Apparatus and method for controlling access to and interconnection of computer system resources
First Claim
1. A system for securely transferring data across a data communication medium between first and second computer system resources, comprising:
- first and second access controllers electrically connected to the data communication medium and to respective ones of the first and second resources for transferring the data after verifying that the first and second resources are both associated with at least one authorized access code;
the access controllers each including;
a memory storing a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of resources with authorized access control codes;
a processor generating plural numbers and utilizing the plural numbers, a selected one of the stored algorithms, and a selected one of the stored encryption keys to generate in cooperation with the other access controller a session key; and
a processor using the session key to encrypt the secure data transferred across the data communication medium.
0 Assignments
0 Petitions
Accused Products
Abstract
A compact, physically secure, high-performance access controller (16, 18) is electrically connected to each access-managed resource (12, 14) or group of resources (10) in a computer system. Whenever access managed resources attempt to establish communications, their associated access controllers exchange sets of internally generated access authorization codes (106, 112, 120, 132, 202, 208, 216, 270, 272) utilizing protocols characterized by multiple random numbers, resource authorization keys, serial number (48, 72) verification, and session authorization keys. Each new session employs different encryption keys derived from multiple random numbers and multiple hidden algorithms. Tables of authorized requesting and responding resources are maintained in a protected memory (34, 38) in each access controller. An authorization table building procedure is augmented by an optional central access control system (56) that employs a parallel control network (62, 64, 66) to centrally manage the access control tables in an access-controlled system of resources.
-
Citations
14 Claims
-
1. A system for securely transferring data across a data communication medium between first and second computer system resources, comprising:
-
first and second access controllers electrically connected to the data communication medium and to respective ones of the first and second resources for transferring the data after verifying that the first and second resources are both associated with at least one authorized access code; the access controllers each including; a memory storing a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of resources with authorized access control codes; a processor generating plural numbers and utilizing the plural numbers, a selected one of the stored algorithms, and a selected one of the stored encryption keys to generate in cooperation with the other access controller a session key; and a processor using the session key to encrypt the secure data transferred across the data communication medium. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for generating a table of authorized resources entry for use in a secure access control system, comprising:
-
establishing a data communication dialog between first and second access controllers; storing in each access controller a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of access controllers with authorized access control codes; generating a base key associated with the first and second access controllers by using the data communication dialog to exchange data derived from selected ones of the stored encryption keys and algorithms; and associating the first and second access controllers with the base key in the table of authorized resources of the first and second access controllers. - View Dependent Claims (8, 9, 10)
-
-
11. A method for generating and using encryption keys to authorize and encrypt data transferred between first and second computer system resources, comprising:
-
providing a master access controller and a slave access controller each including a processor and a memory; storing in the memories tables of authorized resources and encryption key tables; generating in the master access controller and the slave access controller respective first and second numbers; selecting from the master access controller encryption key table and the slave access controller encryption key table a first encryption key; determining in the master access controller and the slave access controller a key A by processing the first encryption key with the first and second numbers; selecting from the master access controller encryption key table a second encryption key; determining a key B in the master access controller by processing the second encryption key with the first and second numbers; and encrypting key B with key A and sending encrypted key B to the slave access controller. - View Dependent Claims (12, 13, 14)
-
Specification