Apparatus and method for controlling access to and interconnection of computer system resources

US 5,724,426 A
Filed: 01/11/1996
Issued: 03/03/1998
Est. Priority Date: 01/24/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A system for securely transferring data across a data communication medium between first and second computer system resources, comprising:

first and second access controllers electrically connected to the data communication medium and to respective ones of the first and second resources for transferring the data after verifying that the first and second resources are both associated with at least one authorized access code;

the access controllers each including;

a memory storing a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of resources with authorized access control codes;

a processor generating plural numbers and utilizing the plural numbers, a selected one of the stored algorithms, and a selected one of the stored encryption keys to generate in cooperation with the other access controller a session key; and

a processor using the session key to encrypt the secure data transferred across the data communication medium.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A compact, physically secure, high-performance access controller (16, 18) is electrically connected to each access-managed resource (12, 14) or group of resources (10) in a computer system. Whenever access managed resources attempt to establish communications, their associated access controllers exchange sets of internally generated access authorization codes (106, 112, 120, 132, 202, 208, 216, 270, 272) utilizing protocols characterized by multiple random numbers, resource authorization keys, serial number (48, 72) verification, and session authorization keys. Each new session employs different encryption keys derived from multiple random numbers and multiple hidden algorithms. Tables of authorized requesting and responding resources are maintained in a protected memory (34, 38) in each access controller. An authorization table building procedure is augmented by an optional central access control system (56) that employs a parallel control network (62, 64, 66) to centrally manage the access control tables in an access-controlled system of resources.

Citations

14 Claims

1. A system for securely transferring data across a data communication medium between first and second computer system resources, comprising:
- first and second access controllers electrically connected to the data communication medium and to respective ones of the first and second resources for transferring the data after verifying that the first and second resources are both associated with at least one authorized access code;
  
  the access controllers each including;
  
  a memory storing a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of resources with authorized access control codes;
  
  a processor generating plural numbers and utilizing the plural numbers, a selected one of the stored algorithms, and a selected one of the stored encryption keys to generate in cooperation with the other access controller a session key; and
  
  a processor using the session key to encrypt the secure data transferred across the data communication medium.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1 in which the resources are selected from a group consisting of:
    - computers, software, servers, networks, data bases, communications switches, communication controllers, mass memory devices, printers, and disk drives.
  - 3. The system of claim 1 in which the communication medium is selected from a group consisting of:
    - a modem, a network, a radio frequency transmission, a SCSI bus, an IEEE-488 bus, an RS-232 interconnection, a cellular radio, a CATV cable, an optical fiber, a switched network, and electrical wiring.
  - 4. The system of claim 1 in which the plural numbers are randomly generated.
  - 5. The system of claim 1 in which the table of encryption keys, the table of algorithms, and the table of authorized resources include identical entries in each of the access controllers.
  - 6. The system of claim 1 further including a communication pathway that interconnects at least one of the access controllers to a central access control system that communicates access control code information to the access controllers through the communication pathway.

7. A method for generating a table of authorized resources entry for use in a secure access control system, comprising:
- establishing a data communication dialog between first and second access controllers;
  
  storing in each access controller a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of access controllers with authorized access control codes;
  
  generating a base key associated with the first and second access controllers by using the data communication dialog to exchange data derived from selected ones of the stored encryption keys and algorithms; and
  
  associating the first and second access controllers with the base key in the table of authorized resources of the first and second access controllers.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7 in which the table of encryption keys, the table of algorithms, and the table of authorized resources each include identical entries in each of the access controllers.
  - 9. The method of claim 7 in which the first access controller is associated with a resource access control system that stores an ID number in the first access controller, the ID number being related to a production serial number of the first access controller.
  - 10. The method of claim 7 in which the communications dialog is established across an insecure communication medium during a predetermined time period.

11. A method for generating and using encryption keys to authorize and encrypt data transferred between first and second computer system resources, comprising:
- providing a master access controller and a slave access controller each including a processor and a memory;
  
  storing in the memories tables of authorized resources and encryption key tables;
  
  generating in the master access controller and the slave access controller respective first and second numbers;
  
  selecting from the master access controller encryption key table and the slave access controller encryption key table a first encryption key;
  
  determining in the master access controller and the slave access controller a key A by processing the first encryption key with the first and second numbers;
  
  selecting from the master access controller encryption key table a second encryption key;
  
  determining a key B in the master access controller by processing the second encryption key with the first and second numbers; and
  
  encrypting key B with key A and sending encrypted key B to the slave access controller.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11 in which the encryption key tables in each of the access controllers include identical entries.
  - 13. The method of claim 11 in which the first and second numbers are randomly generated.
  - 14. The method of claim 11 further including:
    - determining in the slave access controller the second encryption key by processing key B with the first and second numbers; and
      
      verifying that key B exists by determining whether the second encryption key exists in the slave access controller encryption key table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Paralon Technologies, Inc.
Original Assignee
Paralon Technologies, Inc.
Inventors
Trafton, Roger M., Rosenow, Peter D.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/584,079
Time in Patent Office

782 Days
Field of Search

380/4, 380/9, 380/10, 380/20, 380/21, 380/23, 380/24, 380/25, 380/28, 380/44, 380/46, 380/49, 380/50
US Class Current

713/167
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6236   between heterogeneous systems

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/0428   wherein the data content is...

H04L 63/101   Access control lists [ACL]

H04L 9/40   Network security protocols

Apparatus and method for controlling access to and interconnection of computer system resources

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for controlling access to and interconnection of computer system resources

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links