PatentDe  


Dokumentenidentifikation EP1236201 27.12.2007
EP-Veröffentlichungsnummer 0001236201
Titel COMPUTERLESBARES MEDIUM MIT MIKROPROZESSOR ZUR LESESTEUERUNG UND COMPUTERANORDNUNG ZUR KOMMUNIKATION MIT EINEM DERARTIGEN MEDIUM
Anmelder Sun Microsystems, Inc., Palo Alto, Calif., US
Erfinder DE JONG, Eduard Karel, NL-1012 DV Amsterdam, NL
Vertreter derzeit kein Vertreter bestellt
DE-Aktenzeichen 69937581
Vertragsstaaten AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LI, LU, MC, NL, PT, SE
Sprache des Dokument EN
EP-Anmeldetag 07.12.1999
EP-Aktenzeichen 999585151
WO-Anmeldetag 07.12.1999
PCT-Aktenzeichen PCT/NL99/00748
WO-Veröffentlichungsnummer 2001043129
WO-Veröffentlichungsdatum 14.06.2001
EP-Offenlegungsdatum 04.09.2002
EP date of grant 14.11.2007
Veröffentlichungstag im Patentblatt 27.12.2007
IPC-Hauptklasse G11B 20/00(2006.01)A, F, I, 20051017, B, H, EP
IPC-Nebenklasse G06F 1/00(2006.01)A, L, I, 20051017, B, H, EP   

Beschreibung[en]
BACKGROUND OF THE INVENTION

This invention relates to computer-readable medium provided with a memory area like a CD-ROM, a floppy disk, a cassette, a CD, a mini-disk and a DVD. For the sake of simplicity, hereinafter, these media will be called "data carriers".

Such a data carrier comprises data, e.g., in the form of computer software to be loaded into a computer of a user who bought it. However, in practice, often the data available on such a data carrier can be read many times whereas the producer of the data wishes to be paid again for every new loading in another computer. Nowadays, buyers are often signing a kind of contract promising not to infringe the copyright associated with the data. However, that is not a technical hindrance to illegal copying of the data. In practice, large-scale checking of illegal copies at the premises of, especially, end-users is almost impossible.

European patent application EP 0849 734 A2 describes a DVD disk into which at the centre a transponder is physically attached or embedded. Once the DVD is input to a media player, the media player transmits an interrogation signal to the transponder. The transponder then accesses information from its memory once empowered with the interrogation signal and transmits the information back towards the media player, more particularly towards an interrogator located therein. The interrogator sends the information to a conditional access management processor (CAMP), and simultaneously instructs the player to access data at a predetermined address on the disk. The media player only plays if there is a match between the read data and a code processed by the CAMP as it provides the correct algorithm to decrypt the content of the DVD.

International patent application WO99/38162 describes a disc security chip embedded on a media recording disc, like a DVD, and a method for protecting access to content recorded on the media recording disc. The content on the disc is encrypted with a key, which is stored in encrypted entitlement control messages (ECM's) in a disc data stream. Different sections of the content of the disc are encrypted with a set of random keys. The random keys are, themselves, encrypted with a content key and then included in the ECM's.

American patent US 5,862,117 describes a compact disc comprising an annular region and a central region. In the annular region, a data storage medium is situated, while the central region is arranged with an electronic module, e.g. an integrated circuit, and an antenna. The electronic module comprises an identification code and/or decoding key for data contained in the data storage medium. The electronic module further allows contactless electromagnetic coupling with an electromagnetic wave transmitter-receiver.

International patent application WO97/41562 describes a data storage medium in the form of a (re)writable CD. The CD consists of a layer for data storage, a chip, and a CD coupling element for contact-free transmission of data between the chip and a data processing device. Examples of a CD-coupling element include a coil, an electrostatic coupling surface or an optical coupling element. By inserting the CD in a suitable CD-drive comprising a similar coupling element, data can be read out.

American patent US5,790,489 describes a compact disk including a processor, a transmission element, a charging array, a photosensitive array for generating a current in the charging array upon illumination with a laser, and a storage element. The current generated in the charging array is supplied to the storage element, which, in its turn supplies the processor with power. The processor controls the transmission element to impart an information signal to a compact disk reader, e.g. a cryptographic key.

Japanese patent application JP11161551 describes a CD-ROM provided with an antenna coil connected to an integrated circuit element. The integrated circuit element is powered by the antenna coil via electromagnetic induction and arranged to receive data signals. Key information stored in a built-in memory of the integrated circuit element is transmitted through the antenna coil to a storage medium driving device without contacting in response to the received data signals. The key information defines a procedure of decoding disk data and enables the storage medium driving device to decode read disk data.

SUMMARY OF THE INVENTION

It is an object to provide technical means that provide a strong protection against illegal copying of data on the data carrier.

The invention is defined by the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

Hereinafter, the invention will be explained with reference to some drawing which are intended to illustrate the invention and not to limit its scope.

  • Figure 1 shows a data carrier provided with a distinct microprocessor to protect its data from illegal copying, as well as a system to read data from the data carrier;
  • Figure 2 schematically shows the microprocessor embedded in the data carrier;
  • Figure 3 schematically shows an alternative data carrier with additional microprocessor;
  • Figure 4 schematically shows a possible data flow between the memory area of the data carrier, the microprocessor on the data carrier and the system arranged to read and decrypt data from the data carrier;
  • Figures 5 and 6 show flow diagrams of methods of the invention.

DESCRIPTION OF PREFERRED EMBODIMENT

The invention relates to digital data storage devices in which digital data, possibly organized in distinctly referably sections, is stored. The data may be retrieved in some form by a computer system and then used by a user. Figure 1 schematically shows some key elements. Figure 1 shows a circular shaped data carrier 1, like a CD, or CD-ROM, having data stored in a memory area 2. The data may comprise both executable codes once loaded in a computer and non-functional data, like text, music and pictures.

In accordance with the invention, the data carrier 1 is provided with a microprocessor 3. Figure 1 shows a circular antenna 4 as communication interface for a microprocessor unit not shown in figure 1. Figure 2 shows an example of the microprocessor 3 comprising a processor unit 5 connected to the antenna 4 and a memory 7. The antenna preferably comprises one or more circular loops arranged such that they are centered about the center of rotation of the data carrier 1. The memory 7 may comprise any kind of memory like RAM, ROM, EPROM, EEPROM, etc. allowing the processor unit 5 to carry out its functions.

Preferably, the processor unit 5 itself is embedded in the data carrier structure such that it is tamper-resistant. Together with memory 7, it may be implemented as a single-chip microprocessor of a similar type as used in smart cards. As shown in figure 1, in case of a circular data carrier designed to rotate during reading, like a CD or CD-ROM, the microprocessor 3 is preferably located such that its center of gravity coincides with the center of rotation of the data carrier 1.

Preferably, the data carrier comprises an embedded physical structure 9 connected to the processor unit 5. The physical structure 9 is, e.g., made of one or more wire loops, the presence of which being detectable by the processor unit 5. If the microprocessor unit 5 is disconnected from the physical structure 9, e.g., either by removing the microprocessor 3 from the data carrier 1 or by damaging the data carrier 1, the processor unit 5 will detect that and will not be able anymore to carry out its protection function anymore. To that end, the processor unit 5 may detect the resistance of wire loops. Alternatively, the physical structure 9 may have some predetermined capacitance or inductance or any kind of (complex) impedance that can be detected by the processor unit 5. With such an additional structure 9, one cannot use the microprocessor 3 anymore after having removed it from the data carrier 1. Only reverse engineering could then provide knowledge about the content of the microprocessor 3. However, this content may be unique for each different microprocessor 3 such that reverse engineering will never be worthwhile.

Figure 1 also shows a computer arrangement 11 comprising, e.g., a separate box 16 with a processor 8, a monitor 18, and input means like a keyboard 20 and a mouse 22. The box 16 also comprises a memory 14 connected to the processor 8. The memory is shown as one black box, however, it is to be understood that memory 14 may comprise any kind of memories, like RAM, ROM, EPROM, EEPROM, etc., to allow the processor 8 to carry out its normal operations.

In some embodiments, the computer arrangement 11 may comprise a smart card reader 13 connected to the processor 8 and arranged to read a smart card 15.

The processor 8 is shown to be connected to a laser unit 10 as an interface to read data from (and possibly write to) the data carrier 1. Of course, in case another kind of data carrier then a CD or CD-ROM is used, also another kind of interface 10 must be used. A groove 12 is provided to allow the laser unit 10 to move in a radial direction across the data carrier 1, as is known to persons skilled in the art.

Apart from the interface 10, the box 16 comprises another interface unit 6 that is arranged to allow the processor 8 to communicate with the processor unit 5 on the data carrier 1 when it is inserted into the box 16 to its reading position in which data may be read from the memory area 2 on the data carrier 1 by laser unit 10.

Figure 3 shows an alternative embodiment of a data carrier according to the invention. It shows a cassette 24 with tape storing data and wound around two shafts 26, 28 as is known in the art. Again, a microprocessor 3 is embedded in the physical structure of the cassette 24. Alternatively, the microprocessor 3 may be located on the small side surface of the cassette 24.

Instead of a CD/CD-ROM as shown in figure 1 or a cassette as shown in figure 3, any other known type of data carrier, such as floppy disk, may be applied to carry out the present invention.

The processor unit 5 embedded in the data carrier 1 is programmed to control read and/or write access of the processor 8 to the data carrier memory area 2. To that end, the processor unit 5 is, preferably, arranged to generate one or more secret, cryptographic keys which are, e.g., initialized at the final stages of manufacturing of the data carrier 1 with its processor unit 5. The one or more keys are, preferably, unique to the data carrier and may be simply stored in memory 7 of the microprocessor 3 or be calculated by the processor unit 5, as will be explained hereinafter. Below, for the sake of simplicity of the description, it will be assumed that only one key is used.

At least a portion of the data in memory area 2 is stored after being encrypted by the key. The processor unit 5 may be arranged to calculate the correct key based on one or more other (master) keys in memory 7 using key related data retrieved from memory area 2 on the data carrier 1. With reference to figure 4, such key related data will be read from the memory area 2 by processor 8 from the computer arrangement 11, preferably, without using any additional authorization mechanism, and then be transferred to the processor unit 5 through the communication interface 4. By using key related data stored in memory area 2 to allow processor unit 5 to calculate the necessary key using its own master key from memory unit 7, the encryption algorithms used to conceal data to be protected on the data carrier 1 can be selected to use very long keys, like in one-time pad calculations which require keys of the same length as the protected data.

When the processor 8 of the computer arrangement 11 is instructed by a user, through its input means 20, 22, to read protected (encrypted) data from data carrier 1, it will request the processor unit 5 to generate the correct key. The processor unit 5 will calculate the correct key based on the key related data as indicated above and send the key to the processor 8. As indicated in step 40 of figure 5 the processor 8 will receive this key. Then, the processor 8 reads data from the memory area 2 of data carrier 1, step 42. As shown in step 44, the processor 8 will use the key to decrypt data read from the data carrier 1 and store the decrypted data in its memory 14. Instructions as to how to communicate with the data carrier 1 may be loaded from the data carrier 1 to the processor 8 in any way known to the person skilled in the art, e.g., by loading an execute file from data carrier 1 to processor 8.

In practice, the generation of the key by the processor unit 5 will be dependent on whether or not one or more conditions have been met. This is further explained in figure 6.

One such condition may be the time period that the data in the data carrier 1 may be read and decrypted after a predetermined date loaded in memory 7 of the microprocessor 3. The data may e.g. be a demonstration computer program which may be used during three months after which decryption will automatically be blocked.

Another condition may be the maximum number of times the data may be read from data carrier 1 and decrypted by processor 8 or any other processor external to data carrier 1. To that end, the microprocessor 3 may store such a maximum number and check whether the number of times it is requested by a computer arrangement to provide the key exceeds that maximum number. For instance, in many cases an end-user is allowed to read and decrypt the data twice, i.e., once for regular purposes and once for back up. In such cases, the maximum number equals 2.

In general, as shown in figure 6, for checking the condition to be met the computer arrangement 11 and the data carrier 1 start communicating in step 50. In order to enhance security the condition is preferably checked by processor unit 5 of the data carrier 1, step 52. Only if the condition is met the processor unit 5 will generate the required key and send it to the processor 8 of the computer arrangement 11, step 54.

In order to be sure that both the key and the decryption algorithm are never entirely known to the computer arrangement protection and control over data use may be achieved by interaction between the processor unit 5 and the processor 8 such that the processor unit 5 performs additional computations necessary for the decryption algorithm. For effective operation with respect to speed of performance, such additional computations for decryption can be performed on a selected part of the data to be protected, e.g., every first 100 bytes of each retrieved 20 kbytes. To this end, figure 4 shows the situation that part of the encrypted data from the data carrier 1 is transferred to the processor unit 5 by computer arrangement 11.

Protection may further be enhanced by introducing an authentication mechanism of the user. Then, only when the user proves his/her authenticity to the processor unit 5 the latter will provide the correct key. To that end, passwords or user codes input by the user through one of the input means 20, 22 can effectively be used. Such a pass word or user code must then correspond to a password or user code stored in memory 7.

Alternatively, a password acceptance algorithm based on additional authentication data stored in the data carrier 1 may be used. Such authentication data may be read by processor 8 from the data carrier 1 and be transferred to the microprocessor 3 (see figure 4). A password input by a user may, e.g., be checked by the processor unit 5 as being valid upon checking whether or not it belongs to a dictionary of acceptable words stored as such authentication data in the data carrier 1 possibly complemented with rules for combining them, the rules being stored as an authentication key in memory 7.

User identification may also be carried out by using the smart card reader 13 and smart card 15 that belongs to a user who knows a password associated with the smart card 15 .

As a further alternative, the smart card reader 13 may be arranged to read smart card 15 provided with an electronic purse facility and the processor unit 5 may be arranged to allow decryption of data from the data carrier 1 only when a predetermined amount of money has been paid through the electronic purse. A payment facility through the Internet is another option for paying in advance of any next decryption step.

The protection mechanism illustrated above may be expanded to providing different sets of keys for different sets of data on the data carrier.

The copy of the data to be protected and loaded in the computer memory 14 may be provided with a digital watermark calculated by the microprocessor 8 during the process of loading the data into the computer 11. The calculation algorithm used by the processor 8 to provide the watermark is derived from the data carrier 1. Alternatively, either a part of or the entire watermark is calculated by processor unit 5 and sent to the processor 8. The watermark may include the time of loading, user identity information or any other information to uniquely identify a stored copy of the loaded data. The watermark may use data elements of the data itself such that the data itself will at least be partly damaged if somebody tries to remove the watermark. The watermark serves as an identifier to locate the source of illegal copies of the data.

The processor 8 is shown to be one block. However, if preferred, the processor 8 may be implemented as several sub-processors communicating with one another each dedicated to perform a predetermined task. Preferably, the processor 8 is (or the sub-processors are) implemented as a computer with suitable software. However, if desired, it (or they) may be implemented as dedicated digital circuits.

The software running on the processor unit 5 of the data carrier 1 and on the processor 8 of the computer arrangement 11 may, prior to loading, be stored on a data carrier like a CDROM or may be distributed through a telecommunication connection (for instance entirely or partly wireless) like the Internet.


Anspruch[de]
Computerlesbares Medium (1), das mit folgendem versehen ist: - einem Speicherbereich (2; 26, 28) zum Speichern von Daten - und einem eigenen Mikroprozessor (3), der folgendes aufweist: a) eine Kommunikationsschnittstelle (4) zur Kommunikation mit einer externen Computeranordnung (11), b) eine Speichereinheit (7), c) eine Prozessoreinheit (5), die sowohl mit der Kommunikationsschnittstelle (4) als auch mit der Speichereinheit (7) verbunden ist, wobei die Prozessoreinheit (5) ausgebildet ist, um zu prüfen, ob eine Bedingung erfüllt ist,

und bei Feststellung, daß diese Bedingung erfüllt ist, einen kryptographischen Schlüssel über die Kommunikationsschnittstelle (4) an die externe Computeranordnung (11) zu senden,

wobei die Daten eine erste Datenmenge aufweisen, die angeordnet ist um von der externen Computeranordnung (11) gelesen zu werden und von der externen Computeranordnung (11) unter Verwendung des kryptographischen Schlüssels entschlüsselt zu werden,

dadurch gekennzeichnet, daß

die Prozessoreinheit (5) ferner ausgebildet ist, um den kryptographischen Schlüssel für die externe Computeranordnung (11) zu berechnen, wenn festgestellt wird, daß die Bedingung erfüllt ist.
Computerlesbares Medium nach Anspruch 1, wobei die Daten eine zweite Datenmenge aufweisen, die schlüsselbezogene Daten aufweist, die notwendig sind, damit die Prozessoreinheit (5) wenigstens einen kryptographischen Schlüssel berechnen kann. Computerlesbares Medium nach Anspruch 1 oder 2, wobei der wenigstens eine kryptographische Schlüssel unter Anwendung von einmaligen Pfad-Berechnungen berechnet wird. Computerlesbares Medium nach Anspruch 1, wobei das computerlesbare Medium eine Kreisform mit einem Rotationsmittelpunkt hat und die Kommunikationsschnittstelle (4) eine Antenne ist, die um den Rotationsmittelpunkt herum symmetrisch geformt ist. Computerlesbares Medium nach Anspruch 1, wobei die zu erfüllende Bedingung die Benutzerauthentifikation ist und die Prozessoreinheit (5) ausgebildet ist zum Empfang von Authentifikationsinformation durch die Kommunikationsschnittstelle (4) und zum Feststellen der Benutzerauthentifikation auf der Basis der empfangenen Authentifikationsinformation. Computerlesbares Medium nach Anspruch 5, wobei die Authentifikationsinformation zusätzliche Authentifikationsdaten aufweist, die auf dem computerlesbaren Medium (1) gespeichert sind, wobei die Speichereinheit (7) einen Authentifikationsschlüssel speichert, um die zusätzlichen Authentifikationsdaten während der Benutzerauthentifikation zu validieren. Computerlesbares Medium nach Anspruch 1, wobei die zu erfüllende Bedingung ein Zeitraum ist, in dem die Daten entweder von der Computeranordnung (11) oder einer anderen Computeranordnung gelesen und entschlüsselt werden können, wobei der Zeitraum ein Teil der Daten ist. Computerlesbares Medium nach Anspruch 1, wobei die zu erfüllende Bedingung die maximale Anzahl von Malen ist, welche die Daten von dem computerlesbaren Medium gelesen und entschlüsselt werden können, wobei die maximale Anzahl von Malen von der Prozessoreinheit (5) überwacht wird. Computerlesbares Medium nach Anspruch 1, wobei die erste Datenmenge eine Vielzahl von weiteren Datenmengen aufweist und die Prozessoreinheit (5) ausgebildet ist, um wenigstens einen weiteren kryptographischen Schlüssel für die Computeranordnung (11) zu berechnen, um jede der weiteren Datenmengen zu entschlüsseln, wobei der wenigstens eine weitere kryptographische Schlüssel nur dann berechnet wird, wenn die Prozessoreinheit (5) die Validität von wenigstens einer weiteren Bedingung geprüft hat. Computerlesbares Medium nach Anspruch 1, wobei die erste Datenmenge für die Übertragung zu der Prozessoreinheit (5) des computerlesbaren Mediums (1) angeordnet ist und die Prozessoreinheit (5) ausgebildet ist, um wenigstens einen Teil der ersten Datenmenge unter Verwendung eines in der Speichereinheit (7) gespeicherten Entschlüsselungsschlüssels zu entschlüsseln, um entschlüsselte Daten für die Computeranordnung (11) zu liefern, wobei der weitere Entschlüsselungsschlüssel der Computeranordnung (11) nicht zugeführt wird. Computerlesbares Medium nach Anspruch 10, wobei die Prozessoreinheit (5) die entschlüsselten Daten mit wenigstens einem Teil eines digitalen Wasserzeichens versieht. Computerlesbares Medium nach Anspruch 10, wobei die Prozessoreinheit (5) ausgebildet ist, um die Entschlüsselung auf der Basis von ausführbaren Codes auszuführen, die durch die Kommunikationsschnittstelle (4) empfangen werden. Computerlesbares Medium nach Anspruch 12, wobei die ausführbaren Codes Teil der Daten sind. Computerlesbares Medium nach Anspruch 1, wobei das computerlesbare Medium mit einer physischen Struktur (9) versehen ist, die mit der Prozessoreinheit (5) verbunden ist, wobei die Prozessoreinheit (5) ausgebildet ist, um die physische Intaktheit der physischen Struktur (9) zu prüfen und den Betrieb anzuhalten, sobald die Prozessoreinheit (5) feststellt, daß die physische Intaktheit verletzt ist. System, das ein computerlesbares Medium (1) gemäß Anspruch 2 aufweist,

wobei das System ferner die externe Computeranordnung (11) aufweist, die ausgebildet ist, um mit dem computerlesbaren Medium (1) zu kommunizieren,

wobei die externe Computeranordnung (11) mit folgendem versehen ist: - einem Prozessor (8), - einer ersten Schnittstelleneinheit (10), die mit dem Prozessor (8) der externen Computeranordnung (11) verbunden ist, um mit dem Speicherbereich (2; 26, 28) des computerlesbaren Mediums zu kommunizieren, - und eine zweite Schnittstelleneinheit (6), die mit dem Prozessor (8) der externen Computeranordnung (11) verbunden ist, um mit der Prozessoreinheit (5) des computerlesbaren Mediums durch die Kommunikationsschnittstelle (4) des computerlesbaren Mediums zu kommunizieren, dadurch gekennzeichnet, daß

die externe Computeranordnung (11) ausgebildet ist, um die in der zweiten Datenmenge enthaltenen schlüsselbezogenen Daten von dem Speicherbereich (2, 26, 28) des computerlesbaren Mediums zu empfangen

und die zweite Datenmenge zu dem Mikroprozessor (3) des computerlesbaren Mediums zu übertragen, um zu ermöglichen, daß die Prozessoreinheit (5) des computerlesbaren Mediums den kryptographischen Schlüssel berechnet, nachdem festgestellt ist, daß die wenigstens eine Bedingung erfüllt ist.
System nach Anspruch 15, wobei der Prozessor (8) der externen Computeranordnung (11) ausgebildet ist, um die folgenden Schritte auszuführen: (a) Empfangen des wenigstens einen kryptographischen Schlüssels von der Prozessoreinheit (5) des computerlesbaren Mediums; (b) Lesen der ersten Datenmenge aus dem Speicherbereich in dem computerlesbaren Medium; und (c) Entschlüsseln der ersten Datenmenge unter Verwendung des wenigstens einen kryptographischen Schlüssels. System nach Anspruch 15, wobei die zu erfüllende Bedingung die Benutzerauthentifikation ist und der Prozessor (8) der externen Computeranordnung (11) ausgebildet ist, um die Authentifikationsinformation durch die Kommunikationsschnittstelle (4) zu der Prozessoreinheit (5) des computerlesbaren Mediums zu übertragen, so daß die Prozessoreinheit (5) des computerlesbaren Mediums die Benutzerauthentifikation auf der Basis der empfangenen Information feststellen kann. System nach einem der Ansprüche 15 bis 17, wobei die zu erfüllende Bedingung ein Zeitraum ist, in dem die Daten von der Computeranordnung gelesen und entschlüsselt werden können, wobei auf den Zeitraum bezogene Daten von der Computeranordnung aus dem computerlesbaren Medium lesbar und zu der Prozessoreinheit (5) des computerlesbaren Mediums übertragbar sind. System nach einem der Ansprüche 15 bis 18, wobei die zu erfüllende Bedingung die maximale Anzahl von Malen ist, welche die Daten aus dem computerlesbaren Medium gelesen werden können, wobei die Computeranordnung ausgebildet ist, um zusätzliche Daten von dem computerlesbaren Medium abzurufen, so daß die Prozessoreinheit (5) des computerlesbaren Mediums diese maximale Anzahl von Malen überwachen kann. Verfahren zum Abgeben eines kryptographischen Schlüssels von einem computerlesbaren Medium zu einer externen Computeranordnung (11), wobei das Verfahren die folgenden Schritte aufweist: a) Prüfen durch eine Prozessoreinheit (5) in dem computerlesbaren Medium, ob eine Bedingung erfüllt ist; b) wenn festgestellt wird, daß die Bedingung erfüllt ist, Senden eines kryptographischen Schlüssels über eine Kommunikationsschnittstelle (4) an die externe Computeranordnung (11), um zuzulassen, daß die externe Computeranordnung (11) eine in einem Speicherbereich (2; 26, 28) in dem computerlesbaren Medium gespeicherte erste Datenmenge unter Verwendung des wenigstens einen kryptographischen Schlüssels liest und entschlüsselt;

gekennzeichnet durch:
c) Berechnen des kryptographischen Schlüssels in der Prozessoreinheit (5) in dem computerlesbaren Medium für die externe Computeranordnung (11) nach Feststellung, daß die Bedingung erfüllt ist.
Datenträger, der mit einem Computerprogramm für ein Verfahren versehen ist, das die Schritte gemäß Anspruch 20 aufweist. Computerprogrammprodukt, das ausgebildet ist, um bei Ausführung auf einem bestimmten Mikroprozessor (3) das Verfahren auszuführen, das die in Anspruch 20 definierten Schritte aufweist. Verfahren nach Anspruch 20, das vor Schritt a) die folgenden Schritte aufweist: • Lesen einer zweiten Datenmenge aus dem Speicherbereich (2; 26, 28) in dem computerlesbaren Medium durch einen Prozessor (8) der externen Computeranordnung (11); • Senden der zweiten Datenmenge durch den Prozessor (8) der externen Computeranordnung (11) an die Prozessoreinheit (5) des computerlesbaren Mediums; wobei der Schritt c) des Berechnens des kryptographischen Schlüssels die Verwendung der zweiten Datenmenge aufweist und das Verfahren die folgenden Schritte nach Schritt c) aufweist: • Empfangen des wenigstens einen kryptographischen Schlüssels durch einen Prozessor (8) der externen Computeranordnung (11) von der Prozessoreinheit (5); • Lesen der ersten Datenmenge aus dem Speicherbereich (2; 26; 28) in dem computerlesbaren Medium durch den Prozessor (8) der externen Computeranordnung (11), und • Entschlüsseln der ersten Datenmenge unter Verwendung des wenigstens einen kryptographischen Schlüssels durch den Prozessor (8) der externen Computeranordnung (11).
Anspruch[en]
A computer-readable medium (1) provided with - a memory area (2; 26, 28) storing data - and a distinct microprocessor (3) comprising a) a communication interface (4) for communication with an external computer arrangement (11), b) a memory unit (7), c) a processor unit (5) connected to both said communication interface (4) and to said memory unit (7), said processor unit (5) being arranged to check whether a condition is met

and upon establishing that said condition is met to send a cryptographic key to said external computer arrangement (11) via said communication interface (4),

said data comprising a first data portion which is arranged to be read by said external computer arrangement (11) and to be decrypted by said external computer arrangement (11) using said cryptographic key,

characterized in that

said processor unit (5) furthermore is arranged to calculate said cryptographic key for said external computer arrangement (11) upon establishing that the condition is met.
The computer-readable medium according to claim 1, wherein said data comprises a second data portion comprising key related data necessary for the processor unit (5) to calculate said at least one cryptographic key. The computer-readable medium according to claim 1 or 2, wherein said at least one cryptographic key is calculated using one-time pad calculations. The computer-readable medium according to claim 1, wherein said computer-readable medium has a circular shape with a center of rotation and said communication interface (4) being an antenna symmetrically shaped about said center of rotation. The computer-readable medium according to claim 1, wherein said condition to be met is user authentication and said processor unit (5) is arranged to receive authentication information through said communication interface (4) and to establish user authentication based on said received authentication information. The computer-readable medium according to claim 5, wherein said authentication information comprises additional authentication data stored on said computer-readable medium (1), said memory unit (7) storing an authentication key to validate said additional authentication data during said user authentication. The computer-readable medium according to claim 1, wherein said condition to be met is period of time said data may be read and decrypted by either said computer arrangement (11) or an other computer arrangement, said period of time being part of said data. The computer-readable medium according to claim 1, wherein said condition to be met is maximum number of times said data may be read and decrypted from said computer-readable medium, said maximum number of times being monitored by said processor unit (5). The computer-readable medium according to claim 1, wherein said first data portion comprises a plurality of further data portions, and said processor unit (5) being arranged to calculate at least one further cryptographic key for said computer arrangement (11) to decrypt each of said further data portions, said at least one further cryptographic key being calculated only when the processor unit (5) has checked the validity of at least one further condition. The computer-readable medium according to claim 1, wherein the first data portion is arranged for transfer to said processor unit (5) of said computer-readable medium (1) and said processor unit (5) is arranged to decrypt at least part of said first data portion using a decryption key stored in said memory unit (7) to provide decrypted data for said computer arrangement (11), which further decryption key is not provided to said computer arrangement (11). The computer-readable medium according to claim 10, wherein said processing unit (5) provides said decrypted data with at least part of a digital watermark. The computer-readable medium according to claim 10, wherein said processor unit (5) is arranged for carrying out said decrypting based on executable codes received through said communication interface (4). The computer-readable medium according to claim 12, wherein said executable codes are part of said data. The computer-readable medium according to claim 1, wherein said computer-readable medium is provided with a physical structure (9) connected to said processor unit (5), said processor unit (5) being arranged to check physical integrity of said physical structure (9) and stop operating as soon as said processor unit (5) establishes that said physical integrity is violated. A system comprising a computer-readable medium (1) as defined in claim 2,

the system further comprising said external computer arrangement (11) arranged to communicate with said computer-readable medium (1),

said external computer arrangement (11) being provided with - a processor (8), - a first interface unit (10) connected to said processor (8) of said external computer arrangement (11) for communicating with said memory area (2; 26, 28) of said computer-readable medium - and a second interface unit (6) connected to said processor (8) of said external computer arrangement (11) for communicating with said processor unit (5) of said computer readable medium through said communication interface (4) of said computer readable medium, characterized in that

the external computer arrangement (11) is arranged to receive said key related data included in the second data portion from the memory area (2, 26, 28) of the computer-readable medium

and to transmit the second data portion to the microprocessor (3) of said computer readable medium to allow said processor unit (5) of said computer readable medium to calculate the cryptographic key upon establishing that said at least one condition is met.
The system according to claim 15, said processor (8) of said external computer arrangement (11) being arranged to carry out the following steps: (a) receiving said at least one cryptographic key from said processor unit (5) of said computer readable medium; (b) reading said first data portion from said memory area in said computer-readable medium; and (c) decrypting said first data portion using said at least one cryptographic key. The system according to claim 15, wherein said condition to be met is user authentication and said processor (8) of said external computer arrangement (11) is arranged to transmit authentication information to said processor unit (5) of said computer readable medium through said communication interface (4) to allow said processor unit (5) of said computer readable medium to establish user authentication based on said information received. The system according to one of the claims 15 through 17, wherein said condition to be met is a period of time during which said data may be read and decrypted by said computer arrangement, data relating to said period of time being readable from said computer-readable medium by said computer arrangement and transferable to said processor unit (5) of said computer readable medium. The system according to one of the claims 15 through 18, wherein said condition to be met is maximum number of times said data may be read from said computer-readable medium, said computer arrangement being arranged to retrieve additional data from said computer-readable medium to allow said processor unit (5) of said computer readable medium to monitor said maximum number of times. A method of providing a cryptographic key from a computer-readable medium to an external computer arrangement (11), comprising: a) checking whether a condition is met by a processor unit (5) in said computer readable medium; b) upon establishing that said condition is met, sending a cryptographic key to said external computer arrangement (11) via a communication interface (4) in order to allow said external computer arrangement (11) to read and decrypt a first data portion stored in a memory area (2; 26, 28) in said computer-readable medium by using said at least one cryptographic key;

characterized by:
c) calculating said cryptographic key in said processor unit (5) in said computer readable medium for said external computer arrangement (11) upon establishing that the condition is met.
A data carrier provided with a computer program for a method comprising the steps as defined as defined in claim 20. A computer program product adapted to perform, when executed by a distinct microprocessor (3), the method comprising the steps as defined in claim 20. A method according to claim 20, comprising the following steps before step a): • reading a second data portion from said memory area (2; 26, 28) in said computer-readable medium by a processor (8) of said external computer arrangement (11); • sending said second data portion to said processor unit (5) of said computer-readable medium by said processor (8) of said external computer arrangement (11); wherein said step c) of calculating said cryptographic key comprises using said second data portion, and the method comprises the following steps after step c): • receiving said at least one cryptographic key by a processor (8) of said external computer arrangement (11) from said processor unit (5); • reading said first data portion from said memory area (2; 26; 28) in said computer-readable medium by said processor (8) of said external computer arrangement (11), and • decrypting said first data portion using said at least one cryptographic key by said processor (8) of said external computer arrangement (11).
Anspruch[fr]
Support lisible par ordinateur (1) muni - d'une zone de mémoire (2 ; 26, 28) stockant des données - et d'un microprocesseur distinct (3) comprenant a) une interface de communication (4) pour communiquer avec un ensemble informatique externe (11), b) une unité de mémoire (7), c) une unité de processeur (5) reliée à ladite interface de communication (4) et à ladite unité de mémoire (7), ladite unité de processeur (5) étant agencée afin de vérifier si une condition est satisfaite

et, lorsqu'il est établi que ladite condition est satisfaite, afin d'envoyer une clé cryptographique audit ensemble informatique externe (11) via ladite interface de communication (4),

lesdites données comprenant une première partie de données qui est agencée pour être lue par ledit ensemble informatique externe (11) et d'être décryptée par ledit ensemble informatique externe (11) en utilisant ladite clé cryptographique,

caractérisé en ce que

ladite unité de processeur (5) est en outre agencée afin de calculer ladite clé cryptographique pour ledit ensemble informatique externe (11) lorsqu'il est établi que la condition est satisfaite.
Support lisible par ordinateur selon la revendication 1, dans lequel lesdites données comprennent une seconde partie de données comprenant des données liées à la clé nécessaires à l'unité de processeur (5) afin de calculer ladite clé cryptographique au moins. Support lisible par ordinateur selon la revendication 1 ou 2, dans lequel ladite clé cryptographique au moins est calculée en utilisant des calculs de chemin à temps unique. Support lisible par ordinateur selon la revendication 1, dans lequel ledit support lisible par ordinateur possède une forme circulaire ayant un centre de rotation et ladite interface de communication (4) est une antenne formée symétriquement autour dudit centre de rotation. Support lisible par ordinateur selon la revendication 1, dans lequel ladite condition à satisfaire est une authentification d'utilisateur et ladite unité de processeur (5) est agencée pour recevoir des informations d'authentification par le biais de ladite interface de communication (4) et d'établir une authentification d'utilisateur sur la base desdites informations d'authentification reçues. Support lisible par ordinateur selon la revendication 5, dans lequel lesdites informations d'authentification comprennent des données d'authentification supplémentaires stockées sur ledit support lisible par ordinateur (1), ladite unité de mémoire (7) stockant une clé d'authentification pour valider lesdites données d'authentification supplémentaires pendant ladite authentification d'utilisateur. Support lisible par ordinateur selon la revendication 1, dans lequel ladite condition à satisfaire est une période de temps pendant laquelle lesdites données peuvent être lues et décryptées par ledit ensemble informatique (11) ou un autre ensemble informatique, ladite période de temps faisant partie desdites données. Support lisible par ordinateur selon la revendication 1, dans lequel ladite condition à satisfaire est un nombre maximum de fois selon lequel lesdites données peuvent être lues et décryptées depuis ledit support lisible par ordinateur, ledit nombre maximum de fois étant surveillé par ladite unité de processeur (5). Support lisible par ordinateur selon la revendication 1, dans lequel ladite première partie de données comprend une pluralité d'autres parties de données, et ladite unité de processeur (5) est agencée afin de calculer au moins une autre clé cryptographique de façon à ce que ledit ensemble informatique (11) décrypte chacune desdites autres parties de données, ladite autre clé cryptographique au moins étant calculée uniquement lorsque l'unité de processeur (5) a vérifié la validité d'au moins une autre condition. Support lisible par ordinateur selon la revendication 1, dans lequel la première partie de données est agencée pour être transférée vers ladite unité de processeur (5) dudit support lisible par ordinateur (1) et ladite unité de processeur (5) est agencée pour décrypter au moins une partie de ladite première partie de données en utilisant une clé de décryptage stockée dans ladite unité de mémoire (7) pour fournir des données décryptées pour ledit ensemble informatique (11), ladite autre clé de décryptage n'étant pas fournie audit ensemble informatique (11). Support lisible par ordinateur selon la revendication 10, dans lequel ladite unité de traitement (5) fournit lesdites données décryptées avec au moins une partie d'un filigrane numérique. Support lisible par ordinateur selon la revendication 10, dans lequel ladite unité de processeur (5) est agencée pour effectuer ledit décryptage sur la base de codes exécutables reçus par le biais de ladite interface de communication (4). Support lisible par ordinateur selon la revendication 12, dans lequel lesdits codes exécutables font partie desdites données. Support lisible par ordinateur selon la revendication 1, dans lequel ledit support lisible par ordinateur est muni d'une structure physique (9) reliée à ladite unité de processeur (5), ladite unité de processeur (5) étant agencée pour vérifier l'intégrité physique de ladite structure physique (9) et arrêter de fonctionner dès que ladite unité de processeur (5) établit que ladite intégrité physique est violée. Système comprenant un support lisible par ordinateur (1) selon la revendication 2,

le système comprenant en outre ledit ensemble informatique externe (11) agencé afin de communiquer avec ledit support lisible par ordinateur (1),

ledit ensemble informatique externe (11) étant muni - d'un processeur (8), - d'une première unité d'interface (10) reliée audit processeur (8) dudit ensemble informatique externe (11) pour communiquer avec ladite zone de mémoire (2 ; 26, 28) dudit support lisible par ordinateur - et d'une seconde unité d'interface (6) reliée audit processeur (8) dudit ensemble informatique externe (11) pour communiquer avec ladite unité de processeur (5) dudit support lisible par ordinateur par le biais de ladite interface de communication (4) dudit support lisible par ordinateur, caractérisé en ce que

l'ensemble informatique externe (11) est agencé pour recevoir lesdites données liées à la clé incluses dans la seconde partie de données de la part de la zone de mémoire (2, 26, 28) du support lisible par ordinateur,

et transmettre la seconde partie de données au microprocesseur (3) dudit support lisible par ordinateur pour permettre à ladite unité de processeur (5) dudit support lisible par ordinateur de calculer la clé cryptographique lorsqu'il est établi que ladite condition au moins est satisfaite.
Système selon la revendication 15, ledit processeur (8) dudit ensemble informatique externe (11) étant agencé pour effectuer les étapes suivantes : (a) recevoir ladite clé cryptographique au moins de la part de ladite unité de processeur (5) dudit support lisible par ordinateur ; (b) lire ladite première partie de données provenant de ladite zone de mémoire dans ledit support lisible par ordinateur ; et (c) décrypter ladite première partie de données en utilisant ladite clé cryptographique au moins. Système selon la revendication 15, dans lequel ladite condition à satisfaire est une authentification d'utilisateur et ledit processeur (8) dudit ensemble informatique externe (11) est agencé pour transmettre des informations d'authentification à ladite unité de processeur (5) dudit support lisible par ordinateur par le biais de ladite interface de communication (4) pour permettre à ladite unité de processeur (5) dudit support lisible par ordinateur d'établir une authentification d'utilisateur sur la base desdites informations reçues. Système selon l'une des revendications 15 à 17, dans lequel ladite condition à satisfaire est une période de temps pendant laquelle lesdites données peuvent être lues et décryptées par ledit ensemble informatique, des données relatives à ladite période de temps étant lisibles depuis ledit support lisible par ordinateur par ledit ensemble informatique, et transférables vers ladite unité de processeur (5) dudit support lisible par ordinateur. Système selon l'une des revendications 15 à 18, dans lequel ladite condition à satisfaire est un nombre maximum de fois selon lequel lesdites données peuvent être lues depuis ledit support lisible par ordinateur, ledit ensemble informatique étant agencé pour rechercher des données supplémentaires depuis ledit support lisible par ordinateur pour permettre à ladite unité de processeur (5) dudit support lisible par ordinateur de surveiller ledit nombre maximum de fois. Procédé pour fournir une clé cryptographique d'un support lisible par ordinateur vers un ensemble informatique externe (11), comprenant . a) le fait de vérifier si une condition est satisfaite par une unité de processeur (5) dans ledit support lisible par ordinateur ; b) lorsqu'il est établi que ladite condition est satisfaite, le fait d'envoyer une clé cryptographique audit ensemble informatique externe (11) via une interface de communication (4) pour permettre audit ensemble informatique externe (11) de lire et de décrypter une première partie de données stockée dans une zone de mémoire (2 ; 26, 28) dans ledit support lisible par ordinateur en utilisant ladite clé cryptographique au moins ;

caractérisé par :
c) le calcul de ladite clé cryptographique dans ladite unité de processeur (5) dans ledit support lisible par ordinateur pour ledit ensemble informatique externe (11) lorsqu'il est établi que la condition est satisfaite.
Support de données muni d'un programme informatique pour un procédé comprenant les étapes définies dans la revendication 20. Produit de programme informatique adapté pour effectuer, lorsqu'il est exécuté par un microprocesseur distinct (3), le procédé comprenant les étapes définies dans la revendication 20. Procédé selon la revendication 20, comprenant les étapes suivantes avant l'étape a) : - la lecture d'une seconde partie de données depuis ladite zone de mémoire (2 ; 26, 28) dans ledit support lisible par ordinateur par un processeur (8) dudit ensemble informatique externe (11) ; - l'envoi de ladite seconde partie de données à ladite unité de processeur (5) dudit support lisible par ordinateur par ledit processeur (8) dudit ensemble informatique externe (11) ; dans lequel ladite étape c) de calcul de ladite clé cryptographique comprend l'utilisation de ladite seconde partie de données, et le procédé comprend les étapes suivantes après l'étape c) : - la réception de ladite clé cryptographique au moins par un processeur (8) dudit ensemble informatique externe (11), de la part de ladite unité de processeur (5) ; - la lecture de ladite première partie de données depuis ladite zone de mémoire (2 ; 26, 28) dans ledit support lisible par ordinateur par ledit processeur (8) dudit ensemble informatique externe (11), et - le décryptage de ladite première partie de données en utilisant ladite clé cryptographique au moins par ledit processeur (8) dudit ensemble informatique externe (11).






IPC
A Täglicher Lebensbedarf
B Arbeitsverfahren; Transportieren
C Chemie; Hüttenwesen
D Textilien; Papier
E Bauwesen; Erdbohren; Bergbau
F Maschinenbau; Beleuchtung; Heizung; Waffen; Sprengen
G Physik
H Elektrotechnik

Anmelder
Datum

Patentrecherche

Patent Zeichnungen (PDF)

Copyright © 2008 Patent-De Alle Rechte vorbehalten. eMail: info@patent-de.com