Computer communications security control system
First Claim
1. Apparatus for verifying the authorization of a user of a terminal for accessing a host computer through a communications link, the apparatus comprising:
- (a) encryption means for being carried by an "authorized user," namely a person who is authorized to use terminal to access a host computer through a communications link that connects the terminal to the host computer, the encryption means including a first encryption that has a value which has been assigned to the authorized user as an indicator of the authorized user'"'"'s authority to access the host computer and also including a second variable encryption representative of the time of a prior successful authorized access with the host computer;
(b) security means interposed in series between portions of the communications link for monitoring signals as they are transmitted along the communications link, the security means defining port means for receiving the encryption means and for cooperating with the encryption means (1) to detect a predetermined authentication query signal sequence of monitored signals as the authetication query signal sequence is transmitted along the communications link from the host computer and, (2) in response to such detection, to effect transmission of a predetermined autheticating signal sequence along the communications link to the host computer, with the value of the authenticating signal sequence being determined at least in part by the value of the first encryption and of a further encryption resident in said security means and representative of the identity of a predetermined terminal associated therewith so that the predetermined authenticating signal sequence constitutes an indicator of the user'"'"'s and terminal'"'"'s authority to access the host computer; and
,(c) authorization check means associated with the host computer (1) for generating an authentication query signal sequence that, when detected by the security means, will cause the security means to transmit the autheticating signal sequnce along the communications link to indicate to the authorization check means whether the autorized user'"'"'s encryption means is received by the port means for cooperating with the security means to cause the authenticating signal sequence to constitute an indication of the user'"'"'s authority and the particular connected terminal'"'"'s authority to access the host computer, (2) for permitting host computer access upon receiving said predetermined authenticating signal sequence, and (3) for preventing host computer access upon receiving an autheticating signal sequence that is other than said predetermined autheticating signal sequence.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer communications control system is provided for authenticating the authorization of a user of computer equipment such as a terminal of a computer network, more specifically communicating data terminal equipment that is connected through a communications link to other computer equipment such as a host computer. The system utilizes a security unit that is associated with and connected to the user'"'"'s terminal. The security unit operates in conjunction with the other computer equipment to which the user'"'"'s terminal is linked, for example a host computer, to check the authorization of the user to access the host computer by requiring that an encryption device which has been assigned to the user be received in a port that is defined by the security unit in order that the security unit can respond properly to query signals which are sent along the communications link from the host computer. In the absence of a proper authenticating signal from a terminal'"'"'s security unit, the host computer denies the terminal'"'"'s requested access. The security unit and the user'"'"'s encryption device operate in synchronization with the host computer such that each new authentication query signal that is sent from the host computer will be answered by an appropriate, newly calculated authenticating signal that the host computer checks for correctness of calculation. A feature of the invention resides in requiring that each newly requested authenticating signal differ in a calculated manner from the user'"'"'s previously sent authenticating signal, with the manner in which sequential authenticating signals differ being determined, at least in part, by the unique character of th user'"'"'s encryption device.
118 Citations
28 Claims
-
1. Apparatus for verifying the authorization of a user of a terminal for accessing a host computer through a communications link, the apparatus comprising:
-
(a) encryption means for being carried by an "authorized user," namely a person who is authorized to use terminal to access a host computer through a communications link that connects the terminal to the host computer, the encryption means including a first encryption that has a value which has been assigned to the authorized user as an indicator of the authorized user'"'"'s authority to access the host computer and also including a second variable encryption representative of the time of a prior successful authorized access with the host computer; (b) security means interposed in series between portions of the communications link for monitoring signals as they are transmitted along the communications link, the security means defining port means for receiving the encryption means and for cooperating with the encryption means (1) to detect a predetermined authentication query signal sequence of monitored signals as the authetication query signal sequence is transmitted along the communications link from the host computer and, (2) in response to such detection, to effect transmission of a predetermined autheticating signal sequence along the communications link to the host computer, with the value of the authenticating signal sequence being determined at least in part by the value of the first encryption and of a further encryption resident in said security means and representative of the identity of a predetermined terminal associated therewith so that the predetermined authenticating signal sequence constitutes an indicator of the user'"'"'s and terminal'"'"'s authority to access the host computer; and
,(c) authorization check means associated with the host computer (1) for generating an authentication query signal sequence that, when detected by the security means, will cause the security means to transmit the autheticating signal sequnce along the communications link to indicate to the authorization check means whether the autorized user'"'"'s encryption means is received by the port means for cooperating with the security means to cause the authenticating signal sequence to constitute an indication of the user'"'"'s authority and the particular connected terminal'"'"'s authority to access the host computer, (2) for permitting host computer access upon receiving said predetermined authenticating signal sequence, and (3) for preventing host computer access upon receiving an autheticating signal sequence that is other than said predetermined autheticating signal sequence. - View Dependent Claims (2, 3, 4, 5)
-
-
6. Apparatus for verifying the authorization of a user of communicating data terminal equipment for accessing a host computer through a communications link, the apparatus comprising:
-
(a) user assigned means for being carried by an "authorized user," namely a person who is authorized to use communicating data terminal equipment to access a host computer through a communications link, the user assigned means defining first encryption means for serving as an indication of the authority of the authorized user to use communicating data terminal equipment to access the host computer through a communications link and second encryption means for indicating the time of a past successful access to the host computer; (b) terminal assigned means for being connected to communication data terminal equipment that is to be utilized by an authorized user to access a host computer through a communications link, and for being interposed in series between portions of the communications link for monitoring signals that are transmitted along the communications link; (c) port means connected to the terminal assigned means for receiving the user assigned means and for operably connecting the terminal assigned means thereto such that the user assigned means and the terminal assigned means cooperate to detect and respond to query signals sent along the communications link from the host computer;
with the response taking the form of predetermined autheticating signals that are sent along the communications link to the host computer, with the character of the authenticating signals being determined at least in part by the first and second encryption means, whereby the autheticating signals constitute an indicator of the authorized user'"'"'s authority to access the host computer; and
,(d) authorization check means for generating the query signals that, the monitored by the terminal assigned means will cause the terminal assigned means to generate autheticating signals to indicate to the authorization check means whether the user assigned means is received by the port means for cooperating with the terminal assigned means to cause the autheticating signals to constitute an indication of the user'"'"'s authority to access the host computer, for maintaining continuity of the communications link upon receiving said predetermined autheticating signals, and for terminating communications along the communications link upon receiving autheticating signals that are other than said predetermined signals. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of providing a communication link for transmitting signals between a host computer and at least one terminal that is operated by an authorized user, the method comprising the steps of:
-
(a) providing encryption means for being carried by a person who is authorized to use a terminal to access a host computer through a communications link, with the encryption means including a first encryption having a fixed value that is assigned to the authorized user as an indicator of his authority to access the host computer and also including a second variable encryption representative of the time of a prior successful authorized access with the host computer; (b) providing security means interposed between portions of the communications link for monitoring signals that are transmitted along the communications link, the security means serving to define port means for receiving the encryption means and to cooperate with the encryption means to detect a predetermined authetication query sequence of monitored signals from the host computer and, in response to such detection, to effect transmission of an authenticating signal sequence along the communications link to the security means, with the value of the authenticating signal sequence being determined at least in part by the value of said first and second encryptions so that the value of the autheticating signal sequence constitutes an indicator of the user'"'"'s authority to access the host computer; (c) providing authorization check means associated with the host computer for transmitting the predetermined authetication query sequence along the communications link that, when monitored by the security means, will cause the security means to transmit the authenticating signal sequence along the communications link; (d) positioning the encryption means to be received by the port means; and
,(e) conducting a user authorization check by; (i) operating the authorization check means to generate the predetermined authentication query signal sequence; (ii) operating the security means to detect the predetermined authetication query signal sequence and to cooperate with the encryption means to effect transmission of the autheticating signal sequence; and
,(iii) operating the authorization check means to maintain continuity of the communications link upon receiving said predetermined authenticating signal sequence, and to terminate communication of signals along the communications link upon receiving an authenticating signal sequence that is other than said predetermined sequence. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method of establishing the authority of a user of a station of communications network to use facilities'"'"'of the communications network, comprising the steps of:
-
(a) providing an authorized user with encryption means for carrying (a) a first encryption that has a fixed value which is representative of the authority of the user to utilize at least one station of a communications network to communicate through the network with means defining another station of the network and (b) a second variable encryption value representative of the time of a prior successful authorized access with the host computer; (b) providing the at least one station of the communications network with signalling means for reading the value of the first and second encryptions and for transmitting an authenticating electrical signal through the network to the another station, with the autheticating signal having a value that is determined, at least in part, by the value of the first and second encryptions; (c) causing the signalling means to read the value of the encryptions and to transmit said authenticating signal as a request by the user to utilize facilities of the communications network; (d) receiving the autheticating signal at the another station and comparing the value represented by the authenticating electrical signal with a predetermined value that is predetermined through a calculation that is made at the another station, wherein said calculation takes into account the value of the first and second encryptions; and
,(e) permitting use of the facilities of the communications network by the user only if the value of the authenticating signal is identical with said predetermined value. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An interactive computer communications security system for serial disposition within a communication link between a host computer and a remote user terminal, said security system comprising:
-
a portable user-carried device including (i) data storage means for storing machine readable data having a first fixed data portion representative of an assigned user'"'"'s identity and a second variable data portion which is changed to represent the time of successful prior communication link usage and (ii) first signal coupling means for coupling signals representative of said first and second data portions from said user-carried device; and terminal control means for serial disposition in said communication link and having second signal coupling means mated with said first signal coupling means for passing onto said communication link authentication signals which are representative of said first and second data portions of the user-carried device.
-
-
28. An interactive method for effecting user security within a multi-user communication link between a host computer site and plural remote user terminal sites said method comprising the steps of:
-
maintaining a user-carried device which includes stored machine readable data having a first fixed data portion representative of an assigned user'"'"'s identity and a second variable data portion which is changed to represent the time of successful prior communication link usage and which collectively is processed to provide unique authenticating data; maintaining at said host computer corresponding authenticating data; accessing and using said stored data at a remote user terminal to generate and transmit said unique authenticating data to said host computer site over said link when the corresponding user desires use of said link; and permitting use of said link only if the authenticating data received at the host computer site corresponds to the authenticating data maintained thereat.
-
Specification