Tamper detection and secure power failure recovery circuit

US 20040066274A1
Filed: 10/07/2002
Published: 04/08/2004
Est. Priority Date: 10/07/2002
Status: Active Grant

First Claim

Patent Images

1. A security system comprising:

a token comprising;

volatile random access memory for storing security data for use during a step of secure authentication;

an interface for providing communication between the token and a host system when coupled thereto; and

a processor for performing the steps of;

receiving via the interface authentication data;

authenticating the token for performing security functions in response to correct authentication data;

providing via the interface secure information in response to correct authentication data;

storing within the token security data relating to the security information in response to correct authentication data; and

re-authenticating the token for performing security functions in response to receipt of the secure information after a reset of the token has occurred.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system is disclosed, including a token as well as a host system. The token consists of volatile random access memory for storing security data for use during a step of secure authentication, an interface for providing communication with a host system when coupled thereto, and a processor. The processor performs the steps of authenticating a host system and the token, providing secure information to the host system upon authentication therewith, and re-authenticating the host system and the token in response to receipt of the secure information after a reset of the token has occurred. Alternatively, the token contains an internal voltage source for providing a supply voltage to the security system for a predetermined amount of time, when an external voltage source providing a supply voltage to the security system is disrupted, a tamper detection device for detecting an absence of a ground connected to the token and for providing a tamper signal when a ground is detected as absent, and a volatile random access memory clear circuit for clearing the security data within the volatile random access memory in response to the tamper signal.

83 Citations

View as Search Results

22 Claims

1. A security system comprising:
- a token comprising;
  
  volatile random access memory for storing security data for use during a step of secure authentication;
  
  an interface for providing communication between the token and a host system when coupled thereto; and
  
  a processor for performing the steps of;
  
  receiving via the interface authentication data;
  
  authenticating the token for performing security functions in response to correct authentication data;
  
  providing via the interface secure information in response to correct authentication data;
  
  storing within the token security data relating to the security information in response to correct authentication data; and
  
  re-authenticating the token for performing security functions in response to receipt of the secure information after a reset of the token has occurred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A security system according to claim 1, comprising:
    - a host system comprising;
      
      an interface port for interfacing with a token, a processor for performing instructions in dependence upon instruction data, and memory comprising instruction memory for storing of instructions for performing a step of secure re-authentication and non-volatile random access host memory for storing secure information received from the token and for use in secure re-authentication.
  - 3. A security system according to claim 2, wherein the token comprises:
    - a tamper detection device for detecting of tampering within the security system and for providing a tamper signal when tampering is detected; and
      
      a memory clear circuit for clearing the security data within the token in response to the tamper signal.
  - 4. A security system according to claim 3, wherein the tamper detection device comprises a secure housing and tamper detection circuitry, the non-volatile random access host memory being located within the physical boundaries of the secure housing.
  - 5. A security system according to claim 4, wherein the tamper detection circuitry comprises a circuit for transmitting a tamper signal when then the secure housing is opened.
  - 6. A security system according to claim 4, wherein the tamper detection circuitry comprises a circuit for transmitting a tamper signal when the security system is other than coupled to a ground.
  - 7. A security system according to claim 4, wherein the tamper detection circuitry comprises a circuit for transmitting a tamper signal when the token is removed from a peripheral component interface slot.
  - 8. A security system according to claim 1, comprising:
    - a voltage source internal to the token for providing a supply voltage to the token for a predetermined amount of time, when an external voltage source providing a supply voltage to the security system is disrupted.

9. A method for secure re-authentication of a secure server comprising the steps of:
- transmitting authentication data from a host system to a token for authenticating to the token;
  
  receiving key data at the host system in response to the transmitted authentication data and provided by the token;
  
  storing the key data on the host system in non-volatile memory thereof;
  
  storing re-authentication data within the token based on the key data provided to the host system;
  
  upon a resumption of power following a power failure resulting in a power outage to the host system, providing the key data from the host system to the token for secure re-authentication therewith;
  
  determining if the key data is correct key data associated with the stored re-authentication data; and
  
  , when the key data is correct key data associated with the stored re-authentication data, re-authentication the host system and the token.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. A method for secure re-authentication according to claim 9, wherein authentication code is a password.
  - 11. A method for secure re-authentication according to claim 9, wherein memory within the token is powered by a capacitor such that for a predetermined time after external power is other than provided to the token, the memory within the token retains data stored therein.
  - 12. A method for secure re-authentication according to claim 9, wherein the step of storing re-authentication data within the token includes a step of encrypting the re-authentication data.
  - 13. A method for secure re-authentication according to claim 9, further comprising the steps of:
    - generating on the token the key data.
  - 14. A method for secure re-authentication according to claim 9, comprising the steps of:
    - generating on the token a first, a second, and a third additional secondary authentication key;
      
      storing on the token at a least one of the first, second and third additional secondary authentication keys in memory; and
      
      securing on the token secondary authorization key data with the at least one of the additional secondary authentication keys stored within memory.
  - 15. A method for secure re-authentication according to claim 14, wherein the third additional secondary authentication key is created in dependence upon the first and the second additional secondary authentication keys.
  - 16. A method for secure re-authentication according to claim 15, wherein the third additional secondary authentication key is created by means of a bit-wise comparison operation.
  - 17. A method for secure re-authentication according to claim 12, further comprising the steps of:
    - creating on the host system an echo-avoiding encryption key; and
      
      sending from the host system to the token the echo-avoiding encryption key.
  - 18. A method for secure re-authentication according to claim 17, wherein the at least one of the first, second and third additional secondary authorization keys is encrypted and decrypted with the echo-avoiding encryption key.

19. A security system comprising:
- a token comprising;
  
  volatile random access memory for storing security data for use during a step of secure authentication;
  
  an internal voltage source for providing a supply voltage to the security system for a predetermined amount of time, when an external voltage source providing a supply voltage to the security system is disrupted;
  
  an interface for providing communication with a host system when coupled thereto;
  
  a tamper detection device for detecting an absence of a ground connected to the token and for providing a tamper signal when a ground is detected as absent; and
  
  a volatile random access memory clear circuit for clearing the security data within the volatile random access memory in response to the tamper signal.
- View Dependent Claims (20)
- - 20. A security system according to claim 19, wherein the tamper detection circuitry comprises a circuit for sending out a tamper signal when the token is removed from a peripheral component interface slot.

21. A method for secure re-authentication of a secure server comprising the steps of:
- storing re-authentication data within memory within a token;
  
  detecting a presence of a ground coupled to the token; and
  
  , when a ground is other than coupled to the token, erasing the re-authentication data within the memory.
- View Dependent Claims (22)
- - 22. A method for secure re-authentication according to claim 21, wherein the memory within the token is powered by a capacitor such that for a predetermined time after external power is other than provided to the token, the memory within the token retains data stored therein.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rainbow Technologies, Inc. (Thales SA)
Original Assignee
Rainbow Technologies, Inc. (Thales SA)
Inventors
Bailey, Doug

Granted Patent

US 7,205,883 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/5.3
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 21/554   involving event detection a...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 9/40   Network security protocols

Tamper detection and secure power failure recovery circuit

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Tamper detection and secure power failure recovery circuit

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others