WO2006010462A1 - Procede d'acces au micrologiciel d'un ordinateur - Google Patents
Procede d'acces au micrologiciel d'un ordinateur Download PDFInfo
- Publication number
- WO2006010462A1 WO2006010462A1 PCT/EP2005/007507 EP2005007507W WO2006010462A1 WO 2006010462 A1 WO2006010462 A1 WO 2006010462A1 EP 2005007507 W EP2005007507 W EP 2005007507W WO 2006010462 A1 WO2006010462 A1 WO 2006010462A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- data
- user
- mobile
- interface
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
Definitions
- the invention relates to a method for accessing the firmware in a computer, which has an interface device for line-bound data transmission with a mobile, information-carrying and processing device.
- the firmware more precisely as "BIOS” (BASIC Input Output
- This firmware prompts the user to enter a password when booting the system. If this inputted BlOS password coincides with an access password previously stored in the system (for example in a CMOS RAM), the process of initialization is continued and the operating system is loaded into the main memory of the computer.
- An internationally standardized interface device in short-range data transmission is Bluetooth, in which the data is transmitted by radio in the ISM band (Industrial Scientific Medical Band).
- the invention is based on using the information carrier of a mobile, information-carrying and processing device also in the authentication of a user to a computer.
- the access information to the computer is also stored in the memory of this information carrier.
- this access information is transmitted wirelessly from the mobile, information-carrying the and-processing device transmitted to the computer.
- the BIOS password is automatically transmitted from the mobile phone to the computer via a wireless communication channel.
- the transmission can take place via short-range radio data transmission or optoelectronically.
- the process according to the invention is characterized by the following process steps:
- a mobile telephone is used as a mobile, information-carrying and processing device, in whose Subscriber Identity Module (SIM) the data for authenticating the user to the computer is kept ready.
- the interface device used is preferably a radio interface.
- This can be implemented, for example, as a built-in Bluetooth computer interface, or as an additional device in the form of an adapter which is connected to the USB interface of the computer.
- Bluetooth is a quasi-standard not only for mobile phones, but also for PDAs and organizers. With a Bluetooth interface is a short-range data radio, depending on the power class, from about 10 cm, about 10 meters, or with special variants up to about 100 m possible.
- a special embodiment variant of the method according to the invention is characterized in that the computer, by receiving a password at the Bluetooth interface from a sleep mode, in which the energy consumption of the
- Computer is set to a minimum value, is booted to a normal operating state. This eliminates the switching on of the device.
- the information carrier of the mobile, information-carrying and processing device not only contains the data required for the authentication of the user with respect to the computer, but also the subsequently required BlOS password Startup of the operating system required entry of the user ID (user account) and the personal password for the operating system.
- the computer is connected to a chip card reader and the firmware is set up in such a way that the password can alternatively be entered into the reader via the bloetooth interface or via the insertion of a chip card.
- FIG. 1 is a schematic representation of an embodiment of the invention in which data representing a groove zer compared to a computer, and which are stored in a modified SIM card of a Mobilte ⁇ phone, are transmitted via a Kirsungsebun ⁇ dene transmission path to a computer;
- FIG. 2 shows a block diagram of the SIM card of the mobile phone modified according to the invention, having a first memory area in which data for authenticating the user to the mobile phone are stored and having a second memory area in which data for authentication of the User are stored opposite the computer.
- FIG. 1 shows a computer 1 with conventional operating devices, such as keyboard 9, screen 10 and a pointing device, designed as trackball 11.
- the computer 1 has a Universial Serial Bus (USB) interface 8.
- the USB interface 8 is used to connect an adapter 2, in the exemplary embodiment, a Bluetooth radio interface.
- the Bluetooth radio interface has a detection area E, in which a mobile telephone 4, which is likewise equipped with a corresponding Bluetooth radio interface 7, is located.
- the Bluetooth address of the computer 1 is configured on the mobile phone 4 as a known Bluetooth device.
- the detection range of a Bluetooth interface is usually about 10 m. Depending on the power class, a range of about 10 cm or about 100 m can be achieved.
- the mobile phone 4 has an identification module, the SIM card 5 (SIM Subscriber Identity Module).
- SIM card 5 SIM Subscriber Identity Module
- the user-specific data such as the customer number of the user stored, resulting in the user of the mobile phone 4 identifi ⁇ against the network identifi ⁇ .
- the cryptographic algorithm for authentication and user data encryption is implemented on the SIM card.
- the SIM card is now designed so that it is also used as an information carrier for the access code to a computer. That is to say, in the memory 10 (FIG. 2) of the SIM card 5, besides the above-mentioned access information and functionalities for the mobile radio network, also authentication data, such as the boot password for the access to the firmware, are stored to a computer.
- This modified SIM card is used in conjunction with the functionality of the line-bound, cryptographic data transmission existing on the mobile phone 4 when the computer is started up.
- the Bluetooth interface can advantageously be set up so that after the production of the transmission channel, the devices involved in the communication are identified and assigned to a security class. Depending on this security class, the radio interface decides whether the BlOS password is transmitted automatically or is made dependent on the input of a PIN on the keyboard ⁇ on the mobile telephone 4.
- the BlOS password is automatically transmitted from the mobile phone 4 to the computer 1 and read in by the interface 8, so that the previously required manual input of the BlOS password is completely eliminated.
- the access to the firmware of the computer thus requires the mere presence of the user's mobile phone. For a computer that is used at home, this access is particularly comfortable.
- the user is prompted to enter a PIN, which he enters either on the keyboard 6 of the mobile phone 4 or on the keyboard 9 of the computer.
- the PIN is advantageously the PIN for access to the mobile phone 4. This means that even in the present case of increased security requirements of the user does not need to know the BlOS password by heart, but only the access code to his mobile phone, the him from the Nut ⁇ the mobile phone is familiar.
- the boot program is usually housed on a flash ROM on the motherboard of the computer.
- the boot program is not part of the operating system, can work together with operating systems from different manufacturers and can be configured differently. For example, in the so-called power management settings, the way in which the PC behaves with a longer waiting time can be adjusted.
- the computer can be used until it is completely stand disabled. Hard disks can be shut down and the monitor designed.
- a switched-on computer can be brought into a so-called sleep mode before the input of a BlOS password, in which case it receives only low power. In this operating state, the computer remains until it is woken up by a corresponding signal.
- the adapter 2 of the Bluetooth interface on the USB port 8 is arranged according to the invention so that it generates an interrupt signal.
- the firmware (BIOS) detects this interrupt signal and continues booting. As a result, the computer is awakened from hibernation and the system expects a BlOS password in a conventional manner at a particular point in the boot program. This is transmitted in the manner described above via Bluetooth and evaluated by the firmware. Since the BIOS program is not part of the operating system, implementation of the invention does not require customization of the operating system.
- the SIM card 5 modified according to the invention is shown in greater detail as a block diagram.
- the SIM card 5 has a system bus 14 which connects a processor 12, an input / output unit 11, a controller 13 and the memory 10.
- the memory 10 includes various volatile (RAM) and non-volatile memories (ROM, EPROM, EPROM) and is structured in the second memory area 8 and 9.
- RAM volatile
- ROM non-volatile memories
- ROM non-volatile memory
- EPROM non-volatile memories
- the second memory area 8 those authentication data are stored, which identify the user to the computer as an authorized user.
- the line-bound Thomasstel ⁇ len shark can also be designed as an infrared interface.
- the term computer is synonymous with a PC, a laptop or other stationary data processing device.
- the access control system according to the invention can also be used for other access systems, such as parking barriers or door openers.
- the robot device may be a suitably equipped vehicle.
- the term "mobile, information-carrying and -processing device” covers devices of different design, such as PDAs and organizers, but also vehicles of various kinds ⁇ tion carrier of such a device is used both for storing and managing data by which a user identifies himself as entitled to this device, as well as for storing and managing access information, through which the user to the firmware or the Radiosys ⁇ tem authenticated by a computer.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102004036374.9 | 2004-07-27 | ||
DE200410036374 DE102004036374A1 (de) | 2004-07-27 | 2004-07-27 | Verfahren zum Zugang zur Firmware eines Computers |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006010462A1 true WO2006010462A1 (fr) | 2006-02-02 |
Family
ID=35134260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2005/007507 WO2006010462A1 (fr) | 2004-07-27 | 2005-07-12 | Procede d'acces au micrologiciel d'un ordinateur |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102004036374A1 (fr) |
WO (1) | WO2006010462A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011050513A1 (fr) * | 2009-10-26 | 2011-05-05 | Sheng Yongxiang | Procédé de démarrage d'ordinateur par utilisation d'un dispositif d'identification d'utilisateur |
GB2478553A (en) * | 2010-03-09 | 2011-09-14 | Lewis Daniels | Secure data storage system comprising an intermediate transmission control device |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2820587B1 (fr) | 2012-02-28 | 2020-04-08 | Giesecke+Devrient Mobile Security GmbH | Procédé de contrôle d'accès à un ordinateur au moyen d'un terminal mobile |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5892906A (en) * | 1996-07-19 | 1999-04-06 | Chou; Wayne W. | Apparatus and method for preventing theft of computer devices |
WO2000016179A1 (fr) * | 1998-09-11 | 2000-03-23 | Mart Marandi | Procede et dispositif d'invalidation d'une utilisation illicite d'un ordinateur |
US6137480A (en) * | 1996-12-27 | 2000-10-24 | Sony Corporation | Computer system using a portable card for managing security and power-saving features |
US6189105B1 (en) * | 1998-02-20 | 2001-02-13 | Lucent Technologies, Inc. | Proximity detection of valid computer user |
US20020097876A1 (en) * | 2000-12-22 | 2002-07-25 | Harrison Keith Alexander | Communication methods, communication systems and to personal communication devices |
US20020148895A1 (en) * | 1999-09-16 | 2002-10-17 | Cecil Kenneth B. | Proximity card with incorporated PIN code protection |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100674792B1 (ko) * | 1998-11-24 | 2007-01-26 | 텔레폰악티에볼라겟엘엠에릭슨(펍) | 이동 전화 자동 개인용 컴퓨터 로그온 |
-
2004
- 2004-07-27 DE DE200410036374 patent/DE102004036374A1/de not_active Ceased
-
2005
- 2005-07-12 WO PCT/EP2005/007507 patent/WO2006010462A1/fr active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5892906A (en) * | 1996-07-19 | 1999-04-06 | Chou; Wayne W. | Apparatus and method for preventing theft of computer devices |
US6137480A (en) * | 1996-12-27 | 2000-10-24 | Sony Corporation | Computer system using a portable card for managing security and power-saving features |
US6189105B1 (en) * | 1998-02-20 | 2001-02-13 | Lucent Technologies, Inc. | Proximity detection of valid computer user |
WO2000016179A1 (fr) * | 1998-09-11 | 2000-03-23 | Mart Marandi | Procede et dispositif d'invalidation d'une utilisation illicite d'un ordinateur |
US20020148895A1 (en) * | 1999-09-16 | 2002-10-17 | Cecil Kenneth B. | Proximity card with incorporated PIN code protection |
US20020097876A1 (en) * | 2000-12-22 | 2002-07-25 | Harrison Keith Alexander | Communication methods, communication systems and to personal communication devices |
Non-Patent Citations (1)
Title |
---|
BLUETOOTHSHAREWARE: "LockItNow", 6 December 2003 (2003-12-06), XP002344675, Retrieved from the Internet <URL:http://web.archive.org/web/20031206035838/http://www.bluetoothshareware.com/lockitnow.asp> [retrieved on 20050913] * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011050513A1 (fr) * | 2009-10-26 | 2011-05-05 | Sheng Yongxiang | Procédé de démarrage d'ordinateur par utilisation d'un dispositif d'identification d'utilisateur |
GB2478553A (en) * | 2010-03-09 | 2011-09-14 | Lewis Daniels | Secure data storage system comprising an intermediate transmission control device |
GB2478553B (en) * | 2010-03-09 | 2014-08-06 | Knightsbridge Portable Comm Sp | Data storage apparatus |
Also Published As
Publication number | Publication date |
---|---|
DE102004036374A1 (de) | 2006-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE60129967T2 (de) | Auf biometrie basierende beglaubigung in einer nichtflüchtigen speichervorrichtung | |
DE102006028513B4 (de) | Eingabevorrichtung für biometrische Signale sowie Computersystem mit einer solchen | |
DE102009013384B4 (de) | System und Verfahren zur Bereitstellung einer sicheren Anwendungsfragmentierungsumgebung | |
DE112007001545T5 (de) | Mobiles Computersystem mit drahtloser Kommunikationsfunktion und globaler Positionserfassungsfunktion | |
EP2987350B1 (fr) | Station mobile pourvue de ressources de sécurité ayant différents niveaux de sécurité | |
EP3491863B1 (fr) | Module d'identité d'abonné intégré ayant un système d'exploitation central et un système d'exploitation d'application | |
WO2011072826A1 (fr) | Dispositif externe équipé d'au moins une mémoire | |
WO2009115339A2 (fr) | Procédé permettant une personnalisation temporaire d'un dispositif de communication | |
WO2012113547A2 (fr) | Procédé d'exploitation d'une unité de microprocesseur, notamment dans un terminal mobile | |
DE20314722U1 (de) | Vorrichtung für sicheren Zugriff auf Digitalmedien-Inhalte, virtueller Multischnittstellen-Treiber und System für sicheren Zugriff auf Digitalmedien-Inhalte | |
DE102011115135A1 (de) | Mikroprozessorsystem mit gesicherter Laufzeitumgebung | |
EP2673731B1 (fr) | Procédé de programmation d'une puce pour terminal mobile | |
WO2006010460A1 (fr) | Procede et dispositif d'acces a des ressources dans un ordinateur | |
WO2006010462A1 (fr) | Procede d'acces au micrologiciel d'un ordinateur | |
DE102005014837B4 (de) | Sicherheitsmodul und Verfahren zum Steuern und Kontrollieren eines Datenverkehrs eines Personalcomputers | |
CN106778160A (zh) | 数据项显示方法及装置 | |
EP2199944A2 (fr) | Procédé d'authentification d'une personne par rapport à une installation de traitement des données électronique à l'aide d'une clé électronique | |
DE102006050377A1 (de) | Festplattenvorrichtung mit Biometriesensor, Verfahren zum Schützen von Daten in dieser sowie externes Festplattengehäuse | |
EP1722336A2 (fr) | Dispositif et procédé destinés à la production de données pour initialiser des supports de données de sécurité | |
EP2850553B1 (fr) | Système de protection d'accès électronique, procédé d'exploitation d'un système informatique, carte à puce et composant à microprogramme | |
EP2731039A1 (fr) | Dispositif externe, procédé de vérification d'une autorisation d'accès et système informatique | |
EP1669903A2 (fr) | dispositif electronique mobile avec accès protégé | |
DE102017123113A1 (de) | Vorrichtung zum Speichern von Kennwörtern | |
DE102005008966A1 (de) | Zugriffskontrolle | |
DE102006044135A1 (de) | Biometrisch geschützte Dienstleistungen eines Kommunikationsendgeräts |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |