[go: up one dir, main page]

KR100328629B1 - Secure remote boot system - Google Patents

Secure remote boot system Download PDF

Info

Publication number
KR100328629B1
KR100328629B1 KR1019950067175A KR19950067175A KR100328629B1 KR 100328629 B1 KR100328629 B1 KR 100328629B1 KR 1019950067175 A KR1019950067175 A KR 1019950067175A KR 19950067175 A KR19950067175 A KR 19950067175A KR 100328629 B1 KR100328629 B1 KR 100328629B1
Authority
KR
South Korea
Prior art keywords
kernel
atm
hash function
key
host computer
Prior art date
Application number
KR1019950067175A
Other languages
Korean (ko)
Other versions
KR970049704A (en
Inventor
조주연
Original Assignee
엘지전자주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 엘지전자주식회사 filed Critical 엘지전자주식회사
Priority to KR1019950067175A priority Critical patent/KR100328629B1/en
Publication of KR970049704A publication Critical patent/KR970049704A/en
Application granted granted Critical
Publication of KR100328629B1 publication Critical patent/KR100328629B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4416Network booting; Remote initial program loading [RIPL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

PURPOSE: A security remote booting system is provided to remotely control a booting of a CD(Cash Dispenser) or an ATM(Automatic Teller Machine) mounted in a remote place by a security protocol and change and modify through a financial network by replacing a central computer once. CONSTITUTION: A power on command/response signal is transmitted between a host computer(10) and a CD or ATM(20) interactively. A secret number(ID), inherent secret key data(Key), and date data(Date) are coded as a public key(PK) of the CD or ATM(20). The secret number(ID) and the date data(Date) are checked, and the secret number(ID) is coded as a Key. A kernel(Kernel) and a hash function(h(Kernel)) are coded. The CD or ATM(20) loads a kernel, and compares the hash function(h(Kernel)) value with a stored data value. If the hash function(h(Kernel)) value is identified with a stored data value, the hash function(h(Kernel)) value is transmitted to the host computer(10).

Description

보안 원격 부팅 시스템Secure remote boot system

본 발명은 보안 원격 부팅(Secourity Remote Booting) 시스템에 관한 것으로 특히 원격지에 분산 설치되어 있는 현금지급기(이하 CD라 약칭함) 또는 현금 자동 입,출금기(이하 ATM 이라 약칭함)의 부팅을 중앙은행에 설치된 호스트 컴퓨터에서 기존의 금융네트워크를 통하여 원격 제어함으로써 보다 안전성을 향상시킴은 물론 기존의 오프라인(Offline) 부팅 방식에 의한 관리상 불편함을 해소코자 한 것이다.The present invention relates to a security remote booting system, and in particular, the booting of a cash dispenser (hereinafter referred to as CD) or an automated teller machine (hereinafter referred to as ATM) which are distributed in remote locations to a central bank. The remote control from the installed host computer through the existing financial network to improve the safety as well as to solve the administrative inconvenience caused by the existing offline (Offline) boot method.

종래의 오프라인 부팅방식은 제 1 도에 도시한 바와 같이 원격지에 분산 설치되어져 있는 CD 또는 ATM의 거래 내역을 파악하기 위하여 매일 같이 은행 계원(Teller)(1)이나 보안담당자가 원격지에 각각 다수대가 분산 되어져 있는 CD 또는 ATM의 설치장소에 찾아가서 일일이 해당 CD 또는 ATM을 부팅 시킨 후 금융네트워크를 통해 중앙은행(2)에 설치되어 있는 호스트 컴퓨터에서 처리하도록 되어져 있다.In the conventional offline booting method, as shown in FIG. 1, a plurality of bank tellers (1) or security officers are distributed to remote locations each day in order to grasp the transaction details of CDs or ATMs distributed at remote locations. Go to the installation place of the CD or ATM, and boot the CD or ATM one by one and process it at the host computer installed in the central bank (2) through the financial network.

그러나 이러한 종래기술은 은행계원이나 보안 담당자가 원격지에 분산 설치되어져 있는 CD 또는 ATM의 설치장소에 일일이 찾아가서 부팅을 해야만 하므로 이로 인해 시간과 인력낭비를 초래하고, 각각의 CD 또는 ATM의 부팅시간이 상이한 경우에는 부팅이 되지 않은 CD 또는 ATM 사용자는 대기해야만 하는 사용상 불편함을 초래하는 문제점이 있었다.However, this prior art requires a bank clerk or a security officer to go to the installation site of a CD or ATM that is distributed remotely, and thus cause a waste of time and labor, and the boot time of each CD or ATM is increased. In other cases, a CD or ATM user who does not boot has a problem that causes inconvenience to use.

따라서 본 발명은 상기한 종래기술의 문제점을 해결하고자 하여 이루어진 것으로서, 시큐리티 프로토콜에 의해 원격지에 설치된 CD 또는 ATM의 부티을 원격 조정할수가 있고, 변경 및 수정시에는 중앙호스트 컴퓨터의 한번 교체만으로 금융네트원크를 통하여 간편하게 변경 및 수정 할 수 있도록 하여 시스템의 효율성을 향상시킬 수 있도록 함을 그 목적으로 하는 것이다.Therefore, the present invention has been made to solve the above problems of the prior art, it is possible to remotely control the booth of the CD or ATM installed remotely by the security protocol, when changing and modifying the financial network network by only one replacement of the central host computer Its purpose is to improve the efficiency of the system by making it easy to change and modify.

상기한 목적을 달성하기 위한 본 발명을 첨부된 도면에 의하여 상세히 설명하면 다음과 같다.DETAILED DESCRIPTION OF THE INVENTION The present invention for achieving the above object will be described in detail with reference to the accompanying drawings.

제 2 도는 본 발명에 관련된 원격 부팅 시스템의 개략구성도를 나타낸 것으로서, 호스트 컴퓨터(10)와 원격지에 분산설치된 다수대의 CD 또는 ATM(20)에 고유번호(A,B,.....)를 부여하고 이를 공용네트워크를 통하여 원격 부팅하도록 구성되어져 있다.2 is a schematic configuration diagram of a remote booting system related to the present invention, and a unique number (A, B, ..., ...) on the host computer 10 and a plurality of CDs or ATMs 20 distributed remotely. It is configured to remotely boot via public network.

제 3 도의 (가)는 본 발명에 의한 초기 셋업(Set Up) 동작을 설명하는 구성도를 나타낸 것으로서, 이는 호스트 컴퓨터(10)로 부터 CD 또는 ATM(20)에 초기셋업하는 과정은 CD,ATM(20)마다 고유번호와 고유비밀키를 부여하고 전원(POWER)을 온, 오프 제어하는 과정으로 이루어진 것이다.Figure 3 (a) is a block diagram illustrating the initial set-up (Set Up) operation according to the present invention, which is the process of the initial setup from the host computer 10 to the CD or ATM (20) CD, ATM Each 20 is given a unique number and a unique secret key, and the process of turning on and off the power (POWER).

제 3 도의 (나)는 본 발명에 의한 시큐리티 로딩 프로토콜(Security Loading Protocol)을 설명하는 구성도를 나타낸 것으로서, 이는 호스트 컴퓨터(10)와, CD 또는 ATM(20)간의 전원 온 명령/응답신호를 상호 전송하는 제 1 과정과, 고유번호(ID), 고유비밀 키 데이타(Key), 날짜데이타(Date)를 CD 또는 ATM(20)의 공용키(PK)로 암호화 하는 제 2 과정과, 상기 고유번호(ID), 날짜데이타(Date) 확인후 고유번호를 키(Key)로 암호화 하는 제 3 과정과, 커널(Kernel)과 해시함수[h(kernel)]를 공용키(PK)로 암호화 하는 제 4 과정과, 상기 CD 또는 ATM(20)에서는 커널(Kernel) 로딩후 해시 함수[h(Kernel)] 값을 저장된 데이타값과 비교하여 일치하면 호스트 컴퓨터(10)에 상기 해시함수[h(Kernel)]값을 전송하는 제 5 과정으로 이루어진 것이다.Figure 3 (b) is a block diagram illustrating a security loading protocol (Security Loading Protocol) according to the present invention, which is a power-on command / response signal between the host computer 10 and the CD or ATM 20 A first process of mutual transmission, a second process of encrypting a unique number (ID), a unique secret key data (Key), and a date data (Pate) with a public key (PK) of a CD or an ATM 20, and the unique process The third process of encrypting the unique number with a key after checking the ID and date data, and the process of encrypting the kernel and the hash function [h (kernel)] with a public key (PK). In step 4, the CD or ATM 20 loads the hash function [h (Kernel)] to the host computer 10 when the hash function [h (Kernel)] is compared with the stored data value after loading the kernel. ] Is the fifth step of transmitting the value.

이와 같이 이루어진 본 발명의 작용 및 효과를 설명하면 다음과 같다.Referring to the operation and effects of the present invention made as described above are as follows.

먼저 제 3 도의 (가)에 도시한 바와 같이 호스트 컴퓨터(10)에서는 원격지에 분산설치된 다수개의 CD 또는 ATM(20)에 각각 고유번호(A,B,.....)와 고유 비밀키를 부여하고, 전원(Power)을 온,오프 제어하는 초기 셋업 동작을 수행하게 된다.First, as shown in (a) of FIG. 3, the host computer 10 assigns a unique number (A, B, ...) and a unique secret key to a plurality of CDs or ATMs 20 distributed remotely. And initial setup operation of controlling power on and off.

이후에, 제 3 도의 (나)에 도시한 바와 같이 시큐리티 로딩 프로토콜을 수행하게 된다.Thereafter, as shown in FIG. 3B, the security loading protocol is performed.

상기 호스트 컴퓨터(10)로 부터 전원 온(Power on) 명령신호를 CD 또는 ATM(20)에 전송하게 되면 CD 또는 ATM(20)에서는 전원 온 응답신호를 호스트 컴퓨터(10)로 전송하게 된다.When the power on command signal is transmitted from the host computer 10 to the CD or the ATM 20, the CD or ATM 20 transmits a power on response signal to the host computer 10.

다음에 호스트 컴퓨터(10)에서 고유번호(ID)와 고유비밀키 데이타(Key), 날짜데이타(Date)를 공용키(PK)로 암호화하여 CD 또는 ATM(20)에 전송한다.Next, the host computer 10 encrypts the unique number (ID), the unique secret key data (Key), and the date data (Date) with a public key (PK) and transmits them to the CD or ATM 20.

CD 또는 ATM(20)에서는 고유번호(ID)와 날짜데이타(Date)를 확인한 후 고유번호를 키(Key)로서 암호화하여 호스트 컴퓨터(10)에 전송한다.In the CD or ATM 20, the identification number and the date data are confirmed, and the identification number is encrypted as a key and transmitted to the host computer 10.

다시 호스트 컴퓨터(10)에서는 부팅 프로그램인 커널(Kernel)과 해시(Hash) 함수[h(Kernel)]를 공용키(PK)로 암호화하여 CD 또는 ATM(20)에 전송하게 된다.In addition, the host computer 10 encrypts a kernel kernel and a hash function [h (Kernel)] with a public key (PK) and transmits it to a CD or an ATM 20.

이에 따라 CD 또는 ATM(20)에서는 커널(Kernel)을 로딩한 후 해시함수[h(Kernel)]값을 롬(ROM)에 저장된 데이타 값과 비교하여 일치하게 되면 호스트 컴퓨터(10)에 해시 함수[h(Kernel)]값을 전송하게 된다.Accordingly, in the CD or ATM 20, after loading the kernel, the hash function [h (Kernel)] is compared with the data value stored in the ROM and the hash function [ h (Kernel)] value is transmitted.

이상에서 설명한 바와 같이 본 발명은 원격지에 분산 설치되어 있는 CD 또는 ATM의 부팅을 중앙은행에 설치된 호스트 컴퓨터에서 기존의 금융 네트워크를 통하여 원격 제어할수가 있는 것이어서, CD 또는 ATM의 부팅 동작의 원활성과 관리상의 효용성을 향상 시킬 수 있는 효과가 있는 것이다.As described above, the present invention can remotely control the booting of a CD or an ATM distributed remotely from a host computer installed in a central bank through an existing financial network, thereby smoothing and managing the booting operation of a CD or an ATM. There is an effect that can improve the utility of the phase.

제 1 도는 총래의 부팅(Booting) 방식을 설명하는 계통도.1 is a schematic diagram illustrating a booting method.

제 2 도는 원격 부팅 시스템의 개략 구성도.2 is a schematic diagram of a remote booting system.

제 3 도의 (가)는 본 발명에 의한 초기 셋업(set up)동작을 설명하는 구성도.3A is a configuration diagram illustrating an initial set up operation according to the present invention.

(나)는 본 발명에 의한 시큐리티 로딩 프로토콜(Security Loading Protocol)을 설명하는 구성도.(B) is a block diagram explaining a security loading protocol according to the present invention.

**** 도면의 주요 부분에 대한 부호의 설명 ******** Explanation of symbols for the main parts of the drawing ****

10 : 호스트 컴퓨터 20 : 현금지급기(CD) 또는 현금자동 입,출금기(ATM)10: Host computer 20: Cash dispenser (CD) or automatic teller machine (ATM)

Claims (1)

호스트 컴퓨터(10)와 CD 또는 ATM(20)간의 전원 온 명령/응답신호를 상호 전송하는 제 1과정과,A first step of mutually transmitting a power-on command / response signal between the host computer 10 and the CD or ATM 20; 고유번호(ID), 고유비밀 키 데이타(Key), 날짜데이타(Date)를 CD 또는 ATM(20)의 공용키(PK)로 암호화하는 제 2 과정과,A second process of encrypting a unique number (ID), a unique secret key data (Key), and a date data (Date) with a public key (PK) of a CD or an ATM 20, 상기 고유번호(ID), 날짜데이타(Date) 확인 후 고유번호를 키(Key)로 암호화 하는 제 3 과정과,A third process of encrypting the unique number with a key after checking the unique number (ID) and date data; 커널(Kernel)과 해시함수[h(Kernel)]를 공용키(PK)로 암호화하는 제 4 과정과,A fourth process of encrypting the kernel and the hash function [h (Kernel)] with a public key (PK), 상기 CD 또는 ATM(20)에서는 커널(Kernel) 로딩후 해시함수[h(Kernel)]값을 저장된 데이타값과 비교하여 일치하면 호스트컴퓨터(10)에 상기 해시함수[h(Kernel)]값을 전송하는 제 5 과정으로 이루어진 것을 특징으로 하는 보안 원격 부팅 시스템.The CD or ATM 20 transmits the hash function [h (Kernel)] to the host computer 10 when the hash function [h (Kernel)] is compared with the stored data value after loading the kernel. A secure remote boot system, characterized in that consisting of a fifth process.
KR1019950067175A 1995-12-29 1995-12-29 Secure remote boot system KR100328629B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1019950067175A KR100328629B1 (en) 1995-12-29 1995-12-29 Secure remote boot system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1019950067175A KR100328629B1 (en) 1995-12-29 1995-12-29 Secure remote boot system

Publications (2)

Publication Number Publication Date
KR970049704A KR970049704A (en) 1997-07-29
KR100328629B1 true KR100328629B1 (en) 2002-08-08

Family

ID=37479029

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1019950067175A KR100328629B1 (en) 1995-12-29 1995-12-29 Secure remote boot system

Country Status (1)

Country Link
KR (1) KR100328629B1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100524055B1 (en) * 1998-03-05 2006-01-27 삼성전자주식회사 Computer system having the function of remote waking up and method for remote waking up the computer system
BR0107800A (en) * 2000-01-24 2002-10-22 Wincor Nixdorf Gmbh & Co Kg ATM
KR20010114193A (en) * 2001-11-21 2001-12-29 이병용 Cash Machine Management based on Internet and Guardrooms Pass Method Improvement of Guard Service Enterprise using Multicontroller
KR100469647B1 (en) * 2002-06-21 2005-02-07 주식회사 마크윈 Method for authenticating the right to use a computer and protecting data of a computer based on network

Also Published As

Publication number Publication date
KR970049704A (en) 1997-07-29

Similar Documents

Publication Publication Date Title
US4390968A (en) Automated bank transaction security system
CN1922636B (en) System consisting of bank note processing machines, bank note processing machine and associated operating method
CA1124864A (en) Cryptographic architecture for use with a high security personal identification system
EP2037651A1 (en) Method and system for accessing devices in a secure manner
CN103400434B (en) The control method of sound state coded lock and control device
AU4388897A (en) Method and system for ensuring the security of the remote supply of services of financial institutions
JPS63236186A (en) Card issuing device
EP1897066A1 (en) Communication method of access control system
KR102037765B1 (en) Integrated control system of mechanical parking facility
CN102393980A (en) Intelligent door control system
US6684334B1 (en) Secure establishment of cryptographic keys using persistent key component
CA2173018A1 (en) Method of Manufacturing Secure Boxes in a Key Management System
CN101183468A (en) Terminal login system and method
CN108091024A (en) Access control equipment Off-line control method
KR100328629B1 (en) Secure remote boot system
CN102930621A (en) Unlocking machine system for engineering machinery
CN101599192A (en) Realize the method for security guard of bank card
CN108109286A (en) A kind of multi-screen automatic depositing-withdrawing device
CN112037383B (en) Intelligent door lock and authority judgment method and application system thereof
CN110310104A (en) A kind of self-distroyable disposable hardware wallet
AU709083B2 (en) Remote control of electronic locking systems
CN100583734C (en) Method for realizing volatile secret key and separated checking module by collecting human characteristic
CN109326032A (en) A kind of lockset rent method and the leasing system using it
CN107835170A (en) Machine system and method is torn in a kind of intelligent Pos equipment safeties mandate open
CN109326018B (en) Authentication method, device and system for preventing lock from being copied and electronic key

Legal Events

Date Code Title Description
PA0109 Patent application

Patent event code: PA01091R01D

Comment text: Patent Application

Patent event date: 19951229

PG1501 Laying open of application
A201 Request for examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20000410

Comment text: Request for Examination of Application

Patent event code: PA02011R01I

Patent event date: 19951229

Comment text: Patent Application

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

Patent event code: PE07011S01D

Comment text: Decision to Grant Registration

Patent event date: 20020226

GRNT Written decision to grant
PR0701 Registration of establishment

Comment text: Registration of Establishment

Patent event date: 20020304

Patent event code: PR07011E01D

PR1002 Payment of registration fee

Payment date: 20020305

End annual number: 3

Start annual number: 1

PG1601 Publication of registration
PR1001 Payment of annual fee

Payment date: 20041231

Start annual number: 4

End annual number: 4

PR1001 Payment of annual fee

Payment date: 20060102

Start annual number: 5

End annual number: 5

PR1001 Payment of annual fee

Payment date: 20070102

Start annual number: 6

End annual number: 6

PR1001 Payment of annual fee

Payment date: 20080102

Start annual number: 7

End annual number: 7

PR1001 Payment of annual fee

Payment date: 20090116

Start annual number: 8

End annual number: 8

PR1001 Payment of annual fee

Payment date: 20091230

Start annual number: 9

End annual number: 9

PR1001 Payment of annual fee

Payment date: 20101216

Start annual number: 10

End annual number: 10

FPAY Annual fee payment

Payment date: 20120116

Year of fee payment: 11

PR1001 Payment of annual fee

Payment date: 20120116

Start annual number: 11

End annual number: 11

FPAY Annual fee payment

Payment date: 20130111

Year of fee payment: 12

PR1001 Payment of annual fee

Payment date: 20130111

Start annual number: 12

End annual number: 12

LAPS Lapse due to unpaid annual fee
PC1903 Unpaid annual fee

Termination category: Default of registration fee

Termination date: 20150209