[go: up one dir, main page]

WO1999035553A1 - Jeton cryptographique - Google Patents

Jeton cryptographique Download PDF

Info

Publication number
WO1999035553A1
WO1999035553A1 PCT/GB1999/000079 GB9900079W WO9935553A1 WO 1999035553 A1 WO1999035553 A1 WO 1999035553A1 GB 9900079 W GB9900079 W GB 9900079W WO 9935553 A1 WO9935553 A1 WO 9935553A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
host computer
decryption
data
cryptographic
Prior art date
Application number
PCT/GB1999/000079
Other languages
English (en)
Inventor
Nicholas Benedict Van Someren
Original Assignee
Ncipher Corporation Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ncipher Corporation Limited filed Critical Ncipher Corporation Limited
Priority to AU19787/99A priority Critical patent/AU1978799A/en
Publication of WO1999035553A1 publication Critical patent/WO1999035553A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • the present invention relates to cryptographic tokens, and particularly to cryptographic tokens used in conjunction with computer systems.
  • a cryptographic token is a device which is operative to carry out a cryptographic operation using secret data embedded in the token. Such a device can be used for authentication, the provision of a digital signature, or general encryption and decryption operations. It can be useful in financial and commercial transactions, which increasingly are controlled by computer, requiring some form of reliable authentication of the user to ensure that transactions are properly authorised.
  • cryptographic tokens are used in conjunction with a host computer which has its own cryptographic capability and which is able to carry out some form of interpretation of the information provided by the token.
  • Cryptographic tokens may have to be placed in a slot in a host computer. On entry into the slot, conductive pads on the card engage with complementary contacts in the slot, so as to provide a direct physical contact. Although such an arrangement is technically satisfactory, it requires the user to perform the steps of inserting the card into the slot, waiting for processing of the card to cease, and removing the card from the slot. A user may wish to perform a number of operations using the token and, for convenience, may leave the token inside the slot until all of the operations are completed. At the end of use of the system, the user may forget to remove the token from the slot, rendering the system open to unauthorised use by a third party. Furthermore, the added steps involved in such a procedure may lead to the procedure being considered too inconvenient for efficient operation of the host system. That may lead to the operator of the host system ignoring the use of the token.
  • a data encryption/decryption device for a host computer comprising encryption/decryption means for performing encryption/decryption operations on data to be used by the host computer and communication means for wireless communications with the host computer, wherein data from the host computer for encryption/decryption is received via the communication means and encrypted/decrypted by the encryption/decryption means, and the encrypted/decrypted data is transmitted back to the host computer via the communication means.
  • the device according to the invention is particularly advantageous, in that it provides a host system with external cryptographic processing, that is to say, the host system does not need or may not have its own cryptographic capability.
  • any host system such as a standard PC, so long as it is capable of establishing a communications link with the device, can take advantage of its cryptographic processing.
  • the host system can rely upon the device for encryption of data which it wishes to send securely through an insecure network or it can rely on the device to decrypt encrypted data which it has received through a network. In either case, no further interpretation of the data needs to be carried out by the host system.
  • all the cryptographic processing is done within the device, which is where the cryptographic information or keys are stored. Using the keys where they are stored is of benefit because having to move the keys around with the data, as in the case of prior art systems, means increased opportunity for interception and deciphering.
  • FIG. 1 is a schematic view of a cryptographic security system in accordance with a preferred and specific embodiment of the invention.
  • a host computer 10 such as an IBM compatible personal computer with no cryptographic capability has a central processor 12 and is provided with an integrated infra-red interface 14, adapted to establish an infra-red communications link with an external device.
  • the interface 14 is hard-wired 16 with the central processor 12, and can be implemented physically by a card inserted into one of the bays commonly provided inside a personal computer for cards such as modems, graphics cards or the like, or encapsulated in a package the same dimensions as a standard disk drive, for insertion in a bay provided for additional disk drives in the host computer 10.
  • the interface can be implemented directly on the motherboard normally provided in a personal computer.
  • the package in which the interface 14 is provided is tamper evident and/or access resistant.
  • a personal security token 20 comprises an encryption/decryption module 22, which in use is operative to perform one or more encryption/decryption operations, and an integrated infrared interface 24 compatible with the interface 14 of the host computer 10.
  • the interface 24 is hard- wired 26 with the encryption/decryption module 22.
  • the interfaces 14, 24 are operative to establish a wireless communications link 30 between the host computer 10 and the personal security token 20.
  • the encryption/decryption module 22 is operative to encrypt un-encrypted data received from the host computer 10 on the wireless communications link or to decrypt encrypted data received from the host computer 10. In either instance, the encryption/decryption is performed using at least one key stored within the encryption/decryption module 22.
  • the encrypted/decrypted data is transmitted to the host computer 10 on the wireless communication link 30, and the data is used by the host computer 10, for example, for onward transmission to another host or to update/modify software stored in the host computer.
  • the encryption/decryption operations performed by the encryption/decryption module 22 are preferably performed in conjunction with software or hardware embedded in the host computer 10.
  • the personal security token 20 is in the form of a "credit card" size piece of plastics material, but it may also be embodied on a badge, pendant or a signet-type ring. It may be attached to the person with a flexible member such as a lanyard.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

Cette invention concerne un dispositif de cryptage/décryptage (20) de données qui est destiné à un ordinateur hôte (10) et qui comprend un module de cryptage/décryptage (22). Ce module (22) est câblé à une interface infrarouge (24) capable de communiquer avec une autre interface infrarouge (14) se trouvant au niveau de l'ordinateur hôte (10). Le dispositif (20) va crypter/décrypter des données reçues de l'ordinateur (10) puis les retransmettre vers l'ordinateur (10), tout ceci par l'intermédiaire de la liaison de communication infrarouge sans fil. Ce dispositif (20) se présente sous forme d'un jeton ayant la taille d'une carte de crédit.
PCT/GB1999/000079 1998-01-10 1999-01-11 Jeton cryptographique WO1999035553A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU19787/99A AU1978799A (en) 1998-01-10 1999-01-11 Cryptographic token

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9800443.5 1998-01-10
GB9800443A GB9800443D0 (en) 1998-01-10 1998-01-10 Cryptographic token

Publications (1)

Publication Number Publication Date
WO1999035553A1 true WO1999035553A1 (fr) 1999-07-15

Family

ID=10825052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1999/000079 WO1999035553A1 (fr) 1998-01-10 1999-01-11 Jeton cryptographique

Country Status (3)

Country Link
AU (1) AU1978799A (fr)
GB (1) GB9800443D0 (fr)
WO (1) WO1999035553A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10140544A1 (de) * 2001-08-17 2003-03-06 Deutsche Telekom Ag Telekommunikationseinrichtung
DE102004056635A1 (de) * 2004-11-23 2006-05-24 MICON Verein zur Förderung der Mobilität im Internet und in Kommunikationsnetzen e.V. Verfahren zur Softwaredistribution
US8165299B2 (en) 2000-08-15 2012-04-24 Telefonaktiebolaget Lm Ericsson (Publ) Network authentication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2181582A (en) * 1985-10-11 1987-04-23 Victor Campbell Blackwell Personal identification device
GB2204971A (en) * 1987-05-19 1988-11-23 Gen Electric Co Plc Transportable security system
WO1993009621A1 (fr) * 1991-10-31 1993-05-13 Kwang Sil Lee Systeme electronique d'identification a telereponse automatique, et procede associe
WO1996034333A1 (fr) * 1995-04-26 1996-10-31 Interval Research Corporation Dispositif d'interface universel sensible au contexte

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2181582A (en) * 1985-10-11 1987-04-23 Victor Campbell Blackwell Personal identification device
GB2204971A (en) * 1987-05-19 1988-11-23 Gen Electric Co Plc Transportable security system
WO1993009621A1 (fr) * 1991-10-31 1993-05-13 Kwang Sil Lee Systeme electronique d'identification a telereponse automatique, et procede associe
WO1996034333A1 (fr) * 1995-04-26 1996-10-31 Interval Research Corporation Dispositif d'interface universel sensible au contexte

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8165299B2 (en) 2000-08-15 2012-04-24 Telefonaktiebolaget Lm Ericsson (Publ) Network authentication
DE10140544A1 (de) * 2001-08-17 2003-03-06 Deutsche Telekom Ag Telekommunikationseinrichtung
DE102004056635A1 (de) * 2004-11-23 2006-05-24 MICON Verein zur Förderung der Mobilität im Internet und in Kommunikationsnetzen e.V. Verfahren zur Softwaredistribution

Also Published As

Publication number Publication date
AU1978799A (en) 1999-07-26
GB9800443D0 (en) 1998-03-04

Similar Documents

Publication Publication Date Title
JP4703791B2 (ja) データ再暗号化装置および方法
US5623637A (en) Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US5949881A (en) Apparatus and method for cryptographic companion imprinting
US7103782B1 (en) Secure memory and processing system having laser-scribed encryption key
EP1866873B1 (fr) Procédé, système, dispositif de sécurité personnelle et produit de programme informatique pour authentification biométrique sécurisée par cryptographie
CN101196855B (zh) 移动加密存储设备及密文存储区数据加解密处理方法
US7861015B2 (en) USB apparatus and control method therein
US20010039620A1 (en) Method for protecting a memory card, and a memory card
US20090049307A1 (en) System and Method for Providing a Multifunction Computer Security USB Token Device
US7136995B1 (en) Cryptographic device
US6371376B1 (en) PCMCIA card with secure smart card reader
EP1253503A3 (fr) Protection de logiciel contre une utilisation non autorisée
JP2003506921A (ja) 保護機能を有するアダプタおよびそれを用いたコンピュータ保護システム
WO2006027723A1 (fr) Dispositif de memoire portatif et procede d'echange de donnees
US20050182934A1 (en) Method and apparatus for providing secure communications between a computer and a smart card chip
WO2013123453A1 (fr) Dispositifs, systèmes et procédés de stockage de données
CN101364187A (zh) 可对抗木马程式的双操作系统计算机
KR20010073358A (ko) 유.에스.비 포트 방식의 비밀키 보안장치
US7805611B1 (en) Method for secure communication from chip card and system for performing the same
JP2008015744A (ja) 情報記憶装置
CN107864133A (zh) 一种无线认证保密移动存储装置及加密认证方法
US20040034768A1 (en) Data encryption device based on protocol analyse
WO2000017758A1 (fr) Peripherique sur d'introduction de donnees
EP1286242A1 (fr) Système et procédé de protection d'entrée de données de sécurité
WO1999035553A1 (fr) Jeton cryptographique

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase