Security system for computer transactions

US 20060010325A1
Filed: 07/09/2004
Published: 01/12/2006
Est. Priority Date: 07/09/2004
Status: Abandoned Application

First Claim

Patent Images

1. A security system for computer transactions with a central computer having data and software applications stored thereon comprising:

a remote terminal accessible to a network through which transactions to said central computer can be accomplished, said remote terminal having a USB port and being utilized by a remote user;

a USB Security Key embedded with a personal digital certificate unique to said remote user, said USB Security Key being insertable into said USB port on said remote terminal, said USB Security Key requiring the inputting of a personal identification number to enable access of said personal digital certificate by said remote terminal; and

a secure access appliance positioned to intercept communications from said remote terminal before reaching said central computer, said secure access appliance requiring authentication of said personal digital certificate before permitting access from said remote terminal to said central computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Security system for computer transactions incorporates a USB Security Key, a remote terminal and a secure access appliance to provide Security for a central computer. The USB Security Key is coded with a personal digital certificate and is required to be inserted into the remote terminal, along with the input of a personal identification number, before communications with the secure access appliance can be authenticated. The remote terminal is provided only with a central processing unit, random access memory, and restricted access, non-volatile flash memory storage device, which when used with a central computer, eliminates the need to store data on a permanent memory storage device. Software applications can be downloaded from the central computer for operation by the remote terminal. Since the IP address/name of the central computer is hidden by the secure access appliance, the central computer remains secure from unauthorized access and provides an audit trail.

75 Citations

View as Search Results

25 Claims

1. A security system for computer transactions with a central computer having data and software applications stored thereon comprising:
- a remote terminal accessible to a network through which transactions to said central computer can be accomplished, said remote terminal having a USB port and being utilized by a remote user;
  
  a USB Security Key embedded with a personal digital certificate unique to said remote user, said USB Security Key being insertable into said USB port on said remote terminal, said USB Security Key requiring the inputting of a personal identification number to enable access of said personal digital certificate by said remote terminal; and
  
  a secure access appliance positioned to intercept communications from said remote terminal before reaching said central computer, said secure access appliance requiring authentication of said personal digital certificate before permitting access from said remote terminal to said central computer.
- View Dependent Claims (2, 3)
- - 2. The security system of claim 1 wherein said remote terminal requires the authentication of said personal digital certificate embedded in said USB Security Key before access to operate the remote terminal can be granted.
  - 3. The security system of claim 2 wherein said remote terminal is provided with an operating system to permit the activation of said remote terminal.

4. A method of securing transactions between a remote terminal and a central computer on which data is stored, comprising the steps of:
- inserting a USB Security Key into a USB port on said remote terminal, said USB Security Key having a personal digital certificate embedded therein;
  
  inputting a personal identification number into said remote terminal;
  
  matching said personal identification number against a resident identification number stored in said USB Security Key;
  
  if said inputted personal identification number matched the resident identification number on the USB Security Key, extracting the personal digital certificate from said USB Security Key into said remote terminal;
  
  forwarding said personal digital certificate to an intermediate secure access appliance;
  
  authenticating said personal digital certificate against a known Certificate Authority; and
  
  if said personal digital certificate is authenticated, permitting access to said central computer from said remote terminal through said secure access appliance.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
- - 5. The method of claim 4 wherein said authenticating step includes the steps of:
    - first authenticating said personal digital certificate against said Certificate Authority before said step of forwarding said personal digital certificate to said secure access appliance; and
      
      also authenticating said personal digital certificate by said secure access appliance against said Certificate Authority before permitting access to said central computer.
  - 6. The method of claim 5 wherein access to said remote terminal is denied if said step of first authenticating said personal digital certificate fails.
  - 7. The method of claim 6 wherein access to said central computer is denied if said step of also authenticating said personal digital certificate fails.
  - 8. The method of claim 4 wherein access to said remote terminal is denied if said matching step fails.
  - 9. The method of claim 4 wherein said central computer has an IP address/name, said secure access appliance hiding said IP address/name from said remote terminal.
  - 10. The method of claim 4 wherein said secure access appliance provides an audit trail for all transactions passing through said secure access appliance.
  - 11. The method of claim 4 wherein said remote terminal is prevented from storing data obtained from said central computer.
  - 12. The method of claim 11 wherein said remote terminal can access software applications stored on said central computer.

13. A method of authenticating a user of a computer terminal having a USB port and an Internet connection, comprising the steps of:
- inserting a USB Security Key into said USB port in said computer terminal, said USB Security Key having embedded therein a personal digital certificate and a resident identification number;
  
  inputting into said computer terminal a personal identification number;
  
  comparing said inputted personal identification number with said resident identification number in said USB Security Key;
  
  if said personal identification number and said resident identification number match, extracting said personal digital certificate from said USB Security Key into said computer terminal; and
  
  validating said personal digital certificate with a remote Certificate Authority over the Internet.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the user is denied access to operate said computer terminal if said inputted personal identification number does not match said resident identification number in said USB Security Key.
  - 15. The method of claim 14 wherein the user is denied access to operate said computer terminal if said personal digital certificate is not validated by said remote Certificate Authority.
  - 16. The method of claim 15 wherein said computer terminal is connected to a secure access appliance when said personal digital certificate is validated by said remote Certificate Authority.
  - 17. The method of claim 16 wherein said secure access appliance also validates said personal digital certificate against said remote Certificate Authority.
  - 18. The method of claim 16 wherein said secure access appliance connects said computer terminal to a central computer for accessing data and software applications.
  - 19. The method of claim 18 wherein said computer terminal is incapable of storing data in a permanent memory storage device.
  - 20. The method of claim 19 wherein said secure access appliance shields said computer terminal from acquiring an IP address/name of said central computer.

21. A method of securing a central computer having data stored thereon from unauthorized access from a user of a remote computer terminal, comprising the steps of:
- providing a secure access appliance to receive all communications to and transactions with said central computer to shield said remote computer terminal from an IP address of said central computer; and
  
  requiring authentication of said user before granting access to said central computer through said secure access appliance.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21 wherein said requiring step comprises the steps of:
    - forcing said user to provide a personal digital certificate; and
      
      authenticating said personal digital certificate against a remote Certificate Authority.
  - 23. The method of claim 22 wherein said forcing step comprises the steps of:
    - inserting a USB Security Key into an open USB port in said remote computer terminal, said USB Security Key having embedded therein said personal digital certificate and a resident identification number;
      
      inputting into said remote computer terminal a personal identification number;
      
      comparing said inputted personal identification number with said resident identification number in said USB Security Key;
      
      if said personal identification number and said resident identification number match, extracting said personal digital certificate from said USB Security Key into said computer terminal; and
      
      forwarding said personal digital certificate to said secure access appliance for authentication.
  - 24. The method of claim 23 further comprising the step of:
    - validating said personal digital certificate with said remote Certificate Authority over the internet before said forwarding step, said user being denied access to operate said remote computer terminal if said validating step fails.
  - 25. The method of claim 24 wherein said remote computer terminal is designed specifically without moving parts such as a hard drive, and when used in conjunction with a central computer eliminates the need to store data on a permanent memory storage device at said remote computer terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Devon IT Incorporated (Devon International Group, Inc.)
Original Assignee
Devon IT Incorporated (Devon International Group, Inc.)
Inventors
Liu, Ningjun, Eastlack, Glenn W.

Application Number

US10/888,328
Publication Number

US 20060010325A1
Time in Patent Office

Days
Field of Search
US Class Current

713/173
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 2221/2101   Auditing as a secondary aspect

Security system for computer transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Security system for computer transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links