+

WO1998003903A3 - Method and apparatus for operating resources under control of a security module or other secure processor - Google Patents

Method and apparatus for operating resources under control of a security module or other secure processor Download PDF

Info

Publication number
WO1998003903A3
WO1998003903A3 PCT/IB1996/001507 IB9601507W WO9803903A3 WO 1998003903 A3 WO1998003903 A3 WO 1998003903A3 IB 9601507 W IB9601507 W IB 9601507W WO 9803903 A3 WO9803903 A3 WO 9803903A3
Authority
WO
WIPO (PCT)
Prior art keywords
command
secured
secure processor
primitives
security module
Prior art date
Application number
PCT/IB1996/001507
Other languages
French (fr)
Other versions
WO1998003903A2 (en
Inventor
John Sheets
Marius Carloganu
Original Assignee
Verifone S A
John Sheets
Marius Carloganu
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verifone S A, John Sheets, Marius Carloganu filed Critical Verifone S A
Priority to AU42169/97A priority Critical patent/AU4216997A/en
Priority to PCT/IB1996/001507 priority patent/WO1998003903A2/en
Publication of WO1998003903A2 publication Critical patent/WO1998003903A2/en
Publication of WO1998003903A3 publication Critical patent/WO1998003903A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Multi Processors (AREA)

Abstract

A method and apparatus for operating a set of resources under the control of a secure processor, e.g. security module, having a command authentication means and a command execution means, to achieve secure control of the resources. The secure processor stores a set of command primitives for functional control of the resources. A set of defined commands for invoking command primitives has either a secured command format including a command sequence ID, a command code, and a set of command data items or a non-secured command format including a command code and a set of command data items. The secure processor stores a command set up table including command type flags to designate each command as a secured command or a non-secured command. An application program running in an external device includes a plurality of the defined commands in either secured command format or the non-secured command format and these are sent one at a time to the secure processor for execution. The secure processor looks up each received command in the command set up table, and if the command is a non-secured command it immediately executes associated command primitives. If the command is a secured command, the secure processor tests both its authenticity and regularity and only executes the associated command primitives if the command passes both tests.
PCT/IB1996/001507 1996-07-23 1996-07-23 Method and apparatus for operating resources under control of a security module or other secure processor WO1998003903A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU42169/97A AU4216997A (en) 1996-07-23 1996-07-23 Method and apparatus for operating resources under control of a security module or other secure processor
PCT/IB1996/001507 WO1998003903A2 (en) 1996-07-23 1996-07-23 Method and apparatus for operating resources under control of a security module or other secure processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB1996/001507 WO1998003903A2 (en) 1996-07-23 1996-07-23 Method and apparatus for operating resources under control of a security module or other secure processor

Publications (2)

Publication Number Publication Date
WO1998003903A2 WO1998003903A2 (en) 1998-01-29
WO1998003903A3 true WO1998003903A3 (en) 1998-04-30

Family

ID=11004512

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB1996/001507 WO1998003903A2 (en) 1996-07-23 1996-07-23 Method and apparatus for operating resources under control of a security module or other secure processor

Country Status (2)

Country Link
AU (1) AU4216997A (en)
WO (1) WO1998003903A2 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB9922665D0 (en) * 1999-09-25 1999-11-24 Hewlett Packard Co A method of enforcing trusted functionality in a full function platform
MX2014005691A (en) * 2011-11-14 2014-08-22 Vasco Data Security Inc A smart card reader with a secure logging feature.
IT201700050086A1 (en) 2017-05-09 2018-11-09 St Microelectronics Srl SAFETY HARDWARE MODULE, ITS PROCESSING SYSTEM, INTEGRATED CIRCUIT, DEVICE AND PROCEDURE
CN110825534B (en) * 2019-09-18 2023-11-28 深圳云盈网络科技有限公司 Method for realizing inter-module communication MSG command set

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0421409A2 (en) * 1989-10-06 1991-04-10 International Business Machines Corporation Transaction system security method and apparatus
US5218701A (en) * 1989-12-06 1993-06-08 Fujitsu Limited Command file processing and authorizing system and method with variable access levels
WO1994007219A1 (en) * 1992-09-11 1994-03-31 International Verifact Inc. Combination pin pad and terminal
WO1997005551A1 (en) * 1995-07-31 1997-02-13 Verifone, Inc. Method and apparatus for operating resources under control of a security module or other secure processor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0421409A2 (en) * 1989-10-06 1991-04-10 International Business Machines Corporation Transaction system security method and apparatus
US5218701A (en) * 1989-12-06 1993-06-08 Fujitsu Limited Command file processing and authorizing system and method with variable access levels
WO1994007219A1 (en) * 1992-09-11 1994-03-31 International Verifact Inc. Combination pin pad and terminal
WO1997005551A1 (en) * 1995-07-31 1997-02-13 Verifone, Inc. Method and apparatus for operating resources under control of a security module or other secure processor

Also Published As

Publication number Publication date
WO1998003903A2 (en) 1998-01-29
AU4216997A (en) 1998-02-10

Similar Documents

Publication Publication Date Title
CA2228014A1 (en) Method and apparatus for operating resources under control of a security module or other secure processor
WO2004013734A3 (en) Method and system for executing applications on a mobile device
WO1998026349A3 (en) Method, system and data structures for computer software application development and execution
PT910819E (en) PROCESS AUTOMATION SYSTEM
AU3512800A (en) System, method and computer program product for allowing access to enterprise resources using biometric devices
JPS6464033A (en) Data processing system
WO2002015998A3 (en) Method and apparatus for software authentication
EP0710934A3 (en) Methods and systems for performing article authentication
WO2002033570A3 (en) Digital signal processing apparatus
KR950033865A (en) Apparatus and method for time-sharing a microprocessor between a computer and a modem
GB2326494A (en) A method of performing different data type operations that is invisible to various operating system techniques
CA2365315A1 (en) Method for permitting debugging and testing of software on a mobile communication device in a secure environment
WO2001088666A3 (en) Method and apparatus for automatically deploying data and simultaneously executing computer program scripts in a computer network
CA2258252A1 (en) Delta model processing logic representation and execution system
CA2208135A1 (en) Method, computer program product, and data structure for validating creation of and routing messages to file objects
WO1999044115A3 (en) Per-method designation of security requirements
WO1999049431A3 (en) Apparatus and method for providing transaction services
WO1996010224A3 (en) Mechanism for linking together the files of emulated and host system for access by emulated system users
WO2004090802A3 (en) Card device resource access control
WO2001044971A3 (en) Method and apparatus to invoke computer commands from within a mark-up language document
WO1999021094A3 (en) Reconfigurable secure hardware apparatus and method of operation
GB2382705A (en) System and method for on-line service creation
WO1998003903A3 (en) Method and apparatus for operating resources under control of a security module or other secure processor
CA2016396A1 (en) Initial program load (ipl) based on an object abstraction for a data processing system
WO1998000770A3 (en) Encryption enhancement system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AU AZ BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL IS JP KE KG KP KR KZ LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 98506729

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: CA

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载