Communications: electrical – Condition responsive indicating system – Specified indicator structure
Reexamination Certificate
2000-06-14
2002-02-26
Mullen, Thomas (Department: 2632)
Communications: electrical
Condition responsive indicating system
Specified indicator structure
C340S815450, C705S405000
Reexamination Certificate
active
06351220
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention is directed to a security module for monitoring security in an electronic system and to a method for monitoring the system security particularly suited for employment in a postage meter machine or mail processing machine or a computer with mail processing capability.
2. Description of the Prior Art
A large variety of protection measures are known for protecting against outages or disturbances as well as for offering 100% availability of intelligent electronic systems. For example, parallel computer systems are utilized for extremely high security demands (air traffic, etc.); stored results, for example, are more likely to be redundantly implemented for low level applications in order to create the possibility of recognizing a malfunction or an outage as well as, potentially, creating the possibility for correction. Often, the individual security measures are of very different natures (for example, combinations of hardware and software) and must be adapted to the respective security requirement (which may be needed for only a portion of a system), which leads to many dedicated, discrete solutions that cause high design costs, and under certain circumstances realization costs as well, due to their individual character.
European Application 417 447 discloses the use of special modules in electronic data processing systems which are equipped with means for protecting against an invasion into their electronics. Such modules are referred to as security modules below.
Modern postage meter machines or other devices for franking postal matter are equipped with a printer for printing the postal value stamp onto the postal matter, a controller for controlling the printing and the peripheral components of the postage meter machine, an accounting unit for debiting postage fees that are maintained in nonvolatile memories, and a unit for the cryptographic protection of the postage fee data. A security module (European Application 789 333) can include a hardware accounting unit and/or a unit for securing the printing of the postage fee data. For example, the former can be realized as application specific integrated circuit (ASIC) and the latter can be realized as an OTP (one-time programmable) processor. The internal OTP-ROM stores sensitive data (cryptographic keys) secured against read out that are required, for example, for reloading a credit. An encapsulation with a security housing offers further protection.
Further measures for protecting a security module against an attack on the data stored therein are described in German Applications 198 16 572.2, and 198 16 571.4, as well as co-pending U.S. application Ser. No. 09/522,619 (filed Mar. 10, 2000) and Ser. No. 09/522,620 (filed Mar. 10, 2000) and Ser. No. 09/522,621 (filed Mar. 9, 2000), and German Utility Model application 299 05 219.2. A luggable security module can assume various states in its life cycle. A distinction can be made as to whether the security module is functioning or malfunctioning. It is assumed that the hardware circuitry of this module is adequately protected against tampering, so this is not separate monitored. Any software-controlled operation is only considered error-free only as long as the original programs, remain intact which must therefore be protected against manipulation.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a high level of security for an electronic system by means of a security module and method. The method and security module should, with minimal outlay, enable a high level of security for definable areas and functions of a system and should be universally applicable, i.e. with only minimum adaptation outlay, to a large variety of different electronic systems. The method and security module should, for example, be employable in postage meter machines, for which there are special security demands with respect to the postal register data since, in particular, the monetary accounting data must be incapable of being manipulated.
This object is achieved in a method and module for ensuring security of an electronic system is assured wherein the integrity of the system is repeatedly checked over time. A modular structure of the security method provides a two-stage, overlapping testing that fundamentally distinguishes between static and dynamic conditions of the system. The data, functions and patterns that are non-volatilely stored in memory areas are suitable for representing a system status. Pre-determined sub-areas of the memory can be allocated to specific data processing units, and the data stored therein create a “snapshot” that is characteristic of the status of the system at that time. Predetermined sub-areas of the memory can be allocated to specific status representations that are reached in chronological succession.
The validation of a system status given dynamic changes in accordance with the invention is based on the overlapping processing of data from at least parts of the test patterns, function scope or memory area employed, individually or in combination with one another. The overlapping processing includes a mutual transposition of the data supplied from a specific data processing unit and the data supplied by another specific data processing unit, and further includes implementing a redundant security function on the transposed data by the two data processing units. The results of the redundant data processing must be comparable for a system to be determined as tamper-free and error-free.
A security module for a data processing system, for example for a postage meter machine, performs the function of, for example, accounting for the postage fees, and/or cryptographic protection. The security module has a module processor and a hardware accounting unit. The security module is inventively characterized by its own indicator that, with direct drive by the module processor of the security module, allows identification of the current condition of the security module. The signaling of the module condition is activated only when the security module is supplied with system voltage, in order to preserve the battery. The processor also can monitor or check the operation of the hardware accounting unit. The availability of the system is not paramount but rather the dependable recognition of malfunctions or outages as well as a suitable reaction thereto, as is particularly for events which are security-sensitive but somewhat uncritical as to time.
REFERENCES:
patent: 4812994 (1989-03-01), Taylor et al.
patent: 5027397 (1991-06-01), Double et al.
patent: 5572429 (1996-11-01), Hunter et al.
patent: 5671146 (1997-09-01), Windel et al.
patent: 5748638 (1998-05-01), Gunther et al.
patent: 5946672 (1999-08-01), Chrosny et al.
patent: 6023690 (2000-02-01), Chrosny et al.
patent: 6044364 (2000-03-01), DeFilippo et al.
patent: 43 15 732 (1994-06-01), None
patent: 195 34 530 (1997-03-01), None
patent: 299 05 219 (1999-07-01), None
Günther Stephan
Rosenau Dirk
Francotyp-Postalia AG & Co.
Mullen Thomas
Schiff & Hardin & Waite
LandOfFree
Security module for monitoring security in an electronic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security module for monitoring security in an electronic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security module for monitoring security in an electronic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2946547