Transaction system security method and apparatus
First Claim
Patent Images
1. A security device comprising:
- a data processor;
memory connected to said processor;
data input and output means connected to said processor;
secure session establishing means programmed into said security device for controlling said processor to establish a secure session with another device;
an authorization profile stored in said memory, said profile defining the authority of a user of said security device to cause said processor to execute programmed commands;
transfer means for transferring at least part of said authorization profile from said security device to said another device for controlling said another device in accordance with said authority of said user defined in said authorization profile.
3 Assignments
0 Petitions
Accused Products
Abstract
An improved security system is disclosed which uses an IC card to enchance the security functions involving component authentication, user verification, user authorization and access control, protection of message secrecy and integrity, management of cryptographic keys, and auditablity. Both the security method and the apparatus for embodying these functions across a total system or network using a common cryptographic architecture are disclosed. Authorization to perform there functions in the various security component device nodes in the network can be distributed to the various nodes at which they will be executed in order to personalize the use of the components.
-
Citations
68 Claims
-
1. A security device comprising:
- a data processor;
memory connected to said processor; data input and output means connected to said processor; secure session establishing means programmed into said security device for controlling said processor to establish a secure session with another device; an authorization profile stored in said memory, said profile defining the authority of a user of said security device to cause said processor to execute programmed commands; transfer means for transferring at least part of said authorization profile from said security device to said another device for controlling said another device in accordance with said authority of said user defined in said authorization profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- a data processor;
-
28. A security device comprising:
-
a data processor; memory connected to said processor; data input and output means connected to said processor; secure session establishing means programmed into said security device for controlling said processor to establish a secure session with another device; means for receiving at least part of an authorization profile stored in a memory of said another device, said profile defining the authority of a user to cause said processor to execute programmed commands. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. An identification card comprising:
-
a data processor; protected programmable memory connected to said processor; data input and output means connected to said processor; an authorization profile stored in said memory, said profile defining the authority of a user of said card to cause said processor to execute programmed commands; means for receiving an authorization profile created by an authorized person and storing said received authorization profile into said memory to be used in place of said stored authorization profile. - View Dependent Claims (56, 57, 58, 59, 60)
-
-
61. A security device comprising:
-
a data processor; protected programmable memory connected to said processor; data input and output means connected to said processor; a plurality of commands for controlling said processor stored in said memory, each command having a plurality of programmable execution prerequisites stored in said memory. - View Dependent Claims (62, 63, 64, 65, 66)
-
-
67. The method of communicating a secure boolean response comprising the steps of:
-
a) generating a random number in a security device; b) encrypting said random number under a key; c) sending said encrypted random number to another security device; d) decrypting said encrypted random number in said another security device; e) modifying said random number by a first function if said response is true; f) modifying said random number by a second function if said response is false; g) encrypting said modified random number; h) sending said encrypted modified random number to said first security device; i) decrypting said encrypted modified random number at said first security device; and j) comparing said modified random number with said random number to determine the response.
-
-
68. The method of changing a value used in the generation of a random number comprising the steps of:
-
a) generate a first random number; b) using a portion of said random number to select a bit of said value; c) inverting said bit; d) repeat steps a, b, and c to generate a second random number.
-
Specification