Secure computer interface
First Claim
1. A method of continual mutual authentication in communication over an unsecured communications medium between a data entry node, including a token reader, and a multi-level secure computer having a Secure Kernel, the method comprising the steps of:
- providing a user token which can be used to gain access to the multi-level secure computer, wherein the user token comprises data including identifier data characteristic of an individual and a countersign stored from a previous access by the individual;
inserting the user token into the token reader;
transferring, form the data entry node to the multi-level secure computer, a user authorization request including the stored countersign and the identifier data read from the inserted user token;
verifying that the individual associated with the inserted user token has permission to access the multi-level secure computer;
calculating, in the Secure Kernel of the multi-level secure computer, a new countersign;
if the individual has permission to access the multi-level secure computer, transferring, from the multi-level secure computer to the data entry node, a user authorization acknowledgement including the new countersign;
tagging each message from the multi-level secure computer to the data entry node with the new countersign; and
storing the new countersign in the user token.
5 Assignments
0 Petitions
Accused Products
Abstract
Communication elements for secure data communication between remote nodes of a computer system on a standard communications medium. Terminals, workstations and personal computers are connected through a user-side terminator to a standard unsecured communications medium. Processors are connected through a computer-side terminator to the same medium. The combination of a user-side terminator, a computer-side terminator and a standard communications medium constitutes a secure computer interface.
-
Citations
5 Claims
-
1. A method of continual mutual authentication in communication over an unsecured communications medium between a data entry node, including a token reader, and a multi-level secure computer having a Secure Kernel, the method comprising the steps of:
-
providing a user token which can be used to gain access to the multi-level secure computer, wherein the user token comprises data including identifier data characteristic of an individual and a countersign stored from a previous access by the individual; inserting the user token into the token reader; transferring, form the data entry node to the multi-level secure computer, a user authorization request including the stored countersign and the identifier data read from the inserted user token; verifying that the individual associated with the inserted user token has permission to access the multi-level secure computer; calculating, in the Secure Kernel of the multi-level secure computer, a new countersign; if the individual has permission to access the multi-level secure computer, transferring, from the multi-level secure computer to the data entry node, a user authorization acknowledgement including the new countersign; tagging each message from the multi-level secure computer to the data entry node with the new countersign; and storing the new countersign in the user token. - View Dependent Claims (2, 3)
-
-
4. A method of secure data transfers in communication between data entry units nd computers in a computing system having a plurality of nodes, wherein each node includes a data entry unit or a computer and wherein the nodes are connected via an unsecured communications medium, the method comprising the steps of:
-
providing a user token which can be used to gain access to a node of the computer system, wherein the user token comprises identifying characteristics of a particular user and a countersign stored from a previous access; providing a plurality of communications elements which can be installed at a node to increase security in data transfers between nodes equipped with communications elements, wherein a communication element can be installed at a node by inserting the communications element between a data entry unit or computer and the unsecured communications medium and wherein each communications element comprises; first communications interface means for controlling the transfer of data between the communications element and its associated data entry unit or computer; second communications interface means for controlling the transfer of data between the communications element and the unsecured communications medium; and encryption/decryption means for selectively encrypting data to be transferred onto the unsecured communications medium and for decrypting data received from the unsecured medium; installing a first and a second communications element at a first and a second node, respectively; reading, at the first node, the user token; transferring, form the first node to the second node, a user authorization request including the stored countersign and one or more of the identifying characteristics read from the user token; verifying that the user at the first node has permission to access the data entry unit or computer at the second node; if the user has permission to access the second node data entry unit or computer, transferring, from the second node to the first node, a user authorization acknowledgement including a new countersign; and storing the new countersign in the user token. - View Dependent Claims (5)
-
Specification