WO2000039676A1 - Device and method for protecting sensitive data and franking machine using same - Google Patents

Device and method for protecting sensitive data and franking machine using same Download PDF

Info

Publication number
WO2000039676A1
WO2000039676A1 PCT/FR1999/002992 FR9902992W WO0039676A1 WO 2000039676 A1 WO2000039676 A1 WO 2000039676A1 FR 9902992 W FR9902992 W FR 9902992W WO 0039676 A1 WO0039676 A1 WO 0039676A1
Authority
WO
WIPO (PCT)
Prior art keywords
routine
sensitive data
task
data
identifier
Prior art date
Application number
PCT/FR1999/002992
Other languages
French (fr)
Inventor
Jean-Marc Dery
Frédéric L'HOTE
Original Assignee
Secap
Ascom Autelca Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secap, Ascom Autelca Ag filed Critical Secap
Priority to CA002371059A priority Critical patent/CA2371059A1/en
Priority to EP99958232A priority patent/EP1141826A1/en
Publication of WO2000039676A1 publication Critical patent/WO2000039676A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/468Specific access rights for resources, e.g. using capability register

Definitions

  • the present invention relates to a device and a method for protecting sensitive data and to a franking machine using them.
  • each task can call each routine, whatever security is necessary on said routine.
  • certain tasks involve amounts representing sums of money.
  • the operating phases of a franking or recharging machine use the routines that handle sums of money.
  • each of these tasks must be guaranteed.
  • correct implementation is meant the fact that a task is executed in the normal course of operation of the machine.
  • the invention aims to prevent sensitive data from being tampered with or modified in an inappropriate manner.
  • the present invention aims at having at least one routine acting on sensitive data verify the identity of tasks which call on it. Thus, if an unauthorized task attempts to use said routine, it can limit its execution and therefore avoid damaging the sensitive data considered.
  • the present invention relates to a method for protecting sensitive data against the use of a routine acting on said data, characterized in that it comprises, implemented by said routine, a verification operation of identity of each software task calling said routine.
  • routines concerned include the routine of incrementing the postage amount counter consumed and decrementing the postage amount counter remaining available and the counter incrementing routine number of postage made.
  • said verification operation comprises an operation of reading an identifier of said task and an operation of comparing said identifier, on the one hand, and predetermined identifiers, on the other hand.
  • the present invention relates to a device for protecting sensitive data against the use of a routine acting on said data, characterized in that it includes a means of verification. adapted to verify the identity of each software task calling said routine, the verification means being implemented by said routine.
  • the invention also relates to a franking machine, characterized in that it comprises a device as succinctly set out above.
  • the invention also relates to:
  • FIG. 2 schematically represents an electronic circuit incorporated in the franking machine illustrated in FIGS. 1A and 1B
  • FIG. 3 represents an algorithm for operating the electronic circuit illustrated in FIG. 2.
  • the franking machine 1 illustrated in the drawings comprises a device for printing, on a flat object such as the letter 2, on the one hand, a franking mark and, optionally, a destination address of the envelope.
  • the letter 2 To print the franking mark on the standardized space provided for this purpose, the letter 2 must be passed through a corridor 5 that comprises the machine 1, this corridor being delimited by elements integral with the frame, respectively a sliding support 6 which forms the ceiling of the corridor 5, a table 7 which forms the floor thereof and a ramp which forms a lateral limit thereof, the corridor being open opposite this ramp.
  • a corridor 5 that comprises the machine 1
  • this corridor being delimited by elements integral with the frame, respectively a sliding support 6 which forms the ceiling of the corridor 5
  • a table 7 which forms the floor thereof and a ramp which forms a lateral limit thereof, the corridor being open opposite this ramp.
  • the machine 1 comprises two rollers 9 and 10 each passing through an opening of the table 7, and two counter-rollers 12 and 13, respectively for the roller 9 and for the roller 10, passing through through an opening in the support 6.
  • the rollers 9 and 10 are mounted for rotation relative to the frame of the machine 1, by means of suspension means 14 shown diagrammatically in FIG. 1 B.
  • the counter-rollers 12 and 13 are mounted for rotation on the frame of machine 1, without being suspended from it.
  • An electric motor not shown, serves to drive the counter-rollers 12 and 13 in synchronous rotation, for example by means of a belt (not shown) which rotates around three pinions carried respectively by the motor, by the counter-roller. 12 and by the counter-roller 13.
  • the rollers 9 and 10 are driven by friction on the counter-rollers 12 and 13, directly or through an object, such as the letter 2, being passed through the machine 1.
  • the letter 2 when it is introduced into the corridor 5 as shown in FIG. 1B, ends up meeting the roller 9 then the counter roller 12 which drives it in the direction shown in Figure 1 B by the horizontal arrow pointing from left to right. Simultaneously, the roller 9 is lowered while the letter 2 is introduced between the rollers 9 and 12 so that the letter 2 progresses in the machine 1 with its printing face 4 which is pressed and which slides against the surface 17 of the sliding support 6.
  • the machine 1 comprises printing means 19 shown very diagrammatically in FIGS. 1A and 1 B.
  • the printing means 19 deposit the franking mark while the letter 2 or the article to be franked circulates in the machine 1 with its printing face which is pressed against the surface 17 of the sliding support 6, the means 19 being located between the counter-rollers 12 and 13.
  • the printing means 19 are mounted directly on the frame of the machine, and are therefore fixed relative to the support of sliding 6.
  • first presence detector which controls the starting of the engine (not shown) when an object begins to be introduced into the machine 1
  • second presence detector (not shown) which triggers the process of impression when the object has reached a predetermined location.
  • FIG 2 there is shown an electronic circuit for controlling the device as presented in Figures 1A and 1 B.
  • This circuit is illustrated in the form of a block diagram and shown under general reference 100. It comprises, connected together by a bus addresses and data 102: a central processing unit 106; a random access memory RAM 104; a ROM 105; an input port output 103 used to receive:
  • motor control signals and and, independently of the bus 102: stepping motors 109; - presence detectors 110; a display screen 108 connected to the input / output port 103; a scale 112 connected to the input / output port 103 and providing bytes representative of the weight of a postal item; a keyboard 101 connected to the input / output port 103 and providing bytes representative of the keyboard keys successively used; and a print controller 120 which controls the operation of the print means 19.
  • FIG. 2 Each of the elements illustrated in FIG. 2 is well known to those skilled in the art of postage meters having a microprocessor circuit and, more generally, information processing systems. These elements are therefore not described here.
  • the main memory 104 stores data, variables and intermediate processing results in memory registers bearing, in the following description, the same names as the data whose values they store.
  • the random access memory 104 notably comprises registers keeping information representative of the weight of the postal object to be franked, the format of the postal object being processed, the number of postal objects in the batch being processed, values up and down counters which correspond to postage amounts already deposited and remaining to be deposited before reloading the machine. These latter registers operate according to techniques known in the field of franking machines (during each franking, when the amount of the descending counter is greater than the amount of the franking mark to be deposited, it is decremented by the amount of this mark and the ascending counter is incremented by the same amount).
  • the read-only memory 105 is adapted to keep the operating program of the central processing unit 106, in a register
  • programl and the data necessary for the operation of this program as well as the correspondence table relating weights, on the one hand, to postage amounts, on the other hand.
  • the read-only memory 105 keeps, moreover, in a register "list of identifiers", a list of identifiers of software tasks authorized to access the routines which use sensitive data (here amounts of postage).
  • the so-called “dead” memory 105 is a rewritable memory which does not erase when the device is switched off. It can only be rewritten using secure procedures and only by certain authorized persons, so that, for the daily user, it appears as a read only memory.
  • the central processing unit 106 is suitable for implementing the program stored in read-only memory 105, a program for which an operating algorithm is illustrated in FIG. 3.
  • the postage meter program or software is multitasking software, which involves allocation, by the processor, of memory space, or stack, associated with each task. This memory space is contained in the random access memory 104.
  • the electronic card 10 is initialized by the central processing unit 106, according to known techniques, and
  • the central processing unit 106 assigns an identifier (here consisting of a number) to each task of the application.
  • an identifier here consisting of a number
  • the central unit 106 executes a part of a program requiring no call to a routine using sensitive data.
  • the central unit 106 implements a task which calls on one of the routines which use the sensitive data.
  • routine 400 considered reads the identifier of the task in progress by using a routine called "system" of known type, intended for this reading.
  • the routine 400 compares the identifier of the task with the content of the list of identifiers kept in read-only memory 105 and determines if this identifier of task is in the list.
  • the result of the test 305 is positive, the task is authorized to access the routine and the use of sensitive data is executed, during an operation 306. Then the central unit 106 returns to the operation represented in 302.
  • test result 305 When the test result 305 is negative, the task is not authorized to access the routine. The operation of the central unit 106 is then stopped and an alarm is triggered, operation 307, until the franking machine is switched off, operation 308.
  • the method of protecting sensitive data against the use of a routine acting on said data aimed by the present invention comprises, implemented by said routine, an operation 400 of identity verification of each software task calling said routine.
  • routines 400 (that is to say those which verify the identity of the task calling them before making access to sensitive data) not only include the routines which access the postage amount counters , but also routines acting on statistical data or operating parameters of the franking machine.
  • said verification operation 400 includes an operation of reading an identifier of said task 304 and a comparison operation 305 of said identifier, on the one hand, and predetermined identifiers, on the other hand.
  • each routine acting on the sensitive data implements said verification operation 400.
  • the device for protecting sensitive data against the use of a routine acting on said data characterized in that it comprises, as a means of verification the central unit 106, associated with memories 104 and 105, for verifying the identity of each software task calling said routine, this verification means being implemented by said routine.

Abstract

The invention concerns a method for protecting data sensitive to the use of a routine acting on the data. It comprises an operation, performed by said routine, an operation which consists in verifying the identity of each software task invoking said routine (400). Preferably, said verification operation (400) comprises an operation which consists in reading an identifier of said task (304) and an operation which consists in comparing (305) said identifier with predetermined identifiers.

Description

Dispositif et procédé de protection de données sensibles et machine à affranchir les mettant en oeuvreD i device and method for protecting sensitive data and franking machine using them
La présente invention se rapporte à un dispositif et à un procédé de protection de données sensibles et à une machine à affranchir les mettant en oeuvre.The present invention relates to a device and a method for protecting sensitive data and to a franking machine using them.
Elle s'applique en particulier aux machines à affranchir dotées d'un programme s'exécutant dans un environnement multi-tâches et plus généralement à la protection de données sensibles, représentant par exemple, des sommes d'argent, ou de tâches sensibles manipulant les données sensibles.It applies in particular to franking machines provided with a program executing in a multi-task environment and more generally to the protection of sensitive data, representing for example, sums of money, or of sensitive tasks handling the sensitive data.
Dans un environnement multitâches, chaque tâche peut appeler chaque routine, quelle que soit la sécurité nécessaire sur ladite routine. Dans une machine à affranchir, certaines tâches mettent en œuvre des montants représentant des sommes d'argent. En particulier, les phases d'exploitation d'une machine d'affranchissement ou de recharge utilisent les routines qui manipulent des sommes d'argent.In a multitasking environment, each task can call each routine, whatever security is necessary on said routine. In a franking machine, certain tasks involve amounts representing sums of money. In particular, the operating phases of a franking or recharging machine use the routines that handle sums of money.
La mise en oeuvre correcte de chacune de ces tâches doit être garantie. On entend par mise en oeuvre correcte, le fait qu'une tâche s'exécute dans le cadre normal du fonctionnement de la machine. En d'autres termes, l'invention vise à empêcher que des données sensibles ne soient altérées ou modifiées de manière inopportune.The correct implementation of each of these tasks must be guaranteed. By correct implementation is meant the fact that a task is executed in the normal course of operation of the machine. In other words, the invention aims to prevent sensitive data from being tampered with or modified in an inappropriate manner.
A cet effet, la présente invention vise à ce que au moins une routine agissant sur des données sensibles vérifie l'identité de tâches qui lui font appel. Ainsi, si une tâche non autorisée tente de faire appel à ladite routine, celle-ci peut limiter son exécution et donc éviter de porter atteinte aux données sensibles considérées.To this end, the present invention aims at having at least one routine acting on sensitive data verify the identity of tasks which call on it. Thus, if an unauthorized task attempts to use said routine, it can limit its execution and therefore avoid damaging the sensitive data considered.
Selon un premier aspect, la présente invention vise un procédé de protection de données sensibles contre l'usage d'une routine agissant sur lesdites données, caractérisé en ce qu'il comporte, mise en oeuvre par ladite routine, une opération de vérification d'identité de chaque tâche logicielle appelant ladite routine.According to a first aspect, the present invention relates to a method for protecting sensitive data against the use of a routine acting on said data, characterized in that it comprises, implemented by said routine, a verification operation of identity of each software task calling said routine.
Grâce à ces dispositions, si une tâche non autorisée est utilisée pour accéder à ladite routine qui utilise des données sensibles, en vérifiant son identité, cette routine détecte qu'elle n'est pas autorisée et empêche l'accès aux données sensibles considérées.Thanks to these provisions, if an unauthorized task is used to access said routine which uses sensitive data, by verifying its identity, this routine detects that it is not authorized and prevents access to the sensitive data considered.
Dans le cas d'une machine à affranchir, par exemple, les routines concernées comportent la routine d'incrémentation du compteur de montant d'affranchissement consommé et de décrémentation du compteur de montant d'affranchissement restant disponible et la routine d'incrémentation du compteur de nombre d'affranchissement effectués.In the case of a franking machine, for example, the routines concerned include the routine of incrementing the postage amount counter consumed and decrementing the postage amount counter remaining available and the counter incrementing routine number of postage made.
Selon des caractéristiques particulières, ladite opération de vérification comporte une opération de lecture d'un identifiant de ladite tâche et une opération de comparaison dudit identifiant, d'une part, et d'identifiants prédéterminés, d'autre part.According to particular characteristics, said verification operation comprises an operation of reading an identifier of said task and an operation of comparing said identifier, on the one hand, and predetermined identifiers, on the other hand.
Grâce à ces dispositions, toutes les tâches autorisées à mettre en oeuvre la routine en question sont identifiées dans une liste particulière, ce qui facilite la programmation de la routine et la mise à jour de cette programmation. Selon d'autres caractéristiques particulières, chaque routine agissant sur lesdites données met en oeuvre ladite opération de vérification.Thanks to these provisions, all the tasks authorized to carry out the routine in question are identified in a particular list, which facilitates the programming of the routine and the updating of this programming. According to other particular characteristics, each routine acting on said data implements said verification operation.
Grâce à ces dispositions, quelle que soit la routine qui tente d'accéder aux données sensibles, la protection offerte par la présente invention est assurée par ladite routine. Selon un deuxième aspect, la présente invention vise un dispositif de protection de données sensibles contre l'usage d'une routine agissant sur lesdites données, caractérisé en ce qu'il comporte un moyen de vérification adapté à vérifier l'identité de chaque tâche logicielle appelant ladite routine, le moyen de vérification étant mis en oeuvre par ladite routine.Thanks to these provisions, whatever the routine which attempts to access sensitive data, the protection offered by the present invention is ensured by said routine. According to a second aspect, the present invention relates to a device for protecting sensitive data against the use of a routine acting on said data, characterized in that it includes a means of verification. adapted to verify the identity of each software task calling said routine, the verification means being implemented by said routine.
L'invention vise, aussi, une machine à affranchir, caractérisée en ce qu'elle comporte un dispositif tel que succinctement exposé ci-dessus. L'invention vise aussi :The invention also relates to a franking machine, characterized in that it comprises a device as succinctly set out above. The invention also relates to:
- un moyen de stockage d'informations lisible par un ordinateur ou un microprocesseur conservant des instructions d'un programme informatique caractérisé en ce qu'il permet la mise en oeuvre du procédé de l'invention telle que succinctement exposée ci-dessus, et - un moyen de stockage d'informations amovible, partiellement ou totalement, et lisible par un ordinateur ou un microprocesseur conservant des instructions d'un programme informatique caractérisé en ce qu'il permet la mise en oeuvre du procédé de l'invention telle que succinctement exposée ci-dessus.a means of storing information readable by a computer or a microprocessor retaining instructions of a computer program characterized in that it allows the implementation of the method of the invention as succinctly set out above, and - a removable information storage means, partially or totally, and readable by a computer or a microprocessor keeping instructions of a computer program characterized in that it allows the implementation of the method of the invention as briefly described above.
Ce dispositif, cette machine à affranchir et ces moyens de stockage présentant les mêmes caractéristiques particulières et les mêmes avantages que le procédé succinctement exposé ci-dessus, ces avantages ne sont pas rappelés ici.This device, this franking machine and these storage means having the same particular characteristics and the same advantages as the method succinctly described above, these advantages are not repeated here.
D'autres avantages, buts et caractéristiques ressortiront de la description qui va suivre, faite en regard des dessins annexés dans lesquels : - les figures 1A et 1B représentent, respectivement en vue de dessus et en élévation, une machine à affranchir mettant en oeuvre le dispositif et le procédé de protection de données objets de la présente invention,Other advantages, aims and characteristics will emerge from the description which follows, made with reference to the appended drawings in which: - Figures 1A and 1B show, respectively in top view and in elevation, a franking machine implementing the data protection device and method which are the subject of the present invention,
- la figure 2 représente, schématiquement, un circuit électronique incorporé dans la machine à affranchir illustrée en figures 1A et 1 B, et - la figure 3 représente un algorithme de fonctionnement du circuit électronique illustré en figure 2.FIG. 2 schematically represents an electronic circuit incorporated in the franking machine illustrated in FIGS. 1A and 1B, and FIG. 3 represents an algorithm for operating the electronic circuit illustrated in FIG. 2.
La machine à affranchir 1 illustrée sur les dessins (figures 1A et 1 B) comporte un dispositif pour imprimer, sur un objet plat tel que la lettre 2, d'une part, une marque d'affranchissement et, éventuellement, une adresse de destination de l'enveloppe.The franking machine 1 illustrated in the drawings (FIGS. 1A and 1B) comprises a device for printing, on a flat object such as the letter 2, on the one hand, a franking mark and, optionally, a destination address of the envelope.
Pour imprimer la marque d'affranchissement sur l'emplacement normalisé prévu à cet effet, il faut faire passer la lettre 2 dans un couloir 5 que comporte la machine 1 , ce couloir étant délimité par des éléments solidaires du bâti, respectivement un support de glissement 6 qui forme le plafond du couloir 5, une table 7 qui en forme le plancher et une rampe qui en forme une limite latérale, le couloir étant ouvert à l'opposé de cette rampe. Pour faire passer la lettre 2 dans le couloir 5, on pose la lettre sur la partie de la table 7 qui est en saillie du côté prévu pour l'introduction (côté que l'on voit à gauche en figure 1B) puis on fait rentrer la lettre dans le couloir 5, comme montré en figures 1A et 1B, jusqu'à ce qu'elle soit entraînée par les moyens prévus à cet effet dans la machine 1 , l'impression de la marque d'affranchissement s'effectuant automatiquement pendant que la lettre 2 est entraînée dans le couloir 5, la lettre affranchie étant expulsée de la machine à l'autre extrémité du couloir 5 (extrémité que l'on voit à droite en figure 1B).To print the franking mark on the standardized space provided for this purpose, the letter 2 must be passed through a corridor 5 that comprises the machine 1, this corridor being delimited by elements integral with the frame, respectively a sliding support 6 which forms the ceiling of the corridor 5, a table 7 which forms the floor thereof and a ramp which forms a lateral limit thereof, the corridor being open opposite this ramp. To pass the letter 2 in the corridor 5, we place the letter on the part of the table 7 which projects from the side provided for the introduction (side that we see on the left in Figure 1B) then we enter the letter in the corridor 5, as shown in FIGS. 1A and 1B, until it is driven by the means provided for this purpose in the machine 1, the printing of the franking mark taking place automatically during that the letter 2 is driven in the corridor 5, the franked letter being expelled from the machine at the other end of the corridor 5 (end that can be seen on the right in FIG. 1B).
Pour entraîner la lettre 2, la machine 1 comporte deux galets 9 et 10 passant chacun au travers d'une ouverture de la table 7, et deux contre-galets 12 et 13, respectivement pour le galet 9 et pour le galet 10, passant au travers d'une ouverture du support 6.To drive the letter 2, the machine 1 comprises two rollers 9 and 10 each passing through an opening of the table 7, and two counter-rollers 12 and 13, respectively for the roller 9 and for the roller 10, passing through through an opening in the support 6.
Les galets 9 et 10 sont montés à rotation par rapport au bâti de la machine 1 , par l'intermédiaire de moyens de suspension 14 montrés schématiquement sur la figure 1 B. Les contre-galets 12 et 13 sont montés à rotation sur le bâti de la machine 1 , sans être suspendus par rapport à celui-ci. Un moteur électrique non représenté sert à entraîner en rotation synchrone les contre-galets 12 et 13, par exemple par l'intermédiaire d'une courroie (non représentée) qui tourne autour de trois pignons portés respectivement par le moteur, par le contre-galet 12 et par le contre-galet 13.The rollers 9 and 10 are mounted for rotation relative to the frame of the machine 1, by means of suspension means 14 shown diagrammatically in FIG. 1 B. The counter-rollers 12 and 13 are mounted for rotation on the frame of machine 1, without being suspended from it. An electric motor, not shown, serves to drive the counter-rollers 12 and 13 in synchronous rotation, for example by means of a belt (not shown) which rotates around three pinions carried respectively by the motor, by the counter-roller. 12 and by the counter-roller 13.
Etant donné que les moyens de suspension 14 sollicitent les galets 9 et 10 vers le support 6, et donc vers les contre-galets 12 et 13, les galets 9 et 10 sont entraînés par friction sur les contre-galets 12 et 13, directement ou par l'intermédiaire d'un objet, tel que la lettre 2, en cours de passage dans la machine 1.Since the suspension means 14 urge the rollers 9 and 10 towards the support 6, and therefore towards the counter-rollers 12 and 13, the rollers 9 and 10 are driven by friction on the counter-rollers 12 and 13, directly or through an object, such as the letter 2, being passed through the machine 1.
La lettre 2, lorsqu'elle est introduite dans le couloir 5 comme montré sur la figure 1 B, finit par rencontrer le galet 9 puis le contre-galet 12 qui l'entraîne dans le sens indiqué sur la figure 1 B par la flèche horizontale orientée de gauche à droite. Simultanément, le galet 9 s'abaisse tandis que la lettre 2 s'introduit entre les galets 9 et 12 de sorte que la lettre 2 progresse dans la machine 1 avec sa face à imprimer 4 qui est plaquée et qui glisse contre la surface 17 du support de glissement 6.The letter 2, when it is introduced into the corridor 5 as shown in FIG. 1B, ends up meeting the roller 9 then the counter roller 12 which drives it in the direction shown in Figure 1 B by the horizontal arrow pointing from left to right. Simultaneously, the roller 9 is lowered while the letter 2 is introduced between the rollers 9 and 12 so that the letter 2 progresses in the machine 1 with its printing face 4 which is pressed and which slides against the surface 17 of the sliding support 6.
Pour imprimer la marque d'affranchissement à l'emplacement normalisé qui lui correspond et/ou l'adresse de destination à l'emplacement normalisé qui lui correspond, la machine 1 comporte des moyens d'impression 19 montrés très schématiquement sur la figures 1A et 1 B. D'une façon générale, les moyens d'impression 19 déposent la marque d'affranchissement pendant que la lettre 2 ou l'objet à affranchir circule dans la machine 1 avec sa face à imprimer qui est plaquée contre la surface 17 du support de glissement 6, les moyens 19 étant situés entre les contre-galets 12 et 13. Dans l'exemple illustré, les moyens d'impression 19 sont montés directement sur le bâti de la machine, et sont donc fixes par rapport au support de glissement 6.To print the franking mark at the standardized location which corresponds to it and / or the destination address at the standardized location which corresponds to it, the machine 1 comprises printing means 19 shown very diagrammatically in FIGS. 1A and 1 B. In general, the printing means 19 deposit the franking mark while the letter 2 or the article to be franked circulates in the machine 1 with its printing face which is pressed against the surface 17 of the sliding support 6, the means 19 being located between the counter-rollers 12 and 13. In the example illustrated, the printing means 19 are mounted directly on the frame of the machine, and are therefore fixed relative to the support of sliding 6.
Afin que les moyens d'impression 19 soient commandés en synchronisme avec l'avancement de l'objet dans la machine, il est prévu un détecteur de présence de l'objet (référencé 110 en figure 2) qui déclenche un processus d'impression se déroulant automatiquement.So that the printing means 19 are controlled in synchronism with the advancement of the object in the machine, there is a detector for the presence of the object (referenced 110 in FIG. 2) which triggers a printing process drop down automatically.
Plus précisément, il existe un premier détecteur de présence qui commande la mise en route du moteur (non représenté) lorsqu'un objet commence à être introduit dans la machine 1 , et un deuxième détecteur de présence (non représenté) qui déclenche le processus d'impression lorsque l'objet est parvenu à un emplacement prédéterminé.More specifically, there is a first presence detector which controls the starting of the engine (not shown) when an object begins to be introduced into the machine 1, and a second presence detector (not shown) which triggers the process of impression when the object has reached a predetermined location.
En figure 2, est représenté un circuit électronique de commande du dispositif tel que présenté en figures 1A et 1 B. Ce circuit est illustré sous forme de schéma synoptique et représenté sous référence générale 100. Il comporte, reliés entre eux par un bus d'adresses et de données 102 : une unité centrale de traitement 106 ; une mémoire vive RAM 104 ; une mémoire morte ROM 105 ; un port d'entrée sortie 103 servant à recevoir :In Figure 2, there is shown an electronic circuit for controlling the device as presented in Figures 1A and 1 B. This circuit is illustrated in the form of a block diagram and shown under general reference 100. It comprises, connected together by a bus addresses and data 102: a central processing unit 106; a random access memory RAM 104; a ROM 105; an input port output 103 used to receive:
• le poids de l'objet postal à affranchir, et• the weight of the postal item to be franked, and
• la détection de l'objet postal par chacun des détecteurs (non représentés aux figures) et à transmettre :• the detection of the postal object by each of the detectors (not shown in the figures) and to be transmitted:
• des signaux de commande de moteurs, et et, indépendamment du bus 102 : des moteurs pas-à-pas 109 ; - des détecteurs de présence 110 ; un écran de visualisation 108 relié au port d'entrée/sortie 103 ; une balance 112 reliée au port d'entrée/sortie 103 et fournissant des octets représentatifs du poids d'un objet postal ; un clavier 101 relié au port d'entrée/sortie 103 et fournissant des octets représentatifs des touches de clavier successivement utilisées ; et un contrôleur d'impression 120 qui commande le fonctionnement des moyens d'impression 19.• motor control signals, and and, independently of the bus 102: stepping motors 109; - presence detectors 110; a display screen 108 connected to the input / output port 103; a scale 112 connected to the input / output port 103 and providing bytes representative of the weight of a postal item; a keyboard 101 connected to the input / output port 103 and providing bytes representative of the keyboard keys successively used; and a print controller 120 which controls the operation of the print means 19.
Chacun des éléments illustrés en figure 2 est bien connu de l'homme du métier des machines à affranchir possédant un circuit à microprocesseur et, plus généralement, des systèmes de traitement de l'information. Ces éléments ne sont donc pas décrits ici.Each of the elements illustrated in FIG. 2 is well known to those skilled in the art of postage meters having a microprocessor circuit and, more generally, information processing systems. These elements are therefore not described here.
La mémoire vive 104 conserve des données, des variables et des résultats intermédiaires de traitement, dans des registres de mémoire portant, dans la suite de la description, les mêmes noms que les données dont ils conservent les valeurs. La mémoire vive 104 comporte notamment des registres conservant des informations représentatives du poids de l'objet postal à affranchir, le format de l'objet postal en cours de traitement, le nombre d'objets postaux dans le lot en cours de traitement, des valeurs de compteurs ascendant et descendant qui correspondent à des montants d'affranchissement déjà déposés et restant à déposer avant le rechargement de la machine. Ces derniers registres fonctionnent selon des techniques connues dans le domaine des machines à affranchir (au cours de chaque affranchissement, lorsque le montant du compteur descendant est supérieur au montant de la marque d'affranchissement à déposer, il est décrémenté du montant de cette marque et le compteur ascendant est incrémenté du même montant).The main memory 104 stores data, variables and intermediate processing results in memory registers bearing, in the following description, the same names as the data whose values they store. The random access memory 104 notably comprises registers keeping information representative of the weight of the postal object to be franked, the format of the postal object being processed, the number of postal objects in the batch being processed, values up and down counters which correspond to postage amounts already deposited and remaining to be deposited before reloading the machine. These latter registers operate according to techniques known in the field of franking machines (during each franking, when the amount of the descending counter is greater than the amount of the franking mark to be deposited, it is decremented by the amount of this mark and the ascending counter is incremented by the same amount).
La mémoire morte 105 est adaptée à conserver le programme de fonctionnement de l'unité centrale de traitement 106, dans un registreThe read-only memory 105 is adapted to keep the operating program of the central processing unit 106, in a register
" programl ", et les données nécessaires au fonctionnement de ce programme ainsi que la table de correspondance mettant en relation des poids, d'une part, à des montants d'affranchissement, d'autre part."programl", and the data necessary for the operation of this program as well as the correspondence table relating weights, on the one hand, to postage amounts, on the other hand.
La mémoire morte 105 conserve, en outre, dans un registre "liste_d'identifiants", une liste d'identifiants de tâches logicielles autorisées à accéder aux routines qui utilisent des données sensibles (ici des montants d'affranchissement).The read-only memory 105 keeps, moreover, in a register "list of identifiers", a list of identifiers of software tasks authorized to access the routines which use sensitive data (here amounts of postage).
En fait, la mémoire dite "morte" 105 est une mémoire réinscriptible qui ne s'efface pas lorsque le dispositif est éteint. Elle n'est réinscriptible que selon des procédures sécurisées et seulement par certaines personnes habilitées, si bien que, pour l'utilisateur quotidien, elle apparaît comme une mémoire morte.In fact, the so-called “dead” memory 105 is a rewritable memory which does not erase when the device is switched off. It can only be rewritten using secure procedures and only by certain authorized persons, so that, for the daily user, it appears as a read only memory.
L'unité centrale de traitement 106 est adaptée à mettre en oeuvre le programme conservé en mémoire morte 105, programme dont un algorithme de fonctionnement est illustré en figure 3.The central processing unit 106 is suitable for implementing the program stored in read-only memory 105, a program for which an operating algorithm is illustrated in FIG. 3.
Le programme ou logiciel de la machine à affranchir est un logiciel multitâche, ce qui implique une allocation, par le processeur, d'un espace mémoire, ou pile, associé à chaque tâche. Cet espace mémoire est contenu dans la mémoire vive 104. Au cours d'une opération 301 :The postage meter program or software is multitasking software, which involves allocation, by the processor, of memory space, or stack, associated with each task. This memory space is contained in the random access memory 104. During an operation 301:
- la carte électronique 10 est initialisée par l'unité centrale de traitement 106, selon des techniques connues, etthe electronic card 10 is initialized by the central processing unit 106, according to known techniques, and
- l'unité centrale de traitement 106 attribue un identifiant (constitué ici d'un numéro) à chaque tâche de l'application. Au cours d'une opération 302, l'unité centrale 106 exécute une partie de programme ne nécessitant aucun appel à une routine utilisant des données sensibles. Au cours d'une opération 303, l'unité centrale 106 met en oeuvre une tâche qui fait appel à l'une des routines qui utilisent les données sensibles.the central processing unit 106 assigns an identifier (here consisting of a number) to each task of the application. During an operation 302, the central unit 106 executes a part of a program requiring no call to a routine using sensitive data. During an operation 303, the central unit 106 implements a task which calls on one of the routines which use the sensitive data.
Au cours d'une opération 304, la routine 400 considérée (représentées en traits discontinus) lit l'identifiant de la tâche en cours d'exécution en faisant appel à une routine dite "système" de type connu, destinée à cette lecture.During an operation 304, the routine 400 considered (represented in broken lines) reads the identifier of the task in progress by using a routine called "system" of known type, intended for this reading.
Ensuite, au cours d'un test 305, la routine 400 compare l'identifiant de la tâche au contenu de la liste d'identifiants conservés en mémoire morte 105 et détermine si cet identifiant de tâche se trouve dans la liste. Lorsque le résultat du test 305 est positif, la tâche est autorisée à accéder à la routine et l'utilisation de données sensibles est exécutée, au cours d'une opération 306. Puis l'unité centrale 106 retourne au fonctionnement représenté en 302.Then, during a test 305, the routine 400 compares the identifier of the task with the content of the list of identifiers kept in read-only memory 105 and determines if this identifier of task is in the list. When the result of the test 305 is positive, the task is authorized to access the routine and the use of sensitive data is executed, during an operation 306. Then the central unit 106 returns to the operation represented in 302.
Lorsque le résultat du test 305 est négatif, la tâche n'est pas autorisée à accéder à la routine. Le fonctionnement de l'unité centrale 106 est alors arrêtée et une alarme est déclenchée, opération 307, jusqu'à ce que la machine à affranchir soit mise hors tension, opération 308.When the test result 305 is negative, the task is not authorized to access the routine. The operation of the central unit 106 is then stopped and an alarm is triggered, operation 307, until the franking machine is switched off, operation 308.
On comprend que le procédé de protection de données sensibles contre l'usage d'une routine agissant sur lesdites données visé par la présente invention comporte, mise en oeuvre par ladite routine, une opération 400 de vérification d'identité de chaque tâche logicielle appelant ladite routine.It is understood that the method of protecting sensitive data against the use of a routine acting on said data aimed by the present invention comprises, implemented by said routine, an operation 400 of identity verification of each software task calling said routine.
On comprend aisément que, grâce à l'organisation de la tâche 400, et, en particulier, grâce à la surveillance de l'identité des tâches qui font appel à elle, la modification des données sensibles, par le biais de cette routine est impossible.It is easy to understand that, thanks to the organization of the task 400, and, in particular, thanks to the monitoring of the identity of the tasks which call upon it, the modification of sensitive data, by means of this routine is impossible .
En variante, les routines 400 (c'est-à-dire celles qui vérifient l'identité de la tâche les appelant avant d'effectuer un accès à des données sensibles) comportent non seulement les routines qui accèdent aux compteurs de montant d'affranchissement, mais aussi des routines agissant sur des données statistiques ou des paramètres de fonctionnement de la machine à affranchir.As a variant, the routines 400 (that is to say those which verify the identity of the task calling them before making access to sensitive data) not only include the routines which access the postage amount counters , but also routines acting on statistical data or operating parameters of the franking machine.
Dans le mode de réalisation décrit et représenté, ladite opération de vérification 400 comporte une opération de lecture d'un identifiant de ladite tâche 304 et une opération de comparaison 305 dudit identifiant, d'une part, et d'identifiants prédéterminés, d'autre part.In the embodiment described and shown, said verification operation 400 includes an operation of reading an identifier of said task 304 and a comparison operation 305 of said identifier, on the one hand, and predetermined identifiers, on the other hand.
Dans le mode de réalisation décrit et représenté, chaque routine agissant sur les données sensibles met en oeuvre ladite opération de vérification 400.In the embodiment described and shown, each routine acting on the sensitive data implements said verification operation 400.
Le dispositif de protection de données sensibles contre l'usage d'une routine agissant sur lesdites données, caractérisé en ce qu'il comporte, comme moyen de vérification l'unité centrale 106, associée aux mémoires 104 et 105, pour vérifier l'identité de chaque tâche logicielle appelant ladite routine, ce moyen de vérification étant mis en oeuvre par ladite routine. The device for protecting sensitive data against the use of a routine acting on said data, characterized in that it comprises, as a means of verification the central unit 106, associated with memories 104 and 105, for verifying the identity of each software task calling said routine, this verification means being implemented by said routine.

Claims

REVENDICATIONS
1. Procédé de protection de données sensibles contre l'usage d'une routine agissant sur lesdites données, caractérisé en ce qu'il comporte, mise en oeuvre par ladite routine, une opération de vérification d'identité de chaque tâche logicielle appelant ladite routine (400).1. A method of protecting sensitive data against the use of a routine acting on said data, characterized in that it comprises, implemented by said routine, an operation of identity verification of each software task calling said routine (400).
2. Procédé de protection selon la revendication 1 , caractérisé en ce que ladite opération de vérification (400) comporte une opération de lecture d'un identifiant de ladite tâche (304) et une opération de comparaison (305) dudit identifiant, d'une part, et d'identifiants prédéterminés, d'autre part. 2. Protection method according to claim 1, characterized in that said verification operation (400) comprises an operation of reading an identifier of said task (304) and a comparison operation (305) of said identifier, of a on the one hand, and predetermined identifiers on the other.
3. Procédé de protection selon l'une quelconque des revendications3. Protection method according to any one of the claims
1 ou 2, caractérisé en ce que chaque routine agissant sur lesdites données met en oeuvre ladite opération de vérification (400).1 or 2, characterized in that each routine acting on said data implements said verification operation (400).
4. Dispositif de protection de données sensibles contre l'usage d'une routine agissant sur lesdites données, caractérisé en ce qu'il comporte un moyen de vérification (104, 105, 106) adapté à vérifier l'identité de chaque tâche logicielle appelant ladite routine, le moyen de vérification étant mis en oeuvre par ladite routine.4. Device for protecting sensitive data against the use of a routine acting on said data, characterized in that it includes verification means (104, 105, 106) adapted to verify the identity of each calling software task said routine, the verification means being implemented by said routine.
5. Dispositif de protection selon la revendication 4, caractérisé en ce que ledit moyen de vérification (104, 105, 106) comporte un moyen de lecture (104, 105, 106) d'un identifiant de ladite tâche et un moyen de comparaison (104, 105, 106) dudit identifiant, d'une part, et d'identifiants prédéterminés, d'autre part.5. Protection device according to claim 4, characterized in that said verification means (104, 105, 106) comprises means for reading (104, 105, 106) of an identifier of said task and a comparison means ( 104, 105, 106) of said identifier, on the one hand, and predetermined identifiers, on the other hand.
6. Procédé de protection selon l'une quelconque des revendications 4 ou 5, caractérisé en ce que chaque routine agissant sur lesdites données met en oeuvre ledit moyen de vérification (104, 105, 106).6. Protection method according to any one of claims 4 or 5, characterized in that each routine acting on said data implements said verification means (104, 105, 106).
7. Machine à affranchir (1 ), caractérisée en ce qu'elle comporte un dispositif selon l'une quelconque des revendications 4 à 6. 7. Franking machine (1), characterized in that it comprises a device according to any one of claims 4 to 6.
PCT/FR1999/002992 1998-12-29 1999-12-02 Device and method for protecting sensitive data and franking machine using same WO2000039676A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CA002371059A CA2371059A1 (en) 1998-12-29 1999-12-02 Device and method for protecting sensitive data and franking machine using same
EP99958232A EP1141826A1 (en) 1998-12-29 1999-12-02 Device and method for protecting sensitive data and franking machine using same

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR9816550A FR2787899A1 (en) 1998-12-29 1998-12-29 DEVICE AND METHOD FOR PROTECTING SENSITIVE DATA AND POSTAGE MACHINE USING THE SAME
FR98/16550 1998-12-29

Publications (1)

Publication Number Publication Date
WO2000039676A1 true WO2000039676A1 (en) 2000-07-06

Family

ID=9534598

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1999/002992 WO2000039676A1 (en) 1998-12-29 1999-12-02 Device and method for protecting sensitive data and franking machine using same

Country Status (4)

Country Link
EP (1) EP1141826A1 (en)
CA (1) CA2371059A1 (en)
FR (1) FR2787899A1 (en)
WO (1) WO2000039676A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6928556B2 (en) 2001-08-30 2005-08-09 International Business Machines Corporation Method and apparatus in a data processing system for managing situations from correlated events

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009025589A1 (en) * 2009-06-19 2011-03-10 Siemens Aktiengesellschaft Method for allocating functions of functional modules to software modules of dedicated user, involves outputting function value to registered software module and blocking function call at unregistered software module by control module

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5187790A (en) * 1989-06-29 1993-02-16 Digital Equipment Corporation Server impersonation of client processes in an object based computer operating system
GB2315384A (en) * 1996-07-11 1998-01-28 Mitel Corp Resource management in a multiple process system
US5771348A (en) * 1995-09-08 1998-06-23 Francotyp-Postalia Ag & Co. Method and arrangement for enhancing the security of critical data against manipulation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5187790A (en) * 1989-06-29 1993-02-16 Digital Equipment Corporation Server impersonation of client processes in an object based computer operating system
US5771348A (en) * 1995-09-08 1998-06-23 Francotyp-Postalia Ag & Co. Method and arrangement for enhancing the security of critical data against manipulation
GB2315384A (en) * 1996-07-11 1998-01-28 Mitel Corp Resource management in a multiple process system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WONG R M ET AL: "PROVIDING SOFTWARE INTEGRITY USING TYPE MANAGERS", PROCEEDINGS OF THE AEROSPACE COMPUTER SECURITY APPLICATIONS CONFERENCE, ORLANDO, DEC. 12 - 16, 1988, no. CONF. 4, 12 December 1988 (1988-12-12), INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS, pages 287 - 294, XP000094357, ISBN: 0-8186-0895-1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6928556B2 (en) 2001-08-30 2005-08-09 International Business Machines Corporation Method and apparatus in a data processing system for managing situations from correlated events

Also Published As

Publication number Publication date
CA2371059A1 (en) 2000-07-06
EP1141826A1 (en) 2001-10-10
FR2787899A1 (en) 2000-06-30

Similar Documents

Publication Publication Date Title
FR2580844A1 (en) POSTAGE AND ADDRESS INFORMATION APPLICATION SYSTEM ON A MAIL ARTICLE
CH675029A5 (en)
FR2619029A1 (en) MAIL DECLARATION SYSTEM BASED ON AN INSERTION DEVICE
FR2597234A1 (en) DEVICE FOR DETECTING ATTEMPTS OF FRAUD OF A POSTAGE VALUE ACCOUNTING UNIT
EP1702305B1 (en) Parcel franking device and method using same
FR2626995A1 (en) POSTAL LOAD ACCOUNTING DEVICE
CH671474A5 (en)
EP1880282A2 (en) Method for verification of pseudo-code loaded in a portable system particularly a chipcard
WO2000031633A1 (en) Device and method for protection against stack overflow and franking machine using same
WO2000039676A1 (en) Device and method for protecting sensitive data and franking machine using same
EP1483120B1 (en) Device for surface treatment of objects with reduced size and improved ergonomics
EP0378661B1 (en) Automatic cash register
WO2001097986A2 (en) Video coding station for installation automatically sorting postal objects
CA2349937C (en) Device and method for detecting stack overflow in a storage unit and franking machine using same
EP1135730B1 (en) Method and device for protection against access to a memory and franking machine using same
EP0184527A1 (en) Installation for the automatic storage, distribution and replacement of cassettes, books or similar articles
FR2514174A1 (en) CONTROL APPARATUS FOR LIMITING ACCESS TO A MACHINE TO THE CARRIERS OF A SEMICONDUCTOR CARD CONTAINING MEMORIZED DATA
KR101645979B1 (en) Mail box
EP2133845A1 (en) Franking system enabling the handling of postage items with different destinations
FR2786291A1 (en) Printing device for franking machine has switching device that actuates image generator to access one of image memories to allow print controller to access another of image memories
FR2685800A1 (en) Secure system for the computerised franking of batches of articles
EP1695302B1 (en) Payment-receiving device and method with identification image capture
FR2714753A1 (en) Determination of postal charge for programmable franking machine
JP3109961B2 (en) Banknote reject box
FR2843815A1 (en) Traceability code for banknotes allowing identification and cancellation if stolen, uses bar code printed on face of banknote to allow easy scanning into memory and for checking tendered note against national database of stolen banknotes

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2371059

Country of ref document: CA

Ref country code: CA

Ref document number: 2371059

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 1999958232

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1999958232

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 09869526

Country of ref document: US

WWW Wipo information: withdrawn in national office

Ref document number: 1999958232

Country of ref document: EP