WO2001020463A1 - Security arrangement - Google Patents
Security arrangement Download PDFInfo
- Publication number
- WO2001020463A1 WO2001020463A1 PCT/SE2000/001811 SE0001811W WO0120463A1 WO 2001020463 A1 WO2001020463 A1 WO 2001020463A1 SE 0001811 W SE0001811 W SE 0001811W WO 0120463 A1 WO0120463 A1 WO 0120463A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- unit
- key
- lock
- arrangement
- value
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00563—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/23—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/26—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition using a biometric sensor integrated in the pass
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/28—Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00388—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
- G07C2009/00396—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method starting with prompting the keyless data carrier
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
- G07C2009/00388—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
- G07C2009/00404—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method starting with prompting the lock
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00785—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by light
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C2009/00753—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
- G07C2009/00769—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
- G07C2009/00793—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/08—With time considerations, e.g. temporary activation, valid time window or time limitations
Definitions
- the present invention relates to a security system for securing a unit or a set of information.
- the known security arrangements provide either locking using hardware or software in combination with a primary input signal.
- a first input unit e.g. fingerprint input (a biometric sensor), pin-code combined with or without an additional unit, e.g. a so-called smart-card or the like.
- a verification software which controls that a correct input (pin- code, fingerprint etcetera) is presented via an external input unit.
- the software is installed in a storage unit, such as a hard disc, which is easily accessible.
- the object of the present invention is to provide a very reliable and safe device for preventing access to equipment and/or information stored therein.
- Another object of the present invention is to provide a device, which can be combined with different units, both for locking and identity input.
- One of the advantages with the arrangement, according to the present invention, compared to known technique, is amongst others that (if applicable in a computer) no modifications of the operating system or the BIOS of the computer are needed. The fact is that such systems are easy to force, even without any greater knowledge within the area.
- a lock unit is integrated in the equipment to be protected, implying a complete safety, besides that the normal inputs and outputs of the equipment, ports, etc., do not need to be modified.
- Fig.l shows a block diagram over mam parts of an arrangement according to the invention
- F ⁇ g.2 shows a diagram over the communication between two units in the arrangement according to the invention
- Fig. 3 shows a block diagram over a first embodiment implementing an arrangement according to the invention m a computer unit
- Fig. 4 is a schematic side-view of a mobile communication unit provided with an arrangement according to the invention
- Fig. 5 is a block diagram showing another aspect of the invention.
- the device 10, according to the invention which is schematically shown in Fig.l, consists mainly of two units denoted with 11 and 12
- the first unit consists of a sensor or a key part 10 for ente ⁇ ng an identity, which performs an identification of the user
- the key part 10 may be divided in two units an input unit 13 and a key unit 14, which are preferably, but not necessa ⁇ ly, integrated in one physical unit 11
- the input umt 13 may consist of any type of arrangement, preferably by means of which a unique identification information can be entered
- a such arrangement may compnse a biometnc sensor, PLN-code reader, voice detection device, eye detection device, card reader and so on, all well known for a skilled person
- the second part consists of a lock unit 12, protecting the object 15 in question
- the key unit 14 initiates a unique communication procedure between the key part 11 and the lock part 12 Unique for the invention is that the identification of the user is directly earned out m the key part 11 and do not occur in the lock part
- a corresponding lock After registration of a user, a corresponding lock can be opened There are two possibilities to open the lock, on one hand dunng a certain preselected time penod, on the other hand permanently (if manually chosen), which however gives a poor safety If the lock has been opened under a certain time penod, the user is requested to identify himself once more when the time has lapsed
- the identity is entered, e g by pressing the fmger on a sensor (FPS), ente ⁇ ng a pine code etcetera
- FPS sensor
- ente ⁇ ng a pine code etcetera If the identification of the user is approved, an encrypted electronical message from the key unit to the lock unit is sent, whereby the locked resource or object 15 (e g a hard disc in a computer) is made available for the user
- the external unit, the key unit 14, is provided with electronics, mamly including a microprocessor 16 with a built-m and substantially protected program and data memory The latter is a precaution, enabling access to the program or stored key information for reading or copying.
- the key unit 14 there is a list of allowed users stored in the key unit 14. Maintenance of this register, such as adding new approved users, deletion of users etc., is earned out locally without communication with other units
- the key unit decides at every occasion, if the object should be protected, should be opened or locked
- the decision is normally based on an operator/user decision, l e. the key is initiated with allowed users.
- the locking may also occur on initiative of the lock unit after a certain predetermined time, if the operator despite a request, do not identify itself within a certain time.
- the key unit can be completely open and must not be protected against inf ⁇ ngement, since the computer and data store cannot be externally read outside the processor (secunty function in the processor).
- the lock unit 12 which communicates with the key unit, e.g. via a se ⁇ al connection, is mounted and protected on or in the object 15 to be locked At each attempt to access the locked object by bypassing the normal login procedure through the key part 11 will be discovered by the lock unit. Alternative steps may be initiated, i.e. inactivity for a longer time penod, warning messages, erasing data on a hard disc/storage unit etcetera.
- the communication between the key and the lock units is earned out by means of, e.g. digitally coded signals via a se ⁇ al connection.
- connection may be asynchronous and may occur with a relatively high transfer rate.
- the communication occurs with a special lock protocol, which may also comp ⁇ se known pa ⁇ ty and time controls.
- the purpose with the safety system is amongst others to prevent unautho ⁇ zed access to, for instance computers, or more specifically, access to a certain hard disc and the information therein.
- an encrypted protocol can be used in the communication between the key part 11 and the lock part 12. The probability for successful infringement depends on the length of the random number, the protected length of the key and the length of the response. It may easily be made less than, for instance 10 "18 , which practically means that it is safe for unauthorized access.
- the lock protocol is a communication procedure ensuring computer integrity of the transmission and, guarantees that unauthorized infringement of the data exchange between the units cannot occur. If the message exchange is carried out correctly, the locked object is opened and stays open, respectively. If any errors should be detected, the object is locked.
- the following message exchange may be used (see fig.2): a.
- the key unit or the key code 14 starts a verification sequence by sending a request to the lock unit, b.
- the lock unit responds with a variable random generated message, c.
- a numerical value is calculated using a special algorithm utilizing a protected key. This value, which is completely derived from the response message sent out, is stored for later use, d.
- the key unit responses with a numerical value being calculated from the received message using the same algorithm and key being used in the lock unit. This number may be used unchanged in the response, or coded in such a way that the lock unit can interpret it. If the lock unit receives a message, which contains a number being identical to, the number calculated at the transmission during step b, the authentication is considered as confirmed.
- the locked object is unlocked, or remains open, respectively. If the response does not agree, the object remains locked.
- the hidden key code may differ between the key and the lock unit (s) and between the lock units. This is possible because the key unit is initiated with additional information being specific for the connected lock unit, respectively. This enables the lock unit to return a correct response to the lock unit (as if it has access to the key code of the lock unit).
- a biometric sensor unit is used as the input unit.
- Biometric sensors involve considerable advantages for identification of persons at entrance, computer access etc. Amongst the advantages, the speed can be mentioned, an extremely high degree of security for the identification and also above all no problems with forgotten passwords or password, which have fallen into the wrong hands.
- the sensor part performs a biometric identification of the fingerprints of the user. When the identification of the fingerprints of the user is approved, an encrypted message is sent from the key unit to the lock unit, whereby the locked resource is made available to the user.
- Registers of allowed fingerprints are in the key unit. Maintenance of this register, i.e. adding new approved fingerprints, removing fingerprints etc., is done locally without any communication with other units.
- the sensor unit may be provided with indication means, such as two light-emitting diodes, a red one and a green one, for facilitating registration and deregistration of fingerprints.
- indication means such as two light-emitting diodes, a red one and a green one, for facilitating registration and deregistration of fingerprints.
- the diodes indicate whether the lock is closed or opened, and also the status at the registration/removal of fingerprints.
- the first non-limiting example, shown in fig. 3, relates to a hard disc unit 30 (or another memory unit or storage unit) in a computer unit provided with a fingerprint sensor 31 or a biometric sensor, i.e. an add-on unit.
- An add-on is one of many applications of the lock system according to the invention.
- an add-on unit is meant a standard unit, such as a hard disc, which has been provided with a lock unit and which is connected to a computer unit (or the like) via a special electrical arrangement, which are located on, for instance a controller board 32 (insert card to the computer, such as ISA, PCI or the like).
- the electronic comprises of the key unit and also applications for communication with the soft ware in the computer via said data bus.
- a sensor 31 or alternatively other identification equipment is connected directly or via, e g IR or radio (Bluetooth) or the like
- a standard hard disc is modified to work together with the lock device according to the invention This implies that it is provided with an internally mounted lock system and which is through hardware prevents the disc from accessing data
- An appropnate procedure depends on the unit (disc) construction.
- Lock-functions are obtained by means of the key unit and lock unit, respectively.
- the fmgerpnnt sensor is connected through a cable and switch to the interface of the controller unit, on which the key unit is applied.
- the lock unit is arranged on the hard disc.
- the program may amongst others pre-warn about the locking of the hard disc. Moreover, the locking can be earned out from the software.
- Vm which is through the contact
- the switch can be disconnected and Vm, which is through the contact, is instead connected to the controller card. From there it is connected further to the fmgerpnnt sensor. In this way the fmgerpnnt sensor is always switched on.
- An approved log in gives a signal from the controller card to the motherboard replacing the ordinary button pressing.
- Locking may be initiated in several ways:
- Unlocking can normally be earned out in one way, namely by providing a correct fmgerpnnt. If the person/persons who has/have registered their fmgerpnnt/s is/are not available when the disc must be unlocked, there is a possibility for, e.g the system manager or the secu ⁇ ty responsible unlock the unit by using an especial code. This must be a sufficiently complicated code to prevent practically any access
- An attempt made to force lock by providing false signals to the hard disc may result in locking it for further access attempts, for instance du ⁇ ng a certain time penod or until a responsible person has reset the lock function
- the fmgerpnnt sensor may also be completed with other locking devices, for instance smart cards.
- the add-on unit is completely compatible with a standard hard disc.
- the system may be arranged as a remote control combined with a mobile telephone, as a code-provider unit.
- Data code generator for non-recurrent codes for accesses to computers, alarm systems, car locks, passage systems etcetera.
- Transaction codes via telephone systems, GSM, WAP or the like may occur.
- the unit according to the invention, unlocks the unit and after that it is possible to choose the type of action.
- the client may be provided with a sensor/key unit according to the invention.
- the client unit is provided with an embedded unique pin-code and a special algo ⁇ thm
- the pm-code may be of the type being used at credit or bankcard applications, but slightly more advanced.
- the same pin-code can also be stored m the key unit being used by the client.
- the pm-code may be changed by means of special terminals on the bank.
- the same unique code can be associated with the account number of the client.
- the function may be desc ⁇ bed in more detail, according to the following steps: the client contacts the bank by means of a computer program installed in his computer and enters his account number, - the bank issues a reply compnsmg an identification part, lock-data and so on, the client selects the type of transaction and fills in the amount and so on and venfies the transaction, - the program transmits a locking transaction, according to the above desc ⁇ ption, and also transaction data compnsmg, for instance amount, account number, time stamp and so on, a reply is received only if the lock unit has received the nght identification from the key unit; the response may comp ⁇ se identity, va ⁇ able locking/unlocking data and also transaction data, and is sent to the bank.
- the transaction data (for instance the sum) and authentication of the performer of the transaction is verified at the same time.
- the bank uses the algorithm, as mentioned before, together with the pin-code of the client for verifying the response, and if co ⁇ ect response can be urged of the incoming responses and transaction data, which assures that nothing has been changed after the biometry control, the transaction is accepted and the client is informed.
- the user may be provided with a key unit arranged with, for instance a biometric sensor or the like.
- the key unit of the user is provided with a unique identification in form of a check sum or the like.
- the same unique identification can be associated with the accounting number of the user at the bank.
- the bank is arranged with controlling means for verification of correct transaction request in the same way as above. In this case, the verification and the transaction are first performed by the bank and then to the seller, in the same way as above.
- the invention is used in a mobile unit, such as a mobile telephone, shown in Fig. 4.
- the security arrangement 40 consists of two relative each other pivoting parts 41 and 42 (according to this example), where the part 42 comprises a connector 43 for connection to the communication port (not shown) of the telephone 44.
- the device comprises a sensor unit 45, such as a biometric sensor and the like and corresponding electronics and memory arranged on the second part 41.
- the electronics can be powered by the power source of the telephone.
- the connection part is connected to the telephone and the sensor part 41 is attached onto the backside of the telephone, for instance over its battery. When connected, the telephone can be used as a control or key unit, according to the above description.
- the telephone can only be accessed if the right person verified via the sensor uses the telephone, which also can be used for controlling other units, for instance when payments over the telephone network, remote controlling, opening doors, access to computers (for instance via the IR interface), etc.
- the lock unit can be implemented in the telephone.
- Radio add-on i.e., a memory unit, for instance a hard disc, provided with a biometric or transponder card reader.
- Lock unit for portable equipment (hand-held computers), only operating when a certain transponder is in the vicinity.
- the transponder can for instance be built in the wristwatch.
- the wristwatch may be provided with a biometric sensor communicating with the hand-held computer via IR or RF.
- the lock device may be built inside a remote control for ensuring that only one authorized user can obtain access to the remote-controlled equipment.
- encryption can be carried out by means of a public key while decryption by means of a private key being verified with regard to the right person using a biometric sensor.
- the invention is not limited to use of a key or lock unit, but combinations of several key and lock units where one or several key/lock units cooperate may also occur.
- the block diagram in figure 5 shows such arrangement, in which L 1 -L 5 denote lock units and K and K denote key units.
- a key unit, for instance Kj may be arranged to open a number of lock units, for instance L ⁇ -L 4 , while K 2 opens L and L 5 .
- the term open means also access to different resources and information.
- the communication between lock units and between lock units and key units can be carried out via radio, Internet (or other networks), IR and so on, preferably decrypted according to the description above.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Lock And Its Accessories (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP00966636A EP1228433A1 (en) | 1999-09-17 | 2000-09-18 | Security arrangement |
JP2001523973A JP2003509771A (en) | 1999-09-17 | 2000-09-18 | Security equipment |
AU76954/00A AU7695400A (en) | 1999-09-17 | 2000-09-18 | Security arrangement |
US10/063,068 US20030014642A1 (en) | 1999-09-17 | 2002-03-15 | Security arrangement |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15439599P | 1999-09-17 | 1999-09-17 | |
US60/154,395 | 1999-09-17 | ||
SE0001687-3 | 2000-05-05 | ||
SE0001687A SE526732C2 (en) | 1999-09-17 | 2000-05-05 | Security arrangement for ensuring access to device such as portable computer, has key unit with input and communication units to identify user before key unit accepts locking-unlocking |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/063,068 Continuation US20030014642A1 (en) | 1999-09-17 | 2002-03-15 | Security arrangement |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001020463A1 true WO2001020463A1 (en) | 2001-03-22 |
WO2001020463B1 WO2001020463B1 (en) | 2001-05-10 |
Family
ID=26655098
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SE2000/001811 WO2001020463A1 (en) | 1999-09-17 | 2000-09-18 | Security arrangement |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1228433A1 (en) |
JP (1) | JP2003509771A (en) |
CN (1) | CN1195275C (en) |
AU (1) | AU7695400A (en) |
WO (1) | WO2001020463A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002084460A2 (en) * | 2001-04-12 | 2002-10-24 | The Regents Of The University Of Michigan | Method and system to maintain portable computer data secure and authentication token for use therein |
EP1280110A2 (en) * | 2001-07-26 | 2003-01-29 | Hewlett-Packard Company | Biometric characteristic security system |
EP1293874A2 (en) * | 2001-09-06 | 2003-03-19 | Nippon Telegraph and Telephone Corporation | Authentication method, authentication system, and authentication token |
GB2417116A (en) * | 2004-08-10 | 2006-02-15 | Gw Pharmaceuticals Plc | Secure dispensing system |
US7299364B2 (en) | 2002-04-09 | 2007-11-20 | The Regents Of The University Of Michigan | Method and system to maintain application data secure and authentication token for use therein |
EP1901577A3 (en) * | 2006-09-15 | 2009-04-08 | Samsung Electronics Co., Ltd. | Apparatus and method for controlling bluetooth in portable terminal |
EP3096296A3 (en) * | 2015-05-18 | 2017-02-22 | Samsung Electronics Co., Ltd. | Binding device with embedded smart key and method for controlling object using the same |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8000502B2 (en) * | 2005-03-09 | 2011-08-16 | Sandisk Technologies Inc. | Portable memory storage device with biometric identification security |
US10181055B2 (en) | 2007-09-27 | 2019-01-15 | Clevx, Llc | Data security system with encryption |
US10778417B2 (en) | 2007-09-27 | 2020-09-15 | Clevx, Llc | Self-encrypting module with embedded wireless user authentication |
US11190936B2 (en) | 2007-09-27 | 2021-11-30 | Clevx, Llc | Wireless authentication system |
US10783232B2 (en) | 2007-09-27 | 2020-09-22 | Clevx, Llc | Management system for self-encrypting managed devices with embedded wireless user authentication |
JP5295999B2 (en) * | 2010-03-19 | 2013-09-18 | 日本電信電話株式会社 | Terminal initial setting method and initial setting device |
DE102012101876A1 (en) * | 2012-03-06 | 2013-09-12 | Wincor Nixdorf International Gmbh | PC hedge by BIOS / (U) EFI extensions |
GB2513669B (en) | 2013-06-21 | 2016-07-20 | Visa Europe Ltd | Enabling access to data |
WO2017123433A1 (en) * | 2016-01-04 | 2017-07-20 | Clevx, Llc | Data security system with encryption |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
US5668876A (en) * | 1994-06-24 | 1997-09-16 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
WO1998012670A1 (en) * | 1996-09-18 | 1998-03-26 | Dew Engineering And Development Limited | Biometric identification system for providing secure access |
US5757918A (en) * | 1995-01-20 | 1998-05-26 | Tandem Computers Incorporated | Method and apparatus for user and security device authentication |
EP0924656A2 (en) * | 1997-12-22 | 1999-06-23 | TRW Inc. | Personal identification FOB |
WO1999034554A2 (en) * | 1997-12-24 | 1999-07-08 | Koninklijke Philips Electronics N.V. | Administration and utilization of secret fresh random numbers in a networked environment |
WO1999039310A1 (en) * | 1998-01-30 | 1999-08-05 | Phelps Barry C | Biometric authentication system and method |
-
2000
- 2000-09-18 CN CNB008141908A patent/CN1195275C/en not_active Expired - Fee Related
- 2000-09-18 JP JP2001523973A patent/JP2003509771A/en active Pending
- 2000-09-18 AU AU76954/00A patent/AU7695400A/en not_active Abandoned
- 2000-09-18 WO PCT/SE2000/001811 patent/WO2001020463A1/en not_active Application Discontinuation
- 2000-09-18 EP EP00966636A patent/EP1228433A1/en not_active Ceased
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
US5668876A (en) * | 1994-06-24 | 1997-09-16 | Telefonaktiebolaget Lm Ericsson | User authentication method and apparatus |
US5757918A (en) * | 1995-01-20 | 1998-05-26 | Tandem Computers Incorporated | Method and apparatus for user and security device authentication |
WO1998012670A1 (en) * | 1996-09-18 | 1998-03-26 | Dew Engineering And Development Limited | Biometric identification system for providing secure access |
EP0924656A2 (en) * | 1997-12-22 | 1999-06-23 | TRW Inc. | Personal identification FOB |
WO1999034554A2 (en) * | 1997-12-24 | 1999-07-08 | Koninklijke Philips Electronics N.V. | Administration and utilization of secret fresh random numbers in a networked environment |
WO1999039310A1 (en) * | 1998-01-30 | 1999-08-05 | Phelps Barry C | Biometric authentication system and method |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002084460A2 (en) * | 2001-04-12 | 2002-10-24 | The Regents Of The University Of Michigan | Method and system to maintain portable computer data secure and authentication token for use therein |
US7302571B2 (en) | 2001-04-12 | 2007-11-27 | The Regents Of The University Of Michigan | Method and system to maintain portable computer data secure and authentication token for use therein |
WO2002084460A3 (en) * | 2001-04-12 | 2003-11-13 | Univ Michigan | Method and system to maintain portable computer data secure and authentication token for use therein |
EP1280110A2 (en) * | 2001-07-26 | 2003-01-29 | Hewlett-Packard Company | Biometric characteristic security system |
EP1280110A3 (en) * | 2001-07-26 | 2004-07-28 | Hewlett-Packard Company | Biometric characteristic security system |
EP1293874A3 (en) * | 2001-09-06 | 2006-08-02 | Nippon Telegraph and Telephone Corporation | Authentication method, authentication system, and authentication token |
EP1293874A2 (en) * | 2001-09-06 | 2003-03-19 | Nippon Telegraph and Telephone Corporation | Authentication method, authentication system, and authentication token |
US7299364B2 (en) | 2002-04-09 | 2007-11-20 | The Regents Of The University Of Michigan | Method and system to maintain application data secure and authentication token for use therein |
GB2417116A (en) * | 2004-08-10 | 2006-02-15 | Gw Pharmaceuticals Plc | Secure dispensing system |
EP1901577A3 (en) * | 2006-09-15 | 2009-04-08 | Samsung Electronics Co., Ltd. | Apparatus and method for controlling bluetooth in portable terminal |
US8204436B2 (en) | 2006-09-15 | 2012-06-19 | Samsung Electronics Co., Ltd. | Apparatus and method for controlling bluetooth in portable terminal |
EP3096296A3 (en) * | 2015-05-18 | 2017-02-22 | Samsung Electronics Co., Ltd. | Binding device with embedded smart key and method for controlling object using the same |
US9836900B2 (en) | 2015-05-18 | 2017-12-05 | Samsung Electronics Co., Ltd | Binding device with embedded smart key and method for controlling object using the same |
Also Published As
Publication number | Publication date |
---|---|
CN1378667A (en) | 2002-11-06 |
WO2001020463B1 (en) | 2001-05-10 |
EP1228433A1 (en) | 2002-08-07 |
AU7695400A (en) | 2001-04-17 |
JP2003509771A (en) | 2003-03-11 |
CN1195275C (en) | 2005-03-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6088450A (en) | Authentication system based on periodic challenge/response protocol | |
US8255697B2 (en) | Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks | |
US9923884B2 (en) | In-circuit security system and methods for controlling access to and use of sensitive data | |
EP0924657B2 (en) | Remote idendity verification technique using a personal identification device | |
EP0924656B1 (en) | Personal identification FOB | |
EP2774098B1 (en) | Authentication method | |
US10171444B1 (en) | Securitization of temporal digital communications via authentication and validation for wireless user and access devices | |
WO2001020463A1 (en) | Security arrangement | |
US20050235156A1 (en) | Method for automatic identification control and management | |
US9111084B2 (en) | Authentication platform and related method of operation | |
US20030014642A1 (en) | Security arrangement | |
US20020078372A1 (en) | Systems and methods for protecting information on a computer by integrating building security and computer security functions | |
JP4846367B2 (en) | Presence-based access control | |
EP1855227A2 (en) | Processing device constituting an authentication system, authentication system, and the operation method thereof | |
RU2260840C2 (en) | Protection means | |
JP4008626B2 (en) | Integrated management system for entry / exit and equipment use | |
US10645070B2 (en) | Securitization of temporal digital communications via authentication and validation for wireless user and access devices | |
WO2004055738A1 (en) | Devices for combined access and input | |
EP1480099A2 (en) | Mobile communication unit with a security arrangement | |
JP2007217903A (en) | Key, unlocking device, key device, program for key, and program for unlocking device | |
US20230418924A1 (en) | Execution device, instruction device, method executed by same, and computer program | |
JP2006097303A (en) | Key, unlocking device, key device, program for key and program for unlocking device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
AK | Designated states |
Kind code of ref document: B1 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: B1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
B | Later publication of amended claims | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10063068 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2001 523973 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000966636 Country of ref document: EP Ref document number: 008141908 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2002 2002110119 Country of ref document: RU Kind code of ref document: A |
|
WWP | Wipo information: published in national office |
Ref document number: 2000966636 Country of ref document: EP |
|
WWR | Wipo information: refused in national office |
Ref document number: 2000966636 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000966636 Country of ref document: EP |