Method, device and information carrier for confirming access right to autonomous resources

FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.

SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.

EFFECT: increased level of protection from unsanctioned access.

3 cl, 1 dwg

 

The proposal relates to the field of automation and computer engineering and can be used in the delivery systems of the Central device when determining access rights to Autonomous resources based automated test imposed media confirming this right.

Various methods and devices that they implement to confirm the right to access offline resources on the basis of various types of documents confirming this right. When automated methods for determining and granting such rights widely used individual carriers on a solid basis. The validity of such media is determined by the individual identification code of the media among other such media in the system, where it is used. The identification code in one way or another entered and stored in the storage medium and can be read in specially designed for this device.

Right on the media information of the particular person (user) provides additional ID code (identification code can be viewed as consisting of two parts), a special code with a password that is known only to that person, and used them in the moment of necessity, the value of the confirmation of the right to use offline resource based on the information carrier.

Examples of such methods and devices, in one way or another using this principle can be:

1. "Control method independent secure transactions through a single device". U.S. patent No. 6205553. IPC: G06F 17/60.

2. "Method and device for performing banking operations through an authorized service center using portable data carrier". German patent No. 10053898. IPC: G06F 17/60, G06F 19/00.

3. "Method and apparatus for a system with an identification card, which increases the reliability of access control to resources of the computer". German patent No. 10056135. IPC: G06F 12/14

4. The apparatus and method of individualization smart cards". Patent of Russia № 2212707. IPC: G06K 17/00.

These methods and devices can be considered as analogues. The disadvantage of these and other similar methods and devices is the relatively low protection against illegal ways to get access to the offline resources by fake media with the required code identification and definition, and then using the necessary code, password or other data needed to access offline resources.

In this regard, in a number of ways to enhance security of the used media with Bioorganicheskaya user settings to confirm the right of a person to have access to a car is Ohm resources for example, fingerprints. An example is the patent of Russia № 2208247. IPC: G06K 9/00. "The user authentication card".

This patent may be selected as a prototype.

In the specified method uses the storage medium in which is recorded in the process of manufacture and stored bioinformatica about the user in the form of a fingerprint. The method uses a digital key, which consists of two parts - the code (identification code) and B (ID, a password). Code And is available on the card and in the database devices provide offline resource, and the code B is known only to the user and is available on the card. To confirm the right to use an offline resource, the user dials the number key, and then identify the media code and confirm the right to use offline resource when matching the presented fingerprint of the user with the available media information provided matches the codes a and B required.

The use of fingerprints for wide application in real operating conditions (dust, pollution, hands, etc.) not very efficiently and reliably. The reliability of its slightly above analogues. The cost of implementation of the method is significantly higher analogues, using only the ID code is code and password.

1. The way the prototype is fraught with fraud risk as at the time of the individual making the replacement of fingerprints required, and the use of media - copy fingerprint of the user upon presentation of their identification in the offline resource.

This method does not allow for the unification of production media, because it requires bioparameters a specific user.

2. Code And subject to copying (declassification) as well as analogues when forwarding it to test in a Central unit providing an offline resource. Fake code B (it hardware known only in the media) requires depending on the principle of making media knowledge of the topology of the manufacturing media or used in it software, what can be done in both cases on the model of other (real) media. Otherwise, the media should be individualized on the technological principle of production for a specific code B, including topology, which should dramatically increase its value.

3. In the method prototype in the process of bringing media to practical application for the formation of a personal identification code specific floor is the user when reading one or more biometric parameters of the user, the user must dial a certain code (numeric key) which can also be copied to this point. Copied it can be and when withdrawn media user if there is a malicious intent. The same process can be done in the recruitment process Covenant code (digital key) by using the media.

Therefore, if we talk about the attackers at the level that they have access to the Holy of holies, the most protected data from the Central device provisioning or software tools used for the manufacture of information carriers and offline resources, the method prototype for sophisticated attackers is quite vulnerable.

4. If somehow in the way the prototype was able to access the offline resource unauthorized use forged media user in the database device providing resources (Central unit) about it at all won't know until the resource is exhausted or the user. The user can learn about it, only constantly tightly controlling your personal resource that, when random nature of the abuse and small seizures resources, and difficult and burdensome.

5. In the event of unauthorized use spoofed by attackers media inform the tion in the way of the prototype, the user will not be able to prove their innocence to the incident.

6. The vulnerability of the prototype method and other known methods applicable to a given problem is that they leave a long time constant basic data used for validation of the presented media and the rights of their owners, as well as algorithms for processing these data.

To eliminate the mentioned disadvantages of the prototype and other known similar methods and devices to improve reliability (degree) protection against unauthorized access to offline resources, it is suggested to regularly change the identification codes of the media and / or codes of the user's password in accordance with the proposed method, optionally encrypting them on mutable algorithms selected from a population is known, and also checking their validity on the number of requests for offline resources.

To this end, in the most typical use case of the method in each of the Unallocated storage media in the process of manufacture and(or) according to the principle of its operation create (allocate) functional blocks of memory in additional memory space for recording, storing and reading information in the process of making and using media. In the manufacturing process of the storage medium is written in the first memory block fill in the additional memory area, for example, in the General case, a random code (code A) for each of the recording media.

Create and store in the data Bank of the Central device provide offline resource on respective addresses, in the General case, for example, an arbitrary set of transformation algorithms (recovery) this code random code corresponding to these algorithms code. Put in correspondence to each of the transformation algorithm (recovery) codes sign, for example the sequence of the individual number (code), and store them in the appropriate Bank address data.

Choose, for example, randomly for each of the media one of these conversion algorithms (recovery) codes, write the characteristic (code) in the appropriate memory Bank data defined by the code identify the media, record and store ibid converted in accordance with this algorithm transforms (recovery) code random code And recorded in the first block of memory additional memory area of the storage medium during its manufacture.

In the memory banks of all Autonomous system resources memorize and store an arbitrary set of the combination of these conversion algorithms (recovery) codes, as well as their characteristics (codes) along with the corresponding addresses.

Conversion algorithms (recovery) codes can be very diverse. For example, almost all the algorithms of encoding (decoding) digital information is transmitted, the encryption algorithms (interpretation) encoded information for transmission over an insecure communication lines. In the General case this can be a variety of algorithms type of education (recovery) binary code to BCD code and back to code view in unitary form, different types of tabular forms of encoding (decoding) and others.

It should be borne in mind that each of the selectable conversion algorithms (recovery) codes should ensure consistently applying the first transformation code, and then restore the transformed code, the ability to confirm compliance with the original before converting and restored after conversion codes.

Upon presentation in stand-alone resource media check his identification code and the received code password. Under these codes required read from storage media random code And recorded in the first block of memory additional memory, and transmitted to the Central device.

Code identifying the media choose accordingly the plans the medium information memory area of a data Bank of the Central device. Find (sign code) of the conversion algorithm (recovery) codes and the converted value of the random code And the previously recorded in the database of the Central unit, restore this code in accordance with the found transformation algorithm (recovery) codes and verify that the restored code read from the presented media. And only after this form for execution signal allowing access to the offline resource.

To signal the return of the media in the offline resource is produced in the General case, for example, another random code And write it in the first block of memory in additional memory media, chosen arbitrarily from among the previously mentioned conversion algorithms (recovery) code stored in the database offline resource transform in accordance with a random code And recorded in the first block of memory additional memory media, determine the characteristic (code) of the conversion algorithm (recovery) codes and write this sign (the code) and the converted value of the random code And according to the relevant addresses in the data Bank of the Central device providing the resource.

To ensure operation of the proposed method is required when Enate media.

There are various media to identify them on the right use to access offline resources.

Examples applied to similar tasks can serve as information carriers used in the following patents:

1. "The data reader with a card with a magnetic carrier. U.S. patent No. 6189791. IPC: G06K 7/08, G06K 19/16.

2. The apparatus and method of individualization smart cards". Patent of Russia № 2212707. IPC: G06K 17/00.

3. "Method and apparatus for a system with an identification card, which increases the reliability of access control to resources of the computer". German patent No. 10056135. IPC: G06F 12/14

4. "Method and device for performing banking operations through an authorized service center using portable data carrier". German patent No. 10053898. IPC: G06F 17/60, G06F 19/00.

These media have a memory, in which during manufacturing or when preparing to use enter and store the identification code that distinguishes this media information from others and remains constant at all time use this media. This is the main disadvantage of these media, as they can be relatively easily altered after unauthorized copying an identification code, for example, from the communication line through which he passed.

Wear the ü information used in the patent of Russia № 2212707. IPC: G06K 17/00, can be considered as the closest analogue and selected as a prototype.

In this media put the chip module, in whose memory write in the manufacture of the corresponding identification code and store it in use. Moreover, the chip module is provided with means for initializing the storage medium prior to its use, which increases protection from unauthorized access to offline resources.

However, the identification code, and the software (algorithms) initializing media remain unchanged in the course of its operation, and the other (real) media with other code identification readily available to criminals. Therefore, the code sequence, providing work for the use of such media can be copied from the database, which reduces the reliability and security of the use of such media.

To solve the problem of increasing the reliability (degree) protection against unauthorized access to offline resources prompted to enter in the information carrier of the functional blocks of memory in additional memory area for recording additional operational information for identification is the La information with regard to the transfer of this information to be used including for verification of the operation of the communication lines.

Proposed the use of the information carrier contains functional blocks of memory in additional memory area of the storage medium for recording, storing and reading the codes used for the production of media, and in the process of its application, the functional blocks of memory media when placing the medium in the reader offline resource is available for read and write these codes are non-volatile, that is, stores the captured information indefinitely with no power.

Additional memory media may have several, depending on the variant of the method, the functional blocks of memory for recording operational information when accessing offline resources that determines the features of the device to provide access to independent resources, including identification media in subsequent requests to offline resources: the first block of memory for additional codes to identify the media (random codes), the second memory block for signs of indie is idealny identification codes (code B) the third block of memory for the converted values of the random codes And conversion algorithms (recovery) codes from one form to another, the fourth block of memory for individual features (codes) of the conversion algorithms (recovery) codes a and B, the fifth memory block is converted to individual codes B when using one of these conversion algorithms (recovery) codes, the sixth block of memory for numbers of variants of sets of individual codes, B, selected from the set valid, the seventh block of memory for sequences of different codes for this medium of information used to verify and validate this media when the number of the last successful requests for access to offline resources, the eighth memory block for arbitrary codes and / or any other information. These memory blocks are used not only to record additional codes for the identification of the actual media, but to write code that alter the algorithms themselves of devices validation of the presented media.

Device for providing access to offline resources reflect the characteristics of the methods that they implement. Examples of such devices may include devices where the availa able scientific C the following patents.

1. "Method and apparatus for a system with an identification card, which increases the reliability of access control to resources of the computer". German patent No. 10056135. IPC: G06F 12/14.

2. "Method and device for performing banking operations through an authorized service center using portable data carrier". German patent No. 10053898. IPC: G06F 17/60, G06F 19/00.

3. The apparatus and method of individualization smart cards". Patent of Russia № 2212707. IPC: G06K 17/00.

As the closest analogue and prototype for the proposed device, the selected device shown in the patent of Russia № 2212707.

This unit has first and second devices, one of which (the first) can be considered as a stand-alone resource, and the second - as the Central device. The media information is presented to the first device, with the set of corresponding relationship between the first and second device and second device with the media, next is the identification of the media and its initialization.

The specified device, as well as other analogues, has the same drawbacks as the way that they implement, noted earlier: lack of protection from unauthorized access due to the constancy of the identifying code, media, and algorithms implement the method.

To improve reliability and, the level of protection from unauthorized access to offline device resources to verify eligibility for access to offline resources that implements the proposed method and using the proposed media containing the appropriate addresses in the data Bank of the Central device provide offline resource additional six functional blocks of memory: for storing conversion algorithms (recovery) codes (the third block data Bank), to store the individual characteristics of these algorithms (fourth block)for storing for each of the media characteristics of the selected conversion algorithms (recovery) codes and transformed in accordance with these conversion algorithms (recovery) codes codes transferred from offline resources when checking media (fifth block), for storing the sequence of codes transmitted for each of the media when the number of previous calls to offline resources (sixth block)for storing individual signs codes identify the media among others for the same media (seventh unit)to store individual signs code of the password the media among others for the same novtel the information (the eighth block) and each Autonomous resource contains additionally connected to the information-processing device three functional block of memory: for storage (in the first block) of an arbitrary set of transformation algorithms (recovery) codes from the set of transformation algorithms (recovery) code stored in the third memory block in the data Bank of the Central device for storage in the second block) individual characteristics of these conversion algorithms (recovery) codes for storage (in the third block) options of the set of individual characteristics identification codes, each Autonomous resource contains device write/read codes for recording on the storage medium and reading all codes from the storage medium connected to the information-processing device offline resource.

Method, device and media information on the proposed method is examined on the basis of the drawing, attached to the description.

The drawing shows one of the possible devices implement the method on the example of one media and one offline resource.

The drawing shows a Central device 1 device to confirm the right to access offline resources, offline resource 2, carrier 3, line 4, communication between the Central us what device 1 and the Autonomous resource 2.

The carrier 3 includes the first region 5 a memory for storing an identification code of the carrier 3, which is written in the memory during the manufacturing process. Media 3 information also contains the second (optional) region 6 of the memory to write codes in the manufacture of storage media or after submission of offline resource 2. These codes are necessary for ensuring access to independent resources 2 on the next invocation.

Autonomous resource 2 contains the device 7 read codes first region 5 of the memory media 3, device 8 for a set of code of the password and the device 9 information processing offline resource 2. The block 10 to the read/write code provides the account codes in the additional region 6 of the memory media 3 information after granting of Autonomous resource 2 and read codes from this area. The device 11 of the reception/transmission is connected to the communication line 4. In the General case, depending on the implementation of the blocks 7 and 10 can be made in the form of a single device.

In each Autonomous resource 2 has a data Bank that includes the first unit 12 to the memory that stores the conversion algorithms (recovery) codes from the set of transformation algorithms (recovery) codes known to the Central device 1, the second block 13 memory for storing priznaki the conversion algorithms (recovery) codes for the differences between these algorithms with each other (the code), and the third block memory 14 for storing individual signs (code B) different valid codes for the identification of one of the carrier 3 information.

In the General case, the memory blocks 12, 13 and 14 can be allocated to the respective addresses of the same memory block.

The Central device 1 includes Bank 15 data maintained computer system 16. Bank 15 data Central unit 1 contains the first block 17 memory for storing at respective addresses, codes for the identification of all of the media 3, the second block 18 memory for storing corresponding to those codes, identification codes, passwords, the third block 19 memory for storing conversion algorithms (recovery) codes from one form to another, the fourth block 20 memory for storing individual signs (codes), such as sequence numbers, these conversion algorithms (recovery) codes, the fifth block 21 memory for storing for each carrier 3 information code for the selected conversion algorithms (recovery) codes and transformed in accordance with these algorithms transmitted from offline resources 2 codes when checking the carrier 3, the sixth unit 22 of the memory for storing sequences transmitted for each of the carriers 3 information codes when the number of previous calls to offline resources the seventh block 23 memory for storing individual signs (codes B) to highlight specific identifying code for the media 3 information among other identification codes that are valid for the same carrier 3, the eighth block memory 24 for storing individual signs (code G) code-specific password for the media 3 information among other codes password that is valid for that same media 3 information.

Separation Bank 15 data blocks is functional.

The Central device 1 also includes a device 25 of the reception/transmission is connected to the communication line 4.

Additional area 6 memory media 3 contains several functional blocks of memory, the amount of which depends on the chosen variant of the method for confirmation of the right to access offline resources.

In the General case, the additional region 6 of the memory media 3 information contains the following memory blocks: the first block memory 26 for additional codes to identify the carrier 3 information (codes A), the second block 27 memory for individual features (codes B) these codes identify the third block 28 memory for the converted code values And conversion algorithms (recovery) codes from one form to another, the fourth block 29 memory for the individual who signs (codes) of the conversion algorithms (recovery) codes, used to convert the codes And the fifth block 30 memory for the converted code B when using one of these conversion algorithms (recovery) codes, the sixth block 31 memory for numbers of variants of the B code sets chosen from the set valid, the seventh block 32 memory for sequences of different codes for the media 3 information used to validate and confirm the accuracy of the carrier 3 when the number of the last successful requests for access to offline resources 2, the eighth block 33 memory for arbitrary codes and / or any other information.

Software of computer system 16, device 9, the information processing offline resources 2 and other units and units of the device shape is realized by traditional means.

The Central device 1 providing resources and Autonomous resource 2 in the General case of geographically dispersed.

Without taking into account the differences of the present proposal, the operation of the device of figures is as follows.

For eligibility for access to offline resources 2 a certain number of persons are made corresponding to the number of persons impersonal media 3, in each of which is in the process of making record and store unavailable to others in what erway region 5 memory media 3 information of its individual identification code, distinguishing this media 3 information from all the rest. Then, each of the carriers 3 information put in line, in the General case, randomly, code password on the right to use this medium 3 information.

In Bank 15 data Central unit 1 providing resources in blocks 17 and 18 of the memory allocated for each carrier 3 information corresponding addresses, where record and store each identification code and the corresponding code password.

Each person has the right to access offline resources 2, issue in the General case of arbitrarily selected media 3 information and unopened - relevant code, password, not available for reading it to anyone, anyway to use this code, password specified person in the prescribed manner. In unit 7 reading offline resource 2 reads the identification code of the presented carrier 3 of the first region 5 of the memory. The device 9 information processing takes this code and through the device 11 of the transmission/reception sends it to the communication line 4. The device 25 to transmit/receive the Central unit 1 is connected to the computing center 16. Take line 4 connection through the device 25 of the transmission/reception identification code carrier 3 information. Computer system 16 checks for the E. this code in block 17 of the memory Bank 15 data. In accordance identifying code, computer system 16 passes through line 4 to the connection confirmation signal. In response to this signal, the user enters through the device 8 for a set of code password corresponding code password that is also, in General, is transmitted to the Central unit 1. Computer system 16 checks the existence of such a code the password in block 18 of the memory Bank 15 data for the corresponding identification code of the carrier 3. Under code password computer system 16 sends the corresponding Autonomous resource 2 signal with the required data for authorization of the right of access to offline resources 2. After the implementation of user access rights to a stand-alone resource 2 device 9 information processing offline resource 2 generates a signal to return the carrier 3 information.

1. The operation of the device of figures with regard to the present proposal is carried out, starting from a certain moment, otherwise. Below is the beginning of the description of the operation of the device for the most typical variant of the method, and then for possible variants of the method.

First of all, in each of impersonal media 3 information in the manufacturing process create additional region 6 memory recording (overwriting), read and store information from this area as in process technology the manufacture of the carrier, and when you use it to access offline resources 2. In this additional area 6 memory functionally isolated in the General case of the blocks 26, 27, 28, 29, 30, 31, 32, 33 memory. In the manufacturing process of the carrier 3 of the information written in the block memory 26, for example in the General case, a random code (code A) for each medium 3 information.

Create and store in block 19 of the memory Bank 15 data Central unit 1 to the respective addresses, in the General case, for example, an arbitrary set of transformation algorithms (recovery) this code random code And the correct code algorithms. Put in correspondence to each of the transformation algorithm (recovery) codes an individual characteristic, such as the sequence number of this algorithm (the code). Write these codes In the respective addresses in the block 20 memory Bank 15 data Central unit 1.

In this case, each memory Bank 15 data Central unit 1 conversion algorithms (recovery) codes chosen from among those that provide consistently applying the first transformation code, and then restore the transformed code, the ability to confirm compliance with the original before converting and restored after conversion codes.

Choose, for example, by random law is in each medium 3 information one of these conversion algorithms (recovery) codes, write its individual characteristic (code) in block 21 of the memory Bank 15 data and stored in the block 21 memory at the corresponding address converted in accordance with this algorithm random code And recorded in block memory 26 additional region 6 of the memory media 3 information in the process of its manufacture.

In blocks 12 to the memory of all offline resources 2 remember and store an arbitrary set of the combination of these conversion algorithms (recovery) codes and their individual characteristics (codes) - in blocks 13 memory offline resources 2 for the relevant addresses. In block 14 of the memory offline resources 2 store individual characteristics (codes B) codes for the identification, valid for one carrier 3 information.

Read offline resources 2 identification code presented to the carrier 3 of the first region 5 of the memory identification codes. At the Central unit 1 to determine compliance with an identification code recorded in block 17 of the memory Bank 15 data. Then enter and verify the conformity of the dialed code password the same media 3 information value stored in block 18 of the memory Bank 15 data for the corresponding identification code of the media 3. After that, in contrast to known devices, the enable signal read from the medium 3 cases is any code And, written in the block memory 26 additional region 6 of the memory media 3 information in its manufacture. Code identifying the carrier 3 information choose appropriate media 3 address information in block 21 of the memory Bank 15 data, find the appropriate individual (sign code) of the conversion algorithm (recovery) codes, read the converted value of the random code And the previously recorded in the block 21 memory Bank 15 data Central unit 1 (in the manufacture of the carrier 3 or the process of its use), restore this code in accordance with the found transformation algorithm (recovery) codes and verify compliance with this code read from the storage media 3 information. And only after this form for execution signal allowing access to the offline resource 2.

After using offline resource 2, to signal the return of the carrier 3, in the offline resource 2, in the General case, for example, randomly generate another random code And write it using the block 10 to the read/write codes in block memory 26 additional region 6 of the memory media 3 information. Choose random from among the previously mentioned conversion algorithms (recovery) code stored in the memory block 12 Autonomous resource, convert in accordance with this other random code And of the code)that is stored in block memory 26 in the additional region 6 of the memory media 3 information, determine an individual characteristic (code) of the conversion algorithm (recovery) codes and write this sign and the converted value of the other random code And the corresponding addresses in the block 21 memory Bank 15 data Central unit 1.

The next time you visit any of Autonomous resources 2 cycle validation code identifying the carrier 3 information, code, password and a code block memory 26 additional region 6 of the memory media 3 information is repeated. But if the code identification code and password in this embodiment, operation of the device remained unchanged, in block memory 26 additional region 6 of the memory media 3 information recorded new random code And the previous appeal to the offline resource 2. The code In the transform algorithm (recovery) codes for subsequent decrypt (recovery) and converted in accordance with the meaning of the code (the code) were sent offline resource 2 in block 21 of the memory of the Central unit 1 in the previous appeal to the offline resource 2.

In the considered variant of the method when the current successful access of the Autonomous Republic of the RSU 2 in the offline resource 2 in block memory 26 in the additional region 6 of the memory media 3 information was recorded random code And, and on channel 4 communication as less secure, Central unit 1 was sent transformed (encrypted) value of this random code and information (code) to define the transform algorithm (recovery) codes for subsequent recovery of this random code And in the Central unit 1 the next time you access the offline resources 2 on the basis of this media 3 information. The line read from the media 3 information and reconstructed values of the random code And is one of the necessary conditions for the adoption of the decision on granting access to the offline resource 2 based on the presented media 3 information.

Conversion algorithms (recovery) codes can be very diverse. For example, almost all the algorithms of encoding (decoding) digital information is transmitted, the encryption algorithms (interpretation) encoded information for transmission over an insecure communication lines. In the General case this can be a variety of other algorithms type conversion (recovery) binary code to BCD code and back to code view in unitary form, different types of tabular forms of encoding (decoding) and others.

However, as previously noted, each of the selectable the conversion algorithms (recovery) codes should ensure consistently applying the first conversion code and then restore the transformed code, the ability to confirm compliance with the original before converting and restored after conversion codes.

The work of the same proposed device is shown in the drawing, may be varied, as mentioned above, to implement various use cases of the proposed method.

2. In this most simple version of the method for each carrier 3 remember and keep in block 21 of the memory Bank 15 data Central unit 1 to the respective addresses of the untransformed random code A, and the random code And the form in which it is stored in block memory 26 additional region 6 of the memory media 3 information in the manufacturing process.

After the verification of an identification code, the dialed code password presented media 3 information required values read from the media 3 random code And inscribed in block memory 26 additional region 6 of the memory media 3 information in its manufacture code identifying the carrier 3 information choose appropriate media 3 address information in the memory block 21, find the corresponding value of the random code And the carrier 3 of the information previously recorded in the Bank 15 data Central device is tion 1 (in the manufacture of the carrier 3 or the process of its use), and check the compliance of this random code And read from media 3 information. And only after this form for execution signal allowing access to the offline resource 2.

If successful, the resource 2, to signal the return of the carrier 3, in the offline resource 2, in the General case, for example, randomly generate another random code And write it using the block 10 to the read/write codes in block memory 26 additional region 6 of the memory media 3 information and send to the Central unit 1 to record on the relevant addresses in block 21 of the memory Bank 15 data.

The next time you access the offline resource 2 in any of Autonomous resources 2 cycle validation code identifying the carrier 3 information, code, password and a random code And block memory 26 is repeated. But if the code identification code and password in this embodiment, description of the operation of the device remained unchanged, in block memory 26 additional region 6 of the memory media 3 information is again recorded as the first variant of the method, another new random code And the previous reference to offline resources 2.

In the considered variant of the method, at the current successful access to offline resource 2, in the offline resource 2 in block 26 of the additional memory is Noah region 6 of the memory media 3 and the block 21 memory Bank 15 data was recorded the same, without using any transformation algorithms (recovery) of the code, random code A.

3. As with scenario 1, after use offline resource 2, to signal the return of the carrier 3, in the offline resource 2 generate random code A. Choose the transform algorithm (recovery) this random code And the number of conversion algorithms (recovery) code stored in the memory block 12 Autonomous resource 2. Convert in accordance with this algorithm generated random code and writes the converted value of this random code And the block 28 additional memory region 6 of the memory media 3 information. Determine in block 13 of the memory Bank data offline resources 2 for the relevant addresses individual characteristic (code) of the conversion algorithm (recovery) codes and only the symptom of record on the relevant addresses in block 21 of the memory Bank 15 data Central unit 1. Unlike the previous option 1 how this transformation algorithm (recovery) codes may not be selected randomly from the entire set of transformation algorithms (recovery) codes that are valid for use in embodiment 1 of the method. In this embodiment 3 ways this transformation algorithm (recovery) codes the debtor shall be selected from among those which contain the validation criteria specified in condition that must be met for the restored using this transformation algorithm (recovery) code specified random code And in the Central unit 1 in the following referring to offline resources 2 on the basis of this media 3 information.

The next time you access the offline resource 2 code unit 28 additional memory region 6 of the memory media 3 information read and restore in accordance with a conversion algorithm (recovery) of the code, an individual characteristic (code) which was transferred to the Central unit 1 in the previous appeal to the offline resource 2. The restored value of the random code must satisfy the validation criteria contained in the used transformation algorithm (recovery) codes.

For example, a random code And can be converted and recorded in block 28 of the memory in the form of a code consisting of two parts: one of these parts as addition, his unit, and the second as the difference with the number two. After reading from media 3 information transformed random code and restore it to the Central unit 1 restored the two parts of the code must satisfy the validation criteria conditions of this transformation algorithm (restored is I) codes, for example to be equal to each other, to conform to a specific formula dependence among themselves or to other conditions.

In the considered variant of the method, at the current successful access to offline resource 2, in the offline resource 2 in block 28 of the additional memory region 6 of the memory media 3 information was recorded is not itself a random code And it converted, in accordance with the selected conversion algorithm (recovery) code value. The communication line 4, less protected, and the Central unit 1 was sent for storage in the memory block 21 only individual characteristic (code) of the conversion algorithm (recovery) code for subsequent determination of the reconstruction algorithm of the transformed random code And read with the submitted media 3 information the next time you access the offline resources 2.

According reconstructed values of this random code And the validation criteria of the conditions specified in the transform algorithm (recovery) codes, is one of the necessary conditions for the adoption of the decision on granting the right of access to offline resource 2 on the basis of this media 3 information. The necessity of choosing a special transformation algorithm (recovery) codes, not arbitrary from a population used the s option 1 way defined by the absence of this variant of the method, the values of the checked code in Bank 15 data Central unit 1, as it had not been sent. The condition check is proof of conformity read from media 3 information code original carrier 3 information.

4. In version 3 of the way after use offline resource 2, generate a random code And convert it according to the selected conversion algorithm (recovery) of the code define individual characteristic (code) this transformation algorithm (recovery) codes and write in block 28 of memory in additional memory area 6 of the carrier 3 information converted value of the random code And, as in block 29 of the memory - code shown In algorithm transform (recovery) codes. In line 4 connection no information to be recorded in the Bank 15 data Central unit 1, including the address of the memory block 21 in the current session of access to offline resource 2, not send.

The next time you access the offline resource 2 reads the transformed random code And the block 28 additional memory region 6 of the memory media 3 and the Central device 1 restore this random code in accordance with a conversion algorithm (recovery) of the code, an individual p is Iznik (code) recorded on the carrier 3 in block 29 of the memory. To do this, read the code from the block 29 of the memory media 3, define a transformation algorithm (recovery) codes corresponding to the address unit 19 memory Bank 15 data Central unit 1. The restored value of the random code And should, as in option 3 ways to satisfy the validation criteria of the conditions contained in the used transformation algorithm (recovery) codes.

This variant of the method is compared with the previous more protected from unauthorized use, as in the current appeal to the offline resource 2 through line 4 connection to the Central unit 1, according to the distinctive features of this variant of the method, do not send additional information that can be used to identify media 3 information the next time you access the offline resources 2.

5. In version 4 of the way after use offline resource 2, generate a random code And convert it according to the selected conversion algorithm (recovery) codes, write in block 28 of the additional memory region 6 of the memory media 3 information of the converted value of the random code And, as in block 29 of the same memory region 6 memory recording individual characteristic (code) of the conversion algorithm (restore what means) codes and send to the communication line 4 corresponding to the address of the block 21 memory Bank 15 data Central unit 1 individual characteristic (code) of the selected conversion algorithm (recovery) codes.

The next time you access the offline resource 2 read and restore in accordance with a conversion algorithm (recovery) codes the converted value of the random code And recorded in block 28 of the additional memory region 6 of the memory media 3 information. It must satisfy the validation criteria of the conditions contained in the used transformation algorithm (recovery) codes. Additionally check presented in the media 3 information under individual characteristic (code) of the conversion algorithm (recovery codes)recorded in block 29 of the additional memory region 6 of the memory media 3 information, and in block 21 of the memory Bank 15 data Central unit 1 obtained at the previous address to offline resources on this media.

In this embodiment of the method further verification of the compliance characteristic of the conversion algorithm (recovery) codes required for the media 3 information. Option is a compromise, because, on the one hand, individual characteristic (code) of the conversion algorithm (recovery) code is transmitted via the communication line 4, but on the other, is controlled by the carrier 3 information on the availability of the required characteristic of the conversion algorithm (code).

6. In each of the impersonal is the lei 3 information in the manufacturing process in block memory 26 additional region 6 of the memory media 3 information to be recorded and stored, and for example, the same number of different additional individual codes for the identification of the carrier 3, each of which is distinguished by the carrier 3 from the rest. One of these codes is defined as the base.

Each code identify the same media 3 assign a personal characteristic (code B), which distinguishes this identification code among other valid codes for the identification of the carrier 3, as well as, for example, the same code password for all codes identify the carrier 3 information on use of this media 3 information under any of the codes for the identification of the media 3 information.

Individual characteristics (codes B) codes for the identification of the same carrier 3 is chosen from a fixed variants code set B from the set of valid codes for the identification of signs for all media 3 information. In General (simplest) case, the number of different identification codes for each carrier 3 and option set valid for individual characteristics (codes B) coincides with the set of valid and is the same for all carriers 3 information.

In block 27 of the additional memory area 6 of the carrier 3 of the information recording individual sign code B) identifying code, defined as the base for the carrier 3, and, if necessary, fixed to the carrier 3 version of the code set B of collectively valid.

Record and store in block 17 of the memory Bank 15 data Central unit 1 to the respective addresses all the codes identify the carrier 3 information (or algorithmic determination sequence of their base). Record and store the corresponding code password carrier 3 in block 18 of the memory Bank 15 data, and individual signs signs (codes B) a valid identification codes in block 23 of the memory Bank 15 data.

In blocks 14 to the memory of all offline resources 2 memorize and store the set of admissible individual signs (codes B) identification codes for all media 3, and, if necessary, fixed variants of sets of these individual characteristics identification codes.

In any stand-alone resource 2 read using the block 10 to the read/write codes with the submitted media 3 information from the additional region 6 of the memory-stored personal characteristic (code B) basic identifying code. Unit 7 or unit 10 for recording/read codes read from the storage media 3 information corresponding to the base identification code of the nose is the body 3 and together with the individual characteristic (code B) send a check to the Central unit 1. Checks if the identification code and the individual code B values stored in blocks 17 and 23 of the memory Bank 15 data Central unit 1, and their correspondence with each other. When the shape signal allowing access to the offline resource 2.

After using offline resource 2, to signal the return of the carrier 3 shown his face and in the General case, for example, randomly, in the offline resource 2 choose from among valid for this media 3 new individual characteristic (code B) identifying code in the block memory 14, and writes this individual characteristic (code B) in block 27 of the additional memory region 6 of the memory media 3 information. Previously, if you read from the memory block 31 additional region 6 of the memory media 3 information number of his fixed version of the set of valid individual signs (codes B) identification codes to determine the appropriate address in the memory unit 14.

The next time you access any of Autonomous resources 2 cycle validation code identifying the carrier 3 information, code, password and individual code B read from the memory block 27 additional region 6 of the memory media 3 information is repeated. But if the code is the password in this embodiment, described the project for the operation of the device remained unchanged, in block 27 of the additional memory region 6 of the memory media 3 information recorded in the new code in the previous appeal to the offline resource 2, individual characteristic (code B) code for identification, select the next use of this media 3 information for offline resources 2.

When the request for access to offline resources 2 on this media 3 information from the block 27 of the additional memory region 6 of the memory media 3 information will be a matter of individual characteristic (code B) other recorded media 3 information in its manufacture, identifying code, in accordance with the modified during the previous appeal to the offline resource 2 individual characteristic (code B) and the corresponding record in block 27 of the additional memory region 6 of the memory media 3 information.

In the Central device 1 will be checked against the required given a new identification code carrier 3, an individual characteristic (code B) of this code identification, as well as their conformity with one another.

This is the simplest method for the case of multiple identification codes for each carrier 3 information. Each time when accessing offline resources 2 is selected identification code that is different from the selected at previous successful access to offline the resource 2. Thus what the identification code is selected the next time you access the offline resources 2, is set when the previous successful access to offline resources 2 account in the offline resource 2 in block 27 of the additional memory region 6 of the memory media 3 information relevant individual characteristic (code B) of this code identification.

In the current session of access to offline resource 2 through line 4 connection to the Central unit 1, according to the distinctive features of this variant of the method, do not send additional information that can be used to identify media 3 information the next time you access the offline resources 2.

7. In version 6 of the way after use offline resource 2, to signal the return of the carrier 3 shown his face, record a new individual characteristic (code B) identifying code in block 27 of the additional memory region 6 of the memory media 3, the same individual characteristic (code B) identifying code write to the appropriate address in block 23 of the memory Bank 15 data Central unit 1.

When the request for access to offline resources 2 on this media 3 information from the block 27 of the additional memory region 6 of the memory media 3 information read individual at the NAC (code B) other, recorded at media 3 information in its manufacture, identifying code, in accordance with the modified during the previous appeal to offline resources 2 individual characteristic (code B) and the corresponding record in block 27 of the additional memory region 6 of the memory media 3 information.

At the Central unit 1 test a new identification code carrier 3, its individual characteristic (code B), and compliance with individual characteristic (code B)read from the carrier 3 and stored in the Bank 15 data memory block 23 of the Central unit 1.

This variant of the method makes it possible to check the compliance of the carrier 3 information required code identification, and not arbitrary, though valid, which can be specified when attempting to counterfeit media 3 information for unauthorized access to offline resources 2.

8. In addition to versions 6 and 7 of the method, after the successful completion of access to offline resource 2 and record another individual code B in block 27 of the additional memory region 6 of the memory media 3, choose random from among the previously mentioned conversion algorithms (recovery) code stored in block 12 of the memory Bank data offline resource 2 transform in accordance with an individual characteristic code (the code identification recorded in the additional region 6 of the memory media 3 information, determine an individual characteristic (code) of the conversion algorithm (recovery) codes and write this code In and the converted value of an individual sign (code B) identifying code for the relevant addresses in block 21 of the memory Bank 15 data Central unit 1.

The next time you access any of Autonomous resources 2 cycle validation code identifying the carrier 3 information, code, password and individual characteristic (code B) of the block 27 of the additional memory region 6 of the memory media 3 information is repeated. But if the code is the password in this embodiment, description of the operation of the device remained unchanged, in block 27 of the additional memory region 6 of the memory media 3 information recorded in the new code in the previous appeal to offline resources 2, individual characteristic (code B) code for identification, select the next use of this media 3 information for offline resources 2. Individual characteristic (code) of the conversion algorithm (recovery) codes to decrypt (recovery) individual characteristic (code B) code identification and transformed (encrypted) is an individual characteristic (code B) sent offline resource 2 in block 21 of the memory of the Central unit 1.

When determining the right to access offline resources 2 on this media 3 information from the block 27 of the additional memory region 6 of the memory will be read individual characteristic (code B) other recorded media 3 information in its manufacture, identifying code, in accordance with the modified during previous treatment for Autonomous resource 2 individual characteristic (code B) and the corresponding record in block 27 of the additional memory region 6 of the memory media 3 information.

In the Central device 1 will be tested a new identification code carrier 3, an individual characteristic (code B) code identification, and compliance with individual characteristic (code B) and restored to its value at the Central unit 1 on the basis of the identifying code, personal characteristic (code) of the conversion algorithm (recovery) codes and found on the basis of the conversion algorithm (recovery) codes.

This variant of the method allows to encode in the transmission line individual characteristic (code B) identifying code that will be used the next time you access the offline resources 2.

9. As in embodiment 6 of the way after use offline resource 2, to signal the return of the carrier 3 in the offline resource 2, choose n the new individual characteristic (code B) code identifying the carrier 3 information in accordance with the characteristics of a variant of the method, as well as the transformation algorithm (recovery) codes from a number of conversion algorithms (recovery) code stored in block 12 of the memory Bank data offline resource 2. This transformation algorithm (recovery) codes should be selected, as in some other embodiments of the method, from among those that contain the validation criteria specified in condition that must be met for the restored using this transformation algorithm (restore) individual codes code B at the Central unit 1 in the following referring to offline resources 2 on the basis of this media 3 information.

Convert in accordance with this algorithm transforms (recovery) codes selected new individual characteristic (code B) identifying code, and writes the converted value to the individual code B in block 30 of the memory, and the corresponding individual identification (ID) of the conversion algorithm (recovery) codes in block 29 of the additional memory region 6 of the memory media 3 information.

In line 4 connection no information to record the addresses of the block 21 memory Bank 15 data Central unit 1 in the current session of access to offline resource 2 does not send.

The next time you access the offline resource 2 read from the block 30 of the memory to anitelea region 6 of the memory media 3 information converted individual code B code identification and from the block 29 individual code In the transform algorithm (recovery) codes. Individual code To find the desired transformation algorithm (recovery) codes, restore in accordance with individual characteristic (code B). The restored value of individual code B must satisfy the validation criteria contained in the used transformation algorithm (recovery) codes. After this tested code B can be used to select the appropriate identification code.

This variant of the method with the implementation of its distinctive features eliminates the need for sending to the communication line 4 when the current address to offline resources 2 additional information that can be used the next time you access the offline resources 2.

10. Option 6 ways in different media 3 information in the manufacturing process in block memory 26 additional region 6 of the memory write and store unequal number of different individual identification codes for different media 3 information. When this individual codes B codes for the identification of each carrier 3 is chosen from a fixed variants code set B of collectively valid for all media 3 information. In block 31 of the additional memory region 6 memory nositela information record number version code set B code identification for the media 3 information. The next time you access the offline resources 2, after the realization of the right of access to offline resource 2, to return the carrier 3, is first read from the memory block 31 additional region 6 of the memory media 3 information recorded there the number of your choice set of individual codes, B of the carrier 3, is determined in accordance with a fixed version of the set of individual codes B codes for the identification for the media 3, randomly selected from a new individual code B and write it in block 27 of the additional region 6 of the memory of the media 3 information.

This variant of the method allows the use of the media 3 information with a different number of valid identification codes for one carrier 3 information. This impersonal media 3 information cease to be the same, the implementation of counterfeiting more difficult, additionally, you may be charging carriers 3, in the General case, the achieved reliability of the use, with increasing number of identification codes.

11. In versions 6-10 way for each carrier 3 periodically in time after the realization of the right of access, to return the carrier 3 information and records of that individual code B in block 27 of the memory or the converted value is in block 30 of the memory in the additional region 6 of the memory media 3, arbitrarily changing individual codes B codes for the identification of fixed for each carrier 3 version of the code set B and(or) the number of option code set B code identification for the media 3 information. This produces corresponding changes in Bank 15 data Central unit 1 and the carrier 3 information on the corresponding host addresses identification codes.

In this embodiment of the method in certain times you can change all or part of the characteristics of individual codes B codes for the identification of carriers 3, which increases the degree of security holders 3 information from fakes, increases the reliability of the device and method for providing access rights to Autonomous resources. This option allows you to change individual codes B only at the moment of access to offline resources 2, including select individual code B for recording or the converted values in the additional region 6 of the memory media 3 information from a new set of these codes.

12. In versions 6-10 way for each carrier 3 information from time to time randomly change individual codes B codes for the identification of each carrier 3 in a fixed version of the code set B and(or) the number of your choice set of the individual to the species B for the media 3 information. This produces corresponding changes in Bank 15 data Central unit 1 and the carrier 3 information on the corresponding host addresses identification codes. Except for changes in Bank 15 data and media 3 information data relating to individual code B or converted to the value recorded for each carrier 3 when the last handle to a stand-alone resource 2.

In this embodiment, the method can be modified fully or partially on individual characteristics (codes B) codes for the identification of carriers 3, but unlike the previous option, this can be done at any time. This option allows you to change individual codes B and not at the time of access to offline resources, but individual codes B (or its converted value and the sign of the transform algorithm (recovery) codes) should be kept constant until the next appeal to the offline resources 2 and the carrier 3, and in the Bank 15 data Central unit 1. This feature extends the reliability of the method and device for its implementation.

13. Options 6-12 method further to improve the reliability of granting access rights to Autonomous resources 2 from the Central unit 1 in accordance with the tvii with the described sequence of operation of the device at any point in time to generate a signal allowing access to the offline resources 2 form requirement and read with the submitted media 3 other information the identification code of the media 3 the information recorded on the media 3 information in its manufacture. Required individual characteristic (code B) code identifying the carrier 3 is produced, for example, in the offline resource 2, or in the Central unit 1. Check the conformity of the new identifying code for the media 3 information required, stored in the Bank 15 data for this individual characteristic (code B).

In this embodiment of the method valid read with the submitted media 3 information identification codes recorded on the media 3 information in its manufacture, arbitrary, and, if necessary, and in the specified sequence.

14. In a variant of the method 6, after checking for compliance with the desired values read from the presented media 3 information from the block 27 of the additional memory region 6 of the memory of an individual sign (code B) and its corresponding base code identification, and if necessary accommodation option code set B code identification recorded in the manufacture of the carrier 3, the Central device 1 sends to the offline resource 2, in the General case, for example, by random dependencies, but without repeating the number of successive calls to offline resources 2 request with another individual priznaki the (code B) code identification from the totality valid for this media 3 information corresponding option code set B code identification. Then read from the media 3 information corresponding to the individual code B code identification, check its compliance identification code recorded in the Bank 15 data Central unit 1 for the specified individual characteristic (code B), and after using relevant person the right of access to offline resource 2 immediately generate the reset signal carrier 3 without the use of additional information on the carrier 3 information.

This method does not require carriers 3 information from the information recording media 3 information in the process of its application.

In this embodiment, the method first base code identification validating carrier 3, determine the version number of the code set B code identification and the validity for this basic code identification. Select from this set the other individual characteristic (code B) identifying code, and read from the presented media 3 other identification code corresponding to this code B.

In this embodiment, the method can be performed in arbitrary sequence of multiple codes identify the carrier 3 information.

15. In embodiments, p.1-14 way some media 3 information put in line the number of different codes passwords. When the identification medium 3 information required to offer a person exercising rights of access to offline resource 2, enter the access code password that is different from the code of the previous password when accessing any of Autonomous resources 2. Enter code password in the sequence is known in advance and for the consumer, and at the Central unit 1. This agreement, of course, provides that the appropriate codes password is not available to familiarize you with them to anyone, in any case, before applying it to the specified person in the prescribed manner.

Check the password required under, and compliance with the code is entered password required order code set passwords on the number of successive calls to offline resources 2 stored in the Bank 15 data Central unit 1. After that, if necessary, continue the test for determining access rights to a stand-alone resource 2.

This variant of the method makes it extremely difficult for unauthorized use of lost carrier 3 information for unskilled attacker.

16. In embodiments 1-14 way some media 3 information set in accordance with several different codes passwords. Each of the codes password for the media 3 information put into correspondence the individual is social sign (code G), which allocates this code password among other codes passwords for the media 3 information. Remember codes passwords each medium 3 information in the memory block 18, and the corresponding individual characteristics (codes G) in block 24 of the memory Bank 15 data Central unit 1. Under the conditions of previous audits presented to the carrier 3 is chosen, in the General case, for example, by random dependencies, but without repeating the number of successive calls to offline resources individual characteristic (code G) code of the password from the block memory 24 and to offer a person exercising rights of access to offline resource 2, enter a corresponding individual code G code password on the basis of the previously concluded agreements on service. This agreement on the service of course also provides that the appropriate codes password is not available to familiarize you with them to anyone, in any case, before applying it to the specified person in the prescribed manner.

Enter the appropriate code in the password and verify its compliance with the set, and then, if necessary, continue the test for determining access rights to a stand-alone resource 2.

This variant of the method makes it extremely difficult for unauthorized use of lost carrier 3 INF is rmacie for any attacker.

17. In embodiments 1-16 method, prior to shipment identification codes and the media password 3 information for verification to the Central unit 1, choose offline resource 2 arbitrary transformation algorithm (recovery) codes from the block 12 memory transform in accordance with the identification code and / or password submitted media 3 information, transmit the converted values of these codes and individual characteristics (codes) used conversion algorithms (recovery) codes to the Central unit 1. Find Bank 15 data at the Central unit 1 individual codes In the appropriate transformation algorithms (recovery) codes and restore in accordance with them, read with the media 3 information identification code and password to verify their compliance with the set.

In this embodiment of the method further transformed (encrypted) transmitted via the communication line 4 identification code and password. In this case the transformation (encryption) these codes are produced by different conversion algorithms (recovery) on each occasion you access offline resources 2. Information to the Central unit 1 about what the transformation algorithm (recovery) codes used, is transmitted also in the transformed (encrypted) form, which is defined in ividually characteristic (code) of the conversion algorithm (recovery) codes.

18. In embodiments 1-17 way, prior to the operation of the device to confirm the right to access offline resources 2 or in any free moments of time, in accordance with a variant of the method, for each media 3 choose an arbitrary transformation algorithm (recovery) codes from the set of transformation algorithms (recovery) codes of block 19 of the memory of the Central unit 1 and transform in accordance with the code (codes) of the password corresponding to the carrier 3. Write down and keep in the Bank 15 data memory block 21 at the respective addresses defined by the code identification of the media 3, instead of the code values of the passwords, the converted values and the corresponding (matching) private (individual) code (codes) of the algorithm (algorithms) conversion (recovery) codes. At this writing the appropriate code values of the passwords in block 18 of the memory is not produced.

When checking in the Central device 1 typed code, password, code identification presented in the offline resource 2 carrier 3 are the corresponding addresses of the memory block 21, restored in accordance with a specific individual code conversion algorithm (recovery) source code of the password and compare it with please take is authorized for the presented media 3 information. After that, if necessary, continue the test for determining access rights to a stand-alone resource 2.

In this embodiment of the method provides additional protection against unauthorised leakage of information about the codes, password, because the codes of the password stored in the transformed (encrypted) form, the conversion algorithms (recovery) codes that can be changed quite arbitrarily in time.

19. In embodiments 1-18 method according to corresponding locations in each of the carriers 3 in block 32 of the additional memory region 6 of the memory media 3 and Bank 15 data memory block 22 of the Central device 1, preserve, for example, a few, in the sequence of their application, the latest applicable codes, used to check and confirm the accuracy of the carrier 3 information for each successful access offline resources 2.

To grant access rights to a stand-alone resource 2 additionally check the conformity of some of the previously recorded and used codes for the media 3 the information stored in the block 32 additional memory region 6 of the memory presented to the carrier 3, and the corresponding codes in the Bank 15 data memory block 22 for the same media 3 information with regard to the used algorithms pre is obrazovaniya (recovery) codes. If necessary, also check the conformity of the sequence of use of these codes.

In this embodiment of the method significantly increases the protection against unauthorized use of the right of access to offline resources 2, as shown the carrier 3 must store some history of its use.

20. In embodiments 1-19 way, after using offline resource 2, before the formation of the reset signal presented to the media 3 information on commands from the Central unit 1 in the offline resource 2 if necessary, make the required volume change data stored in the block 33 of the additional memory region 6 of the memory media 3 information, including(or) write arbitrary code and(or) any other information, including transformed (encrypted) form. In block 22 of the memory Bank 15 data Central unit 1 retain for each carrier 3 information all necessary information about the changes made.

To grant regular access to a standalone resource 2 additionally verify the conformity of the information in the block 33 of the additional memory region 6 of the memory presented to the carrier 3 and the Bank 15 data Central unit 1 to reflect changes made earlier is offline resources 2.

This variant of the method provides opportunities to protect against unauthorized access to offline resources 2.

Additionally, it allows the Central unit 1 via the media 3 additional information to control the operation of Autonomous devices 2.

21. In embodiments 1-20 way to signal the return of the carrier 3 shown his face, in the General case, for example, randomly select, for example, at the Central unit 1 additional identification code from among valid and write this code identification and the corresponding individual code B for the media 3 respectively in the blocks 26 and 27 additional memory region 6 of the memory of the media 3. In addition, in the same block 26 memory record label, for example, in the appropriate category of the new identifying code that the identification code is modified. Choose random from among the known conversion algorithm (recovery) codes transform in accordance with the identification code from the block memory 26 and(or) corresponding to the individual code B from the block 27 of the additional memory region 6 of the memory media 3 information. Define private code In the transform algorithm (recovery) codes and record this individual code, transformed the broken off values identifying code, and the corresponding individual code B in block 21 of the memory Bank 15 data corresponding to the addresses, define additional code identifying the carrier 3 and / or the base ID code recorded in the media 3 information in its manufacture.

The next time you access the offline resource 2 matching identification code carrier 3 information to determine the presence of the label in the corresponding digit identifying code, found in Bank 15 data of the individual code, and according to it the transformation algorithm (recovery) codes. Restore from Bank 15 data required the identification code and the corresponding individual code B and check their conformity to read with the submitted media 3 information.

This variant of the method can further check the reliability requirements to access offline resources 2 for the media 3 information.

22. In embodiments 1-20 way to signal the return of the carrier 3 shown his face, in the General case, for example, randomly choose additional identification code from among valid and write this code identification and the corresponding individual code B for the media 3 in the Bank 15 data corresponding to the addresses that you define additional code identification. Choose any of the numbers from the local transform algorithm (recovery) codes, transform in accordance with an additional identification code and(or) corresponding to the individual code B, recorded in the Bank 15 data, and write in the additional region 6 of the memory of the media 3 information: the converted value identifying code in block 28 of the memory, the converted value of individual code B - in unit 30 memory, individual code used In the transformation algorithm (recovery) codes in block 29 of the memory, and the blocks 28 and(or) 30 memory in the appropriate category of the converted additional identification code and(or) corresponding to the individual code B label that the identification code is modified. The next time you access the offline resource 2 label determines that the identification code has been modified, read, filed with the carrier 3 with the individual code, find it appropriate transformation algorithm (recovery) codes read from the storage media 3 information corresponding to the converted additional identification code and the corresponding transformed individual code B, restore them and verify compliance recorded in the Bank 15 data Central unit 1 in the previous appeal to offline resources 2.

This variant of the method allows not only advanced are controlled in order to regulate the reliability requirements to access offline resources 2 for the media 3, but to show additional identification code, if it is defined from the Central unit 1, line 4 communication in the transformed (encrypted) form.

23. For use in the device proposed method can be chosen rather arbitrary combination of ways. For example, any option 1-5 method can be applied together with any option 6-10 way. And each of these combinations of variants of the method can be applied with almost any of the options 11-22 way or combinations thereof. The sequence of use and the amount borrowed distinctive features of the variants of the method can be quite arbitrary. Valid and some other combinations of realization of the given options. The only limitation is the requirement, which used variants of the method should not be mutually exclusive and do not contradict each other. However, in all combinations of variants of the method must first be selected or defined by the identification code of the presented media.

As an illustration, may be considered, for example, a variant of the method that uses both the features of device versions 7, 2, 16 and 19 above description of the variants of the method.

In accordance with option 7 STRs is both after using offline resource 2, to signal the return of the carrier 3 shown his face, record a new individual characteristic (code B) identifying code in block 27 of the additional memory region 6 of the memory media 3, this individual characteristic (code B) identifying code was written at the corresponding address in block 23 of the memory Bank 15 data Central unit 1.

In accordance with option 2 of the method, after using offline resource 2, to signal the return of the carrier 3, in the offline resource 2, in the General case, for example, randomly, was generated random code that was written using block 10 to the read/write codes in block memory 26 additional region 6 of the memory media 3 and the corresponding addresses in the block 21 memory Bank 15 data Central unit 1.

In accordance with option 19 method according to the appropriate address for each media 3 information in block 32 of the additional memory region 6, a memory Bank 15 data memory block 22, remain in the sequence of their use, for example, the last five random codes And (An, An-1, An-2, An-3, An-4) and three individual code B (BP, BP-1, BP-2), updated (shift) whenever another successful access to offline resources 2. Using the two media 3 information number of references to offline resources 2, insufficient to accumulate a given number of codes stored in the sequence is taken into account by the software for a given carrier 3 information.

The next time you access the offline resources 2 in accordance with option 7 ways read with the submitted media 3 information from the block 27 of the additional memory region 6 of the memory of the individual characteristic (code B) identifying code, and then the corresponding identification code of the carrier 3. In the Central device 1 checks if the identification code carrier 3 individual basis (code B) for the carrier 3, and the line read from the media 3 information code identification code identification in the Bank 15 data for the media 3 information and code B code B for the same carrier 3 in block 23 of the memory Bank 15 data Central unit 1.

After that, in accordance with option 2 method reads from the same carrier 3 information from the block memory 26 additional region 6 memory random code A. Verify that it complies with the random code And the same carrier 3 information in the Bank 15 data.

Then, in accordance with option 16 way in the Central device 1 selects individual characteristic (code G) code of the password from the block memory 24 and offer the person implementing the right of access to offline resource 2, enter a corresponding individual code G code password.

After entering a valid code password check its compliance required in the Bank 15 data.

Further in accordance with option 19 way to provide ongoing access to offline resource 2 additionally, for example, in an arbitrary sequence check on this media 3 information under the last five random codes A (An, An-1, An-2, An-3, An-4) and the last three individual codes B (BP, BP-1, BP-2), stored in block 32 of the additional memory region 6 of the memory media 3 and unit 22 of the memory Bank 15 data Central device 1 according to the results of previous calls to offline resources 2, where An and BP is the last value of the relevant codes recorded in the last successful session access offline resources 2.

And only after this form the signal allowing access to the offline resource 2.

After a successful offline resource 2, to signal the return of the carrier 3 formations present it to the person perform the necessary preparatory steps to ensure that the next successful access to offline resources 2 using this media 3 information.

In accordance with vari is Tom 7 ways new individual characteristic (code B) identifying code write in block 27 of the additional memory region 6 of the memory media 3 and to the appropriate address in block 23 of the memory Bank 15 data Central device 1.

In accordance with option 2 another way random code And write in block memory 26 additional region 6 of the memory media 3 and the block 21 memory Bank 15 data Central unit 1.

In accordance with option 16 way no actions are necessary.

In accordance with option 19 way for the media 3 information on the corresponding address block 32 additional memory region 6, a memory Bank 15 data in block 22 of the memory retain last five random codes A (An, An-1, An-2, An-3, An-4) and the last three code B (BP, BP-1, BP-2), where An and BP is the last code values recorded successful in the current session of access to offline resources.

After completing the steps in the preparation of the possibilities of the next successful access to offline resources 2, in the General case they can be performed in arbitrary sequence, form the reset signal presented to the media 3 information.

Shown in the drawing the device for use by the proposed method is one possible. However, it provides any combination of these variants of the proposed method. In each case the application of some elements (blocks) this device may not appear in accordance with the characteristics of the work are used variations the Tobit method (according to the description of their work) and depending on the aggregate borrowed distinctive characteristics of the respective options.

In the above example, the device may be missing, in particular, blocks 12, 13, 19, 20, 21, 28, 29, 30, 33, so as not to use variants of the method with conversion codes when sending them over the communication line 4. Additionally, the carrier 3 may not include the first area 5 memory codes for identification in connection with the fact that the identification code carrier 3 (one possible) is read from the block memory 26 additional region 6 of the memory of the media 3 information.

Possibility of technical realization of the proposed device is derived from available sources of information, including descriptions of these patents analogues.

When working on the proposed method in the device provided is sufficiently high for reliable identification of the carrier 3 and the degree of protection from unauthorized access.

This is achieved by the fact that the transmitted along the line 4 communication identification code, password and other used for decision-making on granting the right of access to offline resources 2, can be with each subsequent transfer is different. While these changes are produced by the transformation algorithms (recovery) codes known to the extremely limited number of highly qualified specialists software developers. But even they are real is not able to track operational in time to help attackers use spoofed carrier 3, because each time when accessing offline resources 2 specific transformation algorithm (recovery) codes selected hardware by way of a large set of transformation algorithms (recovery) codes, in General, randomly.

Information needed when you next access the offline resources 2 is not passed fully on line 4 Central communication device 1 and the Autonomous resource 2 in the current session of granting access. On line 4 connection is passed transformed (encrypted) and only part of the information, the second component remains recorded on the media 3 the information in this auxiliary resource 2 and will be transmitted to the Central device 1 may on the other line 4 due from other Autonomous resource 2 the next time you apply for access to offline resources 2 on the basis of this media 3 information. Thus in the sentence separation in time of the transmitted information used to identify media 3 information.

Even the knowledge of the codes for the identification and password are not able to use the carrier 3 information without information about the history of its use, i.e. without the carrier 3. When this use is not one of the password and identification number, the more certain sequence is lnasty their application, dramatically hinders unauthorized access to offline resources 2. Even stolen the carrier 3 is extremely difficult to use, and if you use multiple passwords is almost impossible without long-term surveillance and sophisticated user unauthorized copying of the data required for disclosure of passwords, and most likely at a number of offline resources 2 and line 4 communication with the Central device 1.

In the presence of all information, including additional region 6 of the memory media 3, the principle of the method requires extremely operational use, as it becomes obsolete with each subsequent use of the carrier 3 by a user.

The use of only one permanent identification code and password, however, can also improve the reliability of the method with the additional code that is written in the additional region 6 of the memory media 3, since the carrier 3 has actually variable identification code with each subsequent access to offline resource 2.

When using old media 3 the proposed method also provides increased reliability of the device granting access to offline resources. It reaches the I, what if each reference to a stand-alone resource 2 code identification code and password can be converted, with different conversion algorithms (recovery) codes, and therefore their recovery illegally difficult. Modifying the above code is the use of media 3 information.

The idea of the proposed method on changing with every new visit to the offline resource 2 identifying code and (or) code password allows us to offer customers to use multiple codes password for each carrier 3 to dial in a specific sequence each time when accessing offline resources. In this case, the consumer must not be used during regular use of the media 3 previous password on an agreed number of hits to the offline resources 2.

In this embodiment, use of the method, in General, will require only a software modification of the existing equipment. The carrier 3 can still be used.

For convenience, use this code set the password, the sequence of their application can be selected in the form of a simplified conversion from one source password. The complication using this code set password compensated by a sharp increase is the group of reliability provide offline resource 2 (protection from hackers). For certain categories of users, such a solution is compensated by the guarantee of reliability.

One option for such applications is the prompt on the display device for dialing password prompting the user to enter the required order code, password or any other hint, agreed in advance to use a specific carrier 3 information.

The option to use codes password can be provided to the consumer at the conclusion of the contract for services.

In the Central device 1 are stored not only the codes themselves of the password, but also a specific sequence of their use. Violation of this sequence using codes password does not allow the user to use the offline resource 2 to eliminate in the prescribed manner the problems. One of these options for the resolution of problems may be the introduction of a special code in the device 8 for code set password in a standalone resource 2 when, for example, incorrect dialing code password. Like a set of PUK-code in mobile phones if a wrong PIN code.

In the proposed method, if someone somehow would still be able unauthorized use to access the offline resource 2, forged carrier 3 information the user is I, the user learns about it during the first call to the offline resources 2, because it would be denied service. Accordingly, he will be forced to seek clarification from the Central unit 1.

Therefore, the user to enhance the level of protection from unauthorized access to offline resources 2 on the basis of the forgery of his media 3 information in the proposed method can be recommended additional measure: from time to time apply (nominally) for use offline resources 2, thereby reducing the intruders possible time for forgery.

In the proposed method, in the event of unauthorized use spoofed by attackers carrier 3, the user at least can try to prove their innocence to what happened, because in his carrier 3, in a corresponding embodiment of the method, data is stored on the previous references to offline resources 2. The proposed method allows including record carrier 3 information specific data offline resources 2, through which access to offline resources 2 was carried out, which can also be useful for these purposes.

Conversion algorithms (recovery) code stored in block 19 of the memory Bank 15 data Central unit, which may be selected by any of the known giving certainty and clarity of conversion (recovery). For example, almost all the algorithms of encoding (decoding) digital information is transmitted, the encryption algorithms (interpretation) encoded information for transmission over an insecure communication lines. In the General case this can be a variety of algorithms type conversion (recovery) binary code to BCD code and back to code view in unitary form, different types of tabular forms of encoding (decoding) and others.

However, as previously noted, each of the selectable conversion algorithms (recovery) codes should ensure consistently applying the first transformation code, and then restore the transformed code, the ability to confirm compliance with the original before converting and restored after conversion codes.

More effective for use in Autonomous resources 2 can be conversion algorithms (recovery) codes, which converts, for shipment in the current session of access to offline resources 2 through the communication line 4, only part of the code that is written in the additional region 6 of the memory media 3 information, as it is more difficult to be implemented for unauthorized use, with a the Yu data recovery, recorded in the additional region 6 of the memory media 3 information. Even harder to do it for variants of the method, when the current session of access to offline resources 2 and at the end of its line 4 communication in General is not transmitted additional information that will be used the next time you access the offline resources 2.

These are the most secure options for how this transformation algorithm (recovery) of the code shall be selected from among those that contain the validation criteria specified in condition that must be met for the restored using this transformation algorithm (recovery) code random code And or individual characteristic (code B) code identification in the Central device 1 at the following address to offline resources 2 on the basis of this media 3 information.

The decision to grant access is accepted in these cases, not by direct comparison of code written in the additional region 6 of the memory media 3 and read in the current session of access to offline resource 2, (transformation (encryption) of the code during transmission to the Central unit 1 does not mean), and after further transformations of this code, the Central unit 1 taking into account the information transmitted in the previous references to offline the resource 2 on this media 3 information.

Conversion algorithms (recovery) codes in blocks of 12 different memory offline resources 2 are subsets of the set of transformation algorithms (recovery) codes of block 19 of the memory Bank 15 data Central unit 1 and can be matching, partially overlapping or different from each other, and to cover all the many set of transformation algorithms (recovery) codes from the block 19 memory or in part. Conversion algorithms (recovery) code stored in blocks 12 memory offline resources 2 may from time to time be supplemented, modified by commands from the Central unit 1. A set of algorithms unit 19 of the memory of the Central unit 1 can also be changed at almost any time without disturbing the operation of the device granting access to offline resources.

In the carrier 3 can be introduced, similar to the prototype, the digital chip module (chip), plug when placing media 3 information in the device 7 read through the introduction on the chip and the carrier 3 information contacts for power supply and signal communication. The chip must include at least a non-volatile memory block, and better computing device with this unit (battery power for him), in whose memory, keep the camping information recorded, as indicated earlier, in the first area 5 memory for code identification, and up to eight functional blocks of memory in the additional region 6 of the memory media 3 information to ensure that work on the proposed method. Computing device chip also contains a program memory interaction unit 7 reading unit 10 for recording/read codes, but in the General case, and to the Central unit 1.

In this case, the code reading from media 3 information and account codes on the carrier 3 is introduced through the contacts of the signal interaction and control (interface). With each subsequent access to offline resource 2 the Central device 1, if necessary, checks the chip according to the desired sequence (number of samples) transferred earlier confirmed the reliability of identification codes and passwords, and other codes. The specified sequence (information) for each medium 3 information updated and stored in the memory block 22 of the Central device 1 each time when provided access to a standalone resource 2.

Using chip-module greatly expands the control of the reliability and validity of the use right of access to offline resources 2 on the basis of the proposed method.

In particular, the recording sequence codes in block 32 of the additional memory region 6 of the memory used for validation of the carrier 3 can be performed chip module directly on the carrier 3, and not a stand-alone device 2 or the Central device 1.

Sources of information

1. "The data reader with a card with a magnetic carrier. U.S. patent No. 6189791. IPC: G06 7/08, G06 19/16.

2. The apparatus and method of individualization smart cards". Patent of Russia № 2212707. IPC: G06 17/00.

3. "Method and apparatus for a system with an identification card, which increases the reliability of access control to resources of the computer". German patent No. 10056135. IPC: G06F 12/14.

4. "Method and device for performing banking operations through an authorized service center using portable data carrier". German patent No. 10053898. IPC: G06F 17/60, G06F 19/00.

5. "Control method independent secure transactions through a single device". U.S. patent No. 6205553. IPC: G06F 17/60.

1. The way to confirm the right to have access to independent resources, which produce the required number of media, each of which is in the process of making record and store unavailable to others individual identification code of the media among other manufactured wear the oil information put each of them in accordance passcode for the right to use this media, remember in the data Bank on the relevant addresses each identification code and the corresponding code-password; each person has the right to access offline resources, generates an information carrier, for use of which agree on the appropriate code-the password is not available for reading it to anyone before applying it to the specified person in the prescribed manner, read in any offline the resource with the submitted media identification code, check the compliance of the code of identification required under generate the confirmation signal is injected in response to this signal passcode, check its compliance for the right to use this medium shown his face, in accordance send the enable signal for the right of access to independent resources, implement the right of access, and then generate the reset signal of the data carrier, characterized in that each of the media during the manufacturing process create additional non-volatile memory for recording, storing and reading information from this memory as in the manufacturing process of the media and using it to access offline R. the resources in the manufacturing process of the recording media in this area, for example, random for each media code (code a) and the same code And memorize and store in the data Bank on the relevant addresses, identified by its ID code, in the process of determining and confirming the right to access offline resources in accordance to the media codes for the identification and password are required to take permission signal for a right of access to independent resources, read from storage media code And recorded in the additional memory, check its compliance stored in the data Bank code And, in accordance sent to the execution of the enable signal for the right of access to independent resources, and after the realization of the right of access to the signal return media write in additional memory media other random code and this other code And memorize and store in the data Bank on the relevant addresses defined by the code identify the media.

2. The method according to claim 1, characterized in that each of impersonal media in the process of making additional memory to record and store the same number of different individual identification codes, each of which is distinguished by Dan the initial media from all other fabricated media, each identification code set in accordance with individual characteristic (code B), allowing to distinguish it from other valid codes for the identification of the media, as well as, for example, the same passcode on the right use of this media in any of its identification codes, with additional memory area of the storage medium record one of the individual code B code identify the media, taken as the base, record and stored in the data Bank on the relevant addresses all identification codes of the media, their individual codes B and the corresponding passcode media, when this individual codes B codes for the identification for each media are selected from a fixed for all media the same version of the set of individual codes, B, in the process of determining and granting access rights to use offline resources at the beginning of the read media information of the individual code B, which is recorded in the additional memory media when making his or previous treatment for offline resources, then read from storage media in accordance with an individual code B identification code recorded in the media in its manufacture, and p is silaut this identification code and the individual code B to check, in accordance with their required and checks typed in a passcode implement the right of access to offline resource, and after the realization of the right of access to return the media choose and write in the additional memory area of the storage medium is one of the new individual codes B from a fixed for this media version of the code set B.

3. The method according to claim 1, characterized in that in the data Bank memorize a set of transformation algorithms (recovery) codes, each of which is placed in its own individual characteristic (individual code)that distinguish one conversion algorithm (recovery) codes from other transformation algorithms (recovery) codes, with each memory Bank data conversion algorithms (recovery) code is a conversion algorithm random code in a code obtained by applying this algorithm to transform and inverse transform; transform code And recorded in the additional memory area of the storage medium when it is the manufacturer or previous treatment for offline resources, conversion algorithms (recovery) codes chosen arbitrarily for each identification code of the storage medium from the set stored in the data Bank, and only the after that remember in the data Bank on the relevant addresses defined code identifying the storage medium, the transformed code and the appropriate specific code In the transform algorithm (recovery) codes, in the process of determining and granting the right to use offline resources, after reading from the storage medium identification code is found in the data Bank code identifying previously recorded in the manufacture or previous treatment for offline resource converted value of this code and the appropriate code In the transform algorithm (recovery) of the code, determined by the code In the transform algorithm (recovery) codes code And regenerate the code and verify that the restored values of the code and read submitted in the offline resource data carrier in accordance sent for execution of the enable signal for the right of access to independent resources, and after the realization of the right of access and write other code And additional memory area of the storage medium before the formation of the reset signal media this other code And convert the conversion algorithms (recovery) codes selected randomly for each of the media information from a population known in the data Bank and for offline resources, record of preobrazovan who nd this other code and the individual code of the conversion algorithm (recovery) codes in the database for the relevant addresses defined by the code identify the media.

4. The method according to claim 3, characterized in that after the realization of the right of access and select another code, And to signal the return of media you select another code And convert the conversion algorithms (recovery) codes selected randomly for each of the media information from a population known in the data Bank and offline resources transformation algorithms (recovery) codes, but only one of those conversion algorithms (recovery) codes, which contain the validation criteria specified in condition that must be met for the restored using this transformation algorithm (recovery) codes specified other code And write the transformed this other code And additional memory area of the storage medium, and the individual code of the conversion algorithm (recovery) write codes in the database for the relevant addresses defined by the code identify the media, the next time you access the offline resources, after reading and validation code identifying the media code and password read from storage media converted code And recorded in the additional memory area of the media information is in the previous appeal to offline resources code identification is found in the database corresponding to the individual code of the conversion algorithm (recovery) codes recorded in the data Bank under the previous appeal to Autonomous resources, define the transformation algorithm (recovery) codes and restore the code And verify that the restored values of the code And the validation criteria specified in condition contained in the used transformation algorithm (recovery) codes, and only then form an enable signal for the right of access to offline resource.

5. The method according to claim 4, characterized in that after the end of the current access to the Autonomous individual resource code In the transform algorithm (recovery) of the code And write only memory area of the storage medium, and the next time you access the offline resources converted code And restore in accordance with a specific code In the transform algorithm (recovery) codes recorded in the additional memory media when the previous address to offline resource

6. The method according to claim 2, characterized in that in the data Bank memorize a set of transformation algorithms (recovery) codes, each of which is placed in its own individual characteristic (ind the individual code), distinguishing one conversion algorithm (recovery) codes from another transform algorithm (recovery) codes, convert code B, recorded in the additional memory area of the storage medium during its manufacture or during previous treatment for offline resources, conversion algorithms (recovery) codes chosen arbitrarily for each identification code of the storage medium from the set stored in the data Bank, and only then remember in the data Bank on the relevant addresses defined by the code identify the media, the converted code B and the corresponding individual code In the transform algorithm (recovery) codes, in the process of determining and granting the right to use offline resources, after reading from the storage medium identification code is found in the data Bank code identifying previously recorded in the manufacture or previous treatment for offline resource converted value this code B and the corresponding code In the transform algorithm (recovery) of the code, determined by the code In the transform algorithm (recovery) code B, restore the code B and verify that the restored code values B and read from presented in the offline resource is osites information in accordance sent for execution of the enable signal for the right of access to independent resources, and after the realization of the right of access and write other code B in additional memory area of the storage medium before the formation of the reset signal media this other code B convert the conversion algorithms (recovery) codes selected randomly for each of the media information from a population known in the data Bank and offline resources transformation algorithms (recovery) codes, write down converted this other code B and the individual code of the algorithm conversion into the data Bank on the relevant addresses defined by the code identify the media.

7. The method according to claim 6, characterized in that, after the realization of the right of access and select a different code B to signal return of media you select another code B convert the conversion algorithms (recovery) codes selected randomly for each of the media information from a population known in the data Bank and offline resources transformation algorithms (recovery) codes, but only one of those conversion algorithms (recovery) codes, which contain the validation criteria specified in condition to what should be done for the restored using this transformation algorithm (recovery) code other specified code B, write in additional memory media converted this other code B and individual code used In the transformation algorithm (recovery) codes, the next time you access the offline resources read from the secondary memory area of the storage medium recorded with the previous appeal to the offline resource converted code B and code In algorithm transform (recovery), used to determine the transformation algorithm (recovery) codes and restore the value of the code B, verify that the restored values code B screening criteria contained in the used transformation algorithm (recovery) codes, and only then choose a code B code specified identify media data stored in the additional memory area of the storage medium during its manufacture.

8. The method according to claim 3 or 7, characterized in that after the end of the current access to the Autonomous individual resource code In the transform algorithm (recovery) code a or B write in the additional memory area of the storage medium, and in the database, the next time you access the offline resources to generate a signal allowing access to the offline resource additionally checks if the individual is an ode To the transformation algorithm (recovery) codes a or B, recorded in the additional memory media and in the data Bank under the previous appeal to offline resources.

9. The method according to claim 2, characterized in that in different media in the production process in an additional memory area of the storage medium to record and store unequal number of different individual identification codes, with individual codes B codes for the identification for each media are selected from a fixed variants code set B of collectively valid for all media, optional memory media record number version code set B code identification for the media, the next time you access the offline resources, after the realization of the right of access to offline resource to return the media initially read with media information of the additional memory-stored number option code set B of this media, is determined in accordance with a fixed version of the code set B code identification for the media, randomly chosen from a new code B and write it in an additional memory area of the media information.

10. The method according to any of claim 2, 6, 7, or 9, characterized in, h is for each media periodically in time after the realization of the right of access to return the storage medium and write the appropriate code B in additional memory media change (put in the line other) individual codes B codes for the identification of fixed for each media version of the code set B and/or the version number of the code set B code identification for the media, thus produce corresponding changes in the data Bank, and in the media on the appropriate addresses, and then perform the other operations of the method.

11. The method according to any of claim 2, 6, 7, or 9, characterized in that for each of the media from time to time modify (put in line other) individual codes B codes for the identification of at random for each media version of the code set B and/or the version number of the code set B for the media, thus produce corresponding changes in the data Bank, and in the media on the appropriate addresses, except for changes to the data for individual code B or the converted values are written to the storage medium when the last handle to a stand-alone resource.

12. The method according to any of claim 2, 6, 7, or 9, characterized in that at any point in time before the realization of the right of access to offline resource ask another individual code B and read with the submitted media corresponding to this code B code identification, Zap the sledge to the media in its manufacture, this checks if the new code identify the storage medium and recorded in the database for that individual code B.

13. The method according to claim 2, characterized in that after checking for compliance with the desired values read from the presented media individual code B and its corresponding base identification code recorded in the manufacture of storage media, in the General case, for example, randomly, but without repeating the number of successive calls to offline resources, ask another individual code B and read with the submitted media corresponding to this code B. the identification code recorded on the information carrier in its manufacture, test this code identification for compliance recorded in the database for that individual code B, and after the realization of the right of access to offline resource immediately generate the reset signal of the recording media.

14. The method according to any one of claims 1 to 7, 9 or 13, characterized in that some media put to many different codes, passwords, when referring to a stand-alone resource, after fulfilling the conditions of previous audits offer the person performing the confirmation of the right of access to offline resource, enter the passcode, excellent otkuda-previous password when accessing any of Autonomous resources, known in advance to a designated person and a coherent sequence of input codes password enter the required code-password, check the compliance of the code is entered password specified code, password and/or match the entered passcode required order code set passwords on the number of successive calls to offline resources, and then perform the other operations of the method.

15. The method according to any one of claims 1 to 7, 9 or 13, characterized in that some media put to many different codes, passwords, each of which is set in accordance with individual characteristic (code G), which allocates this password among other passwords for the media, when referring to a stand-alone resource, after fulfilling the conditions of previous audits choose in the General case, for example, by random dependencies, but without repeating the number of successive calls to offline resources code G code password and offer a person exercising rights of access to offline resource, enter the corresponding code G (individual characteristic) code-password (on the basis of the previously concluded agreements), enter the appropriate code in the password and verify its compliance with the set, and then, if necessary, continue checking for permissions access rights to a stand-alone resource.

16 the Method according to any one of claims 1 to 7, 9 or 13, characterized in that prior to submitting it for review codes for the identification and password submitted media choose an arbitrary (random) algorithm (algorithms) conversion (recovery) codes from the set of known conversion algorithms (recovery) codes, each of which provides for the application of the first conversion, and then restore the transformed code the ability to confirm compliance with the original before converting and restored after conversion codes, transform according to him (them) the identification code and/or password submitted media, the converted values of these codes and private (individual) code (codes) used algorithm (algorithms) conversion (recovery) transfer to checking, found in the Bank of data on individual codes In the appropriate transformation algorithms (recovery) codes and restore in accordance with these codes, identification and/or password to verify their compliance with specified codes, identification and/or password.

17. The method according to any one of claims 1 to 7, 9 or 13, characterized in that prior to commencement of work in accordance with a variant of the method for each media choose an arbitrary transformation algorithm (reset is possible) codes from the set of known conversion algorithms (recovery) codes, transform in accordance with the code of the password corresponding media information recorded and stored in the data Bank on the relevant addresses defined by the code identification of the media information, instead of the code values of the passwords, the converted values and the corresponding individual code In the transform algorithm (recovery) codes, in the process of determining and granting access rights to Autonomous resources when verifying a passcode presented media information identification code and the individual code To find the transformation algorithm (recovery) code is a password used to write into the database, restore in accordance with code-the password and compare it to the ID of the password submitted media.

18. The method according to any one of claims 1 to 7, 9 or 13, characterized in that the respective addresses in the additional memory media, as well as a data Bank for each media store, for example, a few in the sequence of their application latest applicable codes, used to check and confirm the accuracy of media for each successful access offline resources to provide access to the offline resource additionally verify compliance is a journey of some of the previously recorded and used this code media, stored in the additional memory presented to the media and relevant codes in the data Bank for the same media and/or compliance of the recorded sequences use these codes with regard to the used transformation algorithms (recovery) codes.

19. The method according to any one of claims 1 to 7, 9 or 13, characterized in that after the successful implementation of the right of access to offline resource to signal return of the presented media produce the required volume change data stored in the additional memory media, including and/or write arbitrary code and/or any other information in the data Bank on the relevant addresses retain for each media all the necessary information about changes to grant another access to the offline resource additionally checks if the additional information memory area presented to the media information and stored in the database to reflect changes made in the previous references to offline resources.

20. The method according to any one of claims 1 to 7, 9 or 13, characterized in that before the formation of the reset signal of the data carrier shown his face in the General case, for example, random is the law chosen by the additional code to identify admissible and record this identification code and a corresponding unique code B for this media in an additional memory area that media, in addition, in the same memory area record label, for example, in the appropriate category code identification code identification modified, choose random from among the known conversion algorithm (recovery) codes transform in accordance with the identification code and/or the corresponding individual code B, recorded in the additional memory area of the storage medium, determine the individual code of the conversion algorithm (recovery) codes and write this code In, the converted values identifying code and the corresponding code B on the corresponding Bank address data specified in this optional code identifying the media and/or its base ID code recorded in the storage medium when it was manufactured, the next time you access the offline resource matching the additional identifying code of the data carrier detect the presence of the label in the appropriate category code identification additional identification code is found in the data Bank code In the conversion algorithm, and through it to the algorithm, restore from the data Bank required the identification code and the corresponding code B and check their conformity to read with the submitted media information is I.

21. The method according to any one of claims 1 to 7, 9 or 13, characterized in that before the formation of the reset signal of the data carrier shown his face in the General case, for example, randomly select additional identification code from among valid and write this code identification and the corresponding individual code B for the media information in the data Bank on the relevant addresses that you define additional code to identify, choose an arbitrary algorithm from the number of known conversion algorithms (recovery) codes transform in accordance with an additional identification code and/or the corresponding individual code B, recorded in Bank data, and write in the additional memory area of the media information of the converted values of these codes, the individual code used In the transformation algorithm (recovery) codes and a label stating that the identification code is modified, the next time you access the offline resource on the label determines that the identification code has been modified, read with the submitted media specific code In, find it appropriate transformation algorithm (recovery) codes, restore in accordance with additional identification code and the corresponding indie is idealny code B and verify their compliance recorded in the data Bank under the previous treatment offline resources code identification and its corresponding individual code B.

22. Device for confirmation of the right to access offline resources based media made with the possibility of recording on the information carrier additional information to identify the media, including the Central device granting the right to use offline resources, offline resources and lines of communication between each Autonomous resource and a Central unit, the Central unit contains the data reception/transmission, computer system and data Bank, the devices transmit/receive connected between a corresponding line of communication and computing complex, which is also connected to the data Bank and data Bank includes the first memory block according to the corresponding address of which is recorded and stored identification codes of all media, and a second memory unit for recording and storing the corresponding codes password, offline resource contains a code reading device identification with the submitted media, to dial a code and password, the information-processing device connected thereto, and the device of the reception/transmission is connected to the corresponding lines of communication and the corresponding inputs of the device information processing, characterized in that the data Bank of the Central unit pre is the abandonment of the resource contains the corresponding address of the third memory block for storing conversion algorithms (recovery) codes (random code in the code obtained by applying the appropriate algorithm, and the inverse transform), the fourth memory unit for storing individual characteristics of these conversion algorithms (recovery) codes to allocate them among other transformation algorithms (recovery) codes, the fifth memory block for storing for each of the media characteristics of the selected conversion algorithms (recovery) codes and codes that are converted in accordance with these algorithms transmitted from offline resources when checking media, the sixth memory block for storing a series of codes transmitted for each of the carriers when the number of previous calls to offline resources, the seventh block memory for storing individual characteristics and fitness for a particular identifying code of the media among other codes password that are valid for this media, the eighth memory block for storing individual signs of compliance with specific code of the password the media among other codes password for the media, and offline resource contains connected to the data processing unit of the first memory block for storing an arbitrary set of algorithms from the set of algorithms stored in the third memory block of the Bank the data of the Central unit, a second memory block for storing individual characteristics of these algorithms, the third memory block for storing variants of the set of individual characteristics identification codes, each Autonomous resource contains a block for the read/write code to write code on the storage medium and reading all the codes from the media connected to the information-processing device offline resource, and the computer system is designed to control the operation of the Central unit, compliance codes, passwords, transmission via communication confirmation signal in case of a positive test and the signal with the required data to resolve access rights to resources.

23. Media for confirmation of the right to access offline resources that you use to record it in the manufacturing process, storage and reading of the individual identification code of the media, with the specified identification code when you enter the medium in the reader offline resource verified in accordance with the value stored in the database unit test, connected by communication lines with Autonomous resources, while on the specified media information, for example, a digital chip module containing at least a block n is rganizational memory interface when placing the medium in the reader offline resource connected through the introduction of chip and media contacts and the electrical circuit to the terminals of the power source bus control and data block write/read codes offline resource, characterized in that it contains an additional memory area, placed in a non-volatile memory block chip module designed for recording, storing and reading additional codes identify the media codes (A), individual characteristics (codes B) these codes identify that allows you to highlight code B code identification among others for this media for the converted code values And conversion algorithms (recovery) codes (generation of random code in a code obtained by applying the appropriate algorithm is chosen arbitrarily from the set stored in the data Bank, and the inverse transform), individual characteristics (codes) these conversion algorithms (recovery) codes, allowing code to distinguish one conversion algorithm (recovery) codes from another transform algorithm (recovery) codes for the converted code B when using one of these, al is aramov conversion (recovery) codes, for non-options code B, selected from the set of valid code sets B, for sequences of different codes for the media information stored in the additional memory and used to suit the conversion algorithms (recovery) codes to verify and confirm the accuracy of the information carrier when the number of successful requests for access to offline resources, for arbitrary codes and/or other additional information concerning, for example, the health of the Autonomous resources for the label code modification identification media, indicating that recorded on the media in its manufacture identification code changed, and additional memory media information when placing it in the reader offline resources available for read and write these codes from the block write/read codes offline resource before granting access to this stand-alone resource, and once access is granted, but before returning media, additional memory is available in the manufacture of recording media for recording the source of information.



 

Same patents:

FIELD: engineering of methods for cryptographic transformation of data, possible use in communication, computer and informational systems for cryptographic encryption of information and computation of numbers close to random.

SUBSTANCE: device contains two memory blocks, current time moment timer, two concatenation blocks, two hash-function computation blocks, operation block, computing block.

EFFECT: increased complexity of encryption analysis and decreased probability of reliable prediction of next values of pseudo-random series bits while increasing operation speed of generator.

1 dwg

The invention relates to telecommunications, and in particular to the field of cryptographic devices to protect information transmitted over telecommunication networks.The device consists of a S2 blocks controlled substitutions (epmo) 1 and S-1 blocks of fixed permutations (FFT) 2

The invention relates to telecommunications and computing, and more particularly to cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and specifically to the field of cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to methods and devices for cryptographic transformation of data

FIELD: devices for feeding banknotes for automatic teller machines, methods for fastening feeding device modules in such machines.

SUBSTANCE: modules of feeding device contain a structure, making it possible to fasten them together in such a way, that they are positioned one above another and are evened out relatively to each other. Modules of feeding device may contain payment means in form of sheets, such as banknotes or other money documents. Modules of feeding device may be used in automatic teller machine, which dispenses payment means in form of sheets of multiple types. Modules contain projecting plate and moveable clip holder, located on its side walls. Projecting plate contains rod made so that it may enter the groove of side wall. First module is fixedly connected to second module by means of clip of first module, preventing movement of rod of second module from groove of first module. Disassembly of fixedly connected modules may be performed by pressing on the clip for detaching modules from each other.

EFFECT: increased efficiency.

6 cl, 9 dwg

FIELD: means for distributing goods and services in network marketing.

SUBSTANCE: system contains subsystem of banking establishment with block for receiving money, block for registering participants and payment block, controlling company subsystem, containing recording device, registration block and block for receiving information about participants of system, output block for aforementioned subsystem is meant for producing information recorded in memory device and transfer over communication channel into block for receiving and counting money of subsystem of payments, which is also connected to payment block of banking establishment.

EFFECT: provision of automated counting equipment in service distribution system, with ensured reliability and trustworthiness of data exchange inside given system.

1 dwg

FIELD: banking machines.

SUBSTANCE: in accordance to invention, banking machine receives inserted documents, such as bank notes, checks, present certificates or other securities. Inserted documents after receipt in machine and processing are moved to container. Container has internal zone, which is limited by vibrator element, supporting inserted documents. Device performs function of controlling the operation of executive device, which activates vibrator element for shaking documents, to promote compact storage thereof in container. Container is made with possible extraction from device for facilitating comfort of extraction of inserted documents. Movement of container from machine is facilitated due to rolling supports and extending handle.

EFFECT: creation of banking machine ensuring increased protection, simplifying user operations and ensuring improved access to service.

10 cl, 27 dwg

FIELD: credit cards.

SUBSTANCE: electronic credit card is an electronic device capable of transmission/receipt of data and/or digital information into main computer or from it through a terminal station. Terminal station includes self-service banking machines in supermarkets/trading centers, electronic banking self-service machines, electronic payment system devices and native devices of transmitter-receivers, developed with usage of creative dialogue technologies, limited for interface of personal computers, providing latest financial information, including current accounts, on their display. Small keyboards are adapted for inputting personal identification number to activate electronic credit card. Information display 2, including LCD screen or other display screens, provides visual information. Key (3) "ENTER" confirms trading operation. It is also used for activating electronic credit card, when personal identification number is inputted. Sound converter (4) is made on small keyboards (1) for confirming input. Sound converter is also used for activation of financial trading operation through a phone. Transmission/receipt of data is performed through infrared devices (5), magnetic devices (6) and radio-frequency devices (7).

EFFECT: increased safety of financial operations being performed.

2 cl, 12 dwg

FIELD: servicing of bank automats' customers.

SUBSTANCE: when customer uses bankomat to put money, the amount of money is transferred to his/her account automatically to customer's account in central bank. Banknotes are kept in storage unit of bankomat as property of central bank; the calculation of percentage to mentioned amount of money is stopped. If customer takes banknotes from bankomat, the mentioned amount is subtracted from his/her account in the bank. Mentioned amount is deducted by electronic method from account in central bank, and then mentioned amount is transferred from decentralized property of central bank to property of customer. Decentralized procedure of processing of banknotes is created, which procedure doesn't need repetitions and transportation of banknotes, which operations are characteristic for centralized procedure of processing of banknotes.

EFFECT: creation of decentralized procedure of processing of money.

2 cl, 1 dwg

FIELD: computation engineering.

SUBSTANCE: data are transferred from terminal payment device via mobile telephone unit and mobile speech communication network to authorization center or backwards from the payment center via mobile speech communication network and mobile telephone unit to the terminal payment device. The data are transferred in spoken mode. Another method is applied when transferring data from the terminal payment device via the mobile speech communication network to the authorization center from the payment center via said network to the terminal payment device.

EFFECT: enhanced effectiveness in combining mobile telephones of different standards and terminal payment device.

13 cl, 2 dwg

FIELD: engineering of bank machines used in global network.

SUBSTANCE: user computer exchanges hypertext (HTML) documents and messages via TCP/IP protocol with servers for performing bank operations by user. Hypertext documents and messages being exchanges via TCP/IP protocol are processed in part of processing of hypertext documents and transferred to part of software program of devices, and also to part of mating software of devices, to support local control over functioning of devices, including devices for mating user interface and banking machine.

EFFECT: possible execution of banking operations by user using home interface, made with possible connection to banking machine, installed in global network.

2 cl, 24 dwg

FIELD: mobile electronic commerce.

SUBSTANCE: method for realization of wireless operation, includes receipt by control system of order for operation and spoken authentication code from operation client. After authentication of spoken authentication code, operation code is transferred from system for controlling operations to wireless communication system. Then code of operation is optically scanned from video terminal of wireless communication device for providing ordered commercial operation.

EFFECT: increased comfort of commercial operations in wireless electronic commerce network with assured safety of said operations.

3 cl, 11 dwg

FIELD: mobile electronic commerce.

SUBSTANCE: method for realization of wireless operation includes placing an order for operation from wireless communication device to operation device and transfer of spoken operation authentication code from wireless communication device to operation device. After authentication of spoken authentication code wireless communication device receives code of operation. After receiving operation code, operation code is displayed on video terminal of wireless communication device and optically scanned from it for providing a legal commercial operation.

EFFECT: increase comfort of commercial operation in wireless electronic commerce network while providing for safety of said operations.

3 cl, 11 dwg

FIELD: technologies for controlling bank notes processing machines, for example, ATMs, machines for sorting bank notes, etc.

SUBSTANCE: method includes readjustment of wireless control station dependently on its position relatively to bank notes processing machines, for example, control station will be adjusted to control machine closest to it. Also, during station adjustment procedure, access rights of station operator may be taken into consideration.

EFFECT: improved universality of use of control station for bank notes processing machines.

24 cl, 5 dwg

FIELD: credit cards.

SUBSTANCE: electronic credit card is an electronic device capable of transmission/receipt of data and/or digital information into main computer or from it through a terminal station. Terminal station includes self-service banking machines in supermarkets/trading centers, electronic banking self-service machines, electronic payment system devices and native devices of transmitter-receivers, developed with usage of creative dialogue technologies, limited for interface of personal computers, providing latest financial information, including current accounts, on their display. Small keyboards are adapted for inputting personal identification number to activate electronic credit card. Information display 2, including LCD screen or other display screens, provides visual information. Key (3) "ENTER" confirms trading operation. It is also used for activating electronic credit card, when personal identification number is inputted. Sound converter (4) is made on small keyboards (1) for confirming input. Sound converter is also used for activation of financial trading operation through a phone. Transmission/receipt of data is performed through infrared devices (5), magnetic devices (6) and radio-frequency devices (7).

EFFECT: increased safety of financial operations being performed.

2 cl, 12 dwg

FIELD: engineering of circuits made of several layers, in particular, of substrate, adhesive layer and conductive layer, possible use, mainly, in cards with external contact or without it or in electronic labels; in accordance to invention cards or electronic labels have multiple possible uses, mainly as means of identification, control or payment.

SUBSTANCE: in accordance to invention electronic circuit contains at least one electronic element, substrate, applied to which are adhesive layer and conductive layer with a set of tracks. Electronic element contains at least two connecting zones. One of these connecting zones is electrically connected to conductive layer by means of conductive link, formed by conductive segment, selected from conductive layer. Conductive segment, free of any adhesive substance, is passed through a slit in substrate and is connected to connecting zone.

EFFECT: production of cheap electronic circuit, useable for example in cards or labels, simultaneously maintaining high level of reliability.

3 cl, 12 dwg

FIELD: engineering of non-contact or hybrid contact/non-contact cards with microchips.

SUBSTANCE: card with microchip contains antenna positioned on substrate of fibrous material like paper, two body plates of card on each side of substrate, consisting of at least one layer of plastic, having low melting temperature, and electronic module, containing microchip connected to antenna, while card is formed by substrate of antenna and two body plates, connected by lamination welding by heating under pressure, substrate of fibrous material contains at least one groove so that plastic layers of body plates of card merge during lamination, and this groove forms welding seam between body plates of card.

EFFECT: increased resistance of electronic module.

9 cl, 6 dwg

FIELD: usage of information carriers, possible use when determining access rights.

SUBSTANCE: method for identification of objects access rights and inputting ode information includes typing code on identifier by selective rotation of its elements with code marks, periodic change of code on identifier by moving code plate in opposite sides from identifier axis, around which code plates are rotated, due to additional apertures in plate, and also change of position of code marks relatively to code reading devices of control devices by turning the plate in each one of additional apertures for certain angle relatively to base of identifier.

EFFECT: increased capacity of code.

3 dwg

FIELD: information carriers, in particular, universal magnetic identification device.

SUBSTANCE: identification device contains code elements positioned on substrate with different coercive intensity. Each code element is made of magnetic-soft material, to which through non-magnetic insert connected magnetically are grouped together, having similar shape and dimensions, of same domain during magnetization in direction of axis of light magnetization, discontinuous elements, which possess greater coercive intensity than magnetic-soft material. Method for scanning device includes serial magnetization by means of external field of elements with varying coercive intensity, registration of electromagnetic impulses occurring during that and their processing, while for magnetization alternating-sign magnetic fields are used with varying speed of their change in time.

EFFECT: amplification of signal used during scanning, increased information capacity and expanded area of possible use of device for identification due to possible spatial distribution of device and means for its scanning, and also increased reliability of its activation, improved manufacturability and decreased manufacturing costs.

2 cl, 16 dwg

FIELD: printing technique.

SUBSTANCE: set and method of printing can be used for printing light-absorbing signs of protection of printed items. Set of printing ink for printing of light-absorbing signs has at least two dyes. Any dye has at least one dyeing matter, pigment of dye which absorbs visible light. Set of printing inks has first and second groups of dyes. Dyes from first group additionally have mark with preset spectral absorption characteristic, preferably with characteristic relating to absorption. Mark has absorption maximum within wavelength range of 700-900 nm, preferably, 780 nm, and the mark practically doesn't absorb light within visible spectrum of absorption. Dyes of second group has dyeing matter, dye or pigment, which absorbs light within visible light spectrum and they have the same maximum of absorption within IR-red spectrum at wavelength around 700 nm as spectral characteristic within IR-red range of mark, Method of printing signs, printed item and set of dyes, including four-color set of printing inks and IR-mark, are described.

EFFECT: reliability of identification of authenticity of item independently on color of signs.

15 cl, 5 dwg, 2 app

Up!