Key management system for open communication environments
First Claim
1. A security system for authenticating a potential user of a service comprising a first unit associated with the service, a second unit associated with the user, each of said first and second units including means for communicating with the other through a communication medium, each of said first and second units including memory means, each of said memory means having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group with a logical address in the memory, said random numbers of said groups and the associated addresses in the memory means of the first unit being identical to those of the memory means of the second unit, said first unit including control circuit means arranged such that, in a first cycle of operation said circuit means acts, to extract from the memory means thereof one of the random numbers in one of said groups at a respective address to communicate said one random number to said second unit, to compare a received signal from the second unit with another of the random numbers in said one of said groups, and to provide authentication of said user only upon a match of said received signal with said another of the random numbers, and in each subsequent cycle of operation to extract one of the random numbers from a respective different one of the groups in the memory means, said second unit including control circuit means arranged such that it acts on receipt from said first unit of said one of the random numbers in said one of said groups to extract from said memory means thereof said another of said random numbers of said group.
3 Assignments
0 Petitions
Accused Products
Abstract
A telecommunications security device for use on the communication medium includes a first and a second security unit each arranged to be inserted into for example the telephone line adjacent a user device. The units are identical and therefore either can act as a central unit for example for a computer access port with the other providing one of a set of remote units. Each unit includes a separable memory module with all the modules having a memory storing identical information. The information stored includes a plurality of pairs of random signals one of each pair providing a request signal and the other the security code. The central unit on receipt of a telephone call provides a signal requesting an ID code from the remote unit and on receipt of the ID code issues from one of the pairs the security code request signal. On matching the received code with the expected code a transmission gate is opened. The pairs are used in turn until all of the pairs have been used whereupon an indicator shows this condition. The modules can be removed and the memory re-written with fresh pairs of codes. The key includes a security logic circuit which controls access to the numbers to a fixed set of access rules allowing authentication and/or encryption and providing security against unauthorized access.
-
Citations
22 Claims
- 1. A security system for authenticating a potential user of a service comprising a first unit associated with the service, a second unit associated with the user, each of said first and second units including means for communicating with the other through a communication medium, each of said first and second units including memory means, each of said memory means having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group with a logical address in the memory, said random numbers of said groups and the associated addresses in the memory means of the first unit being identical to those of the memory means of the second unit, said first unit including control circuit means arranged such that, in a first cycle of operation said circuit means acts, to extract from the memory means thereof one of the random numbers in one of said groups at a respective address to communicate said one random number to said second unit, to compare a received signal from the second unit with another of the random numbers in said one of said groups, and to provide authentication of said user only upon a match of said received signal with said another of the random numbers, and in each subsequent cycle of operation to extract one of the random numbers from a respective different one of the groups in the memory means, said second unit including control circuit means arranged such that it acts on receipt from said first unit of said one of the random numbers in said one of said groups to extract from said memory means thereof said another of said random numbers of said group.
-
12. A memory module for storing and transporting a plurality of numerical keys for use in a security system comprising a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module, can be electrically connected to said security system, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separated from said security system, said memory having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group at a logical address in the memory, and a logic control circuit arranged to provide for the memory module a fixed set of rules which control access to the random numbers in the groups as follows:
-
(a) the memory module will provide on receipt of an instruction a signal indicative of the next address together with said one random number associated with the next address; (b) when given a signal expected to be said another random number the memory module will compare said signal with said another random number associated with said next address and will provide a signal indicative of a match or a signal indicative of a failure to match without providing information concerning said another random number; (c) the memory module will only use a group of random numbers associated with a particular address if that group and associated address have not previously been used. - View Dependent Claims (13, 14, 15)
-
-
16. A memory module for storing and transporting a plurality of numerical keys for use in a security system comprising a casing forming an outer protection for the module by which the module is a separately transportable unit, electrical connection means in said casing by which said module, can be electrically connected to said security system, a memory in said casing, means in said casing arranged to retain material in said memory when said module is separated from said security system, said memory having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group at a logical address in the memory, and a logic control circuit arranged to provide for the memory module a fixed set of rules which control access to the random numbers in the groups as follows:
-
(a) on receipt of an intersection the memory module will provide a signal indicative of the next address and one random number associated with the address; (b) if provided with a signal indicative of an address together with said one random number associated with the address, the memory module will provide another random number associated with that address; (c) if the memory module has done (a) it will not do (b); (d) if the memory module has done (a) it will on receipt of a further signal compare that further signal with said another random number at the address and will provide a signal indicative of a match or a failure to match thereof; (e) the memory module will not appear either (a) or (b) at an address which has previously been used.
-
- 17. A security system for secure information transmission comprising a first unit for transmitting information, a second unit for receiving the information, each of said first and second units including means for communicating with the other through a communication medium, each of said first and second units including memory means, each of said memory means having stored therein a plurality of groups of random numbers, the numbers of each group being logically associated together as a group with a logical address in the memory, said random numbers of said groups and the associated addresses in the memory means of the first unit being identical to those of the memory means of the second unit, said first unit including control circuit means arranged such that, in a first cycle of operation, said circuit means acts to extract from the memory means thereof a first and a second random number from one of said groups at a respective address, to generate a concatenated message including said first random number and including said information algorithmically acted upon using said second random number and to transmit said message to said second unit, and in each subsequent cycle operation to extract random numbers from a respective different one of the groups in the memory means, said second unit including control circuit means arranged on receipt from said first unit of said message including said first random number to extract from said memory means a random number from said one of said groups and to alter said message by algorithmic calculation using said random number so extracted.
- 20. The invention according to claim wherein said logic control circuit is arranged, upon writing of said groups of random numbers into said memory, to prevent reading of said random numbers from said memory until receipt of a command and to record receipt of said command, respective one of said first and second units including means for determining and indicating receipt of said command in said memory module, whereby said user can determine whether the memory module has been read prior to insertion into said respective unit.
Specification