Databaseless security system

US 5,120,939 A
Filed: 11/09/1989
Issued: 06/09/1992
Est. Priority Date: 11/09/1989
Status: Expired due to Fees

First Claim

Patent Images

1. A system for enabling entry into a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,the facility comprising:

memory means for storing encryption algorithms E₁ and E₂ ;

means for generating a challenge number;

means responsive to an identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating a secret code;

means responsive to the challenge number, to the secret code and to encryption algorithm E₂ for generating a first response signal;

means for comparing the first response signal with a second response signal generated by the portable object, and for providing an enabling signal when the comparison is favorable;

the portable object comprising;

means for supplying the identification signal;

memory means for storing the secret code and the encryption algorithm E₂, but not encryption algorithm E₁ used for generating the secret code, said secret code and encryption algorithm E₂ having been previously generated and entered into the memory means; and

means responsive to the secret code, to the challenge number received from the facility, and to encryption algorithm E₂ for generating the second response signal and transmitting same to the facility.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved security system, including a protable smart card and a host computer, eliminates the need for the computer to store individual personal identification (ID) numbers for each user seeking access to the computer. Instead, the computer stores a first encryption algorithm E₁ used in converting a particular identification number (ID)_n into a secret code S_n for that particular user. S_n also exists within the memory of the smart card having been loaded into its memory at the time of issue. A challenge number C is generated by the computer and transmitted to the smart card. Within the smart card and the computer, microprocessors respond to the challenge number C, the secret code S_n, and a second encryption algorithm E₂ in order to generate response numbers R_n and R_n '"'"' respectively. Thereafter, R_n is transmitted to the computer where it is compared with R_n '"'"'. A favorable comparison is necessary for gaining access to the computer.

Citations

24 Claims

1. A system for enabling entry into a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,the facility comprising:
- memory means for storing encryption algorithms E₁ and E₂ ;
  
  means for generating a challenge number;
  
  means responsive to an identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating a secret code;
  
  means responsive to the challenge number, to the secret code and to encryption algorithm E₂ for generating a first response signal;
  
  means for comparing the first response signal with a second response signal generated by the portable object, and for providing an enabling signal when the comparison is favorable;
  
  the portable object comprising;
  
  means for supplying the identification signal;
  
  memory means for storing the secret code and the encryption algorithm E₂, but not encryption algorithm E₁ used for generating the secret code, said secret code and encryption algorithm E₂ having been previously generated and entered into the memory means; and
  
  means responsive to the secret code, to the challenge number received from the facility, and to encryption algorithm E₂ for generating the second response signal and transmitting same to the facility.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein the means for generating the secret code comprises a first processor, jointly responsive to the identification signal and to a secret master string, for executing a predetermined sequence of steps in accordance with encryption algorithm E₁, the secret master string being a plurality of numbers that are stored within the memory means of the facility.
  - 3. The system of claim 1 wherein the means for generating the first response signal comprises a first processor, jointly responsive to the secret code and to the challenge number, for executing a predetermined sequence of steps in accordance with encryption algorithm E₂.
  - 4. The system of claim 1 wherein the means for generating the second response signal comprises a second processor, responsive to the secret code and to the challenge number, for executing a predetermined sequence of steps in accordance with encryption algorithm E₂.
  - 5. The system of claim 2 wherein encryption algorithm E₁ is a process for encrypting data in accordance with the Data Encryption Standard.
  - 6. The system of claim 4 wherein encryption algorithm E₂ is a process for encrypting data in accordance with the Data Encryption Standard.
  - 7. The system of claim 1 wherein the challenge number is substantially random.

8. A portable electronic device for use in obtaining access to a secure facility comprising:
- memory means storing an identification number, a secret code, and an encryption process E₂, the secret code having been formed by an encryption process E₁ using the identification number and a secret master string, but not storing encryption algorithm E₁ itself, said secret code and encryption algorithm E₂ having been previously generated and entered into the memory means;
  
  a processor, responsive to (i) a received challenge number, (ii) the secret code, and (iii) encryption process E₂, for generating and transmitting a signal in response to the challenge number;
  
  whereby the portable electronic device can authenticate itself to an authentication apparatus which does not store a list of acceptable identification numbers.

9. A system for controlling access to a plurality of secure facilities, the system including a portable object and means for transferring data between the portable object and each of the facilities,the portable object comprising:
- means for supplying an identification signal;
  
  means for storing two or more secret codes and an encryption algorithm E₂, but not storing any encryption algorithm used for generating the secret codes, said secret codes and encryption algorithm E₂ having been previously generated and entered into the storing means;
  
  means responsive to a code selection signal, received from one of the facilities, for selecting one of the secret codes;
  
  means responsive to the selected secret code, to a challenge number received from said one of the facilities, and to E₂ for generating a first response signal;
  
  said one of the facilities comprising;
  
  memory means for storing encryption algorithms E₁ and E₂ ;
  
  means for generating a challenge number;
  
  means for generating the code selection signal;
  
  means responsive to said identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating the secret code;
  
  means responsive to the challenge number, the secret code and E₂ for generating a second response signal; and
  
  means for comparing the first and second response signals and denying access to the secure facility when the comparison is not favorable.
- View Dependent Claims (10, 11)
- - 10. The system of claim 9 wherein the challenge number includes the code selection signal.
  - 11. The system of claim 9 wherein the facility further includes:
    - means for storing a list of identification numbers not entitled to access the secure facility; and
      
      means for determining correspondence between the stored list of identification numbers and the identification signal that identifies the particular portable object seeking access to the facility;
      
      whereby access to the facility will be denied when such correspondence exists.

12. A system for controlling access to a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,the portable object comprising:
- means for supplying an identification signal;
  
  means for storing two or more secret codes and an encryption algorithm E₂ ;
  
  means responsive to a code selection signal, received from the facility, for selecting one of the secret codes;
  
  means responsive to the selected secret code, to a challenge signal received from the facility, and to E₂ for generating a first response signal;
  
  the facility comprising;
  
  memory means for storing encryption algorithms E₁ and E₂ ;
  
  means for generating said challenge signal;
  
  means for generating the code selection signal;
  
  means responsive to said identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating the secret code;
  
  means responsive to the challenge signal, the secret code and E₂ for generating a second response signal; and
  
  means for comparing the first and second response signals;
  
  whereby favorable comparison is required for obtaining access to the secure facility.

13. A door lock system including an electronic key, a door, support structure for the door, and an electronic lock;
- the electronic lock comprising;
  
  means for exchanging electrical data with the electronic key;
  
  means responsive to an identification signal, proffered by the electronic key, for converting same into a secret code number;
  
  means for generating a challenge number and communicating same to the electronic key;
  
  means responsive to the challenge number and to the secret code number for generating a first response number;
  
  means for comparing the first response number with a second response number, the second response number having been generated by the electronic key in response to the challenge number; and
  
  means for unlocking the door when the comparison between the first and second response numbers is favorable;
  
  the electronic key comprisingmeans for supplying the identification signal;
  
  memory means for storing the secret code number, but not storing the means for converting the identification signal into the secret code number, said secret code number having been previously generated and entered into the memory means;
  
  means responsive to the secret code number and to the challenge number for generating the second response number and communicating same to the electronic lock.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13 wherein the means for converting the proffered identification signal into the secret code number comprises a processor which is jointly responsive to the identification signal and to a master string in executing a predetermined sequence of steps of a first encryption algorithm E₁, the master string comprising a plurality of secret numbers that are stored within a memory of the electronic lock.
  - 15. The system of claim 13 wherein the means for generating the first response number comprises said processor which is jointly responsive to the secret code number and to the challenge number in executing a predetermined sequence of steps of a second encryption algorithm E₂.
  - 16. The system of claim 14 wherein encryption algorithm E₁ is a process for encrypting data in accordance with the Data Encryption Standard.
  - 17. The system of claim 15 wherein encryption algorithm E₂ is a process for encrypting data in accordance with the Data Encryption Standard.
  - 18. The system of claim 13 wherein the challenge number is substantially random.
  - 19. The system of claim 13 wherein the electronic lock is positioned on the support structure for the door.
  - 20. The system of claim 19 wherein the support structure of the door further includes a user interface having a keyboard device for the user to enter information for the purpose of identifying himself in addition to identification information provided by the electronic key.

21. A system for enabling entry into a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,the facility comprising:
- memory means for storing encryption algorithms E₁ and E₂ ;
  
  means for generating a challenge number;
  
  means responsive to an identification signal, supplied by the holder of the portable object through a keyboard device, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating a secret code;
  
  means responsive to the challenge number, to the secret code and to encryption algorithm E₂ for generating a first response signal;
  
  means for comparing the first response signal with a second response signal generated by the portable object, and for providing an enabling signal when the comparison is favorable;
  
  the portable object comprising;
  
  memory means for storing the secret code and the encryption algorithm E₂, but not encryption algorithm E₁ used for generating the secret code, said secret code and encryption algorithm E₂ having been previously generated and entered into the memory means; and
  
  means responsive to the secret code, to the challenge number received from the facility, and to encryption algorithm E₂ for generating the second response signal and transmitting same to the facility.

22. A system for controlling access to a plurality of secure facilities, the system including a portable object and means for transferring data between the portable object and each of the facilities,the portable object comprising:
- means for storing two or more secret codes and an encryption algorithm E₂, but not storing any encryption algorithm used for generating the secret codes, said secret codes and encryption algorithm E₂ having been previously generated and entered into the storing means;
  
  means responsive to a code selection signal, received from one of the facilities, for selecting one of the secret codes;
  
  means responsive to the selected secret code, to a challenge number received from said one of the facilities, and to E₂ for generating a first response signal;
  
  said one of the facilities comprising;
  
  memory means for storing encryption algorithms E₁ and E₂ ;
  
  means for generating said challenge number;
  
  means for generating the code selection signal;
  
  means responsive to an identification signal, supplied by a holder of the portable object through a keyboard device, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating the secret code;
  
  means responsive to the challenge number, the secret code and E₂ for generating a second response signal; and
  
  means for comparing the first and second response signals and denying access to the secure facility when the comparison is not favorable.

23. A system for controlling access to a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,the portable object comprising:
- means for storing two or more secret codes and an encryption algorithmmeans responsive to a code selection signal, received from the facility, for selecting one of the secret codes;
  
  means responsive to the selected secret code, to a challenge signal received from the facility, and to E₂ for generating a first response signal;
  
  the facility comprising;
  
  memory means for storing encryption algorithms E₁ and E₂ ;
  
  means for generating said challenge signal;
  
  means for generating the code selection signal;
  
  means responsive to an identification signal, supplied by a holder of the portable object through a keyboard device, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E₁ for generating the secret code;
  
  means responsive to the challenge signal, the secret code and E₂ for generating a second response signal; and
  
  means for comparing the first and second response signals;
  
  whereby favorable comparison is required for obtaining access to the secure facility.

24. A door lock system including an electronic key, a door, support structure for the door, and an electronic lock;
- the electronic lock comprising;
  
  means for exchanging electrical data with the electronic key;
  
  means responsive to an identification signal, proffered by a user of the electronic key through a keyboard device, for converting same into a secret code number;
  
  means for generating a challenge number and for communicating same to the electronic key;
  
  means responsive to the challenge number and to the secret code number for generating a first response number;
  
  means for comparing the first response number with a second response number, the second response number having been generated by the electronic key in response to the challenge number; and
  
  means for unlocking the door when the comparison between the first and second response numbers is favorable;
  
  the electronic key comprisingmemory means for storing the secret code number, but not storing the means for converting the identification signal into the secret code number, said secret code number having been previously generated and entered into the memory means;
  
  means responsive to the secret code number and to the challenge number for generating the second response number and communicating same to the electronic lock.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Telephone & Telegraph Company (AT&T, Inc.), AT&T Information Systems Inc. (AT&T, Inc.)
Original Assignee
AT&T, Inc.
Inventors
Snavley, James D., Zempol, Kenneth R., Coutinho, Roy S., Murphy, Kevin D., Claus, David M.
Primary Examiner(s)
WEINHARDT, ROBERT A

Application Number

US07/433,821
Time in Patent Office

943 Days
Field of Search

235/379, 235/380, 235/382, 235/382.5, 235/492, 380/21, 380/23, 380/24, 380/25, 380/29, 902/2, 902/26
US Class Current

235/382
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2103   Challenge-response

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Databaseless security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Databaseless security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links