WO2002007112A1 - Universal security module - Google Patents

Universal security module Download PDF

Info

Publication number
WO2002007112A1
WO2002007112A1 PCT/DE2001/001715 DE0101715W WO0207112A1 WO 2002007112 A1 WO2002007112 A1 WO 2002007112A1 DE 0101715 W DE0101715 W DE 0101715W WO 0207112 A1 WO0207112 A1 WO 0207112A1
Authority
WO
WIPO (PCT)
Prior art keywords
security module
host system
identification
interface
host
Prior art date
Application number
PCT/DE2001/001715
Other languages
German (de)
French (fr)
Inventor
Arjen Klei
Hans-Gerd Gross
Original Assignee
Sc Itec Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sc Itec Gmbh filed Critical Sc Itec Gmbh
Priority to AU2001267297A priority Critical patent/AU2001267297A1/en
Publication of WO2002007112A1 publication Critical patent/WO2002007112A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction

Definitions

  • the invention relates to a universal security module for host systems, such as computers or cash register systems, which serves to identify or authenticate the user to the host system, the module for this purpose providing an identification and / or authenticity means which the administration managed by keys or other user-specific features.
  • Chip cards are very common as a means of identification and authenticity. Personal data or characteristics of their owner or keys for the encrypted data exchange with the electronic systems provided are stored on the chip cards. So far, it has been necessary to equip the host systems against which the user has to identify or authenticate themselves with special reading devices which enable access to the data of the identification and / or authenticity means used by them. However, this is comparatively complex and expensive.
  • the object of the present invention is therefore to provide a universal security module which is inexpensive to manufacture and which can be easily integrated into existing systems.
  • the universal security module comprises a carrier unit with a receptacle for an identification and / or authenticity means, connecting means for connecting the module to a hardware standard interface (serial, parallel or USB) of a host system and an interface converter for adapting the specifications of the identification and / or means of authenticity on the one hand and the standard interface of the host system on the other.
  • the identification and / or authenticity means held in the receptacle of the carrier unit of the security module can only be exchanged by means of a special tool.
  • the communication between the security module and the host system is controlled in an essential manner according to the invention by driver software that can be executed on the host system.
  • a corresponding plug unit that is compatible with the connection of the hardware interface is advantageously arranged directly on the carrier unit of the security module.
  • the communication between the security module and the host system takes place via suitable drivers, that is to say software modules as are also required, for example, for controlling other peripheral devices of a PC.
  • data exchange can also take place via software standard interfaces of the operating system installed on the host (so-called APIs application interfaces).
  • a particularly advantageous embodiment of the security module according to the invention is designed as a dongle which can be connected directly to the host system and which is preferably approximately the size of a chip card.
  • the elements of the system mentioned at the outset namely the receptacle for an identification and / or authenticity means, the connecting means for connection to the host system and on a common carrier the interface converter housed.
  • the identification and / or authenticity means is designed in the form of a plug-in for a chip card, which is arranged in the receptacle of the carrier unit and from this by means of a corresponding structural design of the carrier only with a certain outlay, preferably under can be removed with the help of a special tool.
  • the power supply to the individual units of the security module is provided by the host system via the hardware interface to which the security module is connected when it is in use.
  • Fig. 1 shows a preferred embodiment of the invention
  • Fig. 2 and Fig. 3 possible system concepts including the security module.
  • the module comprises a carrier unit 1, in which a receptacle 2 is provided for an identification and / or authenticity means 3. Furthermore, the module has an integrated interface converter 5 and a connecting means 4 in the form of a plug connector arranged on the carrier for connecting the module to a hardware standard interface of a host system.
  • the receptacle 2 for the identification and / or authenticity means 3 is designed so that it cannot be easily removed from it.
  • the identification and / or authenticity means 3 is a plug-in for a chip card.
  • the entire module is designed such that it is approximately the size of a chip card and can be connected directly to a hardware interface, for example a PC.
  • the invention is therefore basically an identification and / or authenticity means, as is already known in a comparable manner (for example in the form of the chip cards used in various embodiments), but which deviates from the previously known systems, the means for the Bring your own data exchange.
  • the security module can be integrated into existing systems in a very simple manner, in particular special devices, for example reading devices, for communication or data exchange between the security - Unnecessary module and the host system. It is particularly advantageous if the units of the security module are fed from the host system with regard to the operating voltage required by them.
  • 2 and 3 illustrate examples of system concepts involving the security module according to the invention.
  • 2 relates to a system in which the system-relevant components are arranged in a distributed manner.
  • a typical example of this is the connection of a workstation 6 to the server of an internet provider 7 via the internet.
  • the workstation 6 can directly access the identity features of the user stored in the security module and transmit them to the server 7 for comparison with the identification data stored there. If the user has identified himself as authorized in this way, he can use the opened Internet access for his purposes. With such a solution, it is also possible to only allow the users of the workstation 6 access to selective pages of the Internet. The workstation 6 required to do this evaluating characteristic data are in turn stored in the security module used by him.
  • a target system for example a PC workstation 8. Only the user whose universal security module identifies him as authorized for this can log into the system or access defined partial areas of his file system. This can be accomplished, for example, by including a system query in the boot process when the system is booting, in which a check is carried out by means of a corresponding software routine to determine whether a corresponding dongle of the user is connected to the standard interface of the PC workstation 8 provided for this purpose.

Abstract

The invention relates to a security module for host systems, such as computers or cash-desk systems, which identifies and authenticates the user to the host system. The aim of the invention is to provide a universal security module, which is cost-effective to produce and can be integrated simply into existing systems. To achieve this, the security module comprises a support unit containing a recess for an identification and/or authentication element, connecting elements for connecting the module to a standard-hardware interface (serial, parallel or USB) of a host system and an interface converter for adapting the specification of the identification and/or authentication element and the standard interface of the host system. The identification and/or authentication element that is retained in the recess of the security module can only be replaced using a special tool and communication between the security module and the host system is controlled by driver software that can be loaded onto the host system.

Description

Universelles Sicherheitsmodul Universal security module
Die Erfindung betrifft ein universelles Sicherheitsmodul für Host-Systeme, wie Computer oder Kassensysteme, welches dazu dient, den Benutzer gegenüber dem Host-System zu identifizieren bzw. zu authentisieren, wobei das Modul hierzu einen Identifikations- und/oder Authentizitätsmittel bereitstellt, welches die Verwaltung von Schlüsseln oder anderen benutzerspezifischen Merkmalen bewerkstelligt.The invention relates to a universal security module for host systems, such as computers or cash register systems, which serves to identify or authenticate the user to the host system, the module for this purpose providing an identification and / or authenticity means which the administration managed by keys or other user-specific features.
In dem Maße, wie der Ausbau der Informationsgesellschaft voranschreitet, steigt der Bedarf an Sicherheitssystemen, welche dazu dienen, die missbräuchliche Benutzung elektronischer Systeme weitestgehend zu verhindern. Um diese Sicherheit zu gewährleisten, ist es bekannt und üblich, den berechtigten Benutzer elektronischer Systeme beispielsweise von Computern oder Kassenanlagen mit einem persönlichen Identifikations- bzw. Authentizitätsmittel auszustatten. Erst wenn sich der Benutzer mit dessen Hilfe gegenüber dem Host-System identifiziert bzw. authenti- siert hat, ist es ihm möglich, das Host-System für sich zu nutzen bzw. mit dem System Daten auszutauschen oder über das System mit einer anderen elektronischen Einheit zu kommunizieren.As the expansion of the information society continues, the need for security systems that serve to prevent the misuse of electronic systems to a large extent increases. In order to ensure this security, it is known and customary to provide the authorized user of electronic systems, for example of computers or cash register systems, with a personal means of identification or authenticity. Only when the user has identified or authenticated himself with the host system is it possible for him to use the host system for himself or to exchange data with the system or via the system with another electronic unit to communicate.
Als Identifikations- bzw. Authentizitätsmittel sind Chipkarten sehr verbreitet. Auf den Chipkarten sind persönliche Daten bzw. Merkmale ihres Inhabers oder Schlüssel für den verschlüsselten Datenaustausch mit dafür vorgesehenen elektronischen Syste- men gespeichert. Bisher ist es erforderlich, die Host-Systeme gegenüber welchen sich der Benutzer identifizieren bzw. authentisieren muss, mit speziellen Lesegeräten auszustatten, welche den Zugriff auf die Daten des von ihm verwendeten Identifikations- und/oder Authentizitätsmittel ermöglichen. Dies ist jedoch vergleichsweise aufwendig und teuer. Aufgabe der vorliegenden Erfindung ist es daher, ein universelles Sicherheitsmodul zur Verfügung zu stellen, welches kostengünstig in der Herstellung ist und sich auf einfache Weise in bereits bestehende Systeme integrieren lässt.Chip cards are very common as a means of identification and authenticity. Personal data or characteristics of their owner or keys for the encrypted data exchange with the electronic systems provided are stored on the chip cards. So far, it has been necessary to equip the host systems against which the user has to identify or authenticate themselves with special reading devices which enable access to the data of the identification and / or authenticity means used by them. However, this is comparatively complex and expensive. The object of the present invention is therefore to provide a universal security module which is inexpensive to manufacture and which can be easily integrated into existing systems.
Die Aufgabe wird durch ein universelles Sicherheitsmodul mit den Merkmalen des Hauptanspruches gelöst. Vorteilhafte Ausgestaltungen bzw. Weiterbildungen des Erfindungsgegenstandes sind durch die Unteransprüche gegeben.The task is solved by a universal security module with the features of the main claim. Advantageous refinements or developments of the subject matter of the invention are given by the subclaims.
Das universelle Sicherheitsmodul umfasst eine Trägereinheit mit einer Aufnahme für ein Identifikations- und/oder Authentizitätsmittel, Verbindungsmittel zur Verbindung des Moduls mit einer Hardware-Standardschnittstelle (seriell, parallel oder USB) eines Host-Systems und einen Schnittstellenkonverter zur Anpassung der Spezifikationen des Identifikations- und/oder Authentizitätsmittels einerseits sowie der Standardschnittstelle des Host-Systems andererseits. Das in der Aufnahme der Trägereinheit des Sicherheitsmoduls gehaltene Identifikations- und/oder Authentizitätsmittel ist dabei nur mittels Spezialwerkzeug austauschbar. Die Kommunikation zwischen dem Sicherheitsmodul und dem Host-System wird in erfindungswesentlicher Weise durch eine auf dem Host-System ausführbare Treibersoftware gesteuert.The universal security module comprises a carrier unit with a receptacle for an identification and / or authenticity means, connecting means for connecting the module to a hardware standard interface (serial, parallel or USB) of a host system and an interface converter for adapting the specifications of the identification and / or means of authenticity on the one hand and the standard interface of the host system on the other. The identification and / or authenticity means held in the receptacle of the carrier unit of the security module can only be exchanged by means of a special tool. The communication between the security module and the host system is controlled in an essential manner according to the invention by driver software that can be executed on the host system.
Zur Verbindung des Sicherheitsmoduls mit der Hardware-Standardschnittstelle des Host-Systems ist vorteilhafterweise unmittelbar auf der Trägereinheit des Sicher- heitsmoduls eine entsprechende zu dem Anschluss der Hardware-Schnittstelle kompatible Steckereinheit angeordnet. Wie bereits ausgeführt, erfolgt die Kommunikation zwischen dem Sicherheitsmodul und dem Host-System über geeignete Treiber, also Softwaremodule wie sie beispielsweise auch zur Steuerung anderer Peripheriegeräte eines PCs benötigt werden. Je nach der Art und dem Typ dieser Treiber kann dabei der Datenaustausch auch über Software-Standardschnittstellen des auf dem Host installierten Betriebssystems (so genannte APIs -Application Interfaces) erfolgen. Eine besonders vorteilhafte Ausgestaltungsvariante des erfindungsgemäßen Sicherheitsmoduls ist als ein unmittelbar an das Host-System anschließbares Dongle ausgebildet, welches vorzugsweise etwa die Größe einer Chipkarte aufweist. Auf einem gemeinsamen Träger sind die eingangs genannten Elemente des Systems, nämlich die Aufnahme für ein Identifikations- und/oder Authentizitätsmittel, die Verbindungsmittel zum Anschluss an das Host-System sowie der Schnittstellenkonverter untergebracht. Das Identifikations- und/oder Authentizitätsmittel ist bei dieser Ausgestaltungsform der Erfindung in Form eines Plug-in für eine Chipkarte ausgebildet, welches in die Aufnahme der Trägereinheit eingeordnet ist und aus dieser durch eine entsprechende konstruktive Gestaltung des Trägers nur mit einem gewissen Aufwand, vorzugsweise unter zu Hilfenahme eines speziellen Werkzeuges entfernt werden kann.To connect the security module to the hardware standard interface of the host system, a corresponding plug unit that is compatible with the connection of the hardware interface is advantageously arranged directly on the carrier unit of the security module. As already stated, the communication between the security module and the host system takes place via suitable drivers, that is to say software modules as are also required, for example, for controlling other peripheral devices of a PC. Depending on the type and type of these drivers, data exchange can also take place via software standard interfaces of the operating system installed on the host (so-called APIs application interfaces). A particularly advantageous embodiment of the security module according to the invention is designed as a dongle which can be connected directly to the host system and which is preferably approximately the size of a chip card. The elements of the system mentioned at the outset, namely the receptacle for an identification and / or authenticity means, the connecting means for connection to the host system and on a common carrier the interface converter housed. In this embodiment of the invention, the identification and / or authenticity means is designed in the form of a plug-in for a chip card, which is arranged in the receptacle of the carrier unit and from this by means of a corresponding structural design of the carrier only with a certain outlay, preferably under can be removed with the help of a special tool.
Es ist im Sinne der Erfindung, wenn die Spannungsversorgung der einzelnen Einheiten des Sicherheitsmoduls durch das Host-System über die Hardware-Schnittstelle, an welcher das Sicherheitsmodul bei seinem Gebrauch angeschlossen ist, erfolgt.It is in the sense of the invention if the power supply to the individual units of the security module is provided by the host system via the hardware interface to which the security module is connected when it is in use.
Nachfolgend soll die Erfindung anhand eines Ausführungsbeispiels näher erläutert werden. In der zugehörigen Zeichnung zeigt:The invention will be explained in more detail below using an exemplary embodiment. In the accompanying drawing:
Fig. 1 eine bevorzugte Ausführungsform der erfindungsgemäßenFig. 1 shows a preferred embodiment of the invention
Sicherheitsmoduls undSecurity module and
Fig. 2 und Fig. 3 mögliche Systemkonzepte unter Einbeziehung des Sicherheitsmoduls.Fig. 2 and Fig. 3 possible system concepts including the security module.
Durch die Fig. 1 wird der grundsätzliche Aufbau des Sicherheitsmoduls verdeutlicht. Wie aus der Figur zu entnehmen ist, umfasst das Modul eine Trägereinheit 1 , in welcher eine Aufnahme 2 für ein Identifikations- und/oder Authentizitätsmittel 3 vorgesehen ist. Weiterhin weist das Modul einen integrierten Schnittstellenkonverter 5 und ein Verbindungsmittel 4 in Form eines auf dem Träger angeordneten Steckverbinders für den Anschluss des Moduls an eine Hardware-Standardschnittstelle eines Host-Systems auf. Die Aufnahme 2 für das Identifikations- und/oder Authentizitätsmittel 3 ist konstruktiv so gestaltet, dass dieses nicht ohne weiteres daraus entfernt werden kann. In dem dargestellten Beispiel handelt es sich bei dem Identifikations- und/oder Authentizitätsmittel 3 um ein Plug-in für eine Chipkarte. Das gesamte Modul ist so ausgebildet, dass es in etwa die Größe einer Chipkarte aufweist und unmittelbar an eine Hardware-Schnittstelle, beispielsweise eines PC's anschließbar ist. Bei der Erfindung handelt es sich also im Grunde um ein Identifikations- und/oder Authentizitätsmittel, wie es in vergleichbarer Art (beispielsweise in Form der in vielfältigen Ausführungsformen verwendeten Chipkarten ) bereits bekannt ist, welches aber abweichend von den bisher bekannten Systemen die Mittel für den Datenaus- tausch quasi selbst mitbringt. Durch den Anschluss an Hardware-Standardschnittstellen eines Host-Systems und die Kommunikation vermittels dazu geeigneter Software-Treiber lässt sich das Sicherheitsmodul in sehr einfacher Weise in bestehende Systeme einbinden, insbesondere werden spezielle Vorrichtungen, beispielsweise Lesegeräte, zur Kommunikation bzw. zum Datenaustausch zwischen dem Sicher- heitsmodul und dem Host-System entbehrlich. Von besonderem Vorteil ist es dabei, wenn die Einheiten des Sicherheitsmoduls im Hinblick auf die von ihnen benötigte Betriebsspannung aus dem Host-System gespeist werden.The basic structure of the security module is illustrated by FIG. 1. As can be seen from the figure, the module comprises a carrier unit 1, in which a receptacle 2 is provided for an identification and / or authenticity means 3. Furthermore, the module has an integrated interface converter 5 and a connecting means 4 in the form of a plug connector arranged on the carrier for connecting the module to a hardware standard interface of a host system. The receptacle 2 for the identification and / or authenticity means 3 is designed so that it cannot be easily removed from it. In the example shown, the identification and / or authenticity means 3 is a plug-in for a chip card. The entire module is designed such that it is approximately the size of a chip card and can be connected directly to a hardware interface, for example a PC. The invention is therefore basically an identification and / or authenticity means, as is already known in a comparable manner (for example in the form of the chip cards used in various embodiments), but which deviates from the previously known systems, the means for the Bring your own data exchange. Through the connection to standard hardware interfaces of a host system and the communication by means of suitable software drivers, the security module can be integrated into existing systems in a very simple manner, in particular special devices, for example reading devices, for communication or data exchange between the security - Unnecessary module and the host system. It is particularly advantageous if the units of the security module are fed from the host system with regard to the operating voltage required by them.
In den Fig. 2 und Fig. 3 sind Beispiele für Systemkonzepte unter Einbindung des erfindungsgemäßen Sicherheitsmoduls veranschaulicht. Die Fig. 2 betrifft ein System, bei dem die systemrelevanten Komponenten verteilt angeordnet sind. Ein typisches Beispiel hierfür ist die über das Internet erfolgende Verbindung einer Arbeitsstation 6 mit dem Server eines Internet-Providers 7. Zur Identifikation bzw. Authentifizierung des Benutzers der Arbeitsstation 6, also zum Nachweis dessen, dass dieser zur Benutzung eines Internetzugangs berechtigt ist bzw. zur Kenn- Zeichnung der an einem Gerät empfangenen Daten als Daten eines bestimmten Benutzers, verbindet der Benutzer das erfindungsgemäße Sicherheitsmodul mit einer Standardschnittstelle der für den Zugang zum Internet genutzten Arbeitsstation 6. Nach der Einwahl in den Server 7 des Providers erfolgt zwischen dem Server 7 und der Arbeitsstation 6 ein Austausch von Systemdaten, in dessen Zuge eine Überprüfung des den Zugang ansprechenden Benutzers auf seine Berechtigung durchgeführt wird. Dabei kann die Arbeitsstation 6 unmittelbar auf die im Sicherheitsmodul hinterlegten Identitätsmerkmale des Benutzers zugreifen und diese an den Server 7 zum Abgleich mit den dort hinterlegten Kennungsdaten übermitteln. Hat sich der Benutzer auf diese Weise als berechtigt identifiziert, kann er den geöffneten Internetzugang für seine Zwecke nutzen. Bei einer solchen Lösung ist es auch möglich, den Benutzer der Arbeitsstation 6 nur den Zugriff auf selektive Seiten des Internets zu gestatten. Die hierfür erforderlichen in der Arbeitsstation 6 auszu- wertenden Kenndaten sind dabei wiederum in dem von ihm benutzten Sicherheitsmodul abgelegt.2 and 3 illustrate examples of system concepts involving the security module according to the invention. 2 relates to a system in which the system-relevant components are arranged in a distributed manner. A typical example of this is the connection of a workstation 6 to the server of an internet provider 7 via the internet. To identify or authenticate the user of the workstation 6, ie to prove that the user is authorized to use internet access Identifying the drawing of the data received on a device as data of a specific user, the user connects the security module according to the invention to a standard interface of the workstation 6 used for access to the Internet. After dialing into the server 7 of the provider, the server 7 and the Workstation 6 an exchange of system data, in the course of which a check is carried out on the access responding user for his authorization. In this case, the workstation 6 can directly access the identity features of the user stored in the security module and transmit them to the server 7 for comparison with the identification data stored there. If the user has identified himself as authorized in this way, he can use the opened Internet access for his purposes. With such a solution, it is also possible to only allow the users of the workstation 6 access to selective pages of the Internet. The workstation 6 required to do this evaluating characteristic data are in turn stored in the security module used by him.
Die Fig. 3 betrifft eine Konfiguration, bei der sich alle Systemkomponenten auf einem Zielsystem, beispielsweise einer PC-Arbeitsstation 8 befinden. Nur derjenige Benutzer, dessen universelles Sicherheitsmodul ihn hierfür als berechtigt ausweist, kann sich in das System einloggen bzw. auf definierte partielle Bereiche seines Dateisystems zugreifen. Dies kann beispielsweise bewerkstelligt werden, indem beim Booten des Systems in den Boot-Vorgang eine Systemabfrage einbezogen wird, bei der mittels einer entsprechenden Softwareroutine eine Überprüfung erfolgt, ob an der dafür vorgesehenen Standardschnittstelle der PC-Arbeitsstation 8 ein entsprechendes Dongle des Benutzers angeschlossen ist. 3 relates to a configuration in which all system components are located on a target system, for example a PC workstation 8. Only the user whose universal security module identifies him as authorized for this can log into the system or access defined partial areas of his file system. This can be accomplished, for example, by including a system query in the boot process when the system is booting, in which a check is carried out by means of a corresponding software routine to determine whether a corresponding dongle of the user is connected to the standard interface of the PC workstation 8 provided for this purpose.
BezugszeichenlisteLIST OF REFERENCE NUMBERS
1. Träger, Trägereinheit1. Carrier, carrier unit
5 2. Aufnahme5 2. Recording
3. Identifikations- und/oder Authentizitätsmittel3. Identification and / or authenticity means
4. Verbindungsmittel, Steckereinheit4. Lanyard, connector unit
5. Schnittstellenkonverter5. Interface converter
6. Arbeitsstation6. Work station
10 7. Server10 7. Server
8. PC-Arbeitsstation 8. PC workstation

Claims

Patentansprüche claims
1. Universelles Sicherheitsmodul für Host-Systeme wie Computer oder Kassensysteme, umfassend eine Trägereinheit (1 ) mit einer Aufnahme (2) für ein Identifikations- und/oder Authentizitätsmittel (3), Verbindungsmittel (4) zur Verbindung des Moduls mit einer Hardware-Standardschnittstelle (seriell, parallel oder USB) eines Host-Systems und einen Schnittstellenkonverter (5) zur Anpassung der Spezifikationen des Identifikations- und/oder Authentizitätsmittels (3) sowie der Standardschnittstelle des1. Universal security module for host systems such as computers or cash register systems, comprising a carrier unit (1) with a receptacle (2) for an identification and / or authenticity means (3), connecting means (4) for connecting the module to a hardware standard interface (serial, parallel or USB) of a host system and an interface converter (5) for adapting the specifications of the identification and / or authenticity means (3) and the standard interface of the
Host-Systems, wobei das in der Aufnahme (2) des Sicherheitsmoduls gehaltene Identifikations- und/oder Authentizitätsmittel (3) nur mittels SpezialWerkzeug austauschbar ist und die Kommunikation zwischen dem Sicherheitsmodul und dem Host-System durch eine auf dem Host-System ausführbare Treibersoftware gesteuert wird.Host system, the identification and / or authenticity means (3) held in the receptacle (2) of the security module being exchangeable only by means of a special tool and the communication between the security module and the host system being controlled by driver software that can be executed on the host system becomes.
2. Universelles Sicherheitsmodul nach Anspruch 1 , dadurch gekennzeichnet, dass die Verbindung zwischen dem Sicherheitsmodul und einer Hardware-Standardschnittstelle des Host-Systems mittels einer unmittelbar auf der Trägereinheit des Sicherheitsmoduls angeordneten Steckereinheit (4) erfolgt.2. Universal security module according to claim 1, characterized in that the connection between the security module and a hardware standard interface of the host system takes place by means of a plug unit (4) arranged directly on the carrier unit of the security module.
3. Universelles Sicherheitsmodul nach Anspruch 1 oder 2, dadurch gekennzeichnet, dass die durch die Treibersoftware gesteuerte Kommunikation zwischen dem Sicherheitsmodul und dem Host-System über Software- Standardschnittstellen des Hostbetriebssystems (APIs - Application Interfaces) erfolgt.3. Universal security module according to claim 1 or 2, characterized in that the communication controlled by the driver software between the security module and the host system takes place via software standard interfaces of the host operating system (APIs - Application Interfaces).
4. Universelles Sicherheitsmodul nach Anspruch 3, welches als ein vorzugsweise etwa Chipkartengröße aufweisendes, unmittelbar an eine Hardware-Standardschnittstelle des Host-Systems anschließbares Dongle ausgebildet ist, wobei es sich bei dem Identifikations- und/oder Authentizitätsmittel (3), welches in die in der Trägereinheit (1) vorgesehene Aufnahme (2) eingeordnet ist, um ein Plug-in für eine Chipkarte handelt.4. Universal security module according to claim 3, which as a preferably about chip card size, directly connectable to a hardware standard interface of the host system The identification and / or authenticity means (3), which is arranged in the receptacle (2) provided in the carrier unit (1), is a plug-in for a chip card.
Universelles Sicherheitsmodul nach einem der Ansprüche 1 bis 4, dadurch gekennzeichnet, dass die Spannungsversorgung der Einheiten des Moduls durch das Host-System über die Hardware-Standardschnittstelle, an welche das Sicherheitsmodul angeschlossen ist, erfolgt. Universal security module according to one of claims 1 to 4, characterized in that the power supply of the units of the module by the host system via the standard hardware interface to which the security module is connected.
PCT/DE2001/001715 2000-07-19 2001-05-07 Universal security module WO2002007112A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001267297A AU2001267297A1 (en) 2000-07-19 2001-05-07 Universal security module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10034993.5 2000-07-19
DE2000134993 DE10034993B4 (en) 2000-07-19 2000-07-19 Universal security module

Publications (1)

Publication Number Publication Date
WO2002007112A1 true WO2002007112A1 (en) 2002-01-24

Family

ID=7649388

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2001/001715 WO2002007112A1 (en) 2000-07-19 2001-05-07 Universal security module

Country Status (3)

Country Link
AU (1) AU2001267297A1 (en)
DE (1) DE10034993B4 (en)
WO (1) WO2002007112A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10359680A1 (en) * 2003-12-18 2005-07-14 Giesecke & Devrient Gmbh Method for enabling access to a computer system or to a program
DE102006052486A1 (en) * 2006-11-07 2008-05-08 Robert Bosch Gmbh Control for a balance

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0744708A2 (en) * 1995-05-23 1996-11-27 Kabushiki Kaisha Toshiba IC card reader/writer and data transfer method
US5633485A (en) * 1993-07-14 1997-05-27 Telia Ab Arrangement with a card for value transactions
US5917913A (en) * 1996-12-04 1999-06-29 Wang; Ynjiun Paul Portable electronic authorization devices and methods therefor

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2668839A1 (en) * 1990-11-06 1992-05-07 Bull Cp8 SECURITY DEVICE COMPRISING A MEMORY AND / OR A MICROCALCULATOR FOR INFORMATION PROCESSING MACHINES.
GB2285879A (en) * 1994-01-13 1995-07-26 Mark Lawrence Neville Computer tagging card
DE29723227U1 (en) * 1997-04-21 1998-06-18 Scm Microsystems Gmbh Interface device for chip cards
FI105637B (en) * 1997-07-02 2000-09-15 Sonera Oyj A method for managing applications stored on a subscriber identity module
DE29900902U1 (en) * 1999-01-21 1999-06-02 Mostert Hanns Juergen Dr Ing Device for securing software security modules, so-called dongles, against theft, damage or other loss

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5633485A (en) * 1993-07-14 1997-05-27 Telia Ab Arrangement with a card for value transactions
EP0744708A2 (en) * 1995-05-23 1996-11-27 Kabushiki Kaisha Toshiba IC card reader/writer and data transfer method
US5917913A (en) * 1996-12-04 1999-06-29 Wang; Ynjiun Paul Portable electronic authorization devices and methods therefor

Also Published As

Publication number Publication date
DE10034993A1 (en) 2002-02-07
AU2001267297A1 (en) 2002-01-30
DE10034993B4 (en) 2005-05-19

Similar Documents

Publication Publication Date Title
DE69334182T2 (en) Method of using software and information system for applying this method
EP0355372B1 (en) Data carrier controlled terminal for a data exchange system
DE60106981T2 (en) PORTABLE CRYPTOGRAPHIC KEYS IN A NETWORK ENVIRONMENT
DE10105396A1 (en) Mobile electronic device with a function for verifying a user by means of biometric information
DE20314722U1 (en) Device for secure access to digital media content, virtual multi-interface driver and system for secure access to digital media content
EP2272025B1 (en) System and method for providing user media
DE102005014352A1 (en) Method and control device for controlling access of a computer to user data
EP1525731B1 (en) Identification of a user of a mobile terminal and generation of an action authorisation
WO2002007112A1 (en) Universal security module
DE19533209C2 (en) Device for assigning users in a computer network
EP2169579B1 (en) Method and device for accessing a machine readable document
AT503263A2 (en) DEVICE FOR CREATING DIGITAL SIGNATURES
EP1668821B1 (en) Method for licensing and/or authorizing access to software modules in a switching device
EP2300956B1 (en) Apparatus for mobile data processing
DE102007004631A1 (en) Method for secure data transmission between input device connected to network computer and network receiver, involves receiving of data of reading or input element of input device to encrypting device of input device
EP2850553A1 (en) Electronic access-protection system, method for operating a computer system, chip card and firmware component
EP1685472A1 (en) Method for accessing a data processing system
WO2000010134A1 (en) Security system
EP3692457A1 (en) Method and system for providing a data-technical function by means of a data processing system of a track-bound vehicle
DE102005008966A1 (en) Periphery device access controlling method, involves examining access authorization of peripheral device, before accessing device on computer, where device is attached to computer over universal interface
EP1288768A2 (en) Smart dongle
DE102013101846B4 (en) access control device
EP0910841B1 (en) Information transmission system
DE202008000454U1 (en) display extract
DE10340181A1 (en) Method for cryptographically securing communication with a portable data carrier

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP