Pocket encrypting and authenticating communications device

US 5,778,071 A
Filed: 08/12/1996
Issued: 07/07/1998
Est. Priority Date: 07/12/1994
Status: Expired due to Term

First Claim

Patent Images

1. An encrypting and authenticating communications device for establishing a secure communications link for data exchanged over a communications network between one of a plurality of remote computing systems and a computing system of a user, the device comprising:

computer processing means, the computer processing means controlling establishment of the secure communications link;

encrypting means, the encrypting means being electrically interconnected with the computer processing means, the encrypting means encrypting data transmitted from the computing system of the user to one of the plurality of remote computing systems and decrypting data received from one of the plurality of remote computing systems by the computing system of the user;

authenticating means, the authenticating means being electrically interconnected with the computer processing means, the authenticating means authenticating to one of the plurality of remote computing systems that the device is authorized;

network interfacing means, the network interfacing means being electrically interconnected with the computer processing means, the network interfacing means establishing a data interface compatible with the communications network for allowing the device to transmit and receive data over the communications network; and

a compact housing, the housing containing the computer processing means, the encrypting means, the authenticating means and the network interfacing means therein, the housing having electrical interconnection means for establishing electrical interconnection of the device with the communications network and the computing system of the user.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable security device is disclosed which can be carried by an individual and connected directly to telephone circuits to both authenticate that individual and encrypt data communications. The invention can operate as an electronic "token" to uniquely identify the user to a network, to a computer system or to an application program. The "token" contains the complete network interface, such as a modem, which modulates the data and provides the circuitry required for direct connection to the network. Furthermore, this "token" will preferably not permit communications to proceed until the device, and optionally the user, have been identified by the proper authentication. The token also contains all of the cryptographic processing required to protect the data using data encryption or message authentication or digital signatures or any combination thereof. Thus, the present invention provides the user with all of the communications and security equipment needed for use with personal computers and electronic notebooks and eliminates the need for any other security measures and/or devices.

Citations

22 Claims

1. An encrypting and authenticating communications device for establishing a secure communications link for data exchanged over a communications network between one of a plurality of remote computing systems and a computing system of a user, the device comprising:
- computer processing means, the computer processing means controlling establishment of the secure communications link;
  
  encrypting means, the encrypting means being electrically interconnected with the computer processing means, the encrypting means encrypting data transmitted from the computing system of the user to one of the plurality of remote computing systems and decrypting data received from one of the plurality of remote computing systems by the computing system of the user;
  
  authenticating means, the authenticating means being electrically interconnected with the computer processing means, the authenticating means authenticating to one of the plurality of remote computing systems that the device is authorized;
  
  network interfacing means, the network interfacing means being electrically interconnected with the computer processing means, the network interfacing means establishing a data interface compatible with the communications network for allowing the device to transmit and receive data over the communications network; and
  
  a compact housing, the housing containing the computer processing means, the encrypting means, the authenticating means and the network interfacing means therein, the housing having electrical interconnection means for establishing electrical interconnection of the device with the communications network and the computing system of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A device as defined in claim 1, wherein the authenticating means further includes means for authenticating the user to one of the plurality of remote computing systems.
  - 3. A device as defined in claim 2, further comprising data entry means, the data entry means being electrically interconnected with the computer processing means, the data entry means permitting the user to enter an identification indicator to the device, the user authentication means being electrically interconnected with the identification indicator and correspondingly authorizing the user to one of the remote computer systems therewith.
  - 4. A device as defined in claim 3, wherein the data entry means includes a keypad whereby the user manually enters the identification indicator therewith.
  - 5. A device as defined in claim 4, wherein the keypad is integrally mounted on the compact housing of the device.
  - 6. A device as defined in claim 3, wherein the data entry means includes a smartcard and smartcard interface and the housing of the device includes a smartcard receptacle whereby the user inserts the smartcard into the smartcard receptacle and the identification indicator is automatically read from the smartcard and presented to the device via the smartcard interface which is operatively coupled to the computer processing means.
  - 7. A device as defined in claim 3, further comprising display means, the display means being operatively coupled to the computer processing means, the display means prompting the user to enter the user identification indicator via the data entry means.
  - 8. A device as defined in claim 7, wherein the display means includes a liquid crystal matrix display.
  - 9. A device as defined in claim 8, wherein the liquid crystal matrix display is integrally mounted on the compact housing of the device.
  - 10. A device as defined in claim 1, wherein the authenticating means further includes means for respectively authenticating and verifying the integrity of data transmitted and received over the communications network.
  - 11. A device as defined in claim 1, wherein the communications network is an integrated services digital network (ISDN) and the network interfacing means establishes an ISDN compatible data interface for data transmitted and received over the communications network.
  - 12. A device as defined in claim 1, wherein the communications network is a local area network (LAN) and the network interfacing means establishes a LAN compatible data interface for data transmitted and received over the communications network.
  - 13. A device as defined in claim 1, wherein the encrypting means and the authenticating means further include a smartcard and smartcard interface and the housing of the device includes a smartcard receptacle, whereby the smartcard interface is electrically interconnected with the computer processing means and the smartcard is inserted into the smartcard receptacle, the smartcard containing one of a plurality of encryption and authentication algorithms and performing the encryption and authentication functions in operative cooperation with the computer processing means.
  - 14. A device as defined in claim 1, wherein the electrical interconnection means includes at least first and second connectors, the first connector being electrically interconnected with the communications network and the second connector being electrically interconnected with the computer system of the user.
  - 15. A device as defined in claim 14, wherein the second connector is a PCMCIA connector which is electrically interconnected with a compatible PCMCIA connector associated with the computer system of the user.
  - 16. A device as defined in claim 15, wherein the compact housing of the device is formed to have a thin, rectangular shape for insertion into a PCMCIA receptacle associated with the computer system of the user.
  - 17. A device as defined in claim 1, further comprising at least first and second indicators, the first and second indicators being electrically interconnected with the computer processing means and indicating status of operation of the device.
  - 18. A device as defined in claim 17, wherein the first indicator is a red LED which indicates, when illuminated, that the data passing through the device is not being encrypted by the encrypting means.
  - 19. A device as defined in claim 17, wherein the second indicator is a green LED which indicates, when illuminated, that the data passing through the device is being encrypted by the encrypting means.
  - 20. A device as defined in claim 1, wherein the electrical interconnection means includes at least one pendant connector coupled to the device through a cable and the housing further includes a slot formed in at least one side of the housing, the slot being formed to include opposing sides, at least one of the opposing sides including a plurality of projections, the cable being folded into the slot and being held in the slot by the plurality of projections when the device is not in use.
  - 21. A device as defined in claim 1, wherein the computer processing means selectively permits device operation in one of an in-line mode and an off-line mode, the in-line mode of operation permitting the data from the computer system of the user, once encrypted via the encrypting means, to be transferred to the network interfacing means for transmission on the communications network and the in-line mode of operation also permitting the data from one of the plurality of remote computer systems, once decrypted via the encrypting means, to be transferred to the computer system of the user, the off-line mode permitting the data from the computer system of the user, once encrypted via the encrypting means, to be returned to the computer system of the user for storage and subsequent transmission over the communications network and the off-line mode of operation also permitting the data from one of the plurality of remote computer systems to be transferred directly to the computer system of the user for storage and subsequent decrypting via the encrypting means.

22. An encrypting and authenticating communications device for establishing a secure communications link for data exchanged over a communications network between one of a plurality of remote computing systems and a computing system of a user, the device comprising:
- first and second connector ports, the first connector port being electrically interconnected with the communications network and the second connector port being electrically interconnected with the computing system of the user;
  
  a smartcard receptacle for accepting a smartcard;
  
  first and second indicators;
  
  a cryptographic module, the cryptographic module performing at least one of an encryption and authentication function and including a microprocessor, a system memory, an input/output controller, a crypto engine and a communications controller, all being electrically interconnected via a microprocessor bus; and
  
  an interface module, the interface module performing system interfacing functions and including a network interface, a smartcard interface and a communications port interface, the network interface being electrically interconnected with the first connector and the communications controller, the smartcard interface being electrically interconnected with the smartcard receptacle and to the input/output controller, the first and second indicators being respectively electrically interconnected with the input/output controller and the communications port interface being electrically interconnected with the second connector and the communications controller;
  
  transmit data from the computer system of the user entering the device through the second connector and being buffered and transferred by the communications port interface to the communications controller, the communications controller formatting and placing the transmit data on the microprocessor bus, the microprocessor, in conjunction with the system memory and in response to the transmit data being placed on the microprocessor bus, causing the transmit data to be transferred to the crypto engine, the crypto engine performing at least one of encrypting and authenticating the transmit data, the smartcard sending a user identification code to the crypto engine via the smartcard interface and the input/output controller for performing the authenticating function, the microprocessor then transferring the transmit data back to the communications controller, the communications controller reformatting and sending the transmit data to the network interface, the network interface modulating the transmit data for transmission onto the communications network via the first connector;
  
  receive data received from one of the plurality of remote computer systems over the communications network entering the device through the first connector, the network interface demodulating the receive data for manipulation by the device in response to entry of the receive data, the network interface transferring the receive data to the communications controller, the communications controller formatting the receive data and placing the receive data on the microprocessor bus, the microprocessor, in conjunction with the system memory and in response to the receive data being placed on the microprocessor bus, causing the receive data to be transferred to the crypto engine, the crypto engine performing at least one of decrypting and validating the receive data, the microprocessor then transferring the receive data back to the communications controller, the communications controller reformatting and providing the receive data to the communications port interface, the communications port interface converting the transmit data for transmission to the computer system of the user via the second connector;
  
  the first and second indicators being electrically interconnected with the microprocessor via the input/output controller and providing device status indications to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
Information Resource Engineering Incorporated (Thales SA)
Inventors
Caputo, Anthony A., Amoruso, Victor P.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/689,726
Time in Patent Office

694 Days
Field of Search

380/4, 380/9, 380/23, 380/24, 380/25, 380/28, 380/29, 380/30, 380/49, 380/50, 380/52, 380/53, 380/59, 235/379, 235/380, 340/825.31, 340/825.34
US Class Current

713/159
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/572   Secure firmware programming...

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

G06F 21/85   interconnection devices, e....

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3415   Cards acting autonomously a...

G06Q 20/40975   using encryption therefor

G07F 7/0826   Embedded security module

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/12   Applying verification of th...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247 : involving digital signatures

H04L 9/3271 : using challenge-response

H04L 9/40 : Network security protocols

View All

Pocket encrypting and authenticating communications device

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Pocket encrypting and authenticating communications device

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links