WO2006010460A1 - Procede et dispositif d'acces a des ressources dans un ordinateur - Google Patents

Procede et dispositif d'acces a des ressources dans un ordinateur Download PDF

Info

Publication number
WO2006010460A1
WO2006010460A1 PCT/EP2005/007505 EP2005007505W WO2006010460A1 WO 2006010460 A1 WO2006010460 A1 WO 2006010460A1 EP 2005007505 W EP2005007505 W EP 2005007505W WO 2006010460 A1 WO2006010460 A1 WO 2006010460A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
data
mobile
user
interface
Prior art date
Application number
PCT/EP2005/007505
Other languages
German (de)
English (en)
Inventor
Werner Schneider
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2006010460A1 publication Critical patent/WO2006010460A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly

Definitions

  • the invention relates to a method and a device for accessing resources of a computer, which has an interface device for line-bound data transmission with a mobile, information-carrying and processing device.
  • this authentication data consists of a user account and a personal password. Both are entered via the keyboard when the system starts up and, if necessary, during operation of the computer.
  • an access code is not only necessary for computers, but also for the commissioning of a computer Range of other mobile information-bearing and processing devices, such as mobile phones or Personal Digital Assistant (PDA), or organizers or camcorders.
  • PDA Personal Digital Assistant
  • An interna- tionally standardized interface device in short-range radio data transmission (up to 100 m) is Bluetooth, in which the data is transmitted by radio in the ISM band (Industrial Scientific Medical Band).
  • the present invention is based on the object of specifying a method and a device for accessing resources of a computer so that the process for authenticating a user to the operating system of a computer is easier.
  • the invention proceeds from using the information carrier of a mobile, information-carrying and processing device also in the authentication of a user to the operating system of a computer.
  • the authentication data in the memory of this Informationsträ ⁇ gers are kept ready.
  • these data are transmitted wirelessly from the mobile, information-carrying and -processing device to the computer by means of the interface device.
  • the method according to the invention therefore proposes that the data for authentication of a user to a computer be kept ready on an information carrier which at the same time also contains those data for authentication by which the user is referred to the information-carrying and processing device has already identified eligible users. If such a device is now brought into the detection range of a line-bound interface device, such as a radio interface or an optoelectronic interface, then after the devices have mutually identified, a communication channel is established between them. The authentication data is transmitted wirelessly to the computer via this communication channel. The computer's operating system handles the received data as if it had been entered manually via the keyboard. This means that the user gains access to the resources of the computer if the transmitted data matches the access code previously stored in the computer.
  • a line-bound interface device such as a radio interface or an optoelectronic interface
  • This process of Authentication takes place when the system is booted or during operation, during which a screen saver is usually started automatically by the operating system after an adjustable time and blocks the system until the user again identifies himself as being authorized to access the system Has.
  • the authentification data required for access to the computer are kept ready in a modified SIM card of a mobile phone according to the invention. During startup and / or during operation of the computer, these data are transmitted from the mobile phone to the computer.
  • a radio interface for wireless transmission of authentication data, a radio interface, in particular a Bluetooth interface, is advantageously used.
  • a radio interface in particular a Bluetooth interface
  • One major advantage derives from the fact that almost all leading mobile radio and computer manufacturers are currently on the market with Bluetooth products.
  • Bluetooth is a quasi-standard not only for mobile phones, but also for PDAs and organizers.
  • a Bluetooth interface With a Bluetooth interface, a short-range data radio depending on the power class, from about 10 cm, about 10 meters, or with special variants up to about 100 m possible.
  • this Bluetooth interface is already built into the computer.
  • an attachment in the form of an adapter connected to the USB interface of the computer is used. Since, in the case of a Bluetooth interface, it is possible to monitor and manipulate the data stream, if at all, only from the immediate vicinity, in particular in the two lower performance classes, this form of wireless transmission of the authentication data can be classified as restricted.
  • encrypted data transmission is provided in a preferred embodiment of the invention. It is favorable in this case that, in the case of a Bluetooth radio transmission, the authentication data can be encrypted, for example, with a key that is up to 128 bits long. In addition, an asymmetric key method can be used. As a result, a manipulation of the data stream is largely excluded, especially since the range is already set to a predetermined limit anyway.
  • the invention provides, in one embodiment, for the user to be requested to enter a PIN before the password is transmitted as a function of a security class assigned to the computer.
  • the security class results from the Bluetooth communication.
  • a PIN is preferably used which is already familiar to the user from the use of the mobile, information-processing device. Therefore, the user no longer needs to remember an access code for the computer. After repeated incorrect entries, the PIN is usually blocked.
  • an optoelectronic interface such as an infrared interface.
  • a variant of the access control device according to the invention is characterized in that the computer is connected to a chip card reader and the authentication data is alternatively provided by the Bluetooth interface or by the chip card reader.
  • Figure 1 is a schematic representation of astrasbei ⁇ game of the invention, in which data which a Nut ⁇ zer compared to a computer and which are stored in a modified SIM card of a Mobiltelele ⁇ transmitted via a effetsungebunde ⁇ ne transmission path to the computer become;
  • FIG. 2 shows a block diagram of the SIM card of the mobile phone modified according to the invention, with a first memory area in which data for authenticating the user relative to the mobile phone are stored, and with a second memory area in which data for authentication stored by the user in relation to the computer.
  • the computer 1 shows a computer 1, with known Whyein ⁇ directions such as keyboard 9, a trackball 11 and a screen 10.
  • the computer 1 has a USB interface 8.
  • the USB interface 8 is used to connect an adapter 2 a Bluetooth radio interface.
  • the Bluetooth radio interface has a detection area E, in which a mobile phone 4 is located.
  • the mobile telephone 4 is likewise equipped with a corresponding Bluetooth radio interface 7.
  • the Bluetooth address of the computer 1 is configured on the mobile phone 4 as a known Bluetooth device.
  • the detection range of the Bluetooth radio interface is usually about 10 m. Depending on the power class, a range of about 10 cm or about 100 m can be achieved.
  • the mobile phone 4 has a Subscriber Identity Module (SIM) 5, also referred to as a SIM card for short.
  • SIM Subscriber Identity Module
  • the conventional SIM card on a plate-shaped information carrier which has approximately the size of 25 millimeters by 15 millimeters by 0.8 millimeters, combines a memory, an arithmetic unit and an input / output functionality.
  • the Subscriber Identity Module is an important component of communication devices in a mobile radio network because it contains that user-specific information by means of which a user identifies himself in the network, is charged by the operator of the network and gives him the opportunity to do so there is to verify the identity of users at any time network-wide.
  • the cryptographic algorithm for authentication and user data encryption is implemented on the SIM card.
  • this SIM card 5 of the mobile phone 4 is modified such that it not only has the above-mentioned functionality, but additionally also serves as an information carrier for the access code to a computer.
  • access to the resources of the computer now takes place so that after switching on the computer and the usually required input of the boot password, the operating system stops at a defined point and waits for the input of the user ID and the personal password.
  • the operating system of the computer 1 is set up such that this input is not only expected from the keyboard 9 of the computer 1, but also the interface device (A- adapter 2 in USB port 8). If this information is available at the interface, it is processed in the usual way by the operating system. That is to say, if this information matches the access code previously stored in the operating system, then the charging process of the operating system is continued in the case of power-up. After completing the download process, the user has access to the resources of the computer. The same applies to the case of a computer in operation whose access is blocked by the screen saver controlled by the operating system.
  • the startup process stops or blocks access to the resources in the computer.
  • the access protection according to the invention can of course be applied in the same way when the computer is in a so-called. Sleep mode, that is, when the operating system
  • the computer's Bluetooth interface After establishing the communication channel between the mutually identified Bluetooth devices, the computer's Bluetooth interface generates an interrupt signal which the operating system uses to wake the computer from sleep mode and place it in a state of normal operation and power consumption ,
  • the cumbersome manual input of password and / or user identification via the keyboard 9 of the computer 1 is replaced by the comfortable, wireless data transmission.
  • the Bluetooth interface can advantageously be set up so that after the establishment of the transmission channel the identifies devices involved in communication and assigns ei ⁇ ner security class. Depending on this assigned security class, the radio interface decides whether the authentication data is automatically transmitted to the computer 1 or is made dependent on the input of a PIN which is to be made on the keyboard 6 of the mobile phone 4 or on the keyboard 9 of the computer 1.
  • the authentication data are automatically transmitted from the mobile phone 4 to the computer 1.
  • the computer 1 nor the mobile phone 4, a manual input is required.
  • the user is prompted to enter a PIN, as shown above, prior to transmission of the authentication data.
  • the invention modified SIM card 5 is shown in more detail as a block diagram.
  • the SIM card 5 has a system bus 14 which connects a processor 12, an input / output unit 11, a controller 13 and a memory 10.
  • the controller 13 is used for encrypted transmission of the access code.
  • the memory 10 is subdivided into a first area 8 in which the data is stored in a conventional manner, by means of which the user identifies himself as authorized by the mobile telephone 4 or the mobile radio network operator.
  • those authentication data are stored which identify the user to the computer 1 as the authorized user.
  • any other small-format communication device can also be used, provided that it has the information carrier according to the invention.
  • the beginning riff "mobile, information-carrying and processing Ge rät" various, especially small-sized devices under ⁇ different execution, such as mobile phones, PDAs, Or ⁇ ganizer and other movable communication devices for image / voice transmission.
  • the information carrier of these devices is used both for storing and managing data by which a user identifies himself as being authorized in relation to this device as well as for storing and managing access information the same user authenticated against the operating system, and possibly a program controlled by the operating system, of a computer.
  • the access control system according to the invention can also be used for other access systems, such as parking barriers
  • the mobile device may be a suitably equipped vehicle.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Des supports d'information d'un appareil mobile de traitement d'informations et porteur d'informations sont utilisés également lors de l'authentification d'un utilisateur vis-à-vis du système d'exploitation d'un ordinateur. Les données d'identification sont maintenues prêtes dans une mémoire de ce support d'informations. Durant le processus d'authentification, ces données sont transférées, au moyen du dispositif d'interface, sans fil, de l'appareil mobile de traitement et porteur d'informations, à l'ordinateur. Ainsi, un utilisateur qui, par exemple, s'est déjà authentifié vis-à-vis de son téléphone mobile et qui est désormais sur le point d'utiliser son ordinateur, n'a plus besoin de s'identifier de nouveau vis-à-vis de cet appareil.
PCT/EP2005/007505 2004-07-27 2005-07-12 Procede et dispositif d'acces a des ressources dans un ordinateur WO2006010460A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE200410036366 DE102004036366A1 (de) 2004-07-27 2004-07-27 Verfahren und Einrichtung zum Zugang zu Ressourcen in einem Computer
DE102004036366.8 2004-07-27

Publications (1)

Publication Number Publication Date
WO2006010460A1 true WO2006010460A1 (fr) 2006-02-02

Family

ID=34980202

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/007505 WO2006010460A1 (fr) 2004-07-27 2005-07-12 Procede et dispositif d'acces a des ressources dans un ordinateur

Country Status (2)

Country Link
DE (1) DE102004036366A1 (fr)
WO (1) WO2006010460A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009140803A1 (fr) * 2008-05-20 2009-11-26 深圳市中兴集成电路设计有限责任公司 Procédé et système de communication d'information utilisant un système de présence au travail à interdiction/vérification par portillon
US8929805B2 (en) 2007-10-30 2015-01-06 Nationz Technologies Inc. System, method, and device for radio frequency communication
CN107425883A (zh) * 2017-08-08 2017-12-01 长沙准光里电子科技有限公司 一种基于蓝牙的多功能计算机通信装置

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006025763A1 (de) * 2006-05-31 2007-12-06 Siemens Ag Verfahren zur Identifikation eines Patienten zum späteren Zugriff auf eine elektronische Patientenakte des Patienten mittels einer Kommunikationseinrichtung einer anfragenden Person
WO2013127521A1 (fr) 2012-02-28 2013-09-06 Giesecke & Devrient Gmbh Procédé de contrôle d'accès à un ordinateur au moyen d'un terminal mobile
DE102016205091A1 (de) 2016-03-29 2017-10-05 Siemens Aktiengesellschaft Zugangskontrolle

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020097876A1 (en) * 2000-12-22 2002-07-25 Harrison Keith Alexander Communication methods, communication systems and to personal communication devices
EP1291748A2 (fr) * 2001-09-11 2003-03-12 Alcatel Dispositif électronique permettant la transmission sans fil d'un mot de passe de verrouillage/déverrouillage d'un dispositif électronique protégé

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1145096B1 (fr) * 1998-11-24 2007-01-17 Telefonaktiebolaget LM Ericsson (publ) Mise en communication automatique avec un pc pour un telephone mobile

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020097876A1 (en) * 2000-12-22 2002-07-25 Harrison Keith Alexander Communication methods, communication systems and to personal communication devices
EP1291748A2 (fr) * 2001-09-11 2003-03-12 Alcatel Dispositif électronique permettant la transmission sans fil d'un mot de passe de verrouillage/déverrouillage d'un dispositif électronique protégé

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BLUETOOTHSHAREWARE: "LockItNow", ,, 6 December 2003 (2003-12-06), XP002344675 *
FRANK OHLBORST: "Ease Security hassles with Wireless", ,, 11 February 2000 (2000-02-11), XP002344676 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8929805B2 (en) 2007-10-30 2015-01-06 Nationz Technologies Inc. System, method, and device for radio frequency communication
WO2009140803A1 (fr) * 2008-05-20 2009-11-26 深圳市中兴集成电路设计有限责任公司 Procédé et système de communication d'information utilisant un système de présence au travail à interdiction/vérification par portillon
CN107425883A (zh) * 2017-08-08 2017-12-01 长沙准光里电子科技有限公司 一种基于蓝牙的多功能计算机通信装置

Also Published As

Publication number Publication date
DE102004036366A1 (de) 2006-03-23

Similar Documents

Publication Publication Date Title
EP2255516B1 (fr) Procédé permettant une personnalisation temporaire d'un dispositif de communication
WO2013189584A1 (fr) Dispositif et procédé de commande d'une autorisation d'accès et/ou d'une autorisation de conduite pour un véhicule
EP1756966B1 (fr) Dispositif de telecommunication
EP2987350B1 (fr) Station mobile pourvue de ressources de sécurité ayant différents niveaux de sécurité
WO2006010460A1 (fr) Procede et dispositif d'acces a des ressources dans un ordinateur
DE102006020683A1 (de) Kommunikationsverfahren, Kommunikationsvorrichtung, Zugriffssteuerverfahren und Smartcard
WO2011072826A1 (fr) Dispositif externe équipé d'au moins une mémoire
EP1802148B1 (fr) Procédé et dispositifs pour l'autorisation des modules d'un appareil radiotéléphonique mobile
EP2199944A2 (fr) Procédé d'authentification d'une personne par rapport à une installation de traitement des données électronique à l'aide d'une clé électronique
EP2189921B1 (fr) Appareil de diagnostic destiné à la connexion avec un véhicule automobile
WO2006010462A1 (fr) Procede d'acces au micrologiciel d'un ordinateur
EP1402711A2 (fr) Telephone mobile
EP3449655A1 (fr) Procédé d'interaction sécurisée d'un utilisateur avec un terminal mobile et une autre entité
EP2764671B1 (fr) Marquage de données non sûres par un module nfc
DE19929251C2 (de) Verfahren und Einrichtung zum Aufbau einer Kommunikation zwischen einem Anwendergerät und einem Netz
EP3361436B1 (fr) Procédé d'autorisation d'une transaction
EP2613491B1 (fr) Exécution d'opérations cryptographiques avec les données d'un poste terminal d'utilisateur
EP2731039A1 (fr) Dispositif externe, procédé de vérification d'une autorisation d'accès et système informatique
DE102005033436A1 (de) System mit wenigstens einer Rechnerplattform und wenigstens einem Benutzertoken
DE102017123113A1 (de) Vorrichtung zum Speichern von Kennwörtern
DE102006044135A1 (de) Biometrisch geschützte Dienstleistungen eines Kommunikationsendgeräts
DE102005008966A1 (de) Zugriffskontrolle
WO2007065809A2 (fr) Appareil electronique portable, procede de liberation de l'acces a une carte a puce et programme informatique
EP3051771A1 (fr) Procede de deverrouillage d'un terminal mobile
DE102021005351A1 (de) Autorisieren einer Anwendung auf einem Sicherheitselement

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase