WO2019239121A1 - Dispositif de protection de clé - Google Patents

Dispositif de protection de clé Download PDF

Info

Publication number
WO2019239121A1
WO2019239121A1 PCT/GB2019/051616 GB2019051616W WO2019239121A1 WO 2019239121 A1 WO2019239121 A1 WO 2019239121A1 GB 2019051616 W GB2019051616 W GB 2019051616W WO 2019239121 A1 WO2019239121 A1 WO 2019239121A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user terminal
processing resource
protection device
time window
Prior art date
Application number
PCT/GB2019/051616
Other languages
English (en)
Inventor
Daryl BAKER
Marcel HARTGERINK
Aravinda Korala
Kit PATTERSON
Original Assignee
Wibu-Systems Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wibu-Systems Ltd filed Critical Wibu-Systems Ltd
Publication of WO2019239121A1 publication Critical patent/WO2019239121A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates to a system and method of protecting encryption keys, for example, a key protection device for use with a user terminal of an ATM.
  • ATM terminals are very widely used to perform financial or other transactions, for example to allow users to withdraw cash.
  • a financial transaction card for example a credit or debit card
  • a PIN code for example a PIN code
  • ATM terminals may contain large quantities of cash, they typically include various security mechanisms to discourage theft and/or malicious interference.
  • An attack on an ATM when the main operating system (OS) of the ATM is not running is what is referred to as an offline attack.
  • the machine may be booted from a further remote device, for example, a second hard disk drive (HDD) or USB device.
  • a main hard disk drive (HDD) of the ATM is simply a storage device that can be updated, hence malware can be copied onto it.
  • the HDD is booted again the copied malware will then execute.
  • the HDD of ATMs may be vulnerable to offline attacks and thus the ATM may be vulnerable to malware.
  • the Trusted Platform Model is a known hardware component or module found on a computer motherboard of modern personal computers.
  • the TPM is the root of the ‘chain of trust’ that all other security is derived from.
  • the TPM may be used to store root security details which are used to secure all other security details, keys, etc. and eventually to secure the Operating System and hence the whole machine.
  • Motherboards of known ATM configurations may not have specialised security hardware components, for example, a TPM. Fitting secure hardware components to known ATM hardware configurations may not be possible, or may be prohibitively expensive.
  • a key protection device for installation in a user terminal, the key protection device comprising: a data store configured to store at least one key of a cryptographic system of the user terminal; a processing resource for controlling operation of the key protection device; and a communication interface for forming a communication link with a processing resource of a user terminal.
  • the processing resource may be configured to transmit the key to the user terminal processing resource via the communication link in response to a valid request for the key.
  • the processing resource may be configured to perform an action to make the key unavailable in response to detection of tampering, eavesdropping activity or other unauthorised action.
  • the key protection device processing resource may be configured to make the key accessible to the user terminal processing resource during a time window.
  • Making the key accessible may comprise making the key available in unencrypted form or in other form readable by the processing resource of the controller. Making the key accessible may comprise transmitting or making available the correct key in response to a request.
  • the key protection device processing resource may be configured to monitor for a predetermined event at the user terminal and/or user terminal processing resource and to begin the time window in dependence on the occurrence of the predetermined event.
  • the predetermined event may comprise at least one boot event.
  • the time window may have a start time and a duration, and the key protection device processing resource may be configured to:
  • the specified events may be at least one of:
  • At least one boot event, a key request, a read action being received from the user terminal processing resource at least one boot event, a key request, a read action being received from the user terminal processing resource.
  • the key protection device processing resource may be configured to vary the duration of the time window.
  • the key protection device processing resource may be configured to vary the time window start time in response to the timings of the specified events varying over time.
  • the key protection device processing resource may be configured to set the duration of the time window.
  • the key protection device processing resource may be configured to set a value for the time window start time based on the monitored timings for a predetermined number of preceding occurrences of the specified events and/or based on occurrences of the specified events during a rolling monitoring period.
  • the action performed in response to detection of tampering, eavesdropping activity or other unauthorised action may be deletion or modification of the key or at least one component thereof and/or making the key inaccessible to the processing resource or other device and/or outputting an alarm signal and/or sending a message to a remote device and/or rendering the key protection device and/or data store at least partly inoperable.
  • the key may be a Microsoft (RTM) Bitlocker (RTM) key.
  • the operation of or by the user terminal processing resource that is dependent on successful authentication may comprise at least one of: booting an operating system or other component of the user terminal processing resource;
  • HDD hard disk drive
  • the communication interface may comprise a connector for connecting a cable to the key protection device, and the connector and/or cable are configured so that application of force above a predetermined threshold level and/or in one or more specified directions causes a breaking of the connection and/or cable, and/or renders the communication link non-operational.
  • the communication link may comprise a cable.
  • the key protection device may be configured to monitor electrical, magnetic or optical signals thereby to detect eavesdropping activity or tampering with the communication link or other unauthorised action.
  • the cable may have an inner structure and an outer structure.
  • the key protection device may be configured to monitor electrical, magnetic or optical signals on the inner structure and/or the outer structure thereby to detect eavesdropping activity or tampering with the communication link or other unauthorised action.
  • the inner structure may provide a path for electrical and/or electromagnetic and/or optical transmission.
  • the outer structure may have electrical and/or magnetic and/or electromagnetic and/or optical and/or physical shielding of the inner structure.
  • the key protection device processing resource may be configured to monitor output(s) from least one sensor and to detect eavesdropping, tampering or other unauthorised action based on the monitored output.
  • the at least one sensor may be a component of the device.
  • the at least one sensor may be at least one of an accelerometer, a light sensor, a temperature sensor.
  • the device may have a battery.
  • the batter may be for use in case of a power outage.
  • the key protection device processing resource may be configured to detect a power outage and may provide a power outage mode that comprises switching to battery usage and providing the key to the user terminal processing resource on request following end of the power outage.
  • the key protection device may store at least one fake or incorrect key in addition to said key.
  • the key protection device processing resource may be configured to supply the or a fake or incorrect key in response to a request received outside said time window.
  • a user terminal system comprising: a user terminal comprising a processing resource, wherein the user terminal uses a cryptographic system; a key protection device comprising: a data store configured to store at least one key of the cryptographic system of the user terminal, and a processing resource for controlling operation of the key protection device; wherein the system further comprises: a communication link between the processing resource of the computing device and the processing resource of the key protection device, and wherein the processing resource of the key protection device is further configured to: transmit the key to the processing resource of the computing device via the communication link in response to a valid request for the key and perform an action to make the key unavailable in response to detection of tampering, eavesdropping activity or other unauthorised action.
  • a method of protecting at least one key for a user terminal using a cryptographic system comprising: storing the at least one key of the cryptographic system on a device; receiving, by the device, a request for the at least one key and performing a validation process on the request for the at least one key thereby to determine that the key request is valid; making the at least one key available in response to a successful validation of the request, and performing an action to make the at least one key unavailable in response to detection of tampering, eavesdropping activity or other unauthorised action.
  • Figure 1 is a schematic illustration of a user terminal according to an embodiment
  • Figure 2 is a schematic illustration of a memory device for use with the user terminal of Figure 1 ;
  • Figure 3 is a flow chart illustrating in overview a first process performed by the memory device
  • Figure 4 is a flow chart illustrating in overview a second processing performed by the memory device.
  • Figure 1 shows a user terminal 2 in accordance with an embodiment.
  • the user terminal 2 has a computer device 3.
  • the computer device 3 shown in Figure 1 is representative of a complete computer system, with further components that are not shown in Figure 1.
  • the computer device 3 is a self-contained computer with its own computer housing.
  • the computer device 3 is a personal computer or other suitable computing device.
  • Figure 1 and Figure 2 show an embodiment of a separate memory device 50 connected to the computer device 3. As described in further detail below, it is a feature of this embodiment, that memory device 50 is configured to store cryptographic keys for use by the computer device 3.
  • an encryption system may be used to protect the ATM against offline attacks when the memory device provides secure storage of the encryption key(s).
  • the hard disk drive of the ATM is encrypted and a malicious user does not have access to the encryption key, then it may be impossible to access the HDD in this offline state, so it is safe against malware being added and hence executed by the ATM.
  • the computer device 3 includes a processor 4 connected to a data store 6, and a communication interface 19.
  • the data store 6 is configured to store data.
  • data store 6 stores operating system data, system configuration data including system files and system drivers, and boot instructions for booting up the computer device 3.
  • the computer device 3 of user terminal 2 uses a cryptographic system to secure at least part of the data stored on the data store 6.
  • the Windows BitLocker is used which is a known cryptographic system, but it will be understood that any cryptographic system that can protect data by encryption using one or more keys may be suitable.
  • the user terminal 2 has a number of ATM hardware components connected to the processor 4, described in the following.
  • the processor 4 is connected to an encrypting pin pad (EPP) 8, a card reader device 10, a display device 12, a printer 14, and a cash dispenser and cash handling mechanism 13 linked to a cash store 15.
  • the processor 4 is also connected to user input keys 11 via which a user can select options or provide other input.
  • the user input keys 11 are represented schematically by a single block in Figure 1 , but in this case there are six keys arranged around a screen of the display device 12. In alternative embodiments any suitable number of keys can be provided, and/or the keys can be soft keys displayed on the screen of the display device 12.
  • the cash store 15 is inside a physically secure housing.
  • the physically secure housing is the housing of a safe referred to as safe housing or simply as a safe 52.
  • Other components of the user terminal 2 are outside the safe 52, including the processor 4, the data store 6, the EPP 8, the card reader device 10, input keys 11 , the display device 12, the printer 14, and the cash dispenser and cash handling mechanism 13.
  • the terminal also includes an outer housing 20, and the other components of the user terminal 2 are located within the outer housing 20.
  • Known security measures for example sensors, triggers or switches that operate automatically in case of unauthorised tampering with the housing 20 may be provided.
  • a further, inner housing (not shown) that encloses various components of the user terminal.
  • the computer device 3, the EPP 8 and wiring connecting those components are included in the inner housing.
  • the processor comprises a Windows PC core.
  • the data store 6 comprises a hard disk drive (HDD).
  • the card reader device 10 is an Omron V2BF-01JS-AP1 card reader, the display device 12 comprises a touchscreen display and the printer 14 is an Epson M-T532, MB520.
  • the EPP 8 comprises a PCI- compliant number pad and is operable to securely receive a PIN entered by a user.
  • the processor 4 functions as a controller for controlling a user interaction process of the user terminal 2. Any other suitable controller, for example any suitable hardware, software or combination thereof may be used in alternative embodiments.
  • the display device 12 in alternative embodiments may comprise any suitable type of screen for displaying content, for example images and/or text to a user.
  • the display may comprise, for example, an LED screen, a screen of a cathode ray tube device, or a plasma screen.
  • the computer device 3 has a communication interface enabling the computer device to transmit data to and receive data from a further device.
  • the communication interface is a USB interface which is represented in Figure 1 by a USB connection port 19.
  • the USB port 19 is provided as part of the computer device housing the computer device 3.
  • the USB port is provided in the inner housing that enclosed various components of the user terminal, described above.
  • the USB connection port is configured to receive a USB connection plug.
  • known user terminals 2 have USB port(s) for connecting to further devices, for example, to receive software updates and/or other data from a further connected device.
  • the USB port 19 of computer device 3 is used to connect the computer device 3 to the memory device 50.
  • the user terminal 2 also includes a server communication interface 16 that is configured to enable the user terminal to transmit messages to and receive messages from a server 18 associated with the user terminal network operator responsible for installation and operation of the user terminal 2.
  • the messages are transmitted and received via a secure network connection in accordance with known banking protocols.
  • the user terminal network operator may be a financial institution, for example a bank.
  • the processor 4 controls operation of the other components of the user terminal 2, under control of a user terminal application running on the processor. As described in further detail below, the user terminal application is loaded at boot time of the computer device 3.
  • the user terminal application forms part of an application layer and is provided under an XFS-compatible application environment, which may be a hardware-agnostic application environment such as KAL Kalignite or a manufacturer-specific application environment.
  • XFS-compatible application environment which may be a hardware-agnostic application environment such as KAL Kalignite or a manufacturer-specific application environment.
  • the user terminal application controls operation of the user terminal 2, including operations associated with performance of a financial transaction by a user such as, for example, reading of the user’s card, reading of a user’s PIN, receipt and processing of a user’s data such as account balance, overdraft limit and withdrawal limit from server 18, and display of a sequence of screen content on the display device 12.
  • the application also controls communication with the server 18, and the processing of data associated with a transaction, including user data received from the server 18.
  • the application also controls the display of transaction screen content on the display device 12, including selecting and outputting the appropriate transaction screen content for a particular stage in a transaction process.
  • the application module controls, via the XFS layer, interaction with and operation of different hardware devices of the device, for example, the EPP 8, card reader device 10, printer 14, user input keys 11 , and cash dispenser and cash handling mechanism 13.
  • the user terminal application controls operation of the various hardware and other components by sending control messages to those components, usually via the XFS layer.
  • Response messages and status messages are also sent from the various components to the application 30, again usually via the XFS layer.
  • Messages sent from the various user terminal components to the application 30 include messages that represent the status of the component, a confirmation that a requested action has been performed, or messages that indicate that an action has not been completed or an error has occurred.
  • the computer device 3 of user terminal 2 uses a cryptographic system to secure at least part of the data stored on the data store 6. It is a feature of the embodiment of Figure 1 and Figure 2, that the memory device 50 is provided for storing a key of the cryptographic system. Memory device 50 can also be referred to as a key protection device.
  • the memory device 50 is provided inside the safe 52 together with the cash store 15. In other embodiments, the memory device 50 is provided outside the safe 52. In some embodiments, the memory device 50 is provided inside the outer housing 20 and outside the inner housing. In some embodiments where the computer device 3 is contained in computer device housing, the memory device 50 is provided outside the computer device housing.
  • Memory device 50 is configured to be connected to computer device 3 of the user terminal 2.
  • the memory device 50 is connected to the computer device 3 via a USB interface.
  • the memory device 50 is connected to the USB connector 19 of the computer device 3 by a detachable USB cable 54.
  • the memory device 50, the USB cable 54 and associated connections may provide further security features.
  • Figure 2 shows a more detailed schematic diagram of the memory device 50 shown in Figure 1.
  • Figure 2 is a schematic view showing components of the memory device 50 that is configured to be used with the computer device 3 of the user terminal 2.
  • Memory device 50 has a processor 62, a storage resource 64 and a cache resource 66.
  • the memory device 50 also has a battery 68.
  • Processor 62 is configured to control operation of the memory device 50.
  • the storage resource 64 is configured to store one or more keys of the cryptographic system used to encrypt data of the computer device 3.
  • the processor 62 functions as a controller for controlling operation of the memory device 50. Any other suitable controller, for example any suitable hardware, software or combination thereof may be used in alternative embodiments. As described in further detail with reference to Figure 3, the processor 62 is configured to receive a request for one or more cryptographic keys, sent via the USB cable 54, and to perform processing steps in response to receiving said request.
  • the one or more cryptographic keys are stored on the memory device 50 such that, on booting the computer device 3, these can be accessed by the processor 4 of the computer device 3 to decrypt the encrypted data and/or to check the integrity of the booting process.
  • the processor 62 is a secure EAL6 processor.
  • the storage resource 64 is a non-volatile storage, for example, a flash storage. In the present embodiment, the storage resource 64 uses any suitable file system.
  • the cache resource 66 is a volatile storage or dynamic RAM.
  • the battery 68 is a 3.6 V Lithium Ion rechargeable battery.
  • the memory device 50 has a USB connector 78.
  • the memory device 50 is connected to the computer device 3 through a USB communication interface that includes USB cable 54, which is connected at a first end to the USB port 19 of the computer device 3 and at a second end to the USB connector 78 of the memory device 50.
  • the USB communication interface allows communication between the computer device 3 and device 50. While a USB communication interface is described in the present embodiment, any suitable data communication interface may be provided for communication between computer device 3 and memory device 50.
  • the communication interface provides a communication link between processor 4 of the computer device 3 and the processor 62 of the memory device 50.
  • the communication link is configured to carry request signals for key data and key data signals representative of cryptographic information.
  • the processor 62 is configured to transmit key data to the computer device 3 in response to a valid request for the key.
  • data store 6 of computer device 3 stores operating system data, system configuration data including system files and system drivers, and boot instructions for booting up the computer device 3.
  • the computer device 3 uses a cryptographic system to secure at least part of the data stored on the data store 6.
  • Windows BitLocker is used, but it will be understood that any cryptographic system that can protect data by encryption using one or more keys is suitable.
  • an encryption process associated with a cryptographic key is performed on the data of the data store 6 to encrypt the data.
  • the encryption process may be a full drive encryption. In some embodiments, more than one cryptographic key may be generated.
  • a decryption process using the cryptographic key must be performed on the data store 6. This decryption process is performed as part of the boot up process of computer device 3.
  • the one or more cryptographic keys comprise a master key which is used to encrypt all other keys in the cryptographic system.
  • files associated with the master key are stored on memory device 50.
  • the cryptographic system is Microsoft BitLocker and the one or more cryptographic keys include a Microsoft BitLocker master key. Files associated with the Microsoft BitLocker master key are stored on the memory device 50.
  • the memory device 50 also has a sensor module 70 including a number of sensors: an accelerometer 72, a light sensor 74 and a temperature sensor 76.
  • the accelerometer 72 is a 3-axis accelerometer.
  • the light sensor 74 is an ambient light sensor. When in the safe 52, the light sensor is configured to detect light incident on the device inside the safe, for example, when the safe is opened or otherwise exposed to ambient light.
  • the sensors are provided as components of the device. It will be understood that in other embodiments, the sensors are external sensors connected to memory device 50. In some embodiments, the memory device 50 is connected to sensors that are provided to detect tampering of the outer housing 20 or the safe itself to monitor output of said sensors.
  • Figure 3 is a flowchart illustrating a method 100 of booting the computer device 3 by using a master key stored by memory device 50. Method 100 is performed by processor 62 in accordance with the present embodiment.
  • a configuration process is performed between the computer device 3 and the memory device 50.
  • the configuration process includes performing an encryption process on at least part of the data of the data store 6 of computer device 3.
  • a master key is generated that can be used to decrypt the encrypted data.
  • a user has the option to store the master key either on a unencrypted part of the data store 6, or another hardware component of the computer device 3, or it may be transmitted to the memory device 50, if already connected. Standard BitLocker processes may be used.
  • the computer device 3 has no dedicated chip for storing the master key (for example, a TPM chip)
  • the master key is initially transmitted and stored in the data storage 64 of the memory device 50.
  • One or more installation steps are also performed prior to method 100 being performed by memory device 50. These installation steps refer to the physical installation of the memory device 50 to the user terminal 2. These steps include securing the device to the inside of the safe 52 and connecting the computer device 3 to the memory device 50 using the USB cable 54.
  • the device 50 is powered through the USB cable via the mains supply of the computer device 3.
  • the device 50 any suitable power source may be used, for example, the device 50 may be connected to a mains power supply.
  • the USB cable 54 is threaded through an aperture provided in a surface of the housing of the safe 52.
  • a first step of the method 100 is an initialisation step 102 performed by the processor 62.
  • the initialisation step 102 includes securing the master key.
  • the processor 62 generates a random number. Any suitable random number generation process may be used, for example a FIPS (Federal Information Processing Standard) or FIPS-like process.
  • the random number is used to encrypt the master key, in this embodiment, the master key (the master BitLocker key) and to generate a decryption key for decrypting the master key.
  • the encrypted master key is stored on storage resource 64 and the decryption key is stored on cache resource 66.
  • the process of generating a decryption key and encrypting the master key and storing these keys on the memory device 50 is performed as part of the initial encryption process of the storage resource 50 e.g. as part of the BitLocker encryption process.
  • a check is performed on the storage resource 64 of memory device 50.
  • the check includes a step of finding BitLocker Master Key files stored on storage resource 64 in accordance with a set of search rules.
  • the found files are referred to as the BitLocker Master Key files or simply, the master key files.
  • the Master Key files are BitLocker Master key files and have search rules defined for finding BitLocker Master key files.
  • other search rules associated with the file name format of the encryption system are used.
  • the master key files, stored on storage resource 64 include a true Master Key file, which contains the true Master Key.
  • the master key files stored on storage resource 64 include at least one fake Master Key file which contains a fake Master Key. If a new true Master key file is written to the storage resource 64, then the device will invalidate the previous true Master key and save the new value. If the Master Key file is deleted from the storage resource 64, then device will invalidate the master key,
  • Process 100 uses several process parameters which are set on initialisation, as part of initialisation step 102, or have been previously set during previous iterations of the process. These include parameters for defining a time window for valid key requests. In the present embodiment, these time window parameters are labelled USBT and USBD. These time window parameters are dynamic and can be updated based on recent performance, for example, based on recent data obtained during recent boot processes. Parameters USBT and USBD are used to define a time window such that the master key is accessible only during the defined time window.
  • values for parameters USBT and USBD are assigned. On a first start up, default values are assigned. On subsequent start ups, these values are updated, as described below.
  • a time window start point and end point is defined.
  • the time window provides a period of time after a boot event has started, during which a request received by processor 62 for the master key is valid.
  • the parameter USBT represents a starting time for the time window relative to the start of the system boot and the parameter USBD represents a finishing time relative to the start of the system boot.
  • the time window spans the time period between first and second time.
  • the device 50 is placed in an active boot monitoring mode.
  • active monitoring mode the device monitors signals from computer device 4 for boot activity.
  • the processor 62 of memory device 50 also monitors output signals from the sensors of sensor module 70.
  • the processor can detect activity associated with eavesdropping, tampering or other authorised action based on the monitored output.
  • Activity associated with eavesdropping include preparatory steps including tampering with or damaging the cable.
  • the processor can further detect activities that enable eavesdropping.
  • the computer device 4 starts a booting process. This may be triggered manually by a user turning on or resetting the user terminal. The booting process may be triggered automatically. The booting process may be triggered remotely by a communication signal received from server 18.
  • BIOS basic input-output system
  • Boot instructions are also retrieved by processor 4 from the data store 6 and executed by the processor 4 to start a boot process.
  • the boot process includes steps of retrieving system configuration data and operating system data and installing, then loading the operating system.
  • the operating system is Windows, however, it will be understood that other operating system can be used.
  • the boot process includes loading further software specific to the user terminal operation, including user terminal application from inside the operating system.
  • Processor 62 of device 50 in active boot monitoring mode, registers that the booting process has started. Processor 62 registers the start time for the booting process and established the time window using the parameters USBT and USBD.
  • the booting process may only be completed when the processor 62 has access to the master key.
  • the processor 4 is configured to transmit a request, via the USB cable 54, for the master key to the memory device 50.
  • processor 62 of the memory device 50 receives the request for the master key from the processor 4 of user terminal 2.
  • processor 62 determines if the request for the master key is valid.
  • the validation is performed by the processor 62 comparing the timing of the request to the time window. If the timing of the request is inside the time window, the process proceeds to step 108. If the time of the request is outside the time window, the process proceeds to step 110.
  • USBT and USBD define a start point and an end point of the time window, relative to the start time of the booting process of the computer device 3. The request for the master key occurs at a request time. If the request time occurs before USBT (and thus USBD) the request time is outside the time window and the request is an invalid request, and the process continues to stage 110.
  • the request time occurs after USBT and before USBD the request time is inside the time window and the request is a valid request, and the process continues to stage 108. If the request time occurs after USBD (and thus USBT) the request time is outside the time window and the request is an invalid request, and the process continues to stage 110.
  • two relative timings USBT and USBD are used to determine the time window for valid requests.
  • the time window can be determined using different parameters. For example, a time window can be determined based on a start time and a duration. In some embodiments, the time window can start at substantially the same time that the boot process starts, and the time window is therefore defined only by an end time or a duration.
  • processor 62 obtains the encrypted master key from storage resource 64.
  • Processor 62 also obtains the decryption key for decrypting the master key from cache storage 66.
  • Processor 62 then decrypts the encrypted master key using the decryption key to produce an unencrypted master key.
  • the unencrypted master key is then transmitted, in plain text, via USB cable 54 to the computer device 4.
  • the unencrypted master key is thus readable from the memory device by the computer device 3 during the time window.
  • the unencrypted master key once received by the computer device 4, is then used to perform one or more decryption steps at the ATM side.
  • the device 50 does not provide the master key to the computer device 4. Instead, the processor 62 provides spurious data and makes this data accessible to the computer device 4.
  • the processor 62 generates spurious data at initialisation step 102 and, at stage 110, this data is made available.
  • the spurious data has the format of a master key.
  • the spurious data is one of the fake master keys stored on storage 64 of memory device 50.
  • processor 64 generates a random fake key in response to receiving a request outside the time window.
  • the processor 4 of computer device 3 uses the true master key to perform a decryption process using the master key on encrypted data of data store 6.
  • the decryption process can include one or more of the following steps: moving the file system of the data store 6 into an operational state, performing a full disk decryption process and/or unlocking the data store 6.
  • the user terminal 2 has a further separate memory device or storage resource or storage partition, which is unlocked at step 112.
  • a further key is stored on data store 6 or a further memory device of user terminal 2, which can be decrypted using the master key.
  • the processor 4 completes the boot process by performing the remaining steps of the boot instructions.
  • the remaining steps of the boot process include starting up the OS and subsequently loading and/or starting up the user terminal application that provides controls of the user terminal 2.
  • the processor 4 boots into another component of the processor 4.
  • step 110 the processor 4 performs a decryption process that will fail as the processor 4 does not have the true master key. Hence, the boot process will fail to complete.
  • the master key files will remain stored on device 50 until wiped due to device removal, tampering or sensor activation as described in further detail with reference to Figure 4.
  • the master key is therefore hidden to the computer device 4 at all times outside the time window. Any attempt to read the master key file outside this window will return spurious data (stage 110). It will be understood that in some embodiments, a time window is not used and/or other methods of validating the request for the master key at stage 106 can be used.
  • the processor is configured to monitor for predetermined events, other than a boot process, at the user terminal 2 or the user terminal processor 4 and to begin the time window in dependence on the other occurrence of the other predetermined event.
  • predetermined events include a request for a key being received by the memory device 50 from the processor 4 of the user terminal or a read action being received from the processor 4 of the user terminal.
  • the processor is further configured to iteratively update the time window.
  • the time window can therefore be considered as a dynamic time window.
  • the time window is updated based on past booting performance of the computer device 3.
  • a historical value of USBT is determined by monitoring starting times for each of the last 5 reboots and determining an average of these values.
  • the current value of USBT is then set to be equal to the determined historical value.
  • a historical value of USBD is also determined by monitoring the reading of the master key by the system during the last 5 reboots and determining an average of these values.
  • the processor 62 is configured to set the duration of the time window based on monitored timing for a predetermined number of preceding occurrences of specified events, for example, a boot event of computer device 3, a key request from computer device 3 and/or a read action being received from the user terminal.
  • the processor 62 is configured to set a value for the time window start time based on the monitored timings for a predetermined number of preceding occurrences of the specified events.
  • the processor 62 is configured to set a value for the time window start time based on occurrences of the specified events during a rolling monitoring period.
  • the start time and/or duration of the time window may be determined based on historic behaviour and/or properties of the user terminal 2 or processor 4 of the user terminal.
  • Boot timings for user terminals may vary based on a number of factors, for example: system configuration, type of user terminal, age of user terminal, combination of hardware and/or software used with user terminal.
  • a dynamic and updated time window, based on past performance data, may therefore provide additional security.
  • the time window may be iteratively narrowed based on past performance such that each successive iteration provides a smaller time window in which a valid request can be made.
  • USBT and USBD are recorded and retained in a configuration file on the storage resource 62 of the device 50.
  • the precision of the USBT and USBD is such that the time window is accurately defined.
  • USBT and USBD are reset to defaults values.
  • the memory device 50 is configured to be powered by a combination of USB cable 54 and battery 68.
  • the device is fully powered by the USB, via the mains power supply of the user terminal, when connected and in normal operation.
  • the power supply provided by the USB cable 54 also charges battery 68.
  • the supply voltage is 5V ⁇ 10%.
  • the battery 68 acts as a back-up power source in case of a power failure event, for example, power outage or power cut.
  • memory device 50 has connection monitoring circuitry 82 configured to monitor electrical signals over the USB communication interface.
  • Connection monitoring circuitry is communicatively coupled to processor 62, to send data signals including data representative of the condition and/or operating state of the USB cable 54.
  • the data signals may include data indicative of whether or not the USB cable 54 is connected to the computer device 3. This may allow the memory device 50 to detect actions that are associated with eavesdropping activity or tampering activity with the communication interface.
  • further monitoring circuitry may be provided to monitor magnetic or optical signals thereby to detect eavesdropping activity or tampering with the communication link.
  • the USB cable 54 has an inner structure comprising electrical wiring and an outer structure comprising a sleeve surrounding the inner structure. Signals are transmitted via the inner wiring and thus the inner wiring provides a path for electrical transmission.
  • the inner structure provides a path for electromagnetic and/or optical transmission.
  • the outer structure provides shielding for the inner structure, in the present embodiment the shielding is electrical and physical, however the shielding may be magnetic, electromagnetic and/or optical.
  • the monitoring circuitry 82 is configured to detect electrical activity on both the inner structure and the outer structure of the USB cable 54.
  • the processor 62 of memory device 50 is configured to detect a power failure event, for example, a power outage, and switch to battery usage in response to detecting the power failure event.
  • the key is provided to the user terminal processor 4 on request following the end of the power outage.
  • the power failure events are detected by the monitoring circuitry 82. In some embodiments, the power failure events are detected by processor 62 by processing signals receives from the USB port 78.
  • Processor 62 of memory device 50 is configured to distinguish between types of power failure events. For example, processor 62 is configured to distinguish between USB cable 54 being disconnected and a power outage of the computer device 3. By monitoring output from cable 54 monitoring, the processor 62 can distinguish between these power states. For example, processor 62 can determine that the USB cable 54 is connected or disconnected. Separately, when the USB cable is connected, the processor 62 can determine that the computer device 3 is turned off as it can detect when no power is being received from the USB cable 54.
  • the components are either not marked or incorrectly marked to avoid revealing information to an attacker. This may prevent reverse engineering.
  • Memory device 50 also has an outer casing 80, as shown in Figure 2.
  • the outer casing 80 shields RF signals from the memory device 50 to prevent data leakage from the memory device 50, for example, via RF channels.
  • the outer casing is a metal shell.
  • the metal shell has a form factor with dimensions 55mm by 15.5 mm by 7mm. It will be understood that other dimensions of the metal shell may be suitable.
  • the outer casing 80 is configured to be secured to the ATM safe 52.
  • a mounting mechanism is provided that allows the memory device 50 to be mounted to the ATM safe 52.
  • the outer casing allows the memory device to be mounted inside the ATM safe 52.
  • the memory device 50 is located outside safe 52 but inside outer housing 20.
  • the outer casing 80 is configured to secure the memory device 50 to the wall of the outer housing 20 or other structural component inside the outer housing 20.
  • the USB connector 78 of memory device 50 operates in accordance with USB-2.0 protocol. Therefore, the memory device 50 will work with USB 1.X hosts at 1.X speeds and with USB 2.0 and higher (for example, USB 3.0) hosts at 2.0 speeds.
  • the USB connector of the computer device 3 is also USB 2.0. When connected, communication between the computer device 3 and the memory device 50 used USB 2.0 communication protocol. It will be understood that the USB connectors and/or interface may be USB-1.0, USB-3.0 or any other suitable USB version.
  • USB cable 54 has further security features.
  • the USB cable 54 has a length that allows the memory device 50 to be located inside the ATM safe 52 and connected to the computer device 3 outside the ATM safe. In other embodiments, where the memory device is at a different location in the user terminal, a different length of USB cable 54 may be required. In this embodiment, the USB cable 54 has a length of at least 2 metres.
  • the USB cable 54 has a first USB connector, in this embodiment a USB type A plug, for connection to the USB port 19 of the computer device 3.
  • the USB cable 54 connects to the USB connector 74 of memory device 50 to form a breakable connection between the USB cable 54 and the memory device 50 that is such that an application of force above a threshold level causes a breaking of the connection.
  • the cable 54 has a standard USB type A receptacle at its second end and the connector 74 of memory device 50 is configured such that application of force causes a breaking of the connection.
  • the connector 74 of memory device 50 is a standard USB port and the receptacle of USB cable is configured such that the application of force causes a break of the connection or that both the connector 74 and receptacle of the USB cable 54 are configured to co-operatively break the connection on application of a force.
  • the cable 54 and/or connector 74 are configured such that, in addition or alternatively to the applied force being over a threshold, an application of force in one or more specified directions causes the connection to break.
  • the cable may be configured such that if it is removed in a substantially horizontally direction, this will cause a break in the connection while if it is pulled substantially vertically, the connection does not break.
  • the one or more directions may be selected based on the geometry and configuration of the safe and/or the user terminal.
  • connection does not break, but instead the communication link is rendered non-operational.
  • the cable itself is broken on application of the force.
  • connection between memory device 50 and USB cable 54 is a detachable connection such that on application of a force as described above, the USB cable is physically detached or disconnected from memory device 50. Therefore, it may not be possible for a user to pull the memory device 50 out of the safe by pulling on the cable from outside the safe.
  • the USB cable 54 is connected through an aperture in the safe housing. It will be understood that there may be no requirement for the aperture if the memory device is located elsewhere.
  • Figure 4 shows a further process 200 of sensor output monitoring performed by processor 62 of device 50.
  • process 200 is performed simultaneously to process 100 described above.
  • the processor 62 of the memory device is placed in a monitoring mode, where it monitors for boot activity, as described with reference to process 100 and for sensor activity, as described with reference to process 200.
  • Process 200 includes a first initialization step 202, as described substantially with reference to step 102 of process 100.
  • processor 62 of memory device 50 monitors sensor activity by monitoring outputs from sensor module 70.
  • the processor 62 also monitors output from the USB cable together and/or output from connection monitoring circuitry 82.
  • Tamper events are representative of potential tampering activity on the device 50 or the user terminal 2.
  • the state of one or more sensors during a tamper events may be referred to as a tamper states.
  • a tamper event is detected. Different types of tamper events may be detected, as follows.
  • a first type of tamper event corresponds to the USB cable 54 being unplugged or disconnected at either of its ends.
  • this tamper event occurs when either cable monitoring circuitry 82 or the processer indicates that the signal being received at USB connector 78 is degraded and/or reduced.
  • a further type of tamper event corresponds to integrity of the tamper evident USB cable 54 is compromised.
  • the outer sleeve of the USB cable may be broken during a sniffing attempt.
  • This tamper event occurs when cable monitoring circuitry 82 indicates that signals on the outer layer of the USB cable 52 are degraded and/or reduced. The outer layer signals are compared to a threshold value to verify the tamper event.
  • a further type of tamper event is detected if excess vibration is detected by the sensor module 70. Vibration can be determined using the accelerometer 72. In the present embodiment, an amount of vibration is determined using accelerometer sensor output and the determined amount of vibration is compared to a threshold amount. If above the threshold amount, then the tamper event is verified.
  • a further type of tamper event is detected if there is a rapid temperature variation.
  • temperature sensor 76 tracks current temperature and determines current increases and/or decreases and compares these to a threshold value to verify the tamper event.
  • a further type of tamper event is an unexpected light increase.
  • light sensor 74 determines a light level. In the safe, light level is expected to be low. Therefore if an increase in light level is measured it can be indicative of tampering activity. The light level can be compared to a threshold amount to verify the tamper event.
  • the processor performs a self-wipe process thereby making the key inaccessible.
  • the self wipe process includes deleting the decryption key on the cache 66 thereby rendering the encrypted master key on data storage 68 unrecoverable.
  • the process performs a self-wipe process.
  • the processor is configured to perform one or more of the following actions, as an alternative or in addition to the self wipe process described above: deletion or modification of the key or at least one component thereof; making the key inaccessible to the processing resource or other device; outputting an alarm signal; sending a message to a remote device; rendering the key protection device and/or data store at least partly inoperable.
  • the monitoring for tamper events can be disabled to allow servicing without triggering a tamper event.
  • data are collected and logged by device 50.
  • logged data can help with ongoing support for users and post-mortem investigations of attacks.
  • the data are collected and stored in one or more logged files.
  • the data are written as binary data to a single log file in the file system of storage 64, so that they can be read from the file system.
  • a file name format is used to identify the produced log file.
  • An example file name format is“ ⁇ data + Time>.log”. It will be understood that other file name formats can be used.
  • the device 50 will produce more than one log file and delete the oldest log files to ensure space is always available on the device.
  • the one or more log files are downloaded to the computer device 4 via USB cable 54 before deletion from memory 64 of device 50. Downloading may occur at periodic intervals.
  • the format of the log files are such that no security related information is written to log files.
  • the written log files include sensor and/or performance data and do not include key data.
  • the memory device 50 is configured to report the status of various optional sensors by writing the current status to a file with the name“SensorStatus.dat” in the root directory.
  • the file is assigned a timestamp that is updated each time the sensor status changed. This allows the computer device 3 to monitor for status changes by monitoring for changes in the file timestamp. In some embodiments, further processing of sensor data, for example, to determine tamper events, is triggered by detecting a change in the file timestamp.
  • the sensor status file is binary and contains the following literal fields and values: a. Vibration: Expressed as an integer percentage of full scale. E.g. “1 %”,“10%”. If disabled, the literal“Disabled” b. Temperature: Expressed as an integer value in degrees. E.g.
  • the device 50 has firmware that is field updatable. Firmware updates are saved to a file in the root directory of the device file system.
  • the firmware data is digitally signed with a private key that is known only to the manufacturer and/or distributor.
  • the device 50 can check the digital signature using a known matching public key and ignore any file without the correct digital signature.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un dispositif de protection de clé destiné à être installé dans un terminal utilisateur, le dispositif de protection de clé comprend : un dispositif de stockage de données configuré pour stocker au moins une clé d'un système cryptographique du terminal utilisateur ; une ressource de traitement pour commander le fonctionnement du dispositif de protection de clé ; et une interface de communication pour former une liaison de communication avec une ressource de traitement d'un terminal utilisateur et configurée pour transmettre la clé à la ressource de traitement de terminal utilisateur par l'intermédiaire de la liaison de communication en réponse à une requête valide pour la clé, la ressource de traitement étant configurée pour effectuer une action afin de rendre la clé indisponible en réponse à la détection d'une altération, d'une activité d'écoute clandestine ou d'une autre action non autorisée.
PCT/GB2019/051616 2018-06-11 2019-06-11 Dispositif de protection de clé WO2019239121A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1809526.5 2018-06-11
GBGB1809526.5A GB201809526D0 (en) 2018-06-11 2018-06-11 Key protection device

Publications (1)

Publication Number Publication Date
WO2019239121A1 true WO2019239121A1 (fr) 2019-12-19

Family

ID=62975516

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2019/051616 WO2019239121A1 (fr) 2018-06-11 2019-06-11 Dispositif de protection de clé

Country Status (2)

Country Link
GB (1) GB201809526D0 (fr)
WO (1) WO2019239121A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4068128A1 (fr) * 2021-03-31 2022-10-05 STMicroelectronics (ALPS) SAS Démarrage sécurisé d'une unité de traitement
CN116597874A (zh) * 2023-05-13 2023-08-15 汇钜电科(东莞)实业有限公司 内置静电释放片的移动硬盘及防止静电积聚的方法
US11934529B2 (en) 2021-08-26 2024-03-19 STMicroelectronics (Grand Ouest) SAS Processing device and method for secured boot

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060291653A1 (en) * 1999-08-20 2006-12-28 Hirotsugu Kawada Data player, digital contents player, playback system, data embedding apparatus, and embedded data detection apparatus
US20140122901A1 (en) * 2012-10-30 2014-05-01 Barclays Bank Plc Device and Method For Secure Memory Access
US20160072628A1 (en) * 2011-09-15 2016-03-10 Maxim Integrated Products, Inc. Systems and methods for managing cryptographic keys in a secure microcontroller

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060291653A1 (en) * 1999-08-20 2006-12-28 Hirotsugu Kawada Data player, digital contents player, playback system, data embedding apparatus, and embedded data detection apparatus
US20160072628A1 (en) * 2011-09-15 2016-03-10 Maxim Integrated Products, Inc. Systems and methods for managing cryptographic keys in a secure microcontroller
US20140122901A1 (en) * 2012-10-30 2014-05-01 Barclays Bank Plc Device and Method For Secure Memory Access

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4068128A1 (fr) * 2021-03-31 2022-10-05 STMicroelectronics (ALPS) SAS Démarrage sécurisé d'une unité de traitement
FR3121526A1 (fr) * 2021-03-31 2022-10-07 STMicroelectronics (Alps) SAS Démarrage sécurisé d’une unité de traitement
US11914718B2 (en) 2021-03-31 2024-02-27 STMicroelectronics (Alps) SAS Secured boot of a processing unit
US11934529B2 (en) 2021-08-26 2024-03-19 STMicroelectronics (Grand Ouest) SAS Processing device and method for secured boot
CN116597874A (zh) * 2023-05-13 2023-08-15 汇钜电科(东莞)实业有限公司 内置静电释放片的移动硬盘及防止静电积聚的方法

Also Published As

Publication number Publication date
GB201809526D0 (en) 2018-07-25

Similar Documents

Publication Publication Date Title
US10742427B2 (en) Tamper-proof secure storage with recovery
US11469883B2 (en) System and method to generate encryption keys based on information of peripheral devices
CN101578609B (zh) 安全启动计算设备
US7389536B2 (en) System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
JP5551130B2 (ja) サーバ管理コプロセッササブシステム内部のtcpaによる信頼性の高いプラットフォームモジュール機能のカプセル化
CN102171704B (zh) 用硬件加密存储设备进行外部加密和恢复管理
CN102549594B (zh) 临时秘密的安全存储
CN105308609B (zh) 存储事件数据的系统和方法
US7774595B2 (en) Computer security apparatus and method using security input device driver
EP1055990A1 (fr) Enregistrement d'évènements sur une plate-forme d'ordinateur
EP2727040B1 (fr) Architecture d'exécution hébergée et sécurisée
US10146941B2 (en) PC protection by means of BIOS/(U)EFI expansions
WO2019239121A1 (fr) Dispositif de protection de clé
WO2008039536A2 (fr) Système de sécurité permanent et procédé
US20140281504A1 (en) Authorizing Use Of A Test Key Signed Build
US20220327249A1 (en) Systems and methods for chassis intrusion detection
CN110069266A (zh) 应用升级方法、装置、计算机设备以及存储介质
US20120246486A1 (en) Information-processing device and information management program
US7100205B2 (en) Secure attention instruction central processing unit and system architecture
CN113127873A (zh) 堡垒机的可信度量系统及电子设备
CN104361298A (zh) 信息安全保密的方法和装置
KR20190033930A (ko) 보안 정보를 암호화하는 전자 장치 및 그 작동 방법
EP3244375B1 (fr) Microcontrôleur pour démarrage sécurisé avec pare-feu
CN114003919A (zh) 计算设备及其安全管理方法、支持隐私计算的系统
CN115618366B (zh) 用于服务器的验证方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19732088

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19732088

Country of ref document: EP

Kind code of ref document: A1