System for controlling access to a function, using a plurality of dynamic encryption variables

US 5,802,176 A
Filed: 03/22/1996
Issued: 09/01/1998
Est. Priority Date: 03/22/1996
Status: Expired due to Term

First Claim

Patent Images

1. An access control system for control of access of at least one user to a function, said system including at least one first portable unit personalized for said user and at least one second verification unit controlling access to said function,(a) said first unit comprising:

first generator means for producing at least two dynamic variables;

first calculation means for producing a first password in accordance with at least one first encryption algorithm using input parameters dependent on said dynamic variables; and

means for transmitting said first password to said second unit;

(b) said second unit comprising;

second generator means for, in response to an access request made by way of a specified one of said at least one first unit, producing at least two dynamic variables assigned to said specified one of said at least one first unit;

second calculation means for producing a second password in accordance with at least one second encryption algorithm using input parameters dependent on said dynamic variables produced in said second unit;

comparator means for comparing said first and second passwords; and

means, responsive to said comparator means determining that a predetermined relationship exists between said passwords, for delivering an authorization of access to said function;

wherein said first and second generator means provided respectively in said first and second units produce said at least two dynamic variables in concert, but independently.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system includes a first card-like unit adapted to communicate with a second unit giving only conditionally access to a function. Both units are capable of running software for generating a password by means of encryption of a plurality of dynamic variables produced separately but in concert (so as to have a predetermined relationship, such as identity, with one another) in the units. The encryption is carried out in each unit by a public algorithm using a dynamically varying encryption key. Each time an access request is issued by a card user, the key is modified as a function of the number of access requests previously formulated by the card user. Access to the function is granted when the passwords generated in the units have a predetermined relationship (such as identity) with each other.

Citations

22 Claims

1. An access control system for control of access of at least one user to a function, said system including at least one first portable unit personalized for said user and at least one second verification unit controlling access to said function,(a) said first unit comprising:
- first generator means for producing at least two dynamic variables;
  
  first calculation means for producing a first password in accordance with at least one first encryption algorithm using input parameters dependent on said dynamic variables; and
  
  means for transmitting said first password to said second unit;
  
  (b) said second unit comprising;
  
  second generator means for, in response to an access request made by way of a specified one of said at least one first unit, producing at least two dynamic variables assigned to said specified one of said at least one first unit;
  
  second calculation means for producing a second password in accordance with at least one second encryption algorithm using input parameters dependent on said dynamic variables produced in said second unit;
  
  comparator means for comparing said first and second passwords; and
  
  means, responsive to said comparator means determining that a predetermined relationship exists between said passwords, for delivering an authorization of access to said function;
  
  wherein said first and second generator means provided respectively in said first and second units produce said at least two dynamic variables in concert, but independently.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The control system as claimed in claim 1, wherein said first and second generator means respectively include third and fourth calculation means for producing at least a first one of the dynamic variables according to a function involving a number of access requests made by said first unit prior to a current access request in progress.
  - 3. The control system as claimed in claim 2, wherein said third and fourth calculation means respectively generate an intermediate dynamic variable by logical combination of said number of access requests made and a current value of said first dynamic variable.
  - 4. The control system as claimed in claim 3, wherein said third and fourth calculation means respectively perform, by means of third and fourth algorithms, an encryption of said intermediate dynamic variable, the result of this encryption constituting a new value of said first dynamic variable.
  - 5. The control system as claimed in claim 4, wherein said third and fourth calculation means respectively comprise means for encrypting said intermediate dynamic variable with said first dynamic variable used as a secret encryption key in respect of said third and fourth encryption algorithms.
  - 6. The control system as claimed in claim 4, wherein said third and fourth calculation means respectively comprise means for encrypting said intermediate dynamic variable with an encryption key which differs from said first dynamic variable and is used in respect of said third and fourth encryption algorithms respectively.
  - 7. The control system as claimed in claim 4, wherein said third calculation means and said fourth calculation means transfer the result of said encryption by said third and fourth encryption algorithms to said first and second calculation means respectively as an encryption key in respect of said first and second encryption algorithms.
  - 8. The control system as claimed in claim 7, wherein said first and second generator means respectively generate a second one of said dynamic variables as a function of said number of access requests made and transfer said second dynamic variable to said first and second calculation means respectively, and wherein said first and second calculation means encrypt an input datum comprising said second dynamic variable, in accordance with said first and second encryption algorithms respectively.
  - 9. The control system as claimed in claim 8, wherein said first and second generator means respectively generate a third one of said dynamic variables as a function of current time and transfer said third dynamic variable to said first and second calculation means respectively and wherein said first and second calculation means incorporate said third dynamic variable in said input datum.
  - 10. The control system as claimed in claim 9, wherein said first and second calculation means respectively perform a concatenation of said second and third dynamic variables to produce said input datum.
  - 11. The control system as claimed in claim 4, wherein said third and fourth encryption algorithms are identical to said first and second encryption algorithms.
  - 12. The control system as claimed in claim 1, wherein said first and second generator means respectively transfer a first one of said dynamic variables to said first and second calculation means as an encryption key in respect of said first and second algorithms and produce an input datum comprising a second one of said dynamic variables consisting of a number of access requests made by said first unit prior to a current access request in progress, said input datum being transferred to said first and second calculation means respectively so as to be encrypted therein by said first dynamic variable.
  - 13. The control system as claimed in claim 12, wherein said first and second generator means respectively comprise third and fourth calculation means for producing said encryption key as a function of said number of access requests made.
  - 14. The control system as claimed in claim 13, wherein said third and fourth calculation means respectively comprise memory storage means and generate, from the current value of said encryption key, a new value of said encryption key and store said new value in said memory storage means as replacement for said current value.
  - 15. The control system as claimed in claim 1, wherein said first unit comprises means for storing data intended to be transferred to said second unit so as to be used in accomplishing said function and said second unit comprises means for receiving said data, and wherein said first and second generator means comprise means for transferring said data respectively to said first and second calculation means so as to serve as a component of at least one of said dynamic variables to be encrypted.
  - 16. The control system as claimed in claim 1 comprising communication means in said first and second units, said communication means comprising a DTMF telephone link for allowing communication of information between first and second said units.
  - 17. The control system as claimed in claim 1 comprising communication means in said first and second units, said communication means comprising an infrared communication device for allowing communication of information between said units.
  - 18. The control system as claimed in claim 1 comprising communication means in said first and second units, said communication means comprising a card reader in said second unit, said first unit comprising a card adapted for being read by said card reader so as to communicate information between said units.
  - 19. The control system as in claim 1 wherein said predetermined relationship between said passwords is equality.
  - 20. The control system as in claim 9, wherein said first and second calculation means respectively process said second and third dynamic variables to produce said input datum.
  - 21. The control system as in claim 1, wherein said first and second encryption algorithms are different from one another and have a predetermined relationship with one another such said first password and said second password have said predetermined relationship.

22. An access control system for control of access of at least one user to a function, said system including at least one first portable unit personalized for said user and at least one second verification unit controlling access to said function,(a) said first unit comprising:
- first generator means for producing at least two dynamic variables;
  
  first calculation means for producing a password in accordance with at least one first encryption algorithm using input parameters dependent on said dynamic variables; and
  
  means for transmitting said password to said second unit;
  
  (b) said second unit comprising;
  
  second generator means for, in response to an access request made by way of a specified one of said at least one first unit, producing at least two dynamic variables assigned to said specified one of said at least one first unit;
  
  second calculation means for decrypting said password in accordance with at least one decryption algorithm using as a decryption key an input parameter dependent on a first one of said dynamic variables produced in said second unit to derive one of said dynamic variables produced in said first unit;
  
  comparator means for comparing said dynamic variable derived by said second calculation means with a second one of said dynamic variables produced in said second unit; and
  
  means, responsive to said comparator means determining that a predetermined relationship exists between said dynamic variable derived by said second calculation means with said second one of said dynamic variables produced in said second unit, for delivering an authorization of access to said function;
  
  wherein said first and second generator means provided respectively in said first and second units produce said at least two dynamic variables in concert, but independently.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
ActivCard Co.
Inventors
Audebert, Yves
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US08/620,240
Time in Patent Office

893 Days
Field of Search

380/23, 380/24, 380/25, 380/49, 380/48, 235/382
US Class Current

713/184
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/351   Virtual cards

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4093   Monitoring of device authen...

G06Q 20/4097   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07C 9/21   having a variable access code

G07C 9/215   the system having a variabl...

G07F 7/1008   Active credit-cards provide...

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

System for controlling access to a function, using a plurality of dynamic encryption variables

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System for controlling access to a function, using a plurality of dynamic encryption variables

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links