WO2000039676A1 - Device and method for protecting sensitive data and franking machine using same - Google Patents
Device and method for protecting sensitive data and franking machine using same Download PDFInfo
- Publication number
- WO2000039676A1 WO2000039676A1 PCT/FR1999/002992 FR9902992W WO0039676A1 WO 2000039676 A1 WO2000039676 A1 WO 2000039676A1 FR 9902992 W FR9902992 W FR 9902992W WO 0039676 A1 WO0039676 A1 WO 0039676A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- routine
- sensitive data
- task
- data
- identifier
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
Definitions
- the present invention relates to a device and a method for protecting sensitive data and to a franking machine using them.
- each task can call each routine, whatever security is necessary on said routine.
- certain tasks involve amounts representing sums of money.
- the operating phases of a franking or recharging machine use the routines that handle sums of money.
- each of these tasks must be guaranteed.
- correct implementation is meant the fact that a task is executed in the normal course of operation of the machine.
- the invention aims to prevent sensitive data from being tampered with or modified in an inappropriate manner.
- the present invention aims at having at least one routine acting on sensitive data verify the identity of tasks which call on it. Thus, if an unauthorized task attempts to use said routine, it can limit its execution and therefore avoid damaging the sensitive data considered.
- the present invention relates to a method for protecting sensitive data against the use of a routine acting on said data, characterized in that it comprises, implemented by said routine, a verification operation of identity of each software task calling said routine.
- routines concerned include the routine of incrementing the postage amount counter consumed and decrementing the postage amount counter remaining available and the counter incrementing routine number of postage made.
- said verification operation comprises an operation of reading an identifier of said task and an operation of comparing said identifier, on the one hand, and predetermined identifiers, on the other hand.
- the present invention relates to a device for protecting sensitive data against the use of a routine acting on said data, characterized in that it includes a means of verification. adapted to verify the identity of each software task calling said routine, the verification means being implemented by said routine.
- the invention also relates to a franking machine, characterized in that it comprises a device as succinctly set out above.
- the invention also relates to:
- FIG. 2 schematically represents an electronic circuit incorporated in the franking machine illustrated in FIGS. 1A and 1B
- FIG. 3 represents an algorithm for operating the electronic circuit illustrated in FIG. 2.
- the franking machine 1 illustrated in the drawings comprises a device for printing, on a flat object such as the letter 2, on the one hand, a franking mark and, optionally, a destination address of the envelope.
- the letter 2 To print the franking mark on the standardized space provided for this purpose, the letter 2 must be passed through a corridor 5 that comprises the machine 1, this corridor being delimited by elements integral with the frame, respectively a sliding support 6 which forms the ceiling of the corridor 5, a table 7 which forms the floor thereof and a ramp which forms a lateral limit thereof, the corridor being open opposite this ramp.
- a corridor 5 that comprises the machine 1
- this corridor being delimited by elements integral with the frame, respectively a sliding support 6 which forms the ceiling of the corridor 5
- a table 7 which forms the floor thereof and a ramp which forms a lateral limit thereof, the corridor being open opposite this ramp.
- the machine 1 comprises two rollers 9 and 10 each passing through an opening of the table 7, and two counter-rollers 12 and 13, respectively for the roller 9 and for the roller 10, passing through through an opening in the support 6.
- the rollers 9 and 10 are mounted for rotation relative to the frame of the machine 1, by means of suspension means 14 shown diagrammatically in FIG. 1 B.
- the counter-rollers 12 and 13 are mounted for rotation on the frame of machine 1, without being suspended from it.
- An electric motor not shown, serves to drive the counter-rollers 12 and 13 in synchronous rotation, for example by means of a belt (not shown) which rotates around three pinions carried respectively by the motor, by the counter-roller. 12 and by the counter-roller 13.
- the rollers 9 and 10 are driven by friction on the counter-rollers 12 and 13, directly or through an object, such as the letter 2, being passed through the machine 1.
- the letter 2 when it is introduced into the corridor 5 as shown in FIG. 1B, ends up meeting the roller 9 then the counter roller 12 which drives it in the direction shown in Figure 1 B by the horizontal arrow pointing from left to right. Simultaneously, the roller 9 is lowered while the letter 2 is introduced between the rollers 9 and 12 so that the letter 2 progresses in the machine 1 with its printing face 4 which is pressed and which slides against the surface 17 of the sliding support 6.
- the machine 1 comprises printing means 19 shown very diagrammatically in FIGS. 1A and 1 B.
- the printing means 19 deposit the franking mark while the letter 2 or the article to be franked circulates in the machine 1 with its printing face which is pressed against the surface 17 of the sliding support 6, the means 19 being located between the counter-rollers 12 and 13.
- the printing means 19 are mounted directly on the frame of the machine, and are therefore fixed relative to the support of sliding 6.
- first presence detector which controls the starting of the engine (not shown) when an object begins to be introduced into the machine 1
- second presence detector (not shown) which triggers the process of impression when the object has reached a predetermined location.
- FIG 2 there is shown an electronic circuit for controlling the device as presented in Figures 1A and 1 B.
- This circuit is illustrated in the form of a block diagram and shown under general reference 100. It comprises, connected together by a bus addresses and data 102: a central processing unit 106; a random access memory RAM 104; a ROM 105; an input port output 103 used to receive:
- motor control signals and and, independently of the bus 102: stepping motors 109; - presence detectors 110; a display screen 108 connected to the input / output port 103; a scale 112 connected to the input / output port 103 and providing bytes representative of the weight of a postal item; a keyboard 101 connected to the input / output port 103 and providing bytes representative of the keyboard keys successively used; and a print controller 120 which controls the operation of the print means 19.
- FIG. 2 Each of the elements illustrated in FIG. 2 is well known to those skilled in the art of postage meters having a microprocessor circuit and, more generally, information processing systems. These elements are therefore not described here.
- the main memory 104 stores data, variables and intermediate processing results in memory registers bearing, in the following description, the same names as the data whose values they store.
- the random access memory 104 notably comprises registers keeping information representative of the weight of the postal object to be franked, the format of the postal object being processed, the number of postal objects in the batch being processed, values up and down counters which correspond to postage amounts already deposited and remaining to be deposited before reloading the machine. These latter registers operate according to techniques known in the field of franking machines (during each franking, when the amount of the descending counter is greater than the amount of the franking mark to be deposited, it is decremented by the amount of this mark and the ascending counter is incremented by the same amount).
- the read-only memory 105 is adapted to keep the operating program of the central processing unit 106, in a register
- programl and the data necessary for the operation of this program as well as the correspondence table relating weights, on the one hand, to postage amounts, on the other hand.
- the read-only memory 105 keeps, moreover, in a register "list of identifiers", a list of identifiers of software tasks authorized to access the routines which use sensitive data (here amounts of postage).
- the so-called “dead” memory 105 is a rewritable memory which does not erase when the device is switched off. It can only be rewritten using secure procedures and only by certain authorized persons, so that, for the daily user, it appears as a read only memory.
- the central processing unit 106 is suitable for implementing the program stored in read-only memory 105, a program for which an operating algorithm is illustrated in FIG. 3.
- the postage meter program or software is multitasking software, which involves allocation, by the processor, of memory space, or stack, associated with each task. This memory space is contained in the random access memory 104.
- the electronic card 10 is initialized by the central processing unit 106, according to known techniques, and
- the central processing unit 106 assigns an identifier (here consisting of a number) to each task of the application.
- an identifier here consisting of a number
- the central unit 106 executes a part of a program requiring no call to a routine using sensitive data.
- the central unit 106 implements a task which calls on one of the routines which use the sensitive data.
- routine 400 considered reads the identifier of the task in progress by using a routine called "system" of known type, intended for this reading.
- the routine 400 compares the identifier of the task with the content of the list of identifiers kept in read-only memory 105 and determines if this identifier of task is in the list.
- the result of the test 305 is positive, the task is authorized to access the routine and the use of sensitive data is executed, during an operation 306. Then the central unit 106 returns to the operation represented in 302.
- test result 305 When the test result 305 is negative, the task is not authorized to access the routine. The operation of the central unit 106 is then stopped and an alarm is triggered, operation 307, until the franking machine is switched off, operation 308.
- the method of protecting sensitive data against the use of a routine acting on said data aimed by the present invention comprises, implemented by said routine, an operation 400 of identity verification of each software task calling said routine.
- routines 400 (that is to say those which verify the identity of the task calling them before making access to sensitive data) not only include the routines which access the postage amount counters , but also routines acting on statistical data or operating parameters of the franking machine.
- said verification operation 400 includes an operation of reading an identifier of said task 304 and a comparison operation 305 of said identifier, on the one hand, and predetermined identifiers, on the other hand.
- each routine acting on the sensitive data implements said verification operation 400.
- the device for protecting sensitive data against the use of a routine acting on said data characterized in that it comprises, as a means of verification the central unit 106, associated with memories 104 and 105, for verifying the identity of each software task calling said routine, this verification means being implemented by said routine.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002371059A CA2371059A1 (en) | 1998-12-29 | 1999-12-02 | Device and method for protecting sensitive data and franking machine using same |
EP99958232A EP1141826A1 (en) | 1998-12-29 | 1999-12-02 | Device and method for protecting sensitive data and franking machine using same |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9816550A FR2787899A1 (en) | 1998-12-29 | 1998-12-29 | DEVICE AND METHOD FOR PROTECTING SENSITIVE DATA AND POSTAGE MACHINE USING THE SAME |
FR98/16550 | 1998-12-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000039676A1 true WO2000039676A1 (en) | 2000-07-06 |
Family
ID=9534598
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR1999/002992 WO2000039676A1 (en) | 1998-12-29 | 1999-12-02 | Device and method for protecting sensitive data and franking machine using same |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1141826A1 (en) |
CA (1) | CA2371059A1 (en) |
FR (1) | FR2787899A1 (en) |
WO (1) | WO2000039676A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6928556B2 (en) | 2001-08-30 | 2005-08-09 | International Business Machines Corporation | Method and apparatus in a data processing system for managing situations from correlated events |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102009025589A1 (en) * | 2009-06-19 | 2011-03-10 | Siemens Aktiengesellschaft | Method for allocating functions of functional modules to software modules of dedicated user, involves outputting function value to registered software module and blocking function call at unregistered software module by control module |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5187790A (en) * | 1989-06-29 | 1993-02-16 | Digital Equipment Corporation | Server impersonation of client processes in an object based computer operating system |
GB2315384A (en) * | 1996-07-11 | 1998-01-28 | Mitel Corp | Resource management in a multiple process system |
US5771348A (en) * | 1995-09-08 | 1998-06-23 | Francotyp-Postalia Ag & Co. | Method and arrangement for enhancing the security of critical data against manipulation |
-
1998
- 1998-12-29 FR FR9816550A patent/FR2787899A1/en active Pending
-
1999
- 1999-12-02 EP EP99958232A patent/EP1141826A1/en not_active Withdrawn
- 1999-12-02 CA CA002371059A patent/CA2371059A1/en not_active Abandoned
- 1999-12-02 WO PCT/FR1999/002992 patent/WO2000039676A1/en not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5187790A (en) * | 1989-06-29 | 1993-02-16 | Digital Equipment Corporation | Server impersonation of client processes in an object based computer operating system |
US5771348A (en) * | 1995-09-08 | 1998-06-23 | Francotyp-Postalia Ag & Co. | Method and arrangement for enhancing the security of critical data against manipulation |
GB2315384A (en) * | 1996-07-11 | 1998-01-28 | Mitel Corp | Resource management in a multiple process system |
Non-Patent Citations (1)
Title |
---|
WONG R M ET AL: "PROVIDING SOFTWARE INTEGRITY USING TYPE MANAGERS", PROCEEDINGS OF THE AEROSPACE COMPUTER SECURITY APPLICATIONS CONFERENCE, ORLANDO, DEC. 12 - 16, 1988, no. CONF. 4, 12 December 1988 (1988-12-12), INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS, pages 287 - 294, XP000094357, ISBN: 0-8186-0895-1 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6928556B2 (en) | 2001-08-30 | 2005-08-09 | International Business Machines Corporation | Method and apparatus in a data processing system for managing situations from correlated events |
Also Published As
Publication number | Publication date |
---|---|
CA2371059A1 (en) | 2000-07-06 |
EP1141826A1 (en) | 2001-10-10 |
FR2787899A1 (en) | 2000-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
FR2580844A1 (en) | POSTAGE AND ADDRESS INFORMATION APPLICATION SYSTEM ON A MAIL ARTICLE | |
CH675029A5 (en) | ||
FR2619029A1 (en) | MAIL DECLARATION SYSTEM BASED ON AN INSERTION DEVICE | |
FR2597234A1 (en) | DEVICE FOR DETECTING ATTEMPTS OF FRAUD OF A POSTAGE VALUE ACCOUNTING UNIT | |
EP1702305B1 (en) | Parcel franking device and method using same | |
FR2626995A1 (en) | POSTAL LOAD ACCOUNTING DEVICE | |
CH671474A5 (en) | ||
EP1880282A2 (en) | Method for verification of pseudo-code loaded in a portable system particularly a chipcard | |
WO2000031633A1 (en) | Device and method for protection against stack overflow and franking machine using same | |
WO2000039676A1 (en) | Device and method for protecting sensitive data and franking machine using same | |
EP1483120B1 (en) | Device for surface treatment of objects with reduced size and improved ergonomics | |
EP0378661B1 (en) | Automatic cash register | |
WO2001097986A2 (en) | Video coding station for installation automatically sorting postal objects | |
CA2349937C (en) | Device and method for detecting stack overflow in a storage unit and franking machine using same | |
EP1135730B1 (en) | Method and device for protection against access to a memory and franking machine using same | |
EP0184527A1 (en) | Installation for the automatic storage, distribution and replacement of cassettes, books or similar articles | |
FR2514174A1 (en) | CONTROL APPARATUS FOR LIMITING ACCESS TO A MACHINE TO THE CARRIERS OF A SEMICONDUCTOR CARD CONTAINING MEMORIZED DATA | |
KR101645979B1 (en) | Mail box | |
EP2133845A1 (en) | Franking system enabling the handling of postage items with different destinations | |
FR2786291A1 (en) | Printing device for franking machine has switching device that actuates image generator to access one of image memories to allow print controller to access another of image memories | |
FR2685800A1 (en) | Secure system for the computerised franking of batches of articles | |
EP1695302B1 (en) | Payment-receiving device and method with identification image capture | |
FR2714753A1 (en) | Determination of postal charge for programmable franking machine | |
JP3109961B2 (en) | Banknote reject box | |
FR2843815A1 (en) | Traceability code for banknotes allowing identification and cancellation if stolen, uses bar code printed on face of banknote to allow easy scanning into memory and for checking tendered note against national database of stolen banknotes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CA US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref document number: 2371059 Country of ref document: CA Ref country code: CA Ref document number: 2371059 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1999958232 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1999958232 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09869526 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1999958232 Country of ref document: EP |