Method of conducting secure operations on an uncontrolled network
First Claim
1. A method of conducting secure operations on an uncontrolled network of computer workstations that has a network manager for authorizing conduct of secure operations on the network and plural secure computer workstations, each for communicating with the network manager and with other workstations in the network, the method comprising the steps of:
- establishing a personal identifier for a first authorized network user;
providing the first authorized user with a cryptographic ignition key (CIK) card that contains an electronically readable, randomly selected portion of an authorization record, wherein the authorization record is a combination of the personal identifier and a system key created by a first workstation;
providing each of the secure workstations with a secure network access port (SNAP) that includes,a reader for reading the CIK card, andmeans for storing the portion of the system key not stored on the CIK card and for storing a workstation-unique initialization key for enabling encrypted communication with the network manager but not with other secure workstations in the network;
storing the complete authorization record and system key for the first authorized user in the network manager;
requesting access to the network from the first workstation by providing the first authorized user'"'"'s personal identifier to the SNAP of the first workstation and reading the first authorized user'"'"'s CIK card at the reader of the first workstation;
evaluating at the SNAP of the first workstation whether the received personal identifier and portions of the system key from the CIK card and from the SNAP identify the first authorized user, and if the first authorized user is identified,providing the authorization record and system key of the first authorized user to the network manager in an encrypted communication from the first workstation using the first workstation'"'"'s initialization key for validation that the first authorized user is to be given access to the network; and
in the event the first authorized user is validated by the network manager, providing an operational key from the network manager to the SNAP of the first workstation using the first workstation'"'"'s initialization key, wherein the operational key enables secure operations from the first workstation on the network.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of conducting secure operations on an uncontrolled network in which authorized users are provided with a personal identifier and with a portable, electronically readable card with part of a system key thereon. The system key is created by a secure network access port (SNAP) at the workstation, and, when used in combination with the persona identifier, uniquely identifies the user so that the card and identifier may be used to conduct secure operations from any workstation in the network. Operational keys for conducting the secure operations are provided from a network security manager to a workstation in response to a validated request for access. The operational keys are provided in an encrypted communication using an initialization key unique to the workstation and known to the manager.
-
Citations
11 Claims
-
1. A method of conducting secure operations on an uncontrolled network of computer workstations that has a network manager for authorizing conduct of secure operations on the network and plural secure computer workstations, each for communicating with the network manager and with other workstations in the network, the method comprising the steps of:
-
establishing a personal identifier for a first authorized network user; providing the first authorized user with a cryptographic ignition key (CIK) card that contains an electronically readable, randomly selected portion of an authorization record, wherein the authorization record is a combination of the personal identifier and a system key created by a first workstation; providing each of the secure workstations with a secure network access port (SNAP) that includes, a reader for reading the CIK card, and means for storing the portion of the system key not stored on the CIK card and for storing a workstation-unique initialization key for enabling encrypted communication with the network manager but not with other secure workstations in the network; storing the complete authorization record and system key for the first authorized user in the network manager; requesting access to the network from the first workstation by providing the first authorized user'"'"'s personal identifier to the SNAP of the first workstation and reading the first authorized user'"'"'s CIK card at the reader of the first workstation; evaluating at the SNAP of the first workstation whether the received personal identifier and portions of the system key from the CIK card and from the SNAP identify the first authorized user, and if the first authorized user is identified, providing the authorization record and system key of the first authorized user to the network manager in an encrypted communication from the first workstation using the first workstation'"'"'s initialization key for validation that the first authorized user is to be given access to the network; and in the event the first authorized user is validated by the network manager, providing an operational key from the network manager to the SNAP of the first workstation using the first workstation'"'"'s initialization key, wherein the operational key enables secure operations from the first workstation on the network. - View Dependent Claims (2)
-
-
3. A method of conducting secure operations on an uncontrolled network of workstations that has a network manager for authorizing conduct of secure operations on the network, the method comprising the steps of:
-
providing each authorized user with a portable recording device that contains an electronically readable portion of an authorization record, wherein the authorization record includes a personal identifier for the user; storing at a first workstation the portion of the authorization record not stored on the recording device and providing the first workstation with means for reading the recording device; and storing the entire authorization record at the network manager, wherein the authorization of the user to conduct secure operations on the network is validated at the first workstation and at the manager by evaluating the combined portions of the authentication record. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of conducting secure operations on an uncontrolled network of plural workstations that has a network manager for authorizing conduct of secure operations on the network, the method comprising the steps of:
-
(a) providing each authorized user with a portable recording device that contains, for each of plural first workstations at which the user is authorized, an electronically readable portion of an authorization record, wherein the authorization record includes a personal identifier for the user and a different key for each of the plural first workstations; (b) storing at each of the plural first workstations the portion of the respective authorization record not stored on the recording device; and (c) storing the entire authorization record for each of the plural first workstations at the network manager, wherein the authorization of the user to conduct secure operations on the network is validated at each of the plural first workstations and at the manager by evaluating the combined portions of the respective authentication record.
-
Specification