Bitcoin schwierigkeit berechnende
Consequently, it can be made public, without thereby revealing sensitive personal data of the user of the mobile second computer system. Neither the security nor the transfer of the memory address high security demands must be made. This particularly facilitates transmission of the memory address via near field communication, for example by means of RFID, Bluetooth or Wi-Fi. For example, communication can be done wirelessly in accordance with ISO at a frequency of For example, the memory address to be emailed Beacon at fixed time intervals to the environment.
Bei dem dritten Computersystem handelt es sich beispielsweise um ein in eine Cloud-Umgebung eingebettetes Computersystem. In the third computer system is, for example, an image embedded in a cloud environment computer system. Only those with a valid password can actually read the virtual document. The readout virtual document is displayed on the display of the first computer system and which comprises from the virtual document data can be used by a user of the first computer system inspected.
Based on these features, the user of the first computer system can check whether the user of the mobile second computer system is actually the owner of the virtual document. Im Falle eines Ausweisdokuments kann so der Nutzer des mobilen zweiten Computersystems identifiziert werden.
In the case of an identity document as the user of the mobile second computer system can be identified. For example, it may be in the virtual document is a driver's license and at the first computer system to a portable mobile terminal of a police officer, which performs traffic control, or a stationary personal computer of a car ceremony, in which the holder wants to rent a vehicle.
Likewise, it could be in the virtual document, for example, an identity card and the first computer system to a portable mobile device or a stationary personal computer of a police officer who performs a security check, or a stationary personal computer to a reception of a hotel in which the cardholder reservation would like to.
An authentication with an identification document in the form of a physical document with permanently associated document body comprising a plurality of security features as well as a photograph of the document holder, is basically a two-factor authentication.
Such a two-factor authentication is used to authenticate a user by means of the combination of two factors. These factors can for example be given in the form of an article, which is owned by the user, and a characteristic, which is inseparably connected with the user.
In the case of the aforementioned identification document authentication is done by the detection of the property of the corresponding identity document as well as the face of the user, which must match for a successful authentication with the photograph of the holder of the identification document.
Embodiments may have the advantage that they also enable two-factor authentication. In addition to a match the appearance of the user of the mobile second computer system, such as a smartphone, with a virtual of the document included a photograph of the document holder, it must at the mobile second computer system is a virtual document associated computer system act.
Diese Zuordnung wird durch den Eintrag in die kryptographisch gesicherte zweite Datenbank eingerichtet und nachgewiesen. This mapping is established by the entry in the second database cryptographically secured and detected.
In the mobile second computer system is a mobile telecommunications device, in particular a smart phone, or the like can be for example a laptop or palmtop computer, a personal digital assistant, act.
After further embodiments, it may also be in the mobile second computer system is a computer system of a personal mobility vehicle of a user, such as the onboard computer of a car. Ferner kann es sich bei dem mobilen zweiten Computersystem beispielsweise auch um sog.
Further, it may, for example, also so-called order at the mobile second computer system. Bei dem ersten Computersystem kann es sich, falls dieses ebenfalls als mobiles Computersystem konfiguriert ist, ebenfalls um ein Computersystem der oben aufgelisteten Arten handeln, sofern diese ein Display umfassen. In the first computer system, it can be if it is also configured as a mobile computer system, also be a computer system of the types listed above, provided that they include a display.
In the first computer system, it may also be in addition to a stationary computer system, such as a personal computer. By the pairing means of entry into the cryptographically secured second database for a plurality of virtual documents with the same mobile second computer system can be paired. Thus, an independent body of physical documents are not required for each document. For example, both a virtual ID card and a virtual driver's license with the same smartphone is paired.
A user must therefore perform only their smartphones with them to have both his identity card and his driver's license available. Furthermore, a virtual document with multiple devices can be paired. For example, a user can pair both his driver's license with his smartphone and with the onboard computer of one or more of used cars from him. He has a driver's license is always available when he is traveling with one of the respective cars.
By phone he has his driver's license also available if he is traveling with a foreign car or another vehicle such as a motorcycle.
Durch Verwendung eines eindeutigen Identifikators des zweiten Computersystems und des Hashwerts des virtuellen Dokuments kann die Paarung zwischen dem zweiten Computersystem und dem virtuellen Dokument eindeutig bestimmt werden. By using a unique identifier of the second computer system and the hash value of the virtual document, the pairing between the second computer system and the virtual document can be uniquely determined.
A computer or computer system may comprise an interface for connection to a network, may be in the network is a private or public network, especially the Internet. A "database" is used herein generally understood in accordance with a fixed organizational structure of the database is a compilation of data in the form of database entries. Eine Datenbank kann zudem ein Verwaltungsprogramm zum Verwalten der Datenbank umfassen.
A database can also include a management program to manage the database. Under a cryptographically secure database, a database is understood, whose entries are cryptographically secured. Unter einer kryptographisch gesicherten Datenbank wird hier insbesondere eine Blockchain verstanden. Under a cryptographically secure database in particular, a block chain is understood here. A "certificate" means a digital certificate is understood here, which is also known as a public key certificate.
As the "digital" objects are also known as "virtual" objects, ie data constructs for electronic data processing. In such a certificate is structured data that serve a public key of an asymmetric cryptosystem, an identity such as a person or a device to associate. A certificate can be for example, include a public key and signed. Alternatively certificates are possible based on zero-knowiedge cryptosystems. Beispielsweise kann das Zertifikat dem Standard X. For example, the certificate may correspond to the X.
The PKI provides a system for issuing, distributing and checking digital certificates. A digital certificate is used in an asymmetric cryptosystem, the authenticity of a public key and its permissible scope and coverage to confirm.
The digital certificate itself is protected by a digital signature, the authenticity of which can be checked with the public key of the certificate issuer. To check the authenticity of the exhibitors key, in turn, a digital certificate is used. In this way, a chain of digital certificates can be built, each confirm the authenticity of the public key with which the previous certificate can be checked.
Eine solche Kette von Zertifikaten bildet einen sogenannten Validierungspfad oder Zertifizierungspfad. Such a chain of certificates forms a so-called validation path or the certification path. On the authenticity of the final certificate, called the root certificate and certified by this certificate key, the PKI participants need to rely without another certificate.
The root certificate is managed by a so-called root certificate authority on which the secured presumed authenticity of the authenticity of all certificates of PKI back. Digital certificates are a proven means to detect permissions for the security of electronic communications by asymmetric cryptographic methods. Certificates are typically provided to a wide group of people available to this a test of electronic signature authenticity and validity of permit.
A certificate can be associated with an electronic signature when associated with the public key and private key to generate the test was used to electronic signature. Because a CSP provides a certificate in association with a public key to the general public, a certification service allows users asymmetric cryptosystems the public key of an identity, such as a person, an organization, a power or computer system to assign. Asymmetric key pairs are used for a variety of cryptosystems and play an important role in the signing of electronic documents.
The public key allows anyone to encrypt data for the owner of the private key to check digital signatures from the documents or authenticate it. A private key enables its holder to decrypt encrypted data with the public key or to create digital signatures for electronic documents. To ensure this, usually a public key infrastructure is necessary to confirm the validity of the keys used by certificates.
The creation of a digital signature, also referred to merely as a "signature" is a cryptographic method in which is referred to arbitrary data, for example, an electronic document, an additional data value as a "signature", is computed. The signature can be, for example, an encrypted hash value of the electronic document, in particular an encrypted with a private key of an assigned a certificate cryptographic key pair hash.
A corresponding encrypting a hash value is therefore called the signing the hash value. The special feature of such a signature is that their authorship and membership of a particular person or entity by any third party can be checked.
Under a digital signature, a digital seal is understood here that is not assigned to a natural person but a legal person. A digital seal is therefore not used a declaration of intent of a single person but an institution as a guarantee of origin.
Es kann somit den Ursprung und die Unversehrtheit virtueller Dokumente sicherstellen und nachweisen, dass diese von einer bestimmten juristischen Person stammen. It can thus ensure the origin and integrity of virtual documents and prove that they are from a particular entity. A "non-volatile memory" means an electronic memory for permanent storage of data is understood here.
A nonvolatile memory is characterized in that the data stored in it are preserved even after switching off the power supply. The term "volatile electronic memory" here is a memory for temporarily storing data that is softer characterized in that all the data go lost after switching off the power supply. In particular, this may be a volatile random access memory that is also referred to as random-access memory RAM , or act a volatile memory of the processor.
A "protected memory area" a portion of an electronic memory is understood here to the possible access, that is a read access or a write access, only one processor of the corresponding electronic device.
According to embodiments of the access from the processor coupled to the memory is possible only if a required for this condition is satisfied.
A "processor" is meant, here and below, a logic circuit, which is used for execution of program instructions. Die Logikschaltung kann auf einem oder mehreren diskreten Bauelementen implementiert sein, insbesondere auf einem Chip. The logic circuit may be implemented in one or more discrete components, in particular on a chip.
An "interface" is here meant an interface can be received via the data and transmitted, wherein the communication interface with contact or without contact can be configured. In the communication interface, it may be an internal interface or an external interface which is connected, for example via a cable or wirelessly with an associated device.
Communication may for example, via a network. A "network" any transmission medium is understood here with an adapter for communication, act in particular a local connection or a local network, in particular a local area network LAN , a private network, especially an intranet, and a virtual private network Virtual private Network - VPN.
For example, a computer system may include a standard radio interface for connection to a WLAN. Furthermore, there may be a public network such as the Internet act. Depending on the embodiment, the network can also be a mobile network. A communication can be effected via an optical channel between two optical interfaces.
Bei den beiden optischen Schnittstellen kann es sich beispielsweise um ein Display zum Anzeigen bzw. Senden optischer Daten und eine Digitalkamera zur Aufnahme bzw.
The two optical interfaces can be, for example, a display for displaying or transmitting optical data and a digital camera for receiving or for receiving optical data. A "virtual" document, a data construct for electronic data processing is understood, however, that comprises the same data as a previously defined document, no dedicated physical document body. In particular, the validity of such a document is independent of the presence of a dedicated document body.
In a "virtual" document may be an electronic file of any file format, especially a non-executable text or spreadsheet file. Or under a "Program" "program instructions" is used herein without limitation any type of computer program understood, comprising machine readable instructions for controlling a functionality of the computer. Die Verwendung von Ordinalzahlen wie erstes, zweites, drittes etc. The use of ordinals such as first, second, third etc.
The readout of the first virtual document is made using the master password. Embodiments may have the advantage that, for example, the police associated first computer systems are configured to be able to read virtual identity documents, such as virtual identity cards, passports or virtual virtual residence permits or licenses virtual anytime. For this purpose the mobile second computer system sends, for example, continuously, the password-protected memory address in predefined time intervals.
A policeman with a corresponding first computer system can thus already received an early insight into the virtual identity document of a person to be inspected in a partnership or traffic control. This may have the advantage that the control with a sufficient safety margin, particularly out of reach can be made at controlling person.
Empfangen eines Passworts zum Auslesen des ersten virtuellen Dokuments, wobei das Auslesen des ersten virtuellen Dokuments unter Verwendung des empfangenen Passworts erfolgt. According to embodiments, the method further comprising: Embodiments may have the advantage that the user of the mobile second computer system, which is generally at the same time is the owner of the virtual document, an effective access control can exercise over the virtual document by controlling the distribution of the or passwords.
According to embodiments, it is on the received password is a one-time password with which the virtual document can be read even under the password protected memory address. Embodiments may have the advantage that an abuse of an access right once granted to the virtual document can be prevented effectively.
Thus, in particular prevented that unauthorized third parties can read the virtual document if, for example, makes the owner of the first computer system password access them or otherwise gain access to the password. The available sovereignty over the virtual document is thus the user of the mobile second computer system.
In addition, the security of the virtual document can be increased. Scannen des Passworts, welches auf einem zweiten Display des mobilen zweiten Computersystems angezeigt wird, mit einem Scanner des ersten Computersystems.
According to embodiments, the receiving of the password includes: Embodiments may have the advantage that the transmission of the password in an optical channel is carried out, which is formed by the second display and the scanner. In alternative embodiments, the displayed password from a user of the first computer system can also be typed or this will be read by the user of the mobile second computer system.
According to embodiments of this is in the scanner to a digital camera. Embodiments may have the advantage that it is in the materials used for the optical transmission channel interfaces, that display and digital camera is standard hardware, which is now available, for example, in all smartphones.
According to embodiments of the received password is displayed on the second display as the graphical code. According to embodiments of this is in the graphic code, for example, a QR code. Embodiments may have the advantage that they provide secure, that is particularly accurate and efficient transmission of the password.
Das Passwort wird hierzu vor dem Senden von dem mobilen zweiten Computersystem graphisch kodiert und von dem empfangenden ersten Computersystem nach dem Empfang wieder dekodiert. The password is this, graphically encoded prior to transmission by the mobile second computer system and is decoded again by the receiving first computer system upon receipt.
According to embodiments of the received password with a public cryptographic key of a associated with the first computer system asymmetric key pair is encrypted. Das Verfahren umfasst ferner: The method further comprises: Embodiments may have the advantage that they ensure a secure transmission of the password from the mobile second computer system to the first computer system. Even if the transmitted password is intercepted or monitored, the password can not use an unauthorized third party who does not have access to the private cryptographic key.
Das Identifizieren des Datenbankeintrags der zweiten Datenbank, in welchem der erste Identifikator gespeichert ist, erfolgt unter Verwendung der Speicher-ID. The identification of the database entry of the second database is stored in which the first identifier is performed using the memory ID.
Embodiments may have the advantage that they allow an easy identification of the entry of the second database, which includes the first identifier. According to embodiments, it is in cryptographically secured second database is a block chain and the first identifier is stored as a transaction in a block of the block chain. By a "block chain" refers here and an ordered data structure in the following, wherein each block of the block chain is identified by a hash value and references a previous block in the block chain, for example a block chain compare https: The block chain consists of a series of data blocks in which each one or more transactions together and provided with a checksum in the form of a hash value.
New blocks of the block chain are generated computationally intensive process in a conventional manner, which is also referred to as so-called mining. Knoten des Netzwerks, verbreitet. These blocks are then added to the newly created block chain and, distributed over a network to all subscribers or nodes of the network.
Bei einer Blockchain werden die Transaktionen eines Blocks beispielsweise durch einen Merkle-Baum paarweise miteinander gehasht und nur der letzte auf diese Weise erhaltene Hashwert des Blocks, der sogenannte Root-Hashwert bzw. In a block chain, the transactions of a block are hashed for example by a Merkle tree each other in pairs and, indicated only the last thus obtained hash value of the block, called the root hash value or checksum Wurzelhashwert as in the header of the block.
Chaining of the blocks can then using this root hash values. Each block of the block chain includes in its header, the hash of the entire previous block header. Thus, the order of the blocks is clearly defined and there is a chain structure. In addition, the security can be further increased by an adjustment of the necessary computational cost for creating each new blocks.
The notwenige for creating new blocks computational intensity can be controlled via requests to the hash value of the to be created new block. Der resultierende Hash-Wert ist nicht vorhersagbar, vielmehr handelt es sich um eine zufallsverteilte Zahl.
The resulting hash value is not predictable, but it is a randomly distributed number. It can, however, determine how much time is necessary depending on the time spent processing power in the statistical mean for finding a valid new block. The hash value of a block can be varied, for example by adding and varying a Nounce. Due to the chain structure, data stored once in a block chain, not be changed or removed without replacing large parts of the block chain.
However, such a replacement is ruled out as a result of a sufficiently compute-intensive generation of new blocks. Known embodiments of a block chain, such as in the case of crypto currency Bitcoin, based on anonymity of the parties involved in the transactions. In this way the security against forgery can be improved. A request to a valid block can consist, for example, that the hash value of the header of the block is less than or equal to a limit value.
The hash value calculation may be carried out for example using the Secure Hash Algorithm SHA SHA , the resulting hash value, in this case a random number Die Wahrscheinlichkeit, dass der resultierende Hash-Wert kleiner gleich einem Grenzwert bzw. The probability that the resulting hash value less than or equal to a limit value or target value Engl. Target as are specified below. Thus, the probability to obtain a hash value smaller is the selected limit value is equal to, for the example given previously: Are valid blocks by a compute-intensive processes such as the previously generated Described as the participants of the block chain network of the longest valid block Chain confidence because behind this most computational power and can therefore be assumed that those recognized by the majority of the participants as valid becomes.
If, for example, to the fact that a fork, that a branch is created in the block chain, at some point the fork with the higher chain length prevails, since it can be assumed that behind this is the majority of participants. A block chain can also be implemented in the form of a private block chain, for example, only a selected group of participants has a permission to add valid block.
A corresponding authorization, for example, be detected by means of a signature using a private cryptographic key. The private cryptographic keys can belong to an asymmetric key pair to which a public cryptographic key belongs to which the signature can be checked. The asymmetric key pair can also be, for example, a certificate assigned to which is the authority to generate a valid block, the block chain. This certificate may be further associated with a PKI, which proves the authenticity of the certificate.
According to a further embodiment, a public key can be stored in the block chain, for example, for each participant of the selected group, for example in a Genesis block. Based on this public key if signatures of blocks and the corresponding blocks are themselves valid can be verified.
Ein Konsens kann auch auf andere Weise in einer Blockchain implementiert werden. A consensus can be implemented in other ways in a block chain. For example, a consensus can be achieved by proposed a recording logs is tuned into the block chain. For example, each participant performs a unique list of other participants, which he trusts as a group. Each participant may propose new items you want to include in a new block of the block chain. On the inclusion and recognition of the validity of the proposed items will be voted.
For example, each participant shall vote only on those proposals, which originate from operators of its list. In other words, only the votes of those participants considered that are included in the list of the participant are to decide whether a proposal for a new entry is accepted as valid, ie whether there is a consensus among the participants regarding the validity of this entry, making the proposal.
All suggested entries that meet this criterion included in the block chain. Nach der Investorblase wurde gar das Ende des Bitcoins prophezeit.
Bitcoin erfordert keine Zentralbank, die das Geldsystem verwaltet und auf Papier druckt. Der Bitcoin liegt vielmehr voll und ganz in der Hand seiner Benutzer. Der Bitcoin-Kurs steigt erheblich. Bezahlen wir in Zukunft mit Mobiltelefonen, Kreditkarten oder unserem Fingerabdruck?
Denn Bitcoin Mining wird mit zunehmender Rechenleistung von Stunde zu Stunde schwerer, was am stetig steigenden Schwierigkeitsgrad der zu berechnenden Aufgaben liegt. Ein komplett errechneter Block bringt 50 Bitcoins ein.
Der Bitcoin wird von keiner zentralen Stelle kontrolliert und es gibt keine Ausgabestellen wie Zentralbanken oder Regierungen. Kann sich der Bitcoin langfristig durchsetzen? Das Bezahlsystem von Bitcoin und seine wichtigsten Merkmale