公开(公告)号：JPH10224345A

公开(公告)日：1998-08-21

申请号：JP871498

申请日：1998-01-20

Applicant: IBM

Inventor： DEINDL MICHAEL ,  HAENEL WALTER ,  SCHAAL ALBERT

IPC: G07F7/10 ,  G09C1/00 ,  H04L9/32

Abstract: PROBLEM TO BE SOLVED: To improve the freedom degree of cipher key authentication against a chip card by transferring an authentication key to the chip card and checking an electronic signature based on the authentication key of the chip card. SOLUTION: An authentication key is transferred to a chip card. The certificate which is used on the chip card based on the authentication of the cipher key has a 1st part that includes the actual data containing the cipher key and a 2nd part including an electronic signature of data received from the 1st part. The electronic signature of the 1st part that is included in the 2nd part of the certificate is checked based on the authentication key of the chip card, and the cipher key of the chip card is authenticated. When the electronic signature is checked, the signature is converted by the authentication key and the electronic fingerprint of the 1st part of the certificate is generated. Then the fingerprint is compared with a converted electronic signature.

公开(公告)号：WO2008043647A3

公开(公告)日：2008-07-17

申请号：PCT/EP2007059882

申请日：2007-09-19

Applicant: IBM ,  SCHAAL ALBERT ,  TEICH TORSTEN

Inventor： SCHAAL ALBERT ,  TEICH TORSTEN

IPC: G06F11/14 ,  G06F21/52 ,  G06F21/77

CPC classification number: G07F7/1008 ,  G06F11/00 ,  G06F11/1497 ,  G06F21/52 ,  G06F21/77 ,  G06Q20/341 ,  G07F7/084

Abstract: In order to provide protection for an application against attacks, a method is provided which defends a computer program independently of the complexity of the program. A request to invoke the application is received (1110). A process execution state is set (405) to indicate a first execution. The application is executed (420; 520; 1120) in response to the request, and application data and control information calculated by the application is stored (420, 520) while the application is executed. The process execution state is set (405, 1130) to indicate a subsequent execution. At least part of the application is executed (1140) for at least one subsequent time. Application data and control information calculated by the application during subsequent executions is compared (430; 530; 1210; 1310) with the data/information stored during first execution. The comparison is done by operation system services which are responsive to the process execution state. When the comparison shows a discrepancy in the compared application data and control information, appropriate error handling takes place.

Abstract translation: 为了防止应用程序受到攻击，提供了一种方法，它可以独立于程序的复杂性来维护计算机程序。 接收调用应用程序的请求（1110）。 处理执行状态被设置（405）以指示第一次执行。 响应于该请求执行应用程序（420; 520; 1120），并且在应用程序被执行时存储由应用程序计算的应用程序数据和控制信息（420,520）。 处理执行状态被设置（405,1130）以指示后续执行。 对于至少一个随后的时间，至少部分应用程序被执行（1140）。 在后续执行期间由应用计算的应用数据和控制信息与第一次执行期间存储的数据/信息进行比较（430; 530; 1210; 1310）。 比较由对流程执行状态作出响应的操作系统服务完成。 当比较显示比较的应用数据和控制信息存在差异时，进行适当的错误处理。

公开(公告)号：DE69909379D1

公开(公告)日：2003-08-14

申请号：DE69909379

申请日：1999-05-05

Applicant: IBM

Inventor： SCHAAL ALBERT ,  SCHERZER HELMUT ,  SCHILLING MICHAEL

IPC: G06F12/14 ,  G06F11/00 ,  G06F21/60 ,  G06F21/62 ,  G06K19/073 ,  G07F7/10

Abstract: The invention presented describes a system and procedure for protecting against the espionage of secret information. A counter is allocated to each secret piece of information, in particular codes. The counter counts the number of uses of the secret information. In this, the counter is set to a starting value. Each use of the secret data element increases the counter state by a defined value. If the counter state reaches a maximum value, the use of the secret data element will be blocked. The blocking of the secret information can, however, be avoided if a defined event occurs before the maximum value of the counter is reached which automatically resets the counter state to its starting value. Any technical, economic or organisational condition can be defined as an event. Particular advantages of the invention presented are that each code can have its own counter allocated to it. In this way, different numbers of uses can be established for each code with regard to its function. As a chip card can contain any number of codes for the most widely differing applications, the block is limited solely to the application affected. The use of the chip card is not therefore blocked as a whole. The events can be easily adapted to the widest range of security and user requirements of the respective application area.

公开(公告)号：DE69737905T2

公开(公告)日：2008-04-03

申请号：DE69737905

申请日：1997-11-21

Applicant: IBM

Inventor： DEINDL MICHAEL ,  HAENEL WALTER ,  SCHAAL ALBERT

IPC: H04L9/32 ,  G07F7/10 ,  G09C1/00

Abstract: The invention relates to a procedure for the certification of cryptographic keys for chipcards. In this procedure, a certification-key and a certificate are transferred to the chipcard. The first part of the certificate includes the cryptographic key and the second part of the certificate includes a digital signature of the first part of the certificate. The digital certificate is subsequently checked by means of the certification-key on the chipcard.

公开(公告)号：GB2324894B

公开(公告)日：2002-04-17

申请号：GB9804703

申请日：1998-03-06

Applicant: IBM

Inventor： DEINDL MICHAEL ,  HAENEL WALTER ,  SCHAAL ALBERT

IPC: G06F12/14 ,  G06F9/445 ,  G06F12/00 ,  G06F21/24 ,  G06K17/00 ,  G06K19/073 ,  G07F7/10

Abstract: The invention relates to a method of importing information, in particular application information, onto a chip card which has a memory with a directory. The information being transferred onto the chip card comprises data and code, and it is often necessary to distribute these data and the code to different files in the directory. The method of the invention establishes whether the data and the code have been placed properly in the various files. The invention makes it possible to verify whether the information has been placed in the proper location allocated to it in the memory of the chip card. When an application is to be placed onto a chip card, the information is loaded into the chip card memory but is no allowed to be used until its location on the card is verified. Verification is accomplished by calculating an electronic fingerprint of the information and it's location. The fingerprint is compared with at least one other electronic fingerprint, and the stored information is activated only if on comparison a match is established between the electronic fingerprint and at least one other electronic fingerprint.

公开(公告)号：DE19831884C2

公开(公告)日：2001-09-20

申请号：DE19831884

申请日：1998-07-17

Applicant: IBM

Inventor： SCHAAL ALBERT ,  SCHERZER HELMUT ,  SCHILLING MICHAEL

IPC: G06F12/14 ,  G06F11/00 ,  G06F21/60 ,  G06F21/62 ,  G06K19/073 ,  G07F7/10 ,  H04L9/00

Abstract: The invention presented describes a system and procedure for protecting against the espionage of secret information. A counter is allocated to each secret piece of information, in particular codes. The counter counts the number of uses of the secret information. In this, the counter is set to a starting value. Each use of the secret data element increases the counter state by a defined value. If the counter state reaches a maximum value, the use of the secret data element will be blocked. The blocking of the secret information can, however, be avoided if a defined event occurs before the maximum value of the counter is reached which automatically resets the counter state to its starting value. Any technical, economic or organisational condition can be defined as an event. Particular advantages of the invention presented are that each code can have its own counter allocated to it. In this way, different numbers of uses can be established for each code with regard to its function. As a chip card can contain any number of codes for the most widely differing applications, the block is limited solely to the application affected. The use of the chip card is not therefore blocked as a whole. The events can be easily adapted to the widest range of security and user requirements of the respective application area.

公开(公告)号：DE69737905D1

公开(公告)日：2007-08-23

申请号：DE69737905

申请日：1997-11-21

Applicant: IBM

Inventor： DEINDL MICHAEL ,  HAENEL WALTER ,  SCHAAL ALBERT

IPC: H04L9/32 ,  G07F7/10 ,  G09C1/00

Abstract: The invention relates to a procedure for the certification of cryptographic keys for chipcards. In this procedure, a certification-key and a certificate are transferred to the chipcard. The first part of the certificate includes the cryptographic key and the second part of the certificate includes a digital signature of the first part of the certificate. The digital certificate is subsequently checked by means of the certification-key on the chipcard.

公开(公告)号：DE60013518T2

公开(公告)日：2005-10-13

申请号：DE60013518

申请日：2000-07-22

Applicant: SIEMENS AG ,  IBM

Inventor： DROEGE HARMUT ,  GOTTSCHALK VOLKER ,  HAARDOERFER JUERGEN ,  SCHAAL ALBERT ,  WEINLAENDER MARKUS ,  WITZEL MARTIN ,  WOERZ DR

IPC: G07F7/10

公开(公告)号：DE19939280A1

公开(公告)日：2001-02-22

申请号：DE19939280

申请日：1999-08-19

Applicant: IBM ,  SIEMENS AG

Inventor： DROEGE HARTMUT ,  GOTTSCHALK VOLKER ,  HAARDOERFER JUERGEN ,  SCHAAL ALBERT ,  WEINLAENDER MARKUS ,  WITZEL MARTIN ,  WOERZ RAINER

IPC: G07F7/10 ,  G06F17/60

公开(公告)号：DE4321849A1

公开(公告)日：1995-01-12

申请号：DE4321849

申请日：1993-07-01

Applicant: IBM

Inventor： KLEPSER GUENTER ,  SCHAAL ALBERT

IPC: G07F7/08 ,  G06F12/14 ,  G06F21/24 ,  G07C9/00 ,  G07F7/10