WO2006010462A1 - Procede d'acces au micrologiciel d'un ordinateur - Google Patents

Procede d'acces au micrologiciel d'un ordinateur Download PDF

Info

Publication number
WO2006010462A1
WO2006010462A1 PCT/EP2005/007507 EP2005007507W WO2006010462A1 WO 2006010462 A1 WO2006010462 A1 WO 2006010462A1 EP 2005007507 W EP2005007507 W EP 2005007507W WO 2006010462 A1 WO2006010462 A1 WO 2006010462A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
data
user
mobile
interface
Prior art date
Application number
PCT/EP2005/007507
Other languages
German (de)
English (en)
Inventor
Werner Schneider
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2006010462A1 publication Critical patent/WO2006010462A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly

Definitions

  • the invention relates to a method for accessing the firmware in a computer, which has an interface device for line-bound data transmission with a mobile, information-carrying and processing device.
  • the firmware more precisely as "BIOS” (BASIC Input Output
  • This firmware prompts the user to enter a password when booting the system. If this inputted BlOS password coincides with an access password previously stored in the system (for example in a CMOS RAM), the process of initialization is continued and the operating system is loaded into the main memory of the computer.
  • An internationally standardized interface device in short-range data transmission is Bluetooth, in which the data is transmitted by radio in the ISM band (Industrial Scientific Medical Band).
  • the invention is based on using the information carrier of a mobile, information-carrying and processing device also in the authentication of a user to a computer.
  • the access information to the computer is also stored in the memory of this information carrier.
  • this access information is transmitted wirelessly from the mobile, information-carrying the and-processing device transmitted to the computer.
  • the BIOS password is automatically transmitted from the mobile phone to the computer via a wireless communication channel.
  • the transmission can take place via short-range radio data transmission or optoelectronically.
  • the process according to the invention is characterized by the following process steps:
  • a mobile telephone is used as a mobile, information-carrying and processing device, in whose Subscriber Identity Module (SIM) the data for authenticating the user to the computer is kept ready.
  • the interface device used is preferably a radio interface.
  • This can be implemented, for example, as a built-in Bluetooth computer interface, or as an additional device in the form of an adapter which is connected to the USB interface of the computer.
  • Bluetooth is a quasi-standard not only for mobile phones, but also for PDAs and organizers. With a Bluetooth interface is a short-range data radio, depending on the power class, from about 10 cm, about 10 meters, or with special variants up to about 100 m possible.
  • a special embodiment variant of the method according to the invention is characterized in that the computer, by receiving a password at the Bluetooth interface from a sleep mode, in which the energy consumption of the
  • Computer is set to a minimum value, is booted to a normal operating state. This eliminates the switching on of the device.
  • the information carrier of the mobile, information-carrying and processing device not only contains the data required for the authentication of the user with respect to the computer, but also the subsequently required BlOS password Startup of the operating system required entry of the user ID (user account) and the personal password for the operating system.
  • the computer is connected to a chip card reader and the firmware is set up in such a way that the password can alternatively be entered into the reader via the bloetooth interface or via the insertion of a chip card.
  • FIG. 1 is a schematic representation of an embodiment of the invention in which data representing a groove zer compared to a computer, and which are stored in a modified SIM card of a Mobilte ⁇ phone, are transmitted via a Kirsungsebun ⁇ dene transmission path to a computer;
  • FIG. 2 shows a block diagram of the SIM card of the mobile phone modified according to the invention, having a first memory area in which data for authenticating the user to the mobile phone are stored and having a second memory area in which data for authentication of the User are stored opposite the computer.
  • FIG. 1 shows a computer 1 with conventional operating devices, such as keyboard 9, screen 10 and a pointing device, designed as trackball 11.
  • the computer 1 has a Universial Serial Bus (USB) interface 8.
  • the USB interface 8 is used to connect an adapter 2, in the exemplary embodiment, a Bluetooth radio interface.
  • the Bluetooth radio interface has a detection area E, in which a mobile telephone 4, which is likewise equipped with a corresponding Bluetooth radio interface 7, is located.
  • the Bluetooth address of the computer 1 is configured on the mobile phone 4 as a known Bluetooth device.
  • the detection range of a Bluetooth interface is usually about 10 m. Depending on the power class, a range of about 10 cm or about 100 m can be achieved.
  • the mobile phone 4 has an identification module, the SIM card 5 (SIM Subscriber Identity Module).
  • SIM card 5 SIM Subscriber Identity Module
  • the user-specific data such as the customer number of the user stored, resulting in the user of the mobile phone 4 identifi ⁇ against the network identifi ⁇ .
  • the cryptographic algorithm for authentication and user data encryption is implemented on the SIM card.
  • the SIM card is now designed so that it is also used as an information carrier for the access code to a computer. That is to say, in the memory 10 (FIG. 2) of the SIM card 5, besides the above-mentioned access information and functionalities for the mobile radio network, also authentication data, such as the boot password for the access to the firmware, are stored to a computer.
  • This modified SIM card is used in conjunction with the functionality of the line-bound, cryptographic data transmission existing on the mobile phone 4 when the computer is started up.
  • the Bluetooth interface can advantageously be set up so that after the production of the transmission channel, the devices involved in the communication are identified and assigned to a security class. Depending on this security class, the radio interface decides whether the BlOS password is transmitted automatically or is made dependent on the input of a PIN on the keyboard ⁇ on the mobile telephone 4.
  • the BlOS password is automatically transmitted from the mobile phone 4 to the computer 1 and read in by the interface 8, so that the previously required manual input of the BlOS password is completely eliminated.
  • the access to the firmware of the computer thus requires the mere presence of the user's mobile phone. For a computer that is used at home, this access is particularly comfortable.
  • the user is prompted to enter a PIN, which he enters either on the keyboard 6 of the mobile phone 4 or on the keyboard 9 of the computer.
  • the PIN is advantageously the PIN for access to the mobile phone 4. This means that even in the present case of increased security requirements of the user does not need to know the BlOS password by heart, but only the access code to his mobile phone, the him from the Nut ⁇ the mobile phone is familiar.
  • the boot program is usually housed on a flash ROM on the motherboard of the computer.
  • the boot program is not part of the operating system, can work together with operating systems from different manufacturers and can be configured differently. For example, in the so-called power management settings, the way in which the PC behaves with a longer waiting time can be adjusted.
  • the computer can be used until it is completely stand disabled. Hard disks can be shut down and the monitor designed.
  • a switched-on computer can be brought into a so-called sleep mode before the input of a BlOS password, in which case it receives only low power. In this operating state, the computer remains until it is woken up by a corresponding signal.
  • the adapter 2 of the Bluetooth interface on the USB port 8 is arranged according to the invention so that it generates an interrupt signal.
  • the firmware (BIOS) detects this interrupt signal and continues booting. As a result, the computer is awakened from hibernation and the system expects a BlOS password in a conventional manner at a particular point in the boot program. This is transmitted in the manner described above via Bluetooth and evaluated by the firmware. Since the BIOS program is not part of the operating system, implementation of the invention does not require customization of the operating system.
  • the SIM card 5 modified according to the invention is shown in greater detail as a block diagram.
  • the SIM card 5 has a system bus 14 which connects a processor 12, an input / output unit 11, a controller 13 and the memory 10.
  • the memory 10 includes various volatile (RAM) and non-volatile memories (ROM, EPROM, EPROM) and is structured in the second memory area 8 and 9.
  • RAM volatile
  • ROM non-volatile memories
  • ROM non-volatile memory
  • EPROM non-volatile memories
  • the second memory area 8 those authentication data are stored, which identify the user to the computer as an authorized user.
  • the line-bound Thomasstel ⁇ len shark can also be designed as an infrared interface.
  • the term computer is synonymous with a PC, a laptop or other stationary data processing device.
  • the access control system according to the invention can also be used for other access systems, such as parking barriers or door openers.
  • the robot device may be a suitably equipped vehicle.
  • the term "mobile, information-carrying and -processing device” covers devices of different design, such as PDAs and organizers, but also vehicles of various kinds ⁇ tion carrier of such a device is used both for storing and managing data by which a user identifies himself as entitled to this device, as well as for storing and managing access information, through which the user to the firmware or the Radiosys ⁇ tem authenticated by a computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'accès au micrologiciel d'un ordinateur. Des supports d'informations d'un appareil mobile de traitement d'informations et porteur d'informations sont utilisés également lors de l'authentification d'un utilisateur vis-à-vis d'un ordinateur. Dans la mémoire de ce support d'information est également mémorisée l'information d'accès à l'ordinateur. Durant le processus d'authentification, cette information d'accès est transmise, sans fil, de l'appareil mobile de traitement d'informations et porteur d'informations, à l'ordinateur. Le mot de passe BIOS est automatiquement transmis dudit appareil mobile de traitement d'informations et porteur d'informations, à l'ordinateur, via un canal de communication sans fil.
PCT/EP2005/007507 2004-07-27 2005-07-12 Procede d'acces au micrologiciel d'un ordinateur WO2006010462A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102004036374.9 2004-07-27
DE200410036374 DE102004036374A1 (de) 2004-07-27 2004-07-27 Verfahren zum Zugang zur Firmware eines Computers

Publications (1)

Publication Number Publication Date
WO2006010462A1 true WO2006010462A1 (fr) 2006-02-02

Family

ID=35134260

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/007507 WO2006010462A1 (fr) 2004-07-27 2005-07-12 Procede d'acces au micrologiciel d'un ordinateur

Country Status (2)

Country Link
DE (1) DE102004036374A1 (fr)
WO (1) WO2006010462A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011050513A1 (fr) * 2009-10-26 2011-05-05 Sheng Yongxiang Procédé de démarrage d'ordinateur par utilisation d'un dispositif d'identification d'utilisateur
GB2478553A (en) * 2010-03-09 2011-09-14 Lewis Daniels Secure data storage system comprising an intermediate transmission control device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2820587B1 (fr) 2012-02-28 2020-04-08 Giesecke+Devrient Mobile Security GmbH Procédé de contrôle d'accès à un ordinateur au moyen d'un terminal mobile

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892906A (en) * 1996-07-19 1999-04-06 Chou; Wayne W. Apparatus and method for preventing theft of computer devices
WO2000016179A1 (fr) * 1998-09-11 2000-03-23 Mart Marandi Procede et dispositif d'invalidation d'une utilisation illicite d'un ordinateur
US6137480A (en) * 1996-12-27 2000-10-24 Sony Corporation Computer system using a portable card for managing security and power-saving features
US6189105B1 (en) * 1998-02-20 2001-02-13 Lucent Technologies, Inc. Proximity detection of valid computer user
US20020097876A1 (en) * 2000-12-22 2002-07-25 Harrison Keith Alexander Communication methods, communication systems and to personal communication devices
US20020148895A1 (en) * 1999-09-16 2002-10-17 Cecil Kenneth B. Proximity card with incorporated PIN code protection

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100674792B1 (ko) * 1998-11-24 2007-01-26 텔레폰악티에볼라겟엘엠에릭슨(펍) 이동 전화 자동 개인용 컴퓨터 로그온

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892906A (en) * 1996-07-19 1999-04-06 Chou; Wayne W. Apparatus and method for preventing theft of computer devices
US6137480A (en) * 1996-12-27 2000-10-24 Sony Corporation Computer system using a portable card for managing security and power-saving features
US6189105B1 (en) * 1998-02-20 2001-02-13 Lucent Technologies, Inc. Proximity detection of valid computer user
WO2000016179A1 (fr) * 1998-09-11 2000-03-23 Mart Marandi Procede et dispositif d'invalidation d'une utilisation illicite d'un ordinateur
US20020148895A1 (en) * 1999-09-16 2002-10-17 Cecil Kenneth B. Proximity card with incorporated PIN code protection
US20020097876A1 (en) * 2000-12-22 2002-07-25 Harrison Keith Alexander Communication methods, communication systems and to personal communication devices

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BLUETOOTHSHAREWARE: "LockItNow", 6 December 2003 (2003-12-06), XP002344675, Retrieved from the Internet <URL:http://web.archive.org/web/20031206035838/http://www.bluetoothshareware.com/lockitnow.asp> [retrieved on 20050913] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011050513A1 (fr) * 2009-10-26 2011-05-05 Sheng Yongxiang Procédé de démarrage d'ordinateur par utilisation d'un dispositif d'identification d'utilisateur
GB2478553A (en) * 2010-03-09 2011-09-14 Lewis Daniels Secure data storage system comprising an intermediate transmission control device
GB2478553B (en) * 2010-03-09 2014-08-06 Knightsbridge Portable Comm Sp Data storage apparatus

Also Published As

Publication number Publication date
DE102004036374A1 (de) 2006-03-23

Similar Documents

Publication Publication Date Title
DE60129967T2 (de) Auf biometrie basierende beglaubigung in einer nichtflüchtigen speichervorrichtung
DE102006028513B4 (de) Eingabevorrichtung für biometrische Signale sowie Computersystem mit einer solchen
DE102009013384B4 (de) System und Verfahren zur Bereitstellung einer sicheren Anwendungsfragmentierungsumgebung
DE112007001545T5 (de) Mobiles Computersystem mit drahtloser Kommunikationsfunktion und globaler Positionserfassungsfunktion
EP2987350B1 (fr) Station mobile pourvue de ressources de sécurité ayant différents niveaux de sécurité
EP3491863B1 (fr) Module d&#39;identité d&#39;abonné intégré ayant un système d&#39;exploitation central et un système d&#39;exploitation d&#39;application
WO2011072826A1 (fr) Dispositif externe équipé d&#39;au moins une mémoire
WO2009115339A2 (fr) Procédé permettant une personnalisation temporaire d&#39;un dispositif de communication
WO2012113547A2 (fr) Procédé d&#39;exploitation d&#39;une unité de microprocesseur, notamment dans un terminal mobile
DE20314722U1 (de) Vorrichtung für sicheren Zugriff auf Digitalmedien-Inhalte, virtueller Multischnittstellen-Treiber und System für sicheren Zugriff auf Digitalmedien-Inhalte
DE102011115135A1 (de) Mikroprozessorsystem mit gesicherter Laufzeitumgebung
EP2673731B1 (fr) Procédé de programmation d&#39;une puce pour terminal mobile
WO2006010460A1 (fr) Procede et dispositif d&#39;acces a des ressources dans un ordinateur
WO2006010462A1 (fr) Procede d&#39;acces au micrologiciel d&#39;un ordinateur
DE102005014837B4 (de) Sicherheitsmodul und Verfahren zum Steuern und Kontrollieren eines Datenverkehrs eines Personalcomputers
CN106778160A (zh) 数据项显示方法及装置
EP2199944A2 (fr) Procédé d&#39;authentification d&#39;une personne par rapport à une installation de traitement des données électronique à l&#39;aide d&#39;une clé électronique
DE102006050377A1 (de) Festplattenvorrichtung mit Biometriesensor, Verfahren zum Schützen von Daten in dieser sowie externes Festplattengehäuse
EP1722336A2 (fr) Dispositif et procédé destinés à la production de données pour initialiser des supports de données de sécurité
EP2850553B1 (fr) Système de protection d&#39;accès électronique, procédé d&#39;exploitation d&#39;un système informatique, carte à puce et composant à microprogramme
EP2731039A1 (fr) Dispositif externe, procédé de vérification d&#39;une autorisation d&#39;accès et système informatique
EP1669903A2 (fr) dispositif electronique mobile avec accès protégé
DE102017123113A1 (de) Vorrichtung zum Speichern von Kennwörtern
DE102005008966A1 (de) Zugriffskontrolle
DE102006044135A1 (de) Biometrisch geschützte Dienstleistungen eines Kommunikationsendgeräts

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase