System and method for tamper detection
First Claim
1. Intrusion detection apparatus for use with a system, said apparatus comprising:
- sensing means for sensing a physical intrusion into the system and for generating an intrusion indication signal in response thereto;
a random number generator for generating a random number comprising an audit count value in response to the intrusion indication signal;
computer means coupled to the sensing means and random number generator that comprises a predetermined electronic encryption key for encrypting the audit count value using the predetermined electronic encryption key in combination with a predetermined encryption algorithm to provide an encrypted audit count value;
a sequence counter coupled to the computer means for incrementing a sequence number in response to the intrusion indication signal to provide an incremented sequence number that indicates a total number of physical intrusions into the system;
memory means coupled to the computer means and the sequence counter for storing the predetermined electronic encryption key, the encrypted audit count value, and the incremented sequence number;
a physically removable device that is couplable to the computer means and that comprises a predetermined electronic decryption key that is distinct from the predetermined electronic encryption key and that operates in combination with a predetermined decryption algorithm that runs on the computer to (1) decrypt the encrypted audit count value and cause the display of expected values of the incremented sequence number and decrypted audit count value to an authorized user that should be displayed the next time physical access is gained to the system and to (2) subsequently decrypt the encrypted audit count value and cause the display of the incremented sequence number and decrypted audit count value to an authorized user that is compared with the expected values thereof to determine whether physical access has been gained to the system; and
a display coupled to the computer means and the memory means for displaying the decrypted audit count value and the incremented sequence number each time the electronic decryption key is used.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides an electronic indication that unauthorized access has been gained to a system. The mechanisms used by the present invention cannot be forged, bypassed, or subverted. In fact, even persons authorized to access the environment cannot do so without leaving evidence. When an intrusion is detected, a random number is generated. This random number, referred to as an audit count, is then encrypted and stored, and a sequence number is incremented. To recover this information at a later time, a trusted individual inserts an external device containing a decryption key. The decryption key is extracted, and the encrypted audit count and sequence number are decrypted and displayed. Periodic verification that the audit count and sequence number have not changed provides assurance that access has not been gained to the system.
31 Citations
5 Claims
-
1. Intrusion detection apparatus for use with a system, said apparatus comprising:
-
sensing means for sensing a physical intrusion into the system and for generating an intrusion indication signal in response thereto; a random number generator for generating a random number comprising an audit count value in response to the intrusion indication signal; computer means coupled to the sensing means and random number generator that comprises a predetermined electronic encryption key for encrypting the audit count value using the predetermined electronic encryption key in combination with a predetermined encryption algorithm to provide an encrypted audit count value; a sequence counter coupled to the computer means for incrementing a sequence number in response to the intrusion indication signal to provide an incremented sequence number that indicates a total number of physical intrusions into the system; memory means coupled to the computer means and the sequence counter for storing the predetermined electronic encryption key, the encrypted audit count value, and the incremented sequence number; a physically removable device that is couplable to the computer means and that comprises a predetermined electronic decryption key that is distinct from the predetermined electronic encryption key and that operates in combination with a predetermined decryption algorithm that runs on the computer to (1) decrypt the encrypted audit count value and cause the display of expected values of the incremented sequence number and decrypted audit count value to an authorized user that should be displayed the next time physical access is gained to the system and to (2) subsequently decrypt the encrypted audit count value and cause the display of the incremented sequence number and decrypted audit count value to an authorized user that is compared with the expected values thereof to determine whether physical access has been gained to the system; and a display coupled to the computer means and the memory means for displaying the decrypted audit count value and the incremented sequence number each time the electronic decryption key is used. - View Dependent Claims (2)
-
-
3. A method of determining whether physical access has been gained to a system, said method comprising the steps of:
-
sensing a physical intrusion into the system and generating an intrusion indication signal in response thereto; generating a random number comprising an audit count in response to the intrusion indication signal; encrypting the random number using a predetermined electronic encryption key in combination with a predetermined encryption algorithm to provide an encrypted audit count; incrementing a sequence number to provide an incremented sequence number that indicates a total number of physical intrusions into the system; storing the predetermined electronic encryption key, the encrypted audit count and the incremented sequence number; decrypting the encrypted audit count using a physically removable electronic decryption key that is distinct from the predetermined electronic encryption key in combination with a predetermined decryption algorithm to provide a decrypted audit count; displaying the decrypted audit count and the incremented sequence number to an authorized user of the system to provide an indication of an expected sequence number and audit count value that should be displayed the next time physical access is gained to the system; verifying whether physical access has been gained to the system by decrypting the encrypted audit count using the electronic decryption key in combination with the predetermined decryption algorithm to provide a decrypted audit count, and displaying the decrypted audit count and the incremented sequence number to an authorized user of the system; and comparing the decrypted audit count and incremented sequence number with the expected audit count and incremented sequence number to determine whether physical access has been gained to the system. - View Dependent Claims (4, 5)
-
Specification