Databaseless security system
First Claim
1. A system for enabling entry into a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,the facility comprising:
- memory means for storing encryption algorithms E1 and E2 ;
means for generating a challenge number;
means responsive to an identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating a secret code;
means responsive to the challenge number, to the secret code and to encryption algorithm E2 for generating a first response signal;
means for comparing the first response signal with a second response signal generated by the portable object, and for providing an enabling signal when the comparison is favorable;
the portable object comprising;
means for supplying the identification signal;
memory means for storing the secret code and the encryption algorithm E2, but not encryption algorithm E1 used for generating the secret code, said secret code and encryption algorithm E2 having been previously generated and entered into the memory means; and
means responsive to the secret code, to the challenge number received from the facility, and to encryption algorithm E2 for generating the second response signal and transmitting same to the facility.
1 Assignment
0 Petitions
Accused Products
Abstract
An improved security system, including a protable smart card and a host computer, eliminates the need for the computer to store individual personal identification (ID) numbers for each user seeking access to the computer. Instead, the computer stores a first encryption algorithm E1 used in converting a particular identification number (ID)n into a secret code Sn for that particular user. Sn also exists within the memory of the smart card having been loaded into its memory at the time of issue. A challenge number C is generated by the computer and transmitted to the smart card. Within the smart card and the computer, microprocessors respond to the challenge number C, the secret code Sn, and a second encryption algorithm E2 in order to generate response numbers Rn and Rn '"'"' respectively. Thereafter, Rn is transmitted to the computer where it is compared with Rn '"'"'. A favorable comparison is necessary for gaining access to the computer.
-
Citations
24 Claims
-
1. A system for enabling entry into a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,
the facility comprising: -
memory means for storing encryption algorithms E1 and E2 ; means for generating a challenge number; means responsive to an identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating a secret code; means responsive to the challenge number, to the secret code and to encryption algorithm E2 for generating a first response signal; means for comparing the first response signal with a second response signal generated by the portable object, and for providing an enabling signal when the comparison is favorable; the portable object comprising; means for supplying the identification signal; memory means for storing the secret code and the encryption algorithm E2, but not encryption algorithm E1 used for generating the secret code, said secret code and encryption algorithm E2 having been previously generated and entered into the memory means; and means responsive to the secret code, to the challenge number received from the facility, and to encryption algorithm E2 for generating the second response signal and transmitting same to the facility. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A portable electronic device for use in obtaining access to a secure facility comprising:
-
memory means storing an identification number, a secret code, and an encryption process E2, the secret code having been formed by an encryption process E1 using the identification number and a secret master string, but not storing encryption algorithm E1 itself, said secret code and encryption algorithm E2 having been previously generated and entered into the memory means; a processor, responsive to (i) a received challenge number, (ii) the secret code, and (iii) encryption process E2, for generating and transmitting a signal in response to the challenge number;
whereby the portable electronic device can authenticate itself to an authentication apparatus which does not store a list of acceptable identification numbers.
-
-
9. A system for controlling access to a plurality of secure facilities, the system including a portable object and means for transferring data between the portable object and each of the facilities,
the portable object comprising: -
means for supplying an identification signal; means for storing two or more secret codes and an encryption algorithm E2, but not storing any encryption algorithm used for generating the secret codes, said secret codes and encryption algorithm E2 having been previously generated and entered into the storing means; means responsive to a code selection signal, received from one of the facilities, for selecting one of the secret codes; means responsive to the selected secret code, to a challenge number received from said one of the facilities, and to E2 for generating a first response signal; said one of the facilities comprising; memory means for storing encryption algorithms E1 and E2 ; means for generating a challenge number; means for generating the code selection signal; means responsive to said identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating the secret code; means responsive to the challenge number, the secret code and E2 for generating a second response signal; and means for comparing the first and second response signals and denying access to the secure facility when the comparison is not favorable. - View Dependent Claims (10, 11)
-
-
12. A system for controlling access to a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,
the portable object comprising: -
means for supplying an identification signal; means for storing two or more secret codes and an encryption algorithm E2 ; means responsive to a code selection signal, received from the facility, for selecting one of the secret codes; means responsive to the selected secret code, to a challenge signal received from the facility, and to E2 for generating a first response signal; the facility comprising; memory means for storing encryption algorithms E1 and E2 ; means for generating said challenge signal; means for generating the code selection signal; means responsive to said identification signal, supplied by the portable object itself, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating the secret code; means responsive to the challenge signal, the secret code and E2 for generating a second response signal; and means for comparing the first and second response signals;
whereby favorable comparison is required for obtaining access to the secure facility.
-
-
13. A door lock system including an electronic key, a door, support structure for the door, and an electronic lock;
-
the electronic lock comprising; means for exchanging electrical data with the electronic key; means responsive to an identification signal, proffered by the electronic key, for converting same into a secret code number; means for generating a challenge number and communicating same to the electronic key; means responsive to the challenge number and to the secret code number for generating a first response number; means for comparing the first response number with a second response number, the second response number having been generated by the electronic key in response to the challenge number; and means for unlocking the door when the comparison between the first and second response numbers is favorable; the electronic key comprising means for supplying the identification signal; memory means for storing the secret code number, but not storing the means for converting the identification signal into the secret code number, said secret code number having been previously generated and entered into the memory means; means responsive to the secret code number and to the challenge number for generating the second response number and communicating same to the electronic lock. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for enabling entry into a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,
the facility comprising: -
memory means for storing encryption algorithms E1 and E2 ; means for generating a challenge number; means responsive to an identification signal, supplied by the holder of the portable object through a keyboard device, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating a secret code; means responsive to the challenge number, to the secret code and to encryption algorithm E2 for generating a first response signal; means for comparing the first response signal with a second response signal generated by the portable object, and for providing an enabling signal when the comparison is favorable; the portable object comprising; memory means for storing the secret code and the encryption algorithm E2, but not encryption algorithm E1 used for generating the secret code, said secret code and encryption algorithm E2 having been previously generated and entered into the memory means; and means responsive to the secret code, to the challenge number received from the facility, and to encryption algorithm E2 for generating the second response signal and transmitting same to the facility.
-
-
22. A system for controlling access to a plurality of secure facilities, the system including a portable object and means for transferring data between the portable object and each of the facilities,
the portable object comprising: -
means for storing two or more secret codes and an encryption algorithm E2, but not storing any encryption algorithm used for generating the secret codes, said secret codes and encryption algorithm E2 having been previously generated and entered into the storing means; means responsive to a code selection signal, received from one of the facilities, for selecting one of the secret codes; means responsive to the selected secret code, to a challenge number received from said one of the facilities, and to E2 for generating a first response signal; said one of the facilities comprising; memory means for storing encryption algorithms E1 and E2 ; means for generating said challenge number; means for generating the code selection signal; means responsive to an identification signal, supplied by a holder of the portable object through a keyboard device, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating the secret code; means responsive to the challenge number, the secret code and E2 for generating a second response signal; and means for comparing the first and second response signals and denying access to the secure facility when the comparison is not favorable.
-
-
23. A system for controlling access to a secure facility, the system including a portable object and means for transferring data between the portable object and the facility,
the portable object comprising: -
means for storing two or more secret codes and an encryption algorithm means responsive to a code selection signal, received from the facility, for selecting one of the secret codes; means responsive to the selected secret code, to a challenge signal received from the facility, and to E2 for generating a first response signal; the facility comprising; memory means for storing encryption algorithms E1 and E2 ; means for generating said challenge signal; means for generating the code selection signal; means responsive to an identification signal, supplied by a holder of the portable object through a keyboard device, that identifies the particular portable object seeking to gain access to the facility, and to encryption algorithm E1 for generating the secret code; means responsive to the challenge signal, the secret code and E2 for generating a second response signal; and means for comparing the first and second response signals;
whereby favorable comparison is required for obtaining access to the secure facility.
-
-
24. A door lock system including an electronic key, a door, support structure for the door, and an electronic lock;
-
the electronic lock comprising; means for exchanging electrical data with the electronic key; means responsive to an identification signal, proffered by a user of the electronic key through a keyboard device, for converting same into a secret code number; means for generating a challenge number and for communicating same to the electronic key; means responsive to the challenge number and to the secret code number for generating a first response number; means for comparing the first response number with a second response number, the second response number having been generated by the electronic key in response to the challenge number; and means for unlocking the door when the comparison between the first and second response numbers is favorable; the electronic key comprising memory means for storing the secret code number, but not storing the means for converting the identification signal into the secret code number, said secret code number having been previously generated and entered into the memory means; means responsive to the secret code number and to the challenge number for generating the second response number and communicating same to the electronic lock.
-
Specification