Method for Secure Operation of a Computer Unit, Software Application and Computer Unit

Abstract

A method for operating a computer unit having a processor on which a software application can run comprises the steps: upon invoking the software application or upon carrying out a transaction with the software application on the computer unit the step of checking whether the computer unit has been restarted since the last invoking of the software application; carrying out a first form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has not been restarted since the last invoking of the software application; and carrying out a second form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has been restarted since the last invoking of the software application. Further provided are a correspondingly designed software application as well as a correspondingly designed computer unit.

Claims

1-11. (canceled)

12. A method for operating a computer unit having a processor on which a software application can run, wherein the method comprises the following steps: upon invoking the software application on the computer unit or upon carrying out a transaction with the software application, the step of checking whether the computer unit has been restarted since the last invoking of the software application; carrying out a first form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has not been restarted since the last invoking of the software application; and carrying out a second form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has been restarted since the last invoking of the software application.

13. The method according to claim 12, wherein the second form of authentication is stronger from a security standpoint than the first form of authentication.

14. The method according to claim 12, wherein the first form of authentication comprises entering a PIN or a password.

15. The method according to claim 12, wherein the second form of authentication comprises an authentication vis-à-vis a cloud server and/or comprises an authentication by means of a hardware token.

16. The method according to claim 12, wherein it is checked whether the computer unit has been restarted since the last invoking of the software application by: the software application detecting if the same is called up after a restart of the computer unit; and/or there being set up on the computer unit a broadcast mechanism which after a restart of the computer unit informs the software application registered with the broadcast mechanism about the restart of the computer unit; and/or the software application being so designed that upon the first invoking of the software application the same starts a service which is never ended while the mobile end device is being operated and that it can be checked whether the service is running or not.

17. A software application which is designed for running on the processor of a computer unit, wherein the software application is further designed for: upon invoking the software application or upon carrying out a transaction with the software application on the computer unit, checking whether the computer unit has been restarted since the last invoking of the software application; requesting a first form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has not been restarted since the last invoking of the software application; and requesting a second form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has been restarted since the last invoking of the software application.

18. The software application according to claim 17, wherein the second form of authentication is stronger from a security standpoint than the first form of authentication.

19. The software application according to claim 17, wherein the first form of authentication comprises entering a PIN or a password.

20. The software application according to claim 17, wherein the second form of authentication comprises an authentication vis-à-vis a cloud server and/or comprises an authentication by means of a hardware token.

21. The software application according to claim 17, wherein the software application is designed for checking upon invoking the software application on the computer unit whether the computer unit has been restarted since the last invoking of the software application, by: the software application detecting if the same is called up after a restart of the computer unit; and/or there being set up on the computer unit a broadcast mechanism which after a restart of the computer unit informs the software application registered with the broadcast mechanism about the restart of the computer unit; and/or the software application being so designed that upon the first invoking of the software application the same starts a service which is never ended while the mobile end device is being operated and that it can be checked whether the service is running or not.

22. A computer unit, in particular mobile end device, preferably smartphone, having a processor on which a software application according to claim 17 can run, or wherein the computer unit is designed for being operated by a method for operating a computer unit having a processor on which a software application can run, wherein the method comprises the following steps: upon invoking the software application on the computer unit or upon carrying out a transaction with the software application, the step of checking whether the computer unit has been restarted since the last invoking of the software application; carrying out a first form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has not been restarted since the last invoking of the software application; and carrying out a second form of authentication for starting the software application or for carrying out the transaction with the software application if the computer unit has been restarted since the last invoking of the software application.

Description

[0022] Further features, advantages and objects of the invention will emerge from the following detailed description of several embodiment examples and embodiment alternatives. Reference is made to the drawing, in which there is shown:

[0023] FIG. 1 a schematic representation of a communication system having a computer unit in the form of a mobile telephone for which the present invention is used advantageously.

[0024] FIG. 1 shows a schematic representation of an exemplary communication system 10 for which the invention can be used advantageously. The communication system 10 comprises a computer unit 20 in the form of a mobile end device, preferably in the form of a smartphone or mobile telephone. The mobile end device 20 is designed for communicating with a server or a terminal 60 over a communication channel 50. The communication channel 50 can, for example, be the Internet, a mobile radio network, an NFC channel or the like. The server 60 is devised, for example, as an NFC terminal of a service provider with whom a software application, for example the software application 32 on the mobile end device 20 can carry out transactions, e.g. a payment transaction for which the software application on the mobile end device 20 processes a payment operation.

[0025] The mobile end device 20 has a chip 22 having a central processing unit (CPU), for example in the form of a microprocessor 24. The primary objects of the processor 24 include executing arithmetic and logical functions, and reading and writing data elements according to the program code of a software applications running on the processor 24. For clarity's sake, a preferred architecture of the chip 22 is represented again schematically in detail in FIG. 1 outside of the mobile end device 20.

[0026] The processor 24 is in communication connection with a memory unit 26 which preferably comprises a volatile working memory (RAM), for example for receiving the program code of a software applications to be executed on the processor 24. Preferably the memory unit 26 further comprises a non-volatile, preferably re-writable memory to receive, for example in the unenergized state of the mobile end device 20, the program code to be executed by a software applications to be executed on the processor 24. Preferably, the non-volatile, re-writable memory is a flash memory (flash EEPROM). It may, for example, be a flash memory with a NAND or a NOR architecture. The memory unit 26 can, of course, also comprise a read only memory (ROM).

[0027] As is schematically represented in FIG. 1, an operating system 30 is implemented in the processor 24 at runtime such that the software application 32, for example a payment application, can access functions supplied by the operating system 30, such as a file system. According to the invention, a security module 34 implemented in the software is further present on the processor 24 at runtime, which safeguards the interaction with the software application 32. The program code of the operating system 30, the software application 32 and/or the security module 34 implemented in the software can be deposited in a non-volatile region of the memory unit 26.

[0028] According to the invention, the security module 34 is designed to implement the following security mechanism. During the normal operation, carrying out an action with the software application 32, e.g. accessing the software application and/or confirming an electronic transactions to be carried out with the software application 32, requires the first form of authentication by the user, preferably entering a PIN. If, however, it has been detected that the mobile end device 20 has been restarted, the security module 34 or the software application 32 requires a second form of authentication. Preferably, the second form of authentication is stronger from a security standpoint than the first form of authentication. In this connection, stronger means, for example, that when the first form of authentication consists of a PIN having four digits, the second form of authentication consists of a PIN having more than four digits. According to an alternative embodiment, the second form of authentication requires that the user of the mobile end device must authenticate vis-à-vis a cloud server, for example by entering a PIN or a password. According to a further, alternative embodiment, the second form of authentication can involve that the user authenticates by proving the possession of a hardware token, e.g. a smart card.

[0029] There are several possibilities for recognizing the restart of the mobile end device 20. The software application 32 can itself recognize when it is called up after a restart. As is known to the skilled person, there is for example in the Android operating system a so-called Callback for this purpose, which in fact is invoked upon every restart of the software application 32, yet hardly happens with the Android operating system. A further possibility consists in the fact that a broadcast mechanism is set up on the mobile end device 20 which, after a restart of the mobile end device 20, informs all applications registered with the broadcast mechanism about the restart of the mobile end device 20. Still another possibility provides that the software application 32 is so designed that upon the first-time starting of the software application 32, the same starts a service which is never ended during operation of the mobile end device. If the software application 32 detects that this service is not running, according to the invention the (preferably stronger) second form by authentication is requested and thereupon the service restarted. Otherwise, if the software application detects that the service is running, merely the (preferably weaker) first form by authentication is requested. Of course, the hereinabove described possibilities for recognizing a restart of the mobile end device 20 by the software application 32 can also be combined with each other.