+

WO1993006542A1 - Systeme informatique a dispositif protecteur - Google Patents

Systeme informatique a dispositif protecteur Download PDF

Info

Publication number
WO1993006542A1
WO1993006542A1 PCT/NL1992/000161 NL9200161W WO9306542A1 WO 1993006542 A1 WO1993006542 A1 WO 1993006542A1 NL 9200161 W NL9200161 W NL 9200161W WO 9306542 A1 WO9306542 A1 WO 9306542A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
card
plug
software
memories
Prior art date
Application number
PCT/NL1992/000161
Other languages
English (en)
Inventor
Dick Peter De Boer
Johannes Van Den Hondel
Original Assignee
Tres Automatisering B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tres Automatisering B.V. filed Critical Tres Automatisering B.V.
Publication of WO1993006542A1 publication Critical patent/WO1993006542A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • the invention relates to a protection means for personal computers which at machine level and independently of the operating system protects the personal computer and the software and information situated thereon against unauthorized use, irrespective of the fact of whether this personal computer is used as stand-alone device or whether this personal computer is incorporated in a data communication network.
  • the protection means consists on the one hand of an electronics board provided with printed circuits and
  • plug-in card the functionality of a personal computer can be enlarged.
  • this plug-in card By inserting this plug-in card into one of the expansion bus connections which are situated on the motherboard of the personal computer and are per se embodied with contact surfaces for the input and output of information which have a one-to-one relation with the contact surfaces on the plug-in card, the functionality present on the plug-in card is added to the functionality of the personal computer.
  • a significant part of the electronic circuits on the plug-in card for the protection means is contained in an opaque, tamper-proof housing which prevents vital signals of the protection means being tapped, by-passed or disconnected and which makes the information held in the
  • information carriers Placed on the plug-in card are information carriers which contain the required software and control data of the protection means in addition to identification and coding keys which are needed to enable the electronics to operate with the information which is coded by the protection means on the basis of the coding keys and which is stored on the peripheral equipment coupled to the personal computer.
  • user keys are also coupled to the protection means on the basis of which a user does or does not obtain access to the personal computer and the software and information stored thereon.
  • these keys can be stored on the personal computer itself in the form of passwords, or they can be stored in an external information carrier such as for example a chip card.
  • Such a chip card is known from the article "Smart Card” by A.J. Selezneff in “Philips Telecommunications and Data Systems Review", volume 45, no.4, December 1987.
  • the chip itself (also called “integrated circuit") is placed on a printed circuit film, wherein the circuit film has contact surfaces for input and output of data.
  • the integrated circuit and the circuit film are arranged as an entity in a plastic envelope.
  • the integrated circuit comprises inter alia a data memory which can serve among other things to store data such as PIN-code, encryption keys etc. , one of the characteristics of which is that the chip card blocks itself after a number of attempts have been made to gain access to the information stored on the chip card and wherein the conditions set by the intelligence of the chip card have not been met.
  • This external information carrier is read by means of a read/write unit coupled to the personal computer and into which this external information carrier is introduced.
  • the operation of the plug-in card must be envisaged as follows.
  • the protection means becomes a component of the functionality of this personal computer which is available to the user or users of this personal computer. If a person wishes to make use of this personal computer, he must first enter a code in one of the above specified ways, on the basis of which a check is made by the plug-in card as to whether this code gives authorization to work with this personal computer and the information stored thereon. If this is the case, the functionality of this personal computer is then made available to him or her so that work can be performed in the normal manner.
  • the information which is read from and written to the peripheral devices of the personal computer by this user with this personal computer is automatically decoded and coded by the plug-in card on the basis of keys which are known only to the plug-in card.
  • this information is provided with unique characteristics whereby this information can only be used together with the plug-in card with which this information is coded.
  • the plug-in card also ensures that information based on an algorithm which is known only to this specific plug-in card is written to physical locations (addresses) on the peripheral equipment other than those which are designated by the software operating on this personal computer, which effectively means that this peripheral equipment cannot be read by any other device, or by a device equipped with another plug-in card, since this will approach the information on the peripheral equipment with a different algorithm and the result thereof will therefore be unpredictable.
  • the information written onto the peripheral devices using the plug-in card and the plug-in card itself are inextricably linked with one another, only this specific combination will lead to the desired result.
  • Protection means for the personal computer are known from the literature which protect personal computers in similar manner. These provide however only a very limited protection since they function at software level as an extension of the operating system. No integration therefore takes place between the protection means and the hardware of the personal computer itself. Reference is made here to products such as Disklock from IRIS, Safetools from SOFTECH, DialockBoot from COM&DIA, Watchdog from FISCHER, Certus from FONDATION WARE and AuthentlCC from Bull CP8.
  • the drawbacks associated with these known protection products are that the protection software is supplied as a normal program (also known as driver) which must be installed on the hard disc.
  • this protection program is loaded just as any other program by the operating system and made active as for instance a so-called “TSR-Program” (Terminate and Stay Resident Program) .
  • This type of protection means is therefore an additional function (an extension) of the operating system and not an additional function of the machine. Such protection means will not therefore become a component of the machine.
  • This type of protection software is comparatively simple to translate from machine code to program code that is once again readable, whereafter the operation of the prograir. is known and can even be extended with individual routines to extract coded information from the computer.
  • These protection means can further be switched off and/or by-passed with comparatively simple means, whereafter the information can be examined with all kinds of standard auxiliary means and possible encryptions of information and programs on the hard disc for instance can be rendered inoperative in comparatively simple manner, for example by monitoring the information being processed by the protection program.
  • protection is only provided for a part of the information stored on the peripheral devices, namely the part controlled by the operating system for which the protection means has been developed.
  • the object of the invention is to provide a protection means for personal computers which can function at all times at machine level wholly independently of operating system and/or brand of personal computer without therein impinging upon facilities present in the machine and wherein the drawbacks and limitations of the above described protection methods are eliminated.
  • This object is achieved by supplying the protection means not as a normal program that must be loaded in the usual manner by an operating system of the personal computer but by integrating it into the equipment at hardware level by means of a plug-in card and arranging thereon all facilities required for the protection means. (See figure 6 for a sym ⁇ bolic representation of what this plug-in card could look like) .
  • the protection program is structured in hardware form in one or more volatile or non-volatile information carriers -61-, wherein parts of the protection hardware are likewise protected by electronics on the same plug-in card against sabotage or unauthorized operations. These electronics are built into a so-called "tamper-proof housing" -65-.
  • a read/write unit -67- can be coupled via the cable -70-, with which unit an external information carrier -68- can be read or written to.
  • the external information carrier can for instance be used for storing confidential information such as user and system keys and similar information.
  • the plug-in card is coupled to the bus of the machine and the memories on this plug-in card can be accessed via the data bus -26- and the address bus -28-.
  • the protection means thus effectively becomes a component of the machine which, in respect of the vital parts such as the information carriers, for instance discs and tapes etc., can no longer function without the protection means because unique characteristics are coupled by the protection means to these information carriers which can no longer be detached therefrom.
  • protection means Only by destroying the information recorded on these information carriers or by de-installing (removing) the protection means by means of special software via a user (system controller) specially authorized therefor can these information carriers be re-used without the protection means.
  • the protection means can only be installed and removed making use of a special key, the system controller key which, like the user keys, is likewise recorded for instance on an external information carrier.
  • This special key is also required to assign to the users of the machine rights which are stored in for instance the external information carrier in which the user keys of this user are also stored, with respect to the use of the machine and the peripheral devices coupled thereto.
  • This protection means also provides an effective manner of securing against unauthorized copying of software without the users of this software experiencing any inconvenience therefrom or the developers of this software having to take account of this in the production and development of their software.
  • An installed package is coupled by the protection means to one particular combination of personal computer with protection means.
  • Installation of the software can only take place on machines provided with a protection means and equipped with special software for installation which forms part of the protection means. Installing of this software on for instance the hard disc takes place in a manner such that it is only usable on the computer on which the official installation has taken place.
  • the number of installations on this specific computer is unlimited, but installation is not permitted on another machine until the software on the other computer is de-installed by means of a special procedure, whereby the installation medium is released for installation on another machine. In this way authorized installations can be permitted on one or more machines in simple manner.
  • a PC protection means is thus obtained which under all conditions protects in an effective and adequate manner against undesired infringement in those areas where criminal elements could take advantage and/or cause damage to companies and/or individuals, namely with the information and software stored on the personal computer and which in respect of the use of the protection means is wholly transparent and therefore requires no special actions whatever by the user.
  • figure l shows a schematic view of the hardware functionality for the protection means present on the plug-in card
  • figure shows a block diagram relating to the installation of the plug-in card
  • figure 3 shows a block diagram relating to the initialization of the plug-in card
  • figures 4a and 4b show block diagrams relating to the functionality contained in the "Basic protection part” of the plug-in card
  • figure 5 shows a block diagram relating to the functionality contained in the "Encryption/Decryption part” and "Access Control part” of the plug-in card
  • figure 6 is a symbolic representation of the plug-in card.
  • the diagram in figure 1 represents a number of functions which are arranged on the plug-in card, wherein "-16-" serves as one or more program memories. These may be volatile or non-volatile memories. Included herein are respectively the "Basic protection”. the “Encryption/Decryption” and the “Access Control” functions. These are program parts which, after they have been arranged and reported, are inextricably linked to the plug-in card and the peripheral devices of the computer. A part of the protection means is also arranged during installation in coded form in the memory -8- which is accommodated in a so-called tamper-proof housing. The unchanged presence of the software is monitored at set times by the protection means itself during operation with the protection means.
  • the vital functions of the protection software are included in non-readable code in the information carrier -8-.
  • these program parts are decoded on the basis of special keys into readable code, after an authorized user has started up (switched on) the system, and are placed in the memory -11- which also serves as working memory for the protection means.
  • Provisions are made by the protection means which ensure that entering and reading of information proceeds via the protection means at all times. Only then can the protection of machines and information be guaranteed.
  • the connections made to the existing hardware and firmware for the purpose of the protection are regularly monitored as to their integrity. In other words: if these connections still exist, are these connections still present in unchanged form, has no attempt been made to extract vital information from the protection means in unauthorized manner, such as for instance protection keys and program information which are stored in the memories situated inside the tamper-proof housing.
  • N.B By firmware must be understood programs or program parts which are accommodated for instance in a ROM (Read Only Memory) and which form, as it were, a fixed component of a machine and which do not disappear when the energy supply to the machine is discontinued.
  • a number of circuits and information carriers is arranged in a tamper-proof housing which has the object of protecting the information carrier or carriers accommodated therein against unauthorized actions such as reading and/or altering thereof or against executing of the software that is present therein at a particular moment.
  • This tamper-proof housing -34- is shown schematically in figure 1.
  • the object thereof is to create a sector in which program code can be loaded and executed and which can contain the keys necessary for the protection without it being possible to influence this information from outside other than by following a stringent protocol wherein a number of electronic and program conditions have to be met, wherein the sequence in which the required actions have to be performed also determines whether the electronics incorporated therein will function or not. If the set conditions are not fulfilled the electronics arranged in the tamper-proof housing will then block the machine.
  • the conditions required to approach the memories arranged in the tamper-proof housing after initialization can only be set by addressing -19- in a specific manner and by performing a fixed series of instructions in relation to the address where -19- is placed with the address decoder -15-.
  • This condition which is checked by the electronics accommodated in the tamper-proof housing, is set such that it cannot be created in a manner other than that prescribed by the electronics of the protection means.
  • the memory -8- cannot be made accessible in any other manner whatsoever.
  • Timer -13- ensures that the protection means must be addressed, for instance every 55 milliseconds. If this does not happen the machine is blocked against further processing.
  • the performing of the required series of instructions cannot therefore take place from any location other than from -16- on the plug-in card, which is an imperative condition which guarantees that this condition cannot be set by means of another program and also guarantees that the operation is transferred to the electronics accommodated in the tamper-proof housing.
  • the FlipFlop -14- must be active as this is one of the conditions which activate the "AND" gate 27. This is set by an independent timer -13- which is a component of the electronics accommodated in the tamper-proof housing and which must be reset for instance every 55 milliseconds.
  • the voltage is removed from -11-, whereby the information in -11- is effectively erased instantaneously and -8-and -11- are disconnected from the address bus -28- whereby they can no longer be approached. They can only be made available again by physically turning off and switching on the machine again or by generating a so-called hard reset, whereby the plug-in card is initialized once again.
  • the hard reset is usually a switch which is arranged on the machine and which has essentially the same effect resulting from turning off and switching on the machine again.
  • the protection means is activated and the checks can be performed which guarantee the integrity of the protection means.
  • the software required for the vital functions of the protection means is stored in coded form in the memory -8-.
  • this software is decoded on the basis of a key read from the external information carrier together with a key included in -8- and placed in the information carrier -11-. This is therefore an action which only takes place if it is performed by authorized users, since only they have at their disposal a valid key for decoding the software from -8- to -11-.
  • the energy supply of -11- is cut by means of -10-, on the basis of timer -13-, within the time which timer -13- makes available therefor, in that -14- is deactivated by -13- which effectively means that the information recorded in -11- such as keys and software is instantaneously erased.
  • the sole way to prevent this is to give control to the electronics accommodated in the tamper-proof housing within the time which timer -13- makes available for this purpose. This monitors first of all whether the checks required for the protection can still be performed and/or whether all conditions are met for the protection. If this is not the case, the energy supply is likewise cut from -11- in the above described manner and the machine blocked against further processing.
  • the software accommodated in the memories -8- and -11- provides a number of checks which guarantee that the paths which must be followed within the machine in order to be able to guarantee the protection thereof are also followed. These checks take place for the following couplings:
  • timer tick This is also referred to as the "timer tick".
  • the frequency at which this timer tick is generated is normally 55 milliseconds, but this frequency can be altered as required. Assuming the normal situation, this means that every 55 milliseconds a timer tick is generated by the machine itself, on the basis of which a number of operations must be performed.
  • This signal is also required for actuating timer -13- which is accommodated in the tamper-proof housing and which thus functions as a "watch-dog" for the above mentioned timer interrupt. If this signal does not arrive, the energy provision of -11- is discontinued in the above specified manner and the information in -11- is instantaneously erased and further processing of the machine blocked.
  • Dealing with the timer interrupt is coupled to a program connection with software in the memories accommodated in the tamper-proof housing. This connection is checked for integrity at each timer tick. Should this connection no longer be reliable, the energy supply of memory -11- is discontinued whereby the information therein is immediately erased and the processing of the machine blocked.
  • the input from the keyboard is also controlled via software accommodated in the memories -8- and -11-. This connection is also checked every timer tick. Also in the case this connection no longer meets the set requirements the information in -11- is erased in the above described manner and the machine blocked against further processing.
  • an individual microprocessor can be accommodated in the tamper-proof housing, whereby it can be guaranteed that vital information inside the machine such as user keys and the like appear only once at the data bus -26- and whereby the possibility is created of executing protection software inside the tamper-proof housing.
  • the tamper-proof housing is safeguarded against opening thereof by means of -22-, -24- and -23-, which have the following operation:
  • -22- contains the electronics with which this high voltage is built up using the energy supplied from a battery -38- and with which the closed connection of - 24- is constantly monitored; -23- is a high-grade energy cell which is likewise located inside the tamper-proof housing and which cannot be disconnected or replaced from outside. This energy cell is charged during normal use of the machine by means of electronics accommodated in -22- and energy supplied externally.
  • the plug-in card is also provided with a device constructed from electronic circuits which has the object of disturbing capture of the information being exchanged over the data bus -26- of the machine between the plug-in card and the machine with random (RANDOM) information so that, should this information be captured in order to thus extract information from the protection means, no unambiguous conclusions can be related thereto due to the disturbance of the random information which takes place at random moments in time and with random quantities.
  • RANDOM random
  • a great advantage of the lay-out of the plug-in card is that, despite the software which serves in -16- and -8- as firmware on the plug-in card, the distribution of new versions thereof can take place by sending a coded diskette which can be loaded with special software without the user being confronted with all kinds of operations involving changing of components on the plug-in card.
  • an EEPROM can, as it were, be treated as normal memory in respect of reading and writing thereof, with the understanding that the information is not erased at the moment energy is no longer being supplied to the EEPROM, in which respect the EEPROM functions as an EPROM and not as normal memory.
  • the CRC (Cyclic Redundancy Check) value is then com ⁇ puted individually per component of the protection means and checked with reference to the standard CRC value which is included in coded form in the protection firmware during manufacture thereof.
  • the keys are then defined on the basis of which the information on the peripheral equipment such as for instance hard disc and tapes etc. has to be coded and encrypted. These are also stored in memory -8- in coded form. These keys ensure that the manner in which the information on such a medium is stored is no longer recognizable and also that the information is stored physically on the medium at a location other than is normally the case, with the result that this medium can only be further used with the protection means with which it was produced.
  • the initialization stage of the installation procedure ensures automatic converting of the information on all the coupled and protected peripheral equipment so that after installation of the protection means at start-up of the computer the information thereon can be read.
  • -40- a first check is made as to whether this step has already been carried out earlier. If that is the case an immediate jump is made to -45- entry point [2] and the procedure ended without anything being done. This a protection against performing this initialization phase twice, since this may take place only once.
  • a check is then made in -41- whether this action is performed by an authorized user and with the correct keys. If the keys have to be read from an external information carrier, there is a check as to whether this external information carrier fulfills the required specifications and if the General protection Key is present.
  • a small portion of the hard disc is reserved by the initialization procedure to store information relating to the access check and the Encryption/Decryption, the rights to which are recorded per user. This reserving takes place only when these components have been installed and activated.
  • the basic protection comprises electronic circuits and software (firmware) which ensure that access to the machines and the information stored thereon such as software and information related thereto takes place with checks in a manner such that use thereof by unauthorized persons is not possible.
  • the software and the electronic circuits with which the monitored access to machines and information is realized by the basic protection is accommodated for the greater part in a tamper-proof housing in which all the necessary checks are done by the protection means.
  • the electronics in tamper-proof housing -25- also comprise a number of circuits which provide the security of the information recorded in the memories -8- and -11-.
  • the memories -8- and -11- can only be approached by following a stringent protocol wherein a number of conditions must be met with respect to program and in approaching electronic circuits. These memories are accommodated in the tamper-proof housing and are immediately blocked if they are not approached in accordance with the set requirements.
  • the tamper-proof housing consists of an opaque substance such as synthetic resin.
  • the conditions which have to be met cannot be simulated from outside as the protocol in the electronic circuits situated inside the tamper-proof housing ensures that determined series of instructions must be performed from a fixed location defined during installation.
  • the structure of the electronic circuits inside the tamper-proof housing is such that attempts to bypass these protection means are detected at all times and result in blocking of the machine. See also herefor Operation and advantages of the invention (hardware control) .
  • Figure 4a is a schematic representation of the initialization phase of the protection means which is activated when the machine is physically switched on.
  • the key information is then stored safely in memory -11- inside the tamper-proof housing.
  • a check is then made whether this is the installation stage, or in other words, whether the soft ⁇ ware from -8- has already been placed in -11- in decoded form. If this is the case this step is then not performed, as otherwise the vital software included in memory -8- inside the tamper-proof housing is decoded on the basis of the just read keys and placed in memory -11- likewise situated inside the tamper-proof housing, whereafter the protection means is ready for its normal operations.
  • protection means intervenes in all vital functions of the machine that are required to enter and store information in the machine, it is impossible to work with the machine outside the protection means. Nor can work be done with the stored information on the machine as this information cannot be read without the protection means because this information is stored in coded form and can only be decoded with the protection means and the associated keys.
  • the software for the Access Control and Encryption/De ⁇ cryption of the information on the peripheral equipment, for instance hard discs, which are coupled to a machine are a separate component of the protection means. This component provides the coding and decoding of information coupled to user rights and the physical access to these user rights.
  • This coding of information takes place together with the coding and decoding of the basic protection and offers the possibility of making a physical distinction on one machine between the different authorized users and the information relating thereto and as an additional obstacle that must be cleared when anyone wants to gain unauthorized access to this information.
  • Another advantage here is that when new operating systems are introduced it can suffice to produce a small piece of software for this new operating system which converts the information individual to this operating system to the uniform format with which the protection means works.
  • a small portion of the hard disc is reserved for the access control. On this portion of the hard disc is stored in coded form per user whether a user has access to a determined piece of information that is held on the peripheral equipment of the machine.
  • the rights of each user are coded using a unique key, which means that user "A" with knowledge of his individual user key could only decrypt his own information but never the information held for user "B".
  • a jump is made to -58-, entry point [8].
  • a check is made whether the external information carrier -68- is present in the read/write unit -67- and is still intact. Should this not be the case, the protection means then requests placing of the external information carrier -68- in the read/write unit -67- and entry of the associated user key. If the above is not the case the protection means checks -59- whether all connections are still intact and whether all checks can be performed. If this is not the case, the machine is blocked. If all checks proceed properly, a check is made as to whether the user has rights of access to the information that he or she wishes to use -60-. If this is the case, the information is released to the user.
  • protection keys For key control and coding and decoding of information use can be made of two different algorithms both having a specific function within the protection means. For the distribution of protection keys with which the information can be coded and decoded, use can for instance be made of the RSA algorithm, while the coding and decoding of the actual information can be done with the DES algorithm.
  • the RSA algorithm operates with a public and a private key-pair this is excellently suited for distributing in safe manner keys with which information must be coded and decoded, wherein the key with which new keys for coding and decoding information can be distributed is only known to the security controller.
  • the RSA key reguired to be able to decode the DES keys for the purpose of coding and decoding of information is known only to the users of the protection means.
  • These RSA user and controller keys are defined at installation and stored in coded form in memory -8- situated inside the tamper-proof housing.
  • a second wholly different algorithm such as for instance DES.
  • DES Using the DES algorithm information can be coded and decoded with one and the same key.
  • the working with the secret keys is done only in memory situated inside the tamper-proof housing and is never to be found in normal memory where it would be accessible to anyone.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Dispositif protecteur pour ordinateurs personnels destiné, au niveau de la machine et indépendamment du système d'exploitation, à protéger l'ordinateur personnel, le logiciel et les données qu'il renferme contre toute utilisation non autorisée, et cela que ledit ordinateur personnel soit autonome ou qu'il soit incorporé dans un réseau de transmission de données. Le dispositif protecteur est constitué d'une part d'une carte électronique pourvue de circuits imprimés et de circuits électroniques comprenant des circuits intégrés (CI) et des dispositifs électroniques associés formant ensemble une carte enfichable dotée de surfaces de contact permettant l'entrée et la sortie de données; et d'autre part d'un logiciel stocké dans des supports d'information formant en soi un composant des circuits électroniques de la carte enfichable, et destiné à permettre l'accès à l'ordinateur personnel et aux données qu'il renferme, ainsi que le codage et le décodage de ces données, uniquement après que les conditions spécifiques d'accès ont été satisfaites.
PCT/NL1992/000161 1991-09-20 1992-09-21 Systeme informatique a dispositif protecteur WO1993006542A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL9101594 1991-09-20
NL9101594A NL9101594A (nl) 1991-09-20 1991-09-20 Computer-systeem met beveiliging.

Publications (1)

Publication Number Publication Date
WO1993006542A1 true WO1993006542A1 (fr) 1993-04-01

Family

ID=19859727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NL1992/000161 WO1993006542A1 (fr) 1991-09-20 1992-09-21 Systeme informatique a dispositif protecteur

Country Status (3)

Country Link
AU (1) AU2671192A (fr)
NL (1) NL9101594A (fr)
WO (1) WO1993006542A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997029416A3 (fr) * 1996-02-09 1997-11-06 Integrated Tech America Systeme de gestion/cryptographie d'acces
EP0762260A3 (fr) * 1995-09-08 2000-03-15 Klaus Jürgensen Dispositif pour l'identification d'un utilisateur dans un réseau d'ordinateurs
FR2815738A1 (fr) * 2000-10-25 2002-04-26 Dolphin Integration Sa Controle d'acces a une memoire integree avec un microprocesseur
WO2002056155A3 (fr) * 2001-01-11 2003-10-16 Ibm Systeme de securite pour interdire l'usage non autorise d'un ordinateur personnel
EP0958674A4 (fr) * 1996-11-07 2004-07-07 Ascom Hasler Mailing Sys Inc Systeme de protection du traitement cryptographique et des ressources en memoire pour machines d'affranchissement postal
US6986053B1 (en) 1996-11-07 2006-01-10 Ascom Hasler Mailing Systems, Inc. System for protecting cryptographic processing and memory resources for postal franking machines
EP1722336A3 (fr) * 2005-05-02 2007-08-22 Giesecke & Devrient GmbH Dispositif et procédé destinés à la production de données pour initialiser des supports de données de sécurité
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers
EA029790B1 (ru) * 2012-01-05 2018-05-31 Государственное Научное Учреждение "Объединенный Институт Энергетических И Ядерных Исследований-Сосны" Национальной Академии Наук Беларуси Система и способ определения количества канцерогенных и/или токсичных веществ в окружающей среде
US11921868B2 (en) 2021-10-04 2024-03-05 Bank Of America Corporation Data access control for user devices using a blockchain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0142013A2 (fr) * 1983-10-14 1985-05-22 Every-Sys Ag Mémoire portable pour l'enregistrement, le stockage et la reproduction d'information
US4716586A (en) * 1983-12-07 1987-12-29 American Microsystems, Inc. State sequence dependent read only memory
EP0266748A2 (fr) * 1986-11-05 1988-05-11 International Business Machines Corporation Système de protection de logiciels à l'aide d'un système cryptographique à clé unique, d'un système d'autorisation basé sur le matériel et d'un coprocesseur en lieu sûr

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0142013A2 (fr) * 1983-10-14 1985-05-22 Every-Sys Ag Mémoire portable pour l'enregistrement, le stockage et la reproduction d'information
US4716586A (en) * 1983-12-07 1987-12-29 American Microsystems, Inc. State sequence dependent read only memory
EP0266748A2 (fr) * 1986-11-05 1988-05-11 International Business Machines Corporation Système de protection de logiciels à l'aide d'un système cryptographique à clé unique, d'un système d'autorisation basé sur le matériel et d'un coprocesseur en lieu sûr

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0762260A3 (fr) * 1995-09-08 2000-03-15 Klaus Jürgensen Dispositif pour l'identification d'un utilisateur dans un réseau d'ordinateurs
US6351813B1 (en) * 1996-02-09 2002-02-26 Digital Privacy, Inc. Access control/crypto system
WO1997029416A3 (fr) * 1996-02-09 1997-11-06 Integrated Tech America Systeme de gestion/cryptographie d'acces
EP0958674A4 (fr) * 1996-11-07 2004-07-07 Ascom Hasler Mailing Sys Inc Systeme de protection du traitement cryptographique et des ressources en memoire pour machines d'affranchissement postal
US6986053B1 (en) 1996-11-07 2006-01-10 Ascom Hasler Mailing Systems, Inc. System for protecting cryptographic processing and memory resources for postal franking machines
FR2815738A1 (fr) * 2000-10-25 2002-04-26 Dolphin Integration Sa Controle d'acces a une memoire integree avec un microprocesseur
EP1202181A1 (fr) * 2000-10-25 2002-05-02 Dolphin Integration Contrôle d'accès à une mémoire intégrée avec un microprocesseur
US7340575B2 (en) 2000-10-25 2008-03-04 Cabinet Michel De Beaumont Method and a circuit for controlling access to the content of a memory integrated with a microprocessor
WO2002056155A3 (fr) * 2001-01-11 2003-10-16 Ibm Systeme de securite pour interdire l'usage non autorise d'un ordinateur personnel
US8474021B2 (en) 2001-06-29 2013-06-25 Secure Systems Limited Security system and method for computers
EP1722336A3 (fr) * 2005-05-02 2007-08-22 Giesecke & Devrient GmbH Dispositif et procédé destinés à la production de données pour initialiser des supports de données de sécurité
EA029790B1 (ru) * 2012-01-05 2018-05-31 Государственное Научное Учреждение "Объединенный Институт Энергетических И Ядерных Исследований-Сосны" Национальной Академии Наук Беларуси Система и способ определения количества канцерогенных и/или токсичных веществ в окружающей среде
US11921868B2 (en) 2021-10-04 2024-03-05 Bank Of America Corporation Data access control for user devices using a blockchain

Also Published As

Publication number Publication date
NL9101594A (nl) 1993-04-16
AU2671192A (en) 1993-04-27

Similar Documents

Publication Publication Date Title
US5937063A (en) Secure boot
AU681588B2 (en) Protecting programs and data with card reader
JP3689431B2 (ja) 暗号化キーの安全処理のための方法及び装置
US4634807A (en) Software protection device
CA1246747A (fr) Appareil pour controler l'utilisation de logiciels
EP0748474B1 (fr) Protection de pre-amorcage destinee a un systeme de securite de donnees
KR100648533B1 (ko) 시스템 바이오스를 플래쉬하는 바이러스 감염방지 및 하드웨어 독립 방법
RU2321055C2 (ru) Устройство защиты информации от несанкционированного доступа для компьютеров информационно-вычислительных систем
RU2538329C1 (ru) Устройство создания доверенной среды для компьютеров информационно-вычислительных систем
EP0588511A2 (fr) Méthode et système pour sécuriser un ordinateur personnel LAN
WO1996034334A1 (fr) Dispositif pour l'execution d'un programme chiffre
EP0932953A1 (fr) Systeme d'entree-sortie de base (bios) protege
CN101334827A (zh) 磁盘加密方法及实现该方法的磁盘加密系统
WO1993006542A1 (fr) Systeme informatique a dispositif protecteur
JPS5947646A (ja) 計算機デ−タ処理装置および方法
CN1243312C (zh) 嵌入式安全模块
JP3834241B2 (ja) ソフトウェア記録部分離型情報処理装置及びソフトウェア管理方法
WO1994006071A1 (fr) Dispositif de protection electronique
KR19990079740A (ko) 부팅 시퀀스를 이용한 피씨 보안 유지 방법
KR100358108B1 (ko) 하드디스크 데이터 보호장치 및 그 방법
KR20040097435A (ko) Usb 휴대용 저장장치를 이용한 소프트웨어 불법복제방지장치 및 방지방법
KR20030049387A (ko) 확장 스마트 카드 시스템 및 그 제어 방법
CN2526906Y (zh) 信息安全保护装置
JPH05257679A (ja) 盗用防止機能付きコンピュータシステム
CN118885111A (zh) 服务器及其磁盘设备管理方法、装置、电子设备、介质

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU BB BG BR CA CS FI HU JP KP KR LK MG MN MW NO PL RO RU SD UA US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL SE BF BJ CF CG CI CM GA GN ML MR SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载