Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
  • G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards

Definitions

• the present invention relates to peripheral devices of computer terminals having security functions, such as for example an authentication or identification function.
• Peripheral security devices are used in particular to access secure information, for example banking information.
• a prior control session to identify or authenticate the user is usually implemented before allowing access to that information.
• Such a control session can be based on entering a password and verifying the validity of the password entered.
• This control session can also be based on the implementation of more complex cryptography methods, such as, for example, methods used on One Time Password (OTP) calculators to generate passwords, chip or USB keys that are adapted to implement this control session automatically without the user having to memorize complex confidential identification and / or authentication information.
• OTP One Time Password
• peripheral devices are generally connected to the computer terminals according to the USB standard.
• the latter makes it possible to connect a plurality of peripheral devices to a terminal via a USB port without requiring the restart of this terminal.
• the terminal upon the physical connection of such a peripheral device via a USB bus to a terminal, the terminal automatically detects the presence of the peripheral device and can communicate with the latter when a suitable pilot software has been previously installed on the device. terminal.
• the user who wishes to have access to secure information can simply connect a peripheral security device, which is adapted to the control session corresponding to the secure information. considered, to the host terminal via a USB port, or through an adapter, for example in the case where the security device is a smart card that can not be directly physically connected to the USB port of the host terminal.
• peripheral security device in order for a peripheral security device to communicate with the corresponding application on the terminal, it is required that a suitable pilot software be previously installed on the host terminal.
• a suitable pilot software In general, such peripheral USB security devices are provided for this purpose with a specific pilot software.
• the security device can not communicate with the host terminal and, therefore, can not allow the implementation of an authentication session as required and expected in said peripheral safety device.
• Such a constraint therefore does not allow access to secure information available on a network, even if the host terminal has access to this network, when the terminal does not have the pilot software that corresponds to the peripheral security device to be used for a control session relating to said secure information.
• a first aspect of the present invention provides a peripheral security device adapted to be physically connected to a host terminal, on which is installed at least one pilot software adapted to allow communication between said host terminal and a peripheral device having a human interface; said peripheral security device comprising a microprocessor adapted to send to the terminal security data during a communication with the terminal; characterized in that said communication between said peripheral security device and the host terminal is managed at the terminal through the pilot software and simulates communication between the peripheral device having a human interface and the host terminal via the pilot software.
• peripheral device having a human interface is intended herein to mean a peripheral device of a computer terminal enabling a user to communicate with the host terminal, such as for example a keyboard, a mouse or even a joystick.
• a host terminal has such a human interface thus allowing a user to use this terminal.
• a pilot software adapted for one of these peripheral devices having a human interface is previously installed on the terminal. Under such conditions, it is advantageously possible to make a peripheral security device communicate according to an embodiment of the present invention with such a terminal easily without having to install a specific pilot software on the terminal.
• the communication between the terminal and the peripheral security device simulates a communication between a peripheral device having a human interface for which a pilot software is already installed on the terminal.
• the terminal treats the peripheral safety device as a peripheral device having a human interface and can therefore communicate with the latter via the previously loaded driver software. Thanks to these arrangements, the establishment of a communication between a host terminal and such a peripheral safety device does not require the prior installation of a corresponding specific pilot software on the host terminal, since it is the pilot software installed. for a peripheral device having a human interface which is advantageously used here.
• this peripheral security device when this peripheral security device is physically connected to the host terminal, that is to say that an output connector of the peripheral device is plugged into a connector provided for this purpose at the host terminal, the latter detects this new physical connection and determines that this peripheral device is a peripheral device having a human interface for which a pilot software is already installed.
• the security data sent to the terminal advantageously simulate information that could be transmitted by the peripheral device having a human interface.
• the host terminal is able to process the data received from the peripheral device as if these data were transmitted by the peripheral device having a human interface for which the pilot software used is installed.
• connection can advantageously be a connection according to the USB standard.
• This type of peripheral security device can be advantageously used to implement a control session in order to obtain authorization to access secure information.
• this control session can be implemented between the peripheral security device and the host terminal itself or it can be implemented between the peripheral security device and a control server, the communication between this device and the server is then realized via the host terminal.
• the security data may relate to an identification and / or authentication of a user.
• the peripheral security device may comprise a memory that stores security elements and, in this case, the security data sent to the terminal may relate to these security elements.
• the security elements correspond directly to the security data to be sent. This can be the case when the security elements correspond directly to a password to be sent during a control session. Storing a password on such a peripheral security device allows the use of complex and long passwords that are difficult to memorize by a user. It is also possible that the security elements stored in memory can generate a password type OTP (for 'One Time Password'). In this case, the security elements correspond to a password generation algorithm.
• the peripheral security device further comprises a biometric information reader and a converter of this biometric information into security data to be sent to the terminal.
• Such a peripheral device is advantageous when used for a control session which is based on biometric information.
• control sessions are well known to those skilled in the art and will not be described here.
• the peripheral device having a human interface may be one of a computer keyboard, a computer mouse and a joystick.
• the peripheral security device has an output connector which is a USB type connector.
• the peripheral device having a human interface is a computer keyboard
• the communication between said peripheral security device and the host terminal may advantageously be bidirectional.
• a computer keyboard has light emitting diodes whose state can be turned on or off and can be controlled by the terminal to which a computer keyboard is connected.
• the terminal can thus indicate in particular if the function "capital letters" is active, or if the keyboard is in digital mode.
• the transmission channel intended to transmit the controls of the state of the light-emitting diodes from the terminal to the keyboard it is possible to receive at the level of the peripheral safety device according to one embodiment of the present invention, information from the terminal.
• Such a peripheral device can therefore be used advantageously for a bidirectional control session. Under these conditions, the peripheral device security can advantageously be used for the implementation of an access control session in which the access control to secure information is performed at a server that implements a corresponding algorithm.
• the host terminal of the peripheral security device is connected to the server via a telecommunications network.
• the peripheral security device can communicate with the server via the terminal.
• the peripheral security device can thus receive from the server data after loading by the server on the host terminal of a mini application (or 'applef in English) so as to perform a control session adapted to the server in question.
• a mini application or 'applef in English
• the peripheral security device may comprise a locking module adapted to block the communication between the peripheral security device and the host terminal at the connection of the peripheral device and to allow communication on reception of unlocking information at the level of the device. the peripheral safety device.
• an additional level of security is advantageously required to implement a control session using a peripheral device according to an embodiment of the present invention.
• the user must send to the peripheral security device unlocking information to provide the required security data to the terminal or to a server via the terminal.
• the unlocking information may include a personal identification code (PIN code) for dialing. on this computer keyboard.
• PIN code personal identification code
• the peripheral security device comprises a biometric data reader and that the unlocking information corresponds to these biometric data.
• the security device further comprises an electronic micro-module comprising an electronic chip mounted on one side of an electronic medium, and a set of first electrical contacts mounted on the other side.
• said electronic medium, said set of first contacts having mechanical characteristics that correspond to those of a USB-type male connector, said micromodule being adapted to implement a USB type protocol;
• a device support comprising an end portion having a thickness and a width respectively having values between first and second respective threshold values adapted to allow the insertion of said end portion into a USB type female connector; offering second contacts; said electronic micro-module being integrated in the thickness of said end portion so that the introduction of the end portion into the USB-type female connector establishes electrical connections between the first contacts of said micro-module electronics and the second contacts of the USB type female connector.
• a security device is thus obtained in the form of a smart card, since a smart card chip is integrated into the micromodule, itself integrated on the device support. This smart card is adapted to connect directly via contacts of the micro-module as in a conventional smart card architecture.
• this smart card is adapted to connect via a USB type port since the micromodule meets the USB type connection criteria, and that it is inserted in a device holder having the size required for the introduction into a USB type female connector, as well as the format of contacts compatible with the USB standard.
• such an architecture does not require an adapter between the smart card and a USB type female connector.
• Such an architecture also has the advantage of not requiring the introduction of connecting son from a smart card chip to the conventional USB connector as is the case in a USB key provided with an electronic chip. Smartcard.
• the micro-module can be adapted to implement a USB type protocol.
• a set of first contacts may include:
• the end portion may have a thickness having a value between 2.1 mm and 2.20 mm, a width having a value between 11, 90 mm and 12.10 mm and a length having a value greater than 11, 75 mm.
• the electronic micro-module may comprise the integrated electronic chip in the thickness of the device support such that the surface of the electronic micro-module is at the same level as the surface of the face of the device support in which the micro-module electronic is inserted.
• the device holder may be of plastics material.
• a second aspect of the present invention provides a security control method from a peripheral device adapted to be physically connected to a host terminal, on which at least one pilot software adapted to allow communication between said host terminal and a peripheral device having a human interface, said method comprising the following steps:
• a third aspect of the present invention provides a security control system in a telecommunications network comprising:
• a host terminal on which is installed at least one pilot software adapted to allow communication between said host terminal and a peripheral device having a human interface;
• peripheral security device communicates with the server via the host terminal, communication between the peripheral security device and the host terminal simulating communication between the peripheral device having a human interface and the host terminal via said pilot software.
• FIG. 1 illustrates a peripheral security device according to one embodiment of the present invention and a host terminal to which this peripheral security device can connect;
• FIG. 2 illustrates a peripheral security device comprising a storage memory according to an embodiment of the present invention;
• Figure 3 illustrates a peripheral security device with a biometric reader according to an embodiment of the present invention;
• FIG. 4 illustrates a male connector and a USB type female connector
• Fig. 5-A illustrates an electronic chip device according to an embodiment of the present invention
• Fig. 5-B illustrates a sectional view of a micro-module according to an embodiment of the present invention
• Figure 6 illustrates a chip device according to an embodiment of the present invention according to a front view
• FIG. 7 illustrates an arrangement of the first contacts according to an embodiment of the present invention
• Figure 8 illustrates an electronic chip reading system according to an embodiment of the present invention.
• peripheral device having a human interface is a computer keyboard.
• An application to any other peripheral device having a human interface is easily deductible from this description.
• peripheral devices are grouped under different classes.
• a class of human interface devices (or HID class for Human Interface) can thus be cited in particular.
• FIG. 1 illustrates a peripheral security device 10 according to an embodiment of the present invention and a host terminal 14 intended to accommodate this peripheral device.
• the peripheral security device 10 has a USB connector 11 and includes a microprocessor 12.
• the host terminal 14 comprises a female USB connector 17 adapted to receive the male connector of the peripheral security device 10. This host terminal is also connected by a cable 15 to a peripheral device having a human interface 13, which is here illustrated under the shape of a keyboard.
• a driver software 16 adapted to allow communication of the keyboard 13 with the terminal is installed on this host terminal.
• the peripheral security device is then connected to the terminal 14 via the connector 17.
• the terminal detects this new connection and identifies the peripheral security device as a keyboard. Therefore, it implements the pilot software 16, already installed for the communication of the keyboard 13 with the terminal.
• the peripheral device 10 can communicate with the terminal via the pilot software 16 according to the conventional dialogue mode of a keyboard, that is to say by coding the information to send as alphanumeric characters and control characters.
• the peripheral device security is able to transmit the security data through its microprocessor 12.
• the security data can be directly stored in a memory 21, as illustrated in FIG. 2.
• the security elements of the memory can be stored in the form of characters coded according to the ASCII code of a keyboard. .
• the security elements can be directly sent.
• the peripheral security device simulates a mouse
• the password stored in a memory of this peripheral security device corresponds to a determined movement of the mouse.
• the peripheral security device 10 further comprises a converter 32 adapted for converting the read biometric information into data of the data. security simulating the characters of a keyboard.
• the peripheral security device 10 may also comprise a locking module 41 as illustrated in FIG. 3, adapted to lock the communication towards the terminal so as not to allow automatic sending of the security data before a piece of information unlocking has been received at the peripheral safety device
• the level of security advantageously increases against the authentication and / or fraudulent identifications that could be made by a person who is not authorized to use this peripheral security device.
• Unlocking information may for example relate to biometric data captured by a biometric data reader under the conditions as illustrated in FIG. 3.
• FIG. 4 illustrates a conventional USB female connector 110 and a conventional USB 100 connector.
• the female connector 100 has an opening 101 in which is positioned a bar 102 supporting 4 contacts compliant with the USB standard.
• a contact 103 corresponds to the + 5V supply
• contacts 104 and 105 correspond to differential data contacts D- and D +
• a fourth contact 106 corresponds to ground.
• the conventional USB connector 110 includes an opening 111 adapted to be inserted into the opening 101 of the female connector and to receive the bar 102.
• Contacts 113 to 116 are located on one side of this opening 111 so that when the connector is introduced into the female connector, the contacts 103-106 and the contacts 113-116 are brought into contact and thus form electrical connections.
• FIG. 5-A illustrates an electronic chip security device according to an embodiment of the present invention.
• Such a device here has a simple shape substantially rectangular. No limitation is attached to the form of such a smart security device, with the exception of the features for introducing such a device in a USB type female connector.
• a chip device according to one embodiment of the present invention may have any shape except for the end portion to be introduced into the USB female connector.
• a device support 220 which may advantageously be made of plastic as for a conventional smart card, comprises at one of its ends a micro-module 210 according to one embodiment of the present invention.
• a micro-module 210 according to one embodiment of the present invention.
• No limitation is attached to the shape of the micro-module. Indeed, it can be substantially circular or rectangular as illustrated here.
• the micro-module has a set of first contacts 230-240 which correspond to USB-type contacts, as illustrated in FIG.
• a contact 230 corresponds to the + 5V supply
• contacts 240 and 250 correspond to differential D- and D + data contacts
• a contact 260 corresponds to ground.
• the support of such a chip device has a minimum length of 11.75 mm and a width of between 11.90 mm and 12.10 mm.
• FIG. 5-B illustrates a sectional view of a micro-module 210 according to an embodiment of the present invention.
• An electronic chip 202 is mounted on an electronic copper medium 201.
• the electronic chip 202 is covered with a layer of resin 203.
• On the integrated circuit are mounted electrical contacts 204 according to an embodiment of the present invention.
• Figure 6 illustrates a chip security device according to an embodiment of the present invention in a front view.
• the micro-module is inserted into the device holder 220 so that the side edges 310 and
• the value of Y is between 0 and 0.26 mm.
• the thickness H of the device support 220 preferably has a value of between 2.1 mm and 2.20 mm.
• Fig. 7 illustrates the arrangement of a set of first contacts according to an embodiment of the present invention.
• the central axis of the two central contacts 240 and 250 is preferably remote from a central axis 40 of the set of contacts of a distance 43 which has a value between 0.95 and 1.005 mm.
• the central axis of the contacts 230 and 260 is remote from the central axis 40 by a distance 45 having a value between 3.45 and 3.55 mm.
• These contacts 230 and 260 have a length 42 of a value greater than 4.2 mm, and must be between 0.74 and 1.74 from the edge of the device carrier.
• the contacts 240 and 250 are set back from the contacts 230 and 260, with respect to the edge of the device support, of approximately 1 mm.
• FIG. 8 illustrates an electronic chip reading system according to an embodiment of the present invention.
• a system comprises an equipment or terminal 51, such as for example a computer, which is provided with a USB type female connector 100, such a terminal being adapted to communicate with a chip of a chip device according to one embodiment. of the present invention via USB type electrical connections.
• an electronic chip device according to one embodiment of the present invention can be designed based on standardized smart card technology and thereby benefiting advantageously from reduced production costs related to the large amount of electronic chips produced.
• it offers all the other advantages that are attached to this technology, particularly in terms of the security of data exchange stored on the chip.

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• Software Systems (AREA)
• General Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Mathematical Physics (AREA)
• Storage Device Security (AREA)
• Computer And Data Communications (AREA)
• Information Transfer Systems (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=39636421

Family Applications (1)

Country Status (3)

Families Citing this family (9)

Citations (2)

Family Cites Families (11)

• 2007
  • 2007-12-14 WO PCT/FR2007/052529 patent/WO2008087317A2/fr active Application Filing
  • 2007-12-14 US US12/519,308 patent/US20100031336A1/en not_active Abandoned
  • 2007-12-14 EP EP07871945A patent/EP2092452A2/de not_active Withdrawn

Patent Citations (2)

Non-Patent Citations (4)

Also Published As

Similar Documents

Legal Events