Key management system for open communication environments

US 4,897,875 A
Filed: 09/03/1987
Issued: 01/30/1990
Est. Priority Date: 09/04/1986
Status: Expired due to Fees

First Claim

Patent Images

1. A security system for authenticating a potential user of a service comprising a first unit associated with the service, a second unit associated with the user, each of said first and second units including means for communicating with the other through a communication medium, each of said first and second units including memory means, each of said memory means having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group with a logical address in the memory, said random numbers of said groups and the associated addresses in the memory means of the first unit being identical to those of the memory means of the second unit, said first unit including control circuit means arranged such that, in a first cycle of operation said circuit means acts, to extract from the memory means thereof one of the random numbers in one of said groups at a respective address to communicate said one random number to said second unit, to compare a received signal from the second unit with another of the random numbers in said one of said groups, and to provide authentication of said user only upon a match of said received signal with said another of the random numbers, and in each subsequent cycle of operation to extract one of the random numbers from a respective different one of the groups in the memory means, said second unit including control circuit means arranged such that it acts on receipt from said first unit of said one of the random numbers in said one of said groups to extract from said memory means thereof said another of said random numbers of said group.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A telecommunications security device for use on the communication medium includes a first and a second security unit each arranged to be inserted into for example the telephone line adjacent a user device. The units are identical and therefore either can act as a central unit for example for a computer access port with the other providing one of a set of remote units. Each unit includes a separable memory module with all the modules having a memory storing identical information. The information stored includes a plurality of pairs of random signals one of each pair providing a request signal and the other the security code. The central unit on receipt of a telephone call provides a signal requesting an ID code from the remote unit and on receipt of the ID code issues from one of the pairs the security code request signal. On matching the received code with the expected code a transmission gate is opened. The pairs are used in turn until all of the pairs have been used whereupon an indicator shows this condition. The modules can be removed and the memory re-written with fresh pairs of codes. The key includes a security logic circuit which controls access to the numbers to a fixed set of access rules allowing authentication and/or encryption and providing security against unauthorized access.

Citations

22 Claims

1. A security system for authenticating a potential user of a service comprising a first unit associated with the service, a second unit associated with the user, each of said first and second units including means for communicating with the other through a communication medium, each of said first and second units including memory means, each of said memory means having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group with a logical address in the memory, said random numbers of said groups and the associated addresses in the memory means of the first unit being identical to those of the memory means of the second unit, said first unit including control circuit means arranged such that, in a first cycle of operation said circuit means acts, to extract from the memory means thereof one of the random numbers in one of said groups at a respective address to communicate said one random number to said second unit, to compare a received signal from the second unit with another of the random numbers in said one of said groups, and to provide authentication of said user only upon a match of said received signal with said another of the random numbers, and in each subsequent cycle of operation to extract one of the random numbers from a respective different one of the groups in the memory means, said second unit including control circuit means arranged such that it acts on receipt from said first unit of said one of the random numbers in said one of said groups to extract from said memory means thereof said another of said random numbers of said group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The invention according to claim 1 wherein said memory means of at least said second unit is provided in a memory module which is separable from said second unit for separate transportation.
  - 3. The invention according to claim 2 wherein said memory module comprises a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module can be electrically connected to said second unit, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separated from said second unit, said memory having stored therein said plurality of groups of random numbers, and a logic control circuit arranged such that the memory module has a fixed set of rules which control access to the random numbers in the groups.
  - 4. The invention according to claim 3 wherein said logic control circuit is arranged, upon writing of said groups of random numbers into said memory, to prevent reading of said random numbers from said memory until receipt of a command and to record receipt of said command, said second unit including means for determining and indicating receipt of said command in said memory module, whereby said user can determine whether the memory module has been read prior to insertion into said second unit.
  - 5. The invention according to claim 4 wherein said logic control circuit includes means providing a first state in which the groups of random numbers can be written into the memory, a second state in which the memory cannot be read, and a third state in which the memory can be read, said state providing means being arranged to prevent transfer from said third state to said second state except via said first state and erasing of information on said memory, means for receiving a command signal for transferring from said second state to said third state, and means for indicating that said command signal has been received.
  - 6. The invention according to claim 1 including means for indicating when a predetermined portion of said groups have beed used by the extraction therefrom of said one random number.
  - 7. The invention according to claim 1 wherein said second unit control means includes means for generating a signal similar in structure to said another random number when a signal similar in structure to but different from said one random number is received by said second unit.
  - 8. The invention according to claim 1 wherein said first unit is arranged to communicate to said second unit, with said one random number, a signal indicative of the respective address of the group in the memory means, and wherein the second unit is arranged to locate said respective address, to compare said one random number with one random number stored at the respective address and to provide said another random number only upon a match of said one random number with said one random number stored at said address.
  - 9. The invention according to claim 8 wherein said memory module of said second unit will only provide said another random number associated with said address if the address has not previously been used.
  - 10. The invention according to claim 1 wherein said memory of said first unit comprises a memory module including a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which the module can be electrically connected to said first unit, a memory in the casing, means in said casing arranged to retain material in said memory when said module is separated from said first unit, said memory having stored therein said plurality of groups of random numbers, and a logic control circuit arranged such that the memory module has the following fixed set of rules:
    - (a) the memory module will provide on receipt of an instruction signal, a signal indicative of then next address together with said one random number associated with the next address;
      
      (b) when given a signal expected to be said another random number the memory module will compare said signal with said another random number associated with said next address and will provide a signal indicative of a match or a signal indicative of a failure to match without providing information concerning said another random number;
      
      (c) the memory module will only use a group of random numbers associated with a particular address if that group and associated address have not previously been used.
  - 11. The invention according to claim 1 wherein the memory of each of said first and second units is provided as a separate memory module including a casing forming outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module can be electrically connected to said respective unit, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separate from the respective unit, said memory having stored therein said plurality of groups of random numbers, and a logic control circuit defining a fixed set of rules which control access to the random numbers in the groups, said random numbers of said groups and the associated addresses in said memory module of said first unit being identical to those of said memory module of the second unit and each of said memory modules having the following fixed set of rules:
    - (a) on receipt of an intersection from the respective unit the memory module will provide a signal indicative of the next address and said one random number associated with that address;
      
      (b) if provided with a signal indicative of an address together with said one random number associated with the address the memory module will provide said another random number associated with that address;
      
      (c) if the memory module has done (a) it will not do (b);
      
      (d) if the memory module has done (a) it will on receipt of a further signals compare that further signal with said another random number at that address and will provide a signal indicative of a match or a failure to match thereof;
      
      (e) the memory module will not repeat either (a) or (b) at an address which has previously been used.

12. A memory module for storing and transporting a plurality of numerical keys for use in a security system comprising a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module, can be electrically connected to said security system, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separated from said security system, said memory having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group at a logical address in the memory, and a logic control circuit arranged to provide for the memory module a fixed set of rules which control access to the random numbers in the groups as follows:
- (a) the memory module will provide on receipt of an instruction a signal indicative of the next address together with said one random number associated with the next address;
  
  (b) when given a signal expected to be said another random number the memory module will compare said signal with said another random number associated with said next address and will provide a signal indicative of a match or a signal indicative of a failure to match without providing information concerning said another random number;
  
  (c) the memory module will only use a group of random numbers associated with a particular address if that group and associated address have not previously been used.
- View Dependent Claims (13, 14, 15)
- - 13. The invention according to claim 12 wherein said logic control circuit is arranged, upon writing of said groups of random numbers into said memory, to prevent reading of said random numbers from said memory until receipt of a command and to record receipt of said command, whereby said security system can determine whether the memory module has been read prior to insertion into said security system.
  - 14. The invention according to claim 13 wherein said logic control circuit includes means providing a first state in which the groups of random numbers can be written into the memory, a second state in which the memory cannot be read, and a third state in which the memory can be read, said state providing means being arranged to prevent transfer from said third state to said second state except via said first state and erasing of information in said memory, means for receiving a command signal for transferring from said second state to said third state and means for indicating that said command signal has been received.
  - 15. The invention according to claim 12 wherein said logic control circuit is arranged on receipt of a signal indicative o an address of a group in the memory together with one random number associated with final that address to compare said one randon number with one random number stored at the respective address and to provide another random number associated with that address only upon a match of said one random number with said one random number stored at said address.

16. A memory module for storing and transporting a plurality of numerical keys for use in a security system comprising a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module, can be electrically connected to said security system, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separated from said security system, said memory having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group at a logical address in the memory, and a logic control circuit arranged to provide for the memory module a fixed set of rules which control access to the random numbers in the groups as follows:
- (a) on receipt of an intersection the memory module will provide a signal indicative of the next address and one random number associated with the address;
  
  (b) if provided with a signal indicative of an address together with said one random number associated with the address, the memory module will provide another random number associated with that address;
  
  (c) if the memory module has done (a) it will not do (b);
  
  (d) if the memory module has done (a) it will on receipt of a further signal compare that further signal with said another random number at the address and will provide a signal indicative of a match or a failure to match thereof;
  
  (e) the memory module will not appear either (a) or (b) at an address which has previously been used.

17. A security system for secure information transmission comprising a first unit for transmitting information, a second unit for receiving the information, each of said first and second units including means for communicating with the other through a communication medium, each of said first and second units including memory means, each of said memory means having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group with a logical address in the memory, said random numbers of said groups and the associated addresses in the memory means of the first unit being identical to those of the memory means of the second unit, said first unit including control circuit means arranged such that, in a first cycle of operation, said circuit means acts to extract from the memory means thereof a first and a second random number from one of said groups at a respective address, to generate a concatenated message including said first random number and including said information algorithmically acted upon using said second random number and to transmit said message to said second unit, and in each subsequent cycle operation to extract random numbers from a respective different one of the groups in the memory means, said second unit including control circuit means arranged on receipt from said first unit of said message including said first random number to extract from said memory means a random number from said one of said groups and to alter said message by algorithmic calculation using said random number so extracted.
- View Dependent Claims (18, 19, 22)
- - 18. The invention according to claim 17 wherein said memory means of at least one of said units is provided in a memory module which is separable from one of said units for separate transportation.
  - 19. The invention according to claim 18 wherein said memory module comprises a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module can be electrically connected to said second unit, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separated from said second unit, said memory having stored therein said plurality of groups of random numbers, and a logic control circuit arranged such that the necessary module has a fixed set of rules which control access to the random numbers in the groups.
  - 22. The invention according to claim 17 including means for indicating when a predetermined portion of said groups have been used by the extraction therefrom of said random numbers.

20. The invention according to claim wherein said logic control circuit is arranged, upon writing of said groups of random numbers into said memory, to prevent reading of said random numbers from said memory until receipt of a command and to record receipt of said command, respective one of said first and second units including means for determining and indicating receipt of said command in said memory module, whereby said user can determine whether the memory module has been read prior to insertion into said respective unit.
- View Dependent Claims (21)
- - 21. The invention according to claim 20 wherein said logic control circuit includes means providing a first state in which the groups of random numbers can be written into the memory, a second state in which the memory cannot be read, and a third state in which the memory can be read, said state providing means being arranged to prevent transfer from said third state to said second state except via said first state and erasing of information in said memory, means for receiving a command signal for transferring from said second state to said third state and means for indicating that said command signal has been received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Manitoba Telephone System
Original Assignee
The Manitoba Telephone System
Inventors
Lemire, James R., Pollard, Alan J.
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
Gregory, Bernarr Earl

Application Number

US07/092,625
Time in Patent Office

880 Days
Field of Search

380/3, 380/4, 380/21, 380/23-25, 380/49, 380/50, 380/52, 380/5, 380/7, 380/10, 364/200, 364/900
US Class Current

713/168
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 2209/12   Details relating to cryptog...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/083   involving central third par...

H04L 9/0844   with user authentication or...

H04L 9/3271   using challenge-response

H04M 1/66   with means for preventing u...

Y10S 379/903   Password

Key management system for open communication environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Key management system for open communication environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links