DE4015482C1 - User authenticating system for data processing terminal - contactlessly interrogates identification disc worn by user - Google Patents

Abstract

The user carries safely an identification disc on a wrist band or watch, and this can be checked without actual contact from a certain distance. A remote reader (AL) is fitted to the terminal (DE). The equipment includes also a unit (SG) for registering new recognition marks on the identification carrier (ID) and its programme and the information is also supplied to the data processing system (DV). The distance between the wrist band or watch and the remote reader is pref. less than one metre and an e.m. field is utilised for transmission purposes. ADVANTAGE - Improved security and reduction in danger of losing identification number.

Description

The invention relates to a system for authenticating the user Data setup of a data processing system, as in the preamble of Claim 1 is specified. Such a system is from a company script known to the UNINA company, in which the UNISES security system is described is. The invention further relates to an authentication system according to the preamble of claim 13.

To endanger or otherwise protect data processing systems To protect unauthorized access, so-called LOGON Process used. For this purpose, a data terminal device of the data processing system User IDs and passwords entered that the authorized Users and the system are known. The system identifies the user based on his password and granted him at the data terminal used the assigned access rights.

This method has weaknesses that make a password proportionate can easily be bypassed:

• - Simple passwords are easy to uncover; protecting the system from unauthorized users are not guaranteed.
• - Effective and therefore long passwords are easy for the authorized user to forget. Therefore, these are often recorded in writing and can also be revealed.
• - Users who have forgotten their "password" identifier are available System services not available in critical situations.
• - The process of the LOGON is time consuming and distracts the user from the actual use of the system.  
• - Passwords can be entered via the keyboard by watching the Fingers are spied out.

The shortcomings listed make the authorized use of the Data processing system inconvenient. This often results in the restricted or inadequate use of the available security mechanisms.

The existing security deficiencies have led to considerations like the Data security when using a data device is fundamentally improved could be. The UNISES security system mentioned at the beginning does without the manual entry of passwords and authenticates the user of a personnel Computer automatically. The device consists of an integrated circuit, built into the personal computer and with powerful encryption functions is provided, as well as from a small radio frequency transmitter, which in a Bag of the user is carried and actively emits a personal identifier. The radio frequency transmitter has a range of 5 meters and the radio connection itself is already protected by encryption algorithms. If the Personal computer identifies an authorized user, then the identifier transferred from the identification medium into the encryption chip and it In addition to the standard functions of the personal computer, there are also the protected ones Data areas available. The authentication is repeated continuously. When the user leaves his workplace, the personal computer runs normal data processing continues; however, it blocks all access to the input devices (for example to the keyboard).

This authorization procedure already fulfills some of the conditions imposed on a user improved data protection must be provided. In particular, the distinction between authorized and unauthorized persons without the Access-entitled users cumbersome and time-consuming entry procedures must make. If the authorized user moves away, the personnel Computer automatically blocked in its security-sensitive functions. A disadvantage of the known method is the active, ie. H. battery powered and therefore not maintenance-free and comparatively voluminous transmitters. The disadvantage is further that the unknown method is not open to further authentication steps, which become more important the larger the data processing system, to which the data terminal is connected.  

From the IBM Technical Disclosure Bulletin, February 1989, p. 223 and from Funkschau 13/1986, pp. 24-29, small, passive identification carriers are known.

The invention has set itself the task of a non-contact Authentication procedure of the required kind protecting personal To further improve user identification against loss or spying. These Task is by the characterizing features of claim 1 in Released with the generic characteristics. A secondary expression of the inventive concept is specified in claim 13.

The identification carrier according to the invention is passive, maintenance-free and not larger than 3 × 15 × 20 mm. In the system according to the invention, the user identification can on the identification medium are changed frequently, for example daily. For this the user IDs are issued by a body that the user daily clearly identified on the basis of other characteristics. The new user ID will generated by a writing device installed at the issuing point and in connection with the personal authentication by the issuing body automatically transmitted to the system. The writing instrument can be used with one of the The distance reader can be combined using the identifier from the identification carrier reads out and forwards to the data terminal device.

For the daily authentication of the user when the identifier is adopted biometric identification methods are used that are too costly would be if they were used for each data terminal. For example biometric identification can automatically evaluate the signature be. In a typical application example, a data processing user enters the company building of his company and shows his signature at the entrance out. Instead of an automatic evaluation of the signature, there is also one personal identification into consideration. He then receives an identification medium or, if he already has one, a new identifier for use of the in-house data processing system. The identifier is from one Writing device programmed and together with the identity of the user to the Data processing system reported. The system gives the day identifier of this If necessary, users to additional subsystems to be used.

The identification medium is hard to lose with the user near the Wrist connected. For example, the identification carrier on one  Bracelet can be clamped; but it can also be put into a watch, a bangle or even a finger ring. After taking over the Identification carrier or the new identifier, the user goes to his Workplace. The data terminal device recognizes the user on the basis of the identifier in the identification medium. For this purpose there is a distance reader in the data terminal device built-in, which clearly identifies every user in the vicinity of the data terminal equipment identified. The distance reader is controlled by a special program, which automatically and automatically logs in for the identified user Triggers process via the data terminal device. The user can without delay start working in the data processing system. The login process In cases where a fully automated process does not make sense,  can also be actively initiated by the user. The LOGON process is on displayed on the data terminal equipment.

When communicating between the data terminal equipment and the computer during the LOGON cryptographic processes are used to uncover make user identification more difficult by listening to lines.

The authentication of the user working at the data terminal device is repeated periodically or continuously. During the day, the user leaves often for different lengths of time his job. The authentication device recognizes this and immediately blocks the time of absence Input and / or output of the data terminal equipment for longer absences a LOGOFF is carried out. For this purpose the authentication of the users working at the data terminal device periodically or continuously repeated. The user leaves the effective range of the distance reader is a maximum of one meter, the control program of the Distance reader, for example, the keyboard is locked or the screen is dark keyed. The blocking continues until the user is again in the effective range the distance reader returns or by a timer of the Control program the user logging off the system is triggered.

The various locking functions of the data terminal device can also are triggered if an unauthorized user is in the sphere of influence of the Distance reader comes. For this purpose, additional sensors may have to be used not described here.

If users change at a data terminal during the day, then for the respective authorized user immediately carried out a new LOGON. However can the former user by triggering a locking function of the distance reader prevent this process, for example to give an employee an input or output process to show directly at the data terminal.

At the end of the working day, the user gives his identification medium or his ID back to the central issuing office, whereby its ID is queried and the data processing system is informed that this identifier is invalid.

The distance reader basically consists of a transmitting and receiving coil as well an electronic assembly. Typically, at least the broadcast and Receiver coil placed very close to the input keyboard. Surrounds in operation they deal with a low frequency alternating magnetic field, the range of which  typically 5-20 cm. The alternating magnetic field reacts to the Presence of the identification carrier, for example on the wrist of the front the user sitting on the screen and touching the keyboard.

The invention is described in more detail with reference to the drawing sheets with FIGS. 1-6. It shows

Fig. 1: The main components of the authentication system according to the invention

Fig. 2 shows a block diagram of the identification carrier, while it is located in the alternating magnetic field of the writing instrument

Fig. 3: three different designs of the identification carrier

Fig. 4: a block diagram of the distance reader

Fig. 5: a possible design of the distance reader

Fig. 6 is a flow chart of the program used in the query distance reader.

In Fig. 1, DE denotes a data terminal device which is connected to a data processing system DV, typically a centrally located computer. In this exemplary embodiment, a personal computer is provided as the data terminal device; however, it can also be a so-called work station or a simple terminal. In the illustrated embodiment, a screen is on the central unit of the personal computer, while a keyboard TA is located in front of the central unit in the usual way. A distance reader AL is arranged close to the data terminal DE and electrically connected to it. In the illustrated embodiment, a distance reader AL is arranged. In the illustrated embodiment, the transmitting and receiving coil 13 of the distance reader AL is acted on the desk pad in front of the keyboard TA. The transmitting and receiving coil 13 is connected via a connecting line 12 to an electronic module 2 of the distance reader AL, which occupies a slot of the personal computer as a specific processor card including the associated security program. However, the electronic assembly 2 can also be installed together with the transmitting and receiving coil 13 in a shim which is also located in the vicinity of the keyboard TA. In this case, the distance reader AL is connected to the personal computer via an external interface.

An identification carrier is indicated by the reference symbol ID inevitably within the range of the magnetic alternating field of the distance reader AL stops when a user of the data terminal device DE has it on his wrist or attached near your wrist. With ZS is a distance reader AL alternative additional sensor indicated, which makes it possible as an option Include mouse control in the protected input functions.  

The identification carrier ID is worn by the user, for example in the form of a watch or a bracelet. In the exemplary embodiment shown, the user identification for the LOGON takes place as soon as the identification carrier ID is located directly above the transmitting and receiving coil 13 of the distance reader AL. The maximum query distance is typically less than 20 cm. The predetermined distance at which it is still possible to query the identifier is in any case less than 1 meter.

The identification carrier ID essentially consists of 2 components. A chip 14 contains all the electronic components required for operation, preferably in a highly integrated form. The miniature coil 15 connected to it is considerably smaller than the transmitting and receiving coil 13 of the distance reader AL, so that it is suitable, for example, for installation in a watch. Every user who is to receive access to the data processing system DV to be protected receives an identification carrier ID, by means of which the user can be clearly authenticated. The user carries this identification carrier ID with him as captively as possible. In the case of the query ( FIG. 1), the miniature coil 15 interacts with the magnetic field of the distance reader AL. In the case of programming ( FIG. 2), the miniature coil 15 is in the area of a similar magnetic field that is generated by a writing device SG. In this field, the identification carrier ID can be programmed without contact. The writing device SG can be used, for example, to program or block 2 3 1 different identification carriers ID. Changes to the parameters stored on the identification medium ID are possible at any time. The writing device SG can be designed as an independent data terminal device of the data processing system DV; then it is at the gate of a company building, for example. The writing instrument SG can also be combined with the distance reader AL; the identification carrier ID can then be programmed via the data interface between the distance reader AL and the personal computer DE.

The identification carriers ID are programmed with a numerical code. Security information is added to this data. The generation takes place according to a secret formula. The ID stored data record can only be created once. This is the Possibility excluded that several identification carriers ID with the same code exist. The user himself defines the freely accessible amounts of data, while  the writing device SG and the distance reader AL for data security of the The programming process and the query process. A certain area of the Identification carrier ID remains closed to the user; this area can can only be programmed once during production. These security measures allow together with a sophisticated polynomial for data transmission reliable operation.

The chip 14 contains all functional units necessary for operation. These include a memory for the user-specific identifier, a transmission circuit for transmitting the stored data, a reception circuit for changing parts of the stored data and a circuit for energy generation for operating the chip 14 . The generator for the voltage supply of the chip 14 obtains the energy from the low-frequency alternating magnetic field. The integrated circuit 14 stores a more than 64 bit (standard password) long, unique identifier of the user in the identifier memory. This identifier is non-volatile and can be read out by activating the generator for the power supply.

A transmission amplifier reads the identification information from the memory, modulates it and transmits it to the miniature coil 15 . The stored identifier can be replaced by connecting to the writing device SG via the same interface. The chip 14 and the miniature coil 15 are protected in a carrier. Three possible designs of the identification carrier ID are shown in FIG. 3. All ID carriers are equipped with a fixed serial number.

In Fig. 3.1 of the chip 14 and the miniature coil 15 are waterproof flexible material poured in. Fig. 3.1 shows in about natural size, such as the miniature resulting carrier may be attached to a bracelet sixteenth A plastic ring 17 encloses the identification carrier ID and the bracelet 16 , which is, for example, a watch strap. The miniature carrier 14, 15 can also be attached to the bracelet 16 with the aid of a non-magnetic clip.

In Fig. 3.2 a watch case is designed so that in addition to the clockwork 18 , the chip 14 and the coil 15 can also be accommodated in the case. In this exemplary embodiment, the coil 15 lies on the circumferential line of the dial.

Another possibility for fastening the identification carrier ID close to hand is shown in Fig. 3.3. The chip 14 and the miniature coil 15 are embedded in a specially made non-magnetic bracelet 20 . This bracelet has a clasp 19 so that it can be stored outside of the company. To further increase security, this closure can be combined with an electronic switching mechanism which deletes the information stored in the chip 14 , so that the bracelet 20 becomes worthless for the finder if lost.

It is also conceivable to implement the identification carrier ID as a finger ring.

FIG. 4 shows a block diagram of the distance reader AL, which is connected to each data terminal DE of the system DV to be protected. If necessary, the use of the distance reader AL can be limited to those data terminal devices DE which are not adequately protected by other measures or which frequently change the user.

The distance reader AL essentially consists of the electronic assembly 2 and the transmitting and receiving coil 13 . The transmitting and receiving coil 13 , which consists of copper wire, is connected to the electronic assembly 2 via a two-wire connecting line 12 . The electronic assembly 2 in turn is composed mainly of a transmission and reception circuit 8 and a microprocessor 3 . The transmission and reception circuit 8 contains a generator 9 with a power amplifier 10 , which generates the low-frequency alternating magnetic field in the transmission and reception coil 13 . The signal coupled into the transmitting and receiving coil 13 by the identification carrier ID is processed via a receiving circuit 11 to such an extent that it can be evaluated by the microprocessor 3 .

The microprocessor 3 essentially consists of a CPU 5 , an EEPROM 6 for storing the query program, a RAM 7 as working memory and an interface module 4 . The interface module 4 operates the interface 1 together with the query program. The distance reader AL is coupled to the personal computer or to another data terminal DE via this interface 1 . In a version that has already been implemented, interface 1 is implemented as a V.24 interface to a personal computer. In the version shown in FIG. 1, in which the electronic module 2 of the distance reader AL is used as a plug-in card in the data terminal device DE, the interface 1 is designed as an internal bus interface.

In operation, an alternating magnetic field of limited range is generated via the power chain 9, 10, 12, 13 , which generates an alternating voltage in the miniature coil 15 of the identification carrier ID. This alternating voltage is converted in chip 14 into the required operating voltage. The identification carrier ID then sends out the user ID stored in it in binary form. The data are received by the receiving branch 13, 12, 11 of the distance reader AL and processed and evaluated in the microprocessor 3 . The microprocessor 3 controls the data terminal DE via the interface 1 and triggers freely programmable follow-up actions which are discussed in connection with the functional flow diagram according to FIG. 6.

FIG. 5 shows an alternative embodiment of the distance reader AL to FIG. 1. It is a wedge-shaped housing 23 in which both the transmitting and receiving coil 13 and the electronic assembly 2 are accommodated. The housing 23 consists of medium density fibreboard (MDF) and is placed as a shim in front of the keyboard TA of a portable personal computer. A green light-emitting diode 21 on the upper side of the housing 23 indicates the presence of an identification carrier ID in the effective range of the transmitting and receiving coil 13 . The connection to the personal computer is made with the aid of a connecting cable 22 which is led out of the housing 23 . The connecting cable 22 is connected to one of the serial interfaces of the personal computer.

The flowchart in FIG. 6 shows the most important functions of the query program contained in the distance reader AL. In state a "no user", no one has contacted the data processing system DV. The data device DE is blocked for all entries and none of its applications is active. In function b, the CPU 5 continuously checks the signal of the receiver 11 as to whether an identification carrier ID enters the effective range of the transmitting and receiving coil 13 . If an identification carrier ID is detected, the function c becomes active. With the help of a database, which is stored either in EEPROM 6 or on the storage media of the personal computer DE or in the central memory of the data processing system DV, it is checked whether the identifier of this user is permitted for this data terminal DE. If not, the device DE remains blocked and the system waits until a new identifier is detected.

If the identifier is permitted, the data terminal device is released for use in state d. The presence of the identification carrier ID in the effective range of the transmitting and receiving coil 13 is continuously monitored by the function e. As soon as the user leaves the area of effect, the data terminal device DE is blocked in a manner to be determined in more detail and waited for the detection of a further user identification. The effective range of a housing 23 or a corresponding desk pad or another design of the transmitting and receiving coil 13 is typically less than 20 cm, but for safety reasons it never exceeds the distance of one meter.

Under the blocking of the data terminal device which is triggered immediately in particular locking the keyboard and / or blanking the screen to understand. These blocks are lifted again when the user enters the Scope returns. After a certain time (e.g. three Minutes) the query program can send the user to the data processing system Log out DV (LOGOFF). With particularly security-sensitive data terminal equipment can also be registered if the user temporarily switches from the data terminal DE is removed and this is blocked. The function "Locking the keyboard / blanking the screen" can also be triggered if an unauthorized user is in the effective range of the distance reader AL is coming. Additional sensors may need to be used for this.

In addition to automatically locking the data terminal equipment, the user can of course explicitly end a session. The function f decides whether all active applications are terminated or whether the automatic locking functions can still be triggered. Further blocking functions or follow-up actions are programmable, for example via the interface 1 from the data terminal device.

Claims (26)

1. system for authenticating the user of a data terminal device of a data processing system,
in which the user carries with him an identification medium that can be queried without contact within a predetermined distance and is difficult to lose,
and in which a distance reader, which is attached close to the data terminal device and is connected to the data terminal device via a connecting cable, has a personal user identification on the identification carrier within the predetermined distance,
characterized in that
a writing device (SG) programs a new personal user ID on the identification medium (ID) at predetermined times (e.g. daily) and transmits it to the data processing system (DV) in the same way,
the difficult-to-lose identification carrier (ID) is attached near the user's wrist,
the predetermined distance between identification carrier (ID) and distance reader (AL) and thus also the distance between identification carrier (ID) and data terminal device (DE) is less than 1 meter
and both the query and the programming of the personal user identification are conveyed by an alternating magnetic field. 2. Authentication system according to claim 1, characterized in that the data terminal equipment used is a personal computer. 3. Authentication system according to claim 1, characterized in that the data terminal equipment used is a workstation. 4. Authentication system according to claim 1, characterized in that the data terminal used is a terminal. 5. Authentication system according to claim 1 to 4, characterized in that the writing device (SG) the generated user identification to the central Database of the data processing system (DV) transmitted. 6. Authentication system according to claim 1 to 4, characterized in that the writing instrument (SG) is combined with the distance reader (AL) and the generated user identification to the database in the distance reader (AL) transmitted. 8. Authentication system according to one of the preceding claims, characterized in that the predetermined distance between the identification carrier (ID) on the one hand and the distance reader (AL) or the data terminal device (DE) on the other hand is less than 20 cm.   9. Authentication system according to claim 1 to 8, characterized in that the data terminal device (DE) is blocked immediately if the identification carrier (ID) leaves the predetermined effective distance. 10. Authentication system according to claim 9, characterized in that the input keyboard (TA) is blocked. 11. Authentication system according to claim 9, characterized in that a screen of the data terminal device (DE) blanked or on Printer of the data terminal equipment (DE) is blocked. 12. Authentication system according to claim 9, characterized in that the data terminal device (DE) the user after a certain one Logs off time period at the data processing system (DV). 13. System for authentication, with which the user of a data processing system, which is located in the vicinity of a data terminal device, is authenticated without contact, characterized by
an identification carrier (ID) consisting of a chip ( 14 ) and a miniature coil ( 15 ),
a distance reader (AL), in which an electronic assembly ( 2 ) is connected to a transmitting and receiving coil via a connecting line ( 12 ),
and a writing device (SG) for programming the identification carrier (ID), which is connected to the data processing system (DV) centrally or via the data terminal device (DE). 14. System according to claim 13, characterized in that the identification carrier (ID) is attached to a bracelet ( 16 ). 15. System according to claim 14, characterized in that the fastening is done by a plastic ring ( 17 ). 16. System according to claim 14, characterized in that the attachment is done by a non-magnetic clip. 17. System according to claim 13, characterized in that the identification carrier (ID) is built into a bracelet ( 20 ). 18. System according to claim 17, characterized in that the bracelet ( 20 ) has a closure ( 19 ), when opened, the identifier in the identification carrier (ID) is deleted. 19. System according to claim 13, characterized in that the identification carrier (ID) is installed next to a clockwork ( 18 ) in a watch case. 20. System according to claim 13, characterized in that the identification carrier (ID) is installed in a finger ring. 21. System according to claim 13 to 20, characterized in that the distance reader (AL) is housed in a housing ( 23 ) which contains an electronic assembly ( 2 ) and a transmitting and receiving coil ( 13 ) and is designed as a wedge. 22. System according to claim 21, characterized in that the housing ( 23 ) carries a light-emitting diode ( 21 ) which indicates the completed authentication of the user. 23. System according to claim 13 to 20, characterized in that the transmitting and receiving coil ( 13 ) of the distance reader (AL) is acted on a desk pad, and that the electronic module ( 2 ) of the distance reader (AL) is arranged on a plug-in card , which can be inserted into the data terminal device (DE). 24. System according to claim 13 to 23, characterized in that an additional sensor (ZS) is provided, which for the approximation of the Identification carrier (ID) to a further input device, in particular a so-called mouse, is sensitive. 25. System according to one of claims 13 to 24, characterized in that additional sensors are provided which detect the approach of unauthorized persons Register people. 26. System according to claim 13 to 25, characterized in that the electronic module ( 2 ) of the distance reader (AL) is connected to the data terminal device (DE) via a serial interface. 27. System according to claim 13 to 25, characterized in that the electronic module ( 2 ) of the distance reader (AL) is connected via an internal interface to the data bus of the data terminal device (DE).