System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record

US 20010002487A1
Filed: 12/05/2000
Published: 05/31/2001
Est. Priority Date: 05/28/1997
Status: Active Grant

First Claim

Patent Images

1. A machine system for maintaining confidential digital information generally in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for access by a combination of a password and a passport, said machine system comprising:

(a) a passport generator for generating within a first station an in-station passport, wherein the in-station passport includes;

(a.1) a first secured key derived from a first password of a first authorized user; and

(a.2) a second secured key that is different from the first secured key; and

(b) a passport exporter for generating within the first station an exportable passport, wherein said exportable passport includes a copy of the first secured key but does not include a copy of the second secured key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed for controlling intelligible access to secured files by means of a user-memorized password in combination with a user-associated passport record. The passport record takes on two forms, one when it is physically secured within the workstation and a different second form when the passport record is in-transit. Log-in privileges are granted after a presented passport record passes a number of tests including digital signature authentication, and the ability to extract two different encrypted keys from the passport record. The in-transit record does not carry one of those two keys.

76 Citations

34 Claims

1. A machine system for maintaining confidential digital information generally in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for access by a combination of a password and a passport, said machine system comprising:
- (a) a passport generator for generating within a first station an in-station passport, wherein the in-station passport includes;
  
  (a.1) a first secured key derived from a first password of a first authorized user; and
  
  (a.2) a second secured key that is different from the first secured key; and
  
  (b) a passport exporter for generating within the first station an exportable passport, wherein said exportable passport includes a copy of the first secured key but does not include a copy of the second secured key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A machine system according to claim 1 wherein said passport generator includes:
    - (a.3) random number generating means for producing a substantially random first bit sequence defining a plaintext version of said first secured key;
      
      (a.4) a hasher for receiving said first password and producing therefrom a hashed password signal; and
      
      (a.5) a first encrypting unit for receiving as inputs, the hashed password signal and the first bit sequence, for carrying out a first encrypting operation on its received inputs, and for responsively outputting the first secured key.
  - 3. A machine system according to claim 2 wherein said passport generator further includes:
    - (a.6) a private key supplier for supplying a second bit sequence defining a plaintext version of said second secured key; and
      
      (a.7) a second encrypting unit for receiving as inputs, the first bit sequence and the second bit sequence, for carrying out a second encrypting operation on its received inputs, and for responsively outputting the second secured key.
  - 4. A machine system according to claim 3 wherein said passport generator further includes:
    - (a.8) a public key supplier for supplying a third bit sequence representing a public key of the first user; and
      
      (a.9) a third encrypting unit for receiving as inputs, the first bit sequence and the third bit sequence, for carrying out a third encrypting operation on its received inputs, and for responsively outputting a third secured key; and
      
      further wherein;
      
      the in-station passport includes a copy of the third secured key; and
      
      the exportable passport does not include a copy of the third secured key.
  - 5. A machine system according to claim 4 wherein:
    - (a.5a) said first encrypting operation is a symmetric encryption (SE) using the first bit sequence as a data-input and using the hashed password signal as a key-input;
      
      (a.7a) said second encrypting operation is a symmetric encryption (SE) using the first bit sequence as a key-input and using the second bit sequence as a data-input; and
      
      (a.9a) said third encrypting operation is an asymmetric encryption (AE) using the using the first bit sequence as a data-input and using the public key of the first user as a key-input.
  - 6. A machine system according to claim 1 further comprising:
    - (c) first data conveyance means for conveying first data representing said encrypted form of the confidential digital information; and
      
      (d) second data conveyance means for conveying second data representing the exportable passport.
  - 7. A machine system according to claim 6 wherein:
    - (c.1) said first data conveyance means records the first data into a portable memory means; and
      
      (d.1) said second data conveyance means transmits the second data by way of a conveyance channel that does not include said first portable memory means.

8. A machine system for maintaining confidential digital information generally in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for access by a combination of a password and a passport, said machine system comprising:
- (a) a passport inspector for receiving a user password supplied at a given station, for locating an in-station passport associated with the user, and for verifying correlation between the user-supplied password and the user-associated in-station passport;
  
  wherein the in-station passport includes;
  
  (a.1) a first secured key derived from a valid password of the passport-associated user;
  
  (a.2) a second secured key covered by a plaintext version of the first secured key; and
  
  (a.3) a third secured key that is different from the first secured key; and
  
  wherein the correlation verification carried out by the passport inspector includes;
  
  (a.4) generating a first attempt signal by attempting to uncover the first secured key with the user-submitted password;
  
  (a.5) generating a second attempt signal by attempting to uncover the second secured key with the first attempt signal;
  
  (a.6) generating a third attempt signal by attempting to uncover the third secured key; and
  
  (a.7) performing format checking on each of the second attempt signal and the third attempt signal.

9. A machine-implemented method for maintaining confidential digital information generally in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for access by a combination of a password and a passport, said method comprising the steps of:
- (a) receiving a user password supplied at a given station;
  
  (b) fetching an in-station passport associated with the user, wherein the in-station passport includes;
  
  (b.1) a first secured key derived from a valid password of the passport-associated user;
  
  (b.2) a second secured key covered by a plaintext version of the first secured key; and
  
  (b.3) a third secured key that is different from the first secured key; and
  
  (c) verifying correlation between the user-supplied password and the user-associated in-station passport, wherein said correlation verification includes;
  
  (c.1) generating a first attempt signal by attempting to uncover the first secured key with the user-submitted password;
  
  (c.2) generating a second attempt signal by attempting to uncover the second secured key with the first attempt signal;
  
  (c.3) generating a third attempt signal by attempting to uncover the third secured key; and
  
  (c.4) performing format checking on each of the second attempt signal and the third attempt signal.

10. A machine-readable memory for use in a machine system that maintains confidential digital information generally in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for access by a combination of a user-associated password and a user-associated passport said machine-readable memory storing a passport data structure comprising:
- (a) a first secured key derived from a valid password of the passport-associated user;
  
  (b) a second secured key covered by a plaintext version of the first secured key; and
  
  (c) a third secured key that is different from the first secured key.

11. A machine-implemented method for providing intelligible access to algorithmically-secured data in response to an access request, wherein the access request includes submission of a password and submission of an identification of a requesting user, said method comprising the steps of:
- (a) finding a machine-readable passport associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
  
  (a.2) a second field containing a first secured key derived from a valid password of the passport-associated user;
  
  (a.3) a third field containing a second secured key covered by a plaintext version of the first secured key; and
  
  (a.4) a fourth field containing a third secured key that is different from the first secured key;
  
  (b) using the submitted password to attempt decryption of the first secured key, said attempt producing a putative first uncovering of the first secured key;
  
  (c) using the putative first uncovering to attempt decryption of the second secured key, said attempt producing a putative second uncovering of the second secured key; and
  
  (d) using the putative first uncovering to attempt decryption of the third secured key, said attempt producing a putative third uncovering of the third secured key.
- View Dependent Claims (12, 13)
- - 12. A machine-implemented method according to claim 11 wherein:
    - (c.1) said attempted decryption of the second secured key provides a respective indication of whether or not the attempted decryption was successful; and
      
      (d.1) said attempted decryption of the third secured key provides a respective indication of whether or not the attempted decryption was successful;
      
      said method further comprising the step of;
      
      (e) requiring respective indications of decryption success from the attempted decryptions of the second and third secured keys before providing intelligible access to algorithmically-secured data in response to said access request.
  - 13. A machine-implemented method according to claim 11 wherein:
    - (a.3a) a correctly decrypted version of said second secured key has a prespecified format that indicates correct decryption thereof; and
      
      (a.4a) a correctly decrypted version of said third secured key has a prespecified format that indicates correct decryption thereof;
      
      said method further comprising the step of;
      
      (e) testing the format of each of the putative second uncovering and the putative third uncovering for an indication of correct decryption.

14. A machine-instructing device for instructing a prespecified, instructable machine to carry out a method for providing intelligible access to algorithmically-secured data in response to an access request, wherein the access request includes submission of a password and submission of an identification of a requesting user, said instruction-defined method comprising the steps of:
- (a) finding a machine-readable passport associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
  
  (a.2) a second field containing a first secured key derived from a valid password of the passport-associated user;
  
  (a.3) a third field containing a second secured key covered by a plaintext version of the first secured key; and
  
  (a.4) a fourth field containing a third secured key that is different from the first secured key;
  
  (b) using the submitted password to attempt decryption of the first secured key, said attempt producing a putative first uncovering of the first secured key;
  
  (c) using the putative first uncovering to attempt decryption of the second secured key, said attempt producing a putative second uncovering of the second secured key; and
  
  (d) using the putative first uncovering to attempt decryption of the third secured key, said attempt producing a putative third uncovering of the third secured key.

15. A machine-implemented method for providing intelligible access to algorithmically-secured data in response to an access request submitted at a first location, wherein the access request includes submission of a password and submission of an identification of a requesting user, said method comprising the steps of:
- (a) finding a machine-readable passport associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
  
  (a.2) a second field containing a first secured key derived from a valid password of the passport-associated user;
  
  (a.3) a third field containing a second secured key covered by a plaintext version of the first secured key;
  
  (a.4) a fourth field that is either blank or contains irrelevant data; and
  
  (a.5) a fifth field containing a digital signature covering at least said first through fourth fields;
  
  (b) using the digital signature to authenticate the signature-covered contents of the found passport.
- View Dependent Claims (16, 17, 18, 19)
- - 16. A machine-implemented method according to claim 15 wherein:
    - (a.6) the found passport further includes a sixth field containing a public key of the passport-associated user;
      
      (a.5a) the digital signature of said fifth field further covers the sixth field; and
      
      (b.1) the public key of the sixth field is applied the digital signature of the fifth field in said step (b) of authenticating the signature-covered contents of the found passport.
  - 17. A machine-implemented method according to claim 16 wherein:
    - (a.7) the found passport further includes a seventh field containing an indication that the found passport originated at a location other than the first location;
      
      (a.8) the found passport further includes an eighth field that is either blank or contains irrelevant data; and
      
      (a.5b) the digital signature of said fifth field further covers the seventh and eighth fields.
  - 18. A machine-implemented method according to claim 17 further comprising, if the signature-covered contents of the found passport are successfully authenticated by the digital signature, the additional steps of:
    - (c) generating a new key at the first location;
      
      (d) overwriting the eighth field with an encrypted version of the new key, said encrypted version of the new key being covered by the public key of the passport-associated user;
      
      (e) overwriting the fourth field with an encrypted version of a location-specific key, said location-specific key being specific to the first location, said encrypted version of the location specific key being covered by the new key.
  - 19. A machine-implemented method according to claim 18 further comprising, after said steps of overwriting the fourth and eighth fields, the additional step of:
    - (f) overwriting the fifth field with a new digital signature covering all other fields of the overwritten passport.

20. A machine-implemented method for providing intelligible access to algorithmically-secured data in response to an access request submitted at a first location, wherein the access request includes submission of a password and submission of an identification of a requesting user at the first location, and further wherein a user-associated passport required for servicing the access request is physically secured in a second location, said method comprising the steps carried out at the second location of:
- (a) finding the passport associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
  
  (a.2) a second field containing a first secured key derived from a valid password of the passport-associated user;
  
  (a.3) a third field containing a second secured key covered by a plaintext version of the first secured key;
  
  (a.4) a fourth field containing a third secured key that is different from the first secured key, said third secured key being covered by either a plaintext version the first secured key or by an alternate key;
  
  (a.5) a fifth field containing a secured copy of the alternate key, said secured copy of the alternate key being covered by the public key of the passport-associated user; and
  
  (a.6) a sixth field containing a digital signature covering at least said first through fifth fields;
  
  (b) copying the found passport;
  
  (c) clearing the fourth and fifth fields of the passport copy;
  
  (d) overwriting the sixth field of the passport copy with a new digital signature covering all other fields of the cleared passport copy; and
  
  (e) exporting the cleared and resigned passport copy out of the second location.

21. A machine-implemented method for providing intelligible access to algorithmically-secured data stored at a first location in response to an access request submitted at the first location, wherein the access request includes submission of a password and submission of an identification of a requesting user at the first location, and further wherein a user-associated passport said method comprising the steps carried out at the first location of:
- (a) finding a passport associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
  
  (a.2) a second field containing a first secured key derived from a valid password of the passport-associated user; and
  
  (a.3) a third field containing a secured copy of a prespecified bit sequence, said secured copy of the prespecified bit sequence being covered by a plaintext version of the first secured key;
  
  (b) using the submitted password to attempt decryption of the first secured key, said attempt producing a putative first uncovering of the first secured key;
  
  (c) using the putative first uncovering to attempt decryption of the secured copy of a prespecified bit sequence, said attempt producing a putative second uncovering of the prespecified bit sequence; and
  
  (d) comparing the putative second uncovering against the prespecified bit sequence.

22. A manufactured passport signal structured for operable use by a machine system that maintains confidential digital information in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for access by a combination of a user-associated password and a user-associated passport , said manufactured passport signal defining for each of an associated one or more authorized users, a passport data structure comprising:
- (a) a first field containing a first secured-by-encryption key, where said first secured key is covered by a first covering signal derived from a valid password of the passport-associated user;
  
  (b) a second field containing a second secured-by-encryption key, where said second secured key is covered by a plaintext version of the first secured key; and
  
  (c) a third field that is blank or is filled with irrelevant information, (c.1) where said third field can be overwritten to contain a third secured-by-encryption key that is different from the first secured key in situations where the corresponding passport data structure is physically-secured within said machine system; and
  
  (d) where said machine system requires local presence of a physically-secured, in-system version of the corresponding passport data structure and a verified local uncovering from said in-system version of the corresponding passport data structure of the secured keys in the second and third fields of the in-system version before the machine system locally grants to a requesting user, intelligible access to corresponding confidential information.
- View Dependent Claims (23, 24)
- - 23. The manufactured passport signal of claim 22 wherein said passport data structure further comprises:
    - (e) a fourth field storing a digital signature that covers data contained in at least the first, second and third fields.
  - 24. A manufactured passport signal according to claim 23 and further characterized as being transmitted over an unsecured communications network.

25. A manufactured instruction signal structured for instructing a prespecified, instructable machine to carry out a method for providing intelligible access to algorithmically-secured data in response to an access request, wherein the access request includes submission of a password and submission of an identification of a requesting user, said instruction-defined method comprising:
- (a) finding a machine-readable passport associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
  
  (a.2) a second field containing a first secured key derived from a valid password of the passport-associated user;
  
  (a.3) a third field containing a second secured key covered by a plaintext version of the first secured key; and
  
  (a.4) a fourth field containing a third secured key that is different from the first secured key; and
  
  (a.5) a fifth field containing a fourth secured key, where a plaintext version of the fourth secured key covers the third secured key of the fourth field;
  
  (b) using the submitted password to attempt decryption of the first secured key, said attempt producing a putative first uncovering of the first secured key;
  
  (c) using the putative first uncovering to attempt decryption of the second secured key, said attempt producing a putative second uncovering of the second secured key; and
  
  (d) attempting to generate a plaintext version of the third secured key by using the fourth field in combination with at least the second field.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The manufactured instruction signal of claim 25 wherein said step (d) further uses the third field and the fifth field for attempting to generate the plaintext version of the third secured key.
  - 27. The manufactured instruction signal of claim 25 and further wherein said passport further includes:
    - (a.6) a sixth field storing an origination flag that indicates whether the plaintext version of the first secured key originated locally or was imported; and
      
      wherein said instruction-defined method performs the steps of;
      
      (d.1) in response to the origination flag indicating that first secured key originated locally, using the putative first uncovering to attempt decryption of the third secured key; and
      
      (d.2) in response to the origination flag indicating that first secured key did not originate locally, using the putative first uncovering in combination with an attempted uncovering of the second secured key and an attempted uncovering of the fourth secured key to attempt decryption of the third secured key.
  - 28. The manufactured instruction signal of claim 25 and further wherein said instruction-defined method does not require involvement by a system administrator or another, like-privileged user in addition to involvement by the requesting user for providing said intelligible access to the algorithmically-secured data if the machine-readable passport is found to be physically secured within a local workstation of the requesting user and pre-authenticated within said local workstation.
  - 29. The manufactured instruction signal of claim 28 and further wherein said instruction-defined method does require involvement by a system administrator or another, like-privileged user in addition to involvement by the requesting user for providing said intelligible access to the algorithmically-secured data if the machine-readable passport is to be formed by importing an in-transit version of the passport into a physically secured area within the local workstation of the requesting user, where the corresponding fourth field and fifth field of the in-transit version are each blank or filled with irrelevant information, and the system administrator or other, like-privileged user has to release a plaintext version of the third secured key for use in filling in the fourth field of the machine-readable passport during its formation.
  - 30. The manufactured instruction signal of claim 25 and further wherein said instruction-defined method does not require involvement by a system administrator or another, like-privileged user in addition to involvement by the requesting user for changing the valid password of the requesting user if the machine-readable passport is found to be physically secured within a local workstation of the requesting user and pre-authenticated within said local workstation.

31. A manufactured signal structured for loading into a prespecified, programmable machine and thereby causing the machine to carry out a method for providing intelligible access to algorithmically-secured data in response to an access request, wherein the machine has a physically secured storage, wherein the access request includes submission of a user identification, and submission of a putative password of a user identified by said user identification, where said access-providing method comprises:
- (a) obtaining from said physically secured storage, a machine-readable passport that is associated with the submitted identification, wherein said passport includes;
  
  (a.1) a first field containing data of a first algorithmically-secured key, which data is derived from a valid password of a passport-associated user and from a plaintext version of the first secured key;
  
  (a.2) a second field containing data of a second algorithmically-secured key that is covered by said plaintext version of the first secured key; and
  
  (a.3) a third field containing data of a third algorithmically-secured key that is different from the first algorithmically-secured key; and
  
  (a.4) a fourth field containing data of a fourth algorithmically-secured key, (a.3a) where the third secured key of the third field is covered by a plaintext version of the fourth secured key;
  
  (b) using the submitted, putative password to attempt a decryption of the first secured key, said attempt producing a putative first uncovering of the first secured key from the data of said first field;
  
  (c) using the putative first uncovering to attempt a further decryption of the second secured key, said further attempt producing a putative second uncovering of the second secured key from the data of said second field; and
  
  (d) attempting to generate a plaintext version of the third secured key by trying to decrypt the data of said fourth field while using at least the putative first uncovering for forming a decryption key for decrypting the data of said fourth field.
- View Dependent Claims (32, 33)
- - 32. The manufactured signal of claim 31 and further wherein said access-providing method allows one or more of a system administrator and other like-privileged users to erase said identification-associated passport from the physically secured storage either autocratically or by vote and to thereby block the passport-associated user from gaining intelligible access to the algorithmically-secured data by way of said machine .
  - 33. The manufactured signal of claim 31 and further wherein said passport includes:
    - (a.5) a fifth field containing an algorithmically-secured data string that is produced by using the first algorithmically-secured key to cover a plaintext version of said algorithmically-secured data string; and
      
      said access-providing method includes the steps of;
      
      (e) attempting to generate the plaintext version of the algorithmically-secured data string by trying to decrypt the data of said fifth field while using the putative first uncovering as a decryption key; and
      
      (f) checking the generated plaintext version of the data string for correctness, and if the check fails, denying entry into the machine based on said obtained passport and the supplied user identification, and the submitted putative password.

34. A manufactured instruction signal adapted for instructing a prespecified, instructable machine to carry out a machine-implemented method for protecting algorithmically-secured data from being intelligibly accessed by other than authorized users, where an access request includes submission of a putative password of an authorized user, and submission of a putative identification of the same authorized user to a request-servicing station that has physically secured, storage and processing facilities, where said instructed method comprises:
- (a) requiring presentation within said physically secured, storage facilities of the request-servicing station, of an authenticated passport record associated with a user identified by the putative identification, where the presented passport record includes;
  
  (a.1) a first field containing data of a first algorithmically-secured key, where said first secured key is derived from a valid password of the passport-associated user and from a first counterpart-plaintext key that is temporarily originated in either the physically secured facilities of the request-servicing station or in physically secured facilities of a like, external station;
  
  (a.2) a second field containing data of a second algorithmically-secured key, where said second secured key is derived from a second counterpart and private key of the passport-associated user and from said first counterpart-plaintext key;
  
  (a.3) a third field containing data of a third algorithmically-secured key, where said third secured key is derived from a public key of the passport-associated user and from a third counterpart-plaintext key that is temporarily created in the physically secured facilities of the request-servicing station, where the third counterpart-plaintext key may be the same as the first counterpart-plaintext key if both of the first and third counterpart-plaintext keys originate in the physically secured facilities of the request-servicing station;
  
  (a.4) a fourth field containing data of a fourth algorithmically-secured key, where said fourth secured key is derived from a fourth counterpart and private key of the request-servicing station and from said third counterpart-plaintext key;
  
  (b) requiring use of the data of said fourth field and use of the data of at least of said first field for reproducing in the physically secured facilities of the request-servicing station, said fourth counterpart and private key of the request-servicing station; and
  
  (c) requiring use of the data of said second field and use of the data of said first field for reproducing in the physically secured facilities of the request-servicing station, said second counterpart and private key of the passport-associated user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Lohstroh, Shawn R., Grawrock, David

Granted Patent

US 6,408,389 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/104   Grouping of entities

H04L 9/0891   Revocation or update of sec...

H04L 9/3249   using RSA or related signat...

System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links