a program application.
50. A security arrangement substantially as hereinbefore described with reference to and as illustrated in the accompanying schematic drawing.
51. A computer system substantially as hereinbefore described with reference to and as illustrated in the accompanying schematic drawing.
52. A storage device substantially as hereinbefore described with reference to and as illustrated in the accompanying schematic drawing.
53. A method of securing data substantially as hereinbefore described with reference to and as illustrated in the accompanying schematic drawing.
PCT/IB2004/052456 2003-11-19 2004-11-17 Security arrangement WO2005050456A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA200308979 2003-11-19
ZA2003/8979 2003-11-19

Publications (1)

Publication Number Publication Date
WO2005050456A1 true WO2005050456A1 (en) 2005-06-02

Family

ID=34620870

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/052456 WO2005050456A1 (en) 2003-11-19 2004-11-17 Security arrangement

Country Status (1)

Country Link
WO (1) WO2005050456A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010023375A1 (en) * 2000-03-17 2001-09-20 Miaxis Biometrics Co. Fingerprint hard disk
EP1168137A1 (en) * 2000-06-23 2002-01-02 IPM-NET S.p.A. Smart card reader with usb interface for connection to personal computers and the like
US20020073340A1 (en) * 2000-12-12 2002-06-13 Sreenath Mambakkam Secure mass storage device with embedded biometri record that blocks access by disabling plug-and-play configuration
US20030005337A1 (en) * 2001-06-28 2003-01-02 Poo Teng Pin Portable device having biometrics-based authentication capabilities
US6547130B1 (en) * 1999-06-03 2003-04-15 Ming-Shiang Shen Integrated circuit card with fingerprint verification capability
WO2003091885A1 (en) * 2002-04-25 2003-11-06 Ritronics Components Singapore Pte Ltd A biometrics parameters proctected computer serial bus interface portable data storage device and method of proprietary biometris enrollment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6547130B1 (en) * 1999-06-03 2003-04-15 Ming-Shiang Shen Integrated circuit card with fingerprint verification capability
US20010023375A1 (en) * 2000-03-17 2001-09-20 Miaxis Biometrics Co. Fingerprint hard disk
EP1168137A1 (en) * 2000-06-23 2002-01-02 IPM-NET S.p.A. Smart card reader with usb interface for connection to personal computers and the like
US20020073340A1 (en) * 2000-12-12 2002-06-13 Sreenath Mambakkam Secure mass storage device with embedded biometri record that blocks access by disabling plug-and-play configuration
US20030005337A1 (en) * 2001-06-28 2003-01-02 Poo Teng Pin Portable device having biometrics-based authentication capabilities
WO2003003282A1 (en) * 2001-06-28 2003-01-09 Trek 2000 International Ltd. A portable device having biometrics-based authentication capabilities
WO2003091885A1 (en) * 2002-04-25 2003-11-06 Ritronics Components Singapore Pte Ltd A biometrics parameters proctected computer serial bus interface portable data storage device and method of proprietary biometris enrollment

Similar Documents

Publication Publication Date Title
US8572392B2 (en) Access authentication method, information processing unit, and computer product
JP4562464B2 (en) Information processing device
US6895502B1 (en) Method and system for securely displaying and confirming request to perform operation on host computer
JP4615601B2 (en) Computer security system and computer security method
US6268788B1 (en) Apparatus and method for providing an authentication system based on biometrics
US5949882A (en) Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
US6173402B1 (en) Technique for localizing keyphrase-based data encryption and decryption
US7174463B2 (en) Method and system for preboot user authentication
US7254706B2 (en) System and method for downloading of files to a secure terminal
US20050114686A1 (en) System and method for multiple users to securely access encrypted data on computer system
US20090327743A1 (en) Secure portable data transport & storage system
US20040117636A1 (en) System, method and apparatus for secure two-tier backup and retrieval of authentication information
US20080077807A1 (en) Computer Hard Disk Security
US20080010453A1 (en) Method and apparatus for one time password access to portable credential entry and memory storage devices
JP2003058840A (en) Information protection management program utilizing rfid-loaded computer recording medium
JP2009151788A (en) Secure off-chip processing of biometric data
WO2008024559A2 (en) Method and apparatus for authenticating applications to secure services
WO2005045550A2 (en) Password recovery system and method
JPH11306088A (en) Ic card and ic card system
US20100228991A1 (en) Using Hidden Secrets and Token Devices to Control Access to Secure Systems
US7412603B2 (en) Methods and systems for enabling secure storage of sensitive data
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
US20010048359A1 (en) Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium
JPH1188321A (en) Digital signature generation server
TW201822043A (en) Login mechanism for operating system capable of improving the convenience and security of logging into a computer operating system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase
32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION PURSUANT TO RULE 69 EPC (EPO FORM 1205A OF 140207)

122 Ep: pct application non-entry in european phase

Ref document number: 04799173

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 4799173

Country of ref document: EP