Bilateral authentication and information encryption token system and method

US 5,995,624 A
Filed: 03/10/1997
Issued: 11/30/1999
Est. Priority Date: 03/10/1997
Status: Expired due to Term

First Claim

Patent Images

1. A network system for secure exchange of information, which comprises:

a token system having stored therein a token system ID, n answering system IDs, n static secrets, n dynamic secrets, a first many-to-few bit mapping program, and a second many-to-few bit mapping program, and having means for generating a pseudo-random message digest comprised of a first originating system password, a first answering system password, a session encryption key, and a change value by applying one of said n static secrets and one of said n dynamic secrets as inputs to said first many-to-few bit mapping program and applying results thereof as an input to said second many-to-few bit mapping program, for verifying authenticity of a first answering system ID by comparison with said n answering system IDs stored within said token system to gain a first match, and of a second answering system password by comparison with said first answering system password to gain a second match, and generating said pseudo-random message digest upon verification of authenticity of said first answering system ID, and altering said one of said n dynamic secrets with said change value upon verification of authenticity of said second answering system password;

an originating system in electrical communication with said token system and having stored therein an originating system ID, and said n answering system IDs, and having means for selecting said first answering system ID from said n answering system IDs and supplying said first answering system ID to said token system for a first authenticity verification, and upon receipt of said session encryption key from said token system, determining if a prior bilateral authentication has occurred, and if a prior bilateral authentication has not occurred, transmitting said token system ID and an access request, and if a prior bilateral authentication has occurred encrypting said token system ID with said session encryption key and transmitting an encrypted token system ID with said access request, receiving a second answering system ID, and if a prior bilateral authentication has not occurred verifying authenticity of said second answering system ID by comparing said second answering system ID with said first answering system ID, and if a prior bilateral authentication has occurred, receiving and decrypting an encrypted second answering system ID with said session encryption key to provide said second answering system ID for comparison with said first answering system ID, and upon an occurrence of a match transmitting an acknowledgment of authenticity, and upon receipt of an encrypted second answering system password, decrypting said encrypted second answering system password with said session encryption key and providing said second answering system password to said token system to compare with said first answering system password to gain said second match, and upon receiving an acknowledgment of authenticity of said second answering system password from said token system, encrypting said originating system password and said originating system ID to generate respectively an encrypted first originating system password and an encrypted originating system ID, and upon receiving an acknowledgment of authenticity of said first originating system password and an acknowledgment of authenticity of said token system and said originating system as an authorized pair, encrypting information with said session encryption key for transfer over said network system during a system connection;

communication link means in electrical communication with said originating system for accommodating information transfers over said network system; and

an answering system in electrical communication with said communication link means and having stored therein n originating system IDs, n token system IDs, said second answering system ID, said n static secrets, said n dynamic secrets, said first many-to-few bit mapping program, said second many-to-few bit mapping program, and said means for generating said pseudo-random message digest comprised of a second originating system password, said second answering system password, said session encryption key, and said change value by applying said one of said n static secrets and said one of said n dynamic secrets as inputs to said first many-to-few bit mapping program and analyzing results thereof as an input to said second many-to-few bit mapping program, for receiving from said originating system by way of said communication link means said token system ID if a prior bilateral authentication of said token system ID has not occurred in said originating system, receiving said encrypted token system ID from said originating system by way of said communication link means if a prior bilateral authentication of said token system ID has occurred, decrypting said encrypted token system ID with said session encryption key upon receipt from said originating system over said communication link means, and upon verifying authenticity of said token system ID by comparing with said n token system IDs, determining if a prior bilateral authentication has occurred, and if a prior bilateral authentication has not occurred transmitting said second answering system ID to said originating system by way of said communication link means, and if a prior bilateral authentication has occurred encrypting said second answering system ID with said session encryption key to provide said encrypted second answering system ID over said communication link means to said originating system, and upon receiving an acknowledgment of verification of authenticity of said second answering system ID from said originating system over said communication link means, generating said pseudo-random message digest and encrypting said second answering system password with said session encryption key to send said second encrypted answering system password over said communication link means to said originating system, and upon receipt of said encrypted first originating system password and said encrypted originating system ID, decrypting said encrypted first originating system password and said encrypted originating system ID with said session encryption key to verify authenticity of said first originating system password by comparing said first originating system password with said second originating system password, and verifying authenticity of use of said token system with said originating system by comparing said originating system ID with said n originating system IDs to gain a match, and upon verification of authenticity of said first originating system password, and upon verification of authenticity of said token system and said originating system as an authorized pair, issuing an acknowledgment of authenticity over said communication link means to said originating system, and thereafter decrypting said information with said session encryption key for further use.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication and information encryption system and method which uses a token system for increased security in accommodating bilateral encrypted communications between an originating system and an answering system, with each system without synchronization independently generating a message digest through use of an encryption key generator which employs bit-shuffling, many-to-few bit mapping, and secure hash processing to forestall attempts to discover the secret inputs to the generator, or the system password, encryption key, or change value outputs extracted from the message digest, through cryptographic analysis or brute force trial-and-error attacks, and with each system using the passwords, encryption key and change value during only a single system connection before using the change value to update one of the secret inputs to the key generator to provide new password, encryption key and change value parameters having no predictable relationship to their previous counterparts, and with each system accommodating plural authentication cycles to verify the originating system, the answering system, the token system, and the pairing of the token system with either the originating system, the answering system, or both, all without public exposure of the secret inputs, encryption key or change value. Further, a deterministic, non-predictable, pseudo-random, and symmetric encryption key is generated, used during only a single system connection, and then destroyed. Thus, the need for key directories is obviated. Lastly, the token system ID, the originating system ID, and the answering system ID may be altered by a component of the message digest upon completion of a system connection to significantly reduce the risk of playback impersonations.

184 Citations

46 Claims

1. A network system for secure exchange of information, which comprises:
- a token system having stored therein a token system ID, n answering system IDs, n static secrets, n dynamic secrets, a first many-to-few bit mapping program, and a second many-to-few bit mapping program, and having means for generating a pseudo-random message digest comprised of a first originating system password, a first answering system password, a session encryption key, and a change value by applying one of said n static secrets and one of said n dynamic secrets as inputs to said first many-to-few bit mapping program and applying results thereof as an input to said second many-to-few bit mapping program, for verifying authenticity of a first answering system ID by comparison with said n answering system IDs stored within said token system to gain a first match, and of a second answering system password by comparison with said first answering system password to gain a second match, and generating said pseudo-random message digest upon verification of authenticity of said first answering system ID, and altering said one of said n dynamic secrets with said change value upon verification of authenticity of said second answering system password;
  
  an originating system in electrical communication with said token system and having stored therein an originating system ID, and said n answering system IDs, and having means for selecting said first answering system ID from said n answering system IDs and supplying said first answering system ID to said token system for a first authenticity verification, and upon receipt of said session encryption key from said token system, determining if a prior bilateral authentication has occurred, and if a prior bilateral authentication has not occurred, transmitting said token system ID and an access request, and if a prior bilateral authentication has occurred encrypting said token system ID with said session encryption key and transmitting an encrypted token system ID with said access request, receiving a second answering system ID, and if a prior bilateral authentication has not occurred verifying authenticity of said second answering system ID by comparing said second answering system ID with said first answering system ID, and if a prior bilateral authentication has occurred, receiving and decrypting an encrypted second answering system ID with said session encryption key to provide said second answering system ID for comparison with said first answering system ID, and upon an occurrence of a match transmitting an acknowledgment of authenticity, and upon receipt of an encrypted second answering system password, decrypting said encrypted second answering system password with said session encryption key and providing said second answering system password to said token system to compare with said first answering system password to gain said second match, and upon receiving an acknowledgment of authenticity of said second answering system password from said token system, encrypting said originating system password and said originating system ID to generate respectively an encrypted first originating system password and an encrypted originating system ID, and upon receiving an acknowledgment of authenticity of said first originating system password and an acknowledgment of authenticity of said token system and said originating system as an authorized pair, encrypting information with said session encryption key for transfer over said network system during a system connection;
  
  communication link means in electrical communication with said originating system for accommodating information transfers over said network system; and
  
  an answering system in electrical communication with said communication link means and having stored therein n originating system IDs, n token system IDs, said second answering system ID, said n static secrets, said n dynamic secrets, said first many-to-few bit mapping program, said second many-to-few bit mapping program, and said means for generating said pseudo-random message digest comprised of a second originating system password, said second answering system password, said session encryption key, and said change value by applying said one of said n static secrets and said one of said n dynamic secrets as inputs to said first many-to-few bit mapping program and analyzing results thereof as an input to said second many-to-few bit mapping program, for receiving from said originating system by way of said communication link means said token system ID if a prior bilateral authentication of said token system ID has not occurred in said originating system, receiving said encrypted token system ID from said originating system by way of said communication link means if a prior bilateral authentication of said token system ID has occurred, decrypting said encrypted token system ID with said session encryption key upon receipt from said originating system over said communication link means, and upon verifying authenticity of said token system ID by comparing with said n token system IDs, determining if a prior bilateral authentication has occurred, and if a prior bilateral authentication has not occurred transmitting said second answering system ID to said originating system by way of said communication link means, and if a prior bilateral authentication has occurred encrypting said second answering system ID with said session encryption key to provide said encrypted second answering system ID over said communication link means to said originating system, and upon receiving an acknowledgment of verification of authenticity of said second answering system ID from said originating system over said communication link means, generating said pseudo-random message digest and encrypting said second answering system password with said session encryption key to send said second encrypted answering system password over said communication link means to said originating system, and upon receipt of said encrypted first originating system password and said encrypted originating system ID, decrypting said encrypted first originating system password and said encrypted originating system ID with said session encryption key to verify authenticity of said first originating system password by comparing said first originating system password with said second originating system password, and verifying authenticity of use of said token system with said originating system by comparing said originating system ID with said n originating system IDs to gain a match, and upon verification of authenticity of said first originating system password, and upon verification of authenticity of said token system and said originating system as an authorized pair, issuing an acknowledgment of authenticity over said communication link means to said originating system, and thereafter decrypting said information with said session encryption key for further use.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The network system of claim 1, wherein said token system is a tamper resistant security module.
  - 3. The network system of claim 1, wherein said encryption key is a deterministic, non-predictable, pseudo-random and symmetric encryption key.
  - 4. The network system of claim 1, wherein said first many-to-few bit mapping program is an algebraic function program.
  - 5. The network system of claim 1, wherein said first many-to-few bit mapping program is a logic function program.
  - 6. The network system of claim 1, wherein said first many-to-few bit mapping program is an encryption program.
  - 7. The network system of claim 1, wherein said first many-to-few bit mapping program consists of plural bit shuffling programs.
  - 8. The network system of claim 1, wherein said second many-to-few bit mapping program is a secure hash algorithm (SHA) function.
  - 9. The network system of claim 1, wherein said second many-to-few bit mapping program is an encryption program.
  - 10. The network system of claim 1, wherein said second many-to-few bit mapping program consists of plural encryption programs.
  - 11. The network system of claim 1, wherein said token system ID, said answering system ID, and said originating system ID are altered by any component of said pseudo-random message digest at end of said system connection.
  - 12. The network system of claim 1, wherein a binary length of each of said n dynamic secrets is different from that of each of said n static secrets.
  - 13. The network system of claim 1, wherein said pseudo-random message digest also is generated upon a request being made by one of said originating system and said answering system to a second of said originating system and said answering system.
  - 14. The network system of claim 1, wherein said originating system and said token system communicate by way of one of a wireless IR, a wireless RF, an inductive, a capacitive, an optical, an ultrasonic, and an electro-magnetic system.
  - 15. The network system of claim 1, wherein said n token system IDs, said n answering system IDs, said n originating system IDs, said n static secrets, and said n dynamic secrets are stored on a removable non-volatile memory of said answering system and said originating system.
  - 16. The network system of claim 1, wherein information other than said originating system ID, said answering system ID, said originating system password, and said answering system password are authenticated.
  - 17. The network system of claim 1, wherein said answering system controls number of authentications which occur in said network system.
  - 18. The network system of claim 1, wherein said originating system password, said answering system password, said change value, and said session encryption key are used during only a single system connection.
  - 19. The network system of claim 1, wherein said originating system and said answering system each may transmit and receive said information, and each may encrypt and decrypt said information.

20. A method for bilateral authentication of an originating system in electrical communication with a token system, and an answering system in electrical communication with said originating system by way of a communication link, which comprises the steps of:
- storing a token system ID, n answering system IDs, n static secrets, and n dynamic secrets in said token system;
  
  storing an originating system ID and said n answering system IDs in said originating system, and storing a first answering system ID, n originating system IDs, n token system IDs, said n static secrets, and said n dynamic secrets in said answering system;
  
  said token system receiving a second answering system ID from said originating system and verifying authenticity of said second answering system ID by comparing said second answering system ID with said n answering system IDs stored within said token system to gain a first match;
  
  bilaterally authenticating said token system and said answering system by said token system transmitting said token system ID to said originating system, and said originating system transmitting said token system ID by way of said communication link to said answering system, said answering system verifying authenticity of said token system ID by comparing said token system ID with said n token system IDs to gain a second match, and said answering system transmitting said first answering system ID by way of said communication link to said originating system, said originating system verifying authenticity of said first answering system ID by comparing said first answering system ID with said second answering system ID to gain a third match;
  
  said answering system and said token system independently combining one of said n static secrets and one of said n dynamic secrets by way of a bit-shuffling operation to produce a first pseudo random result;
  
  said token system and said answering system independently applying a many-to-few bit mapping to said first pseudo random result to produce a second pseudo random result;
  
  said token system and said answering system independently extracting an originating system password, an answering system password, an encryption key, and a change value from said second pseudo-random result;
  
  bilaterally authenticating said originating system and said answering system by said originating system receiving said originating system password from said token system and encrypting said originating system ID and said originating system password with said encryption key to produce respectively an encrypted originating system ID and an encrypted originating system password, said answering system encrypting said answering system password with said encryption key to produce an encrypted answering system password, and said answering system transmitting said encrypted answering system password to said originating system by way of said communication link, said originating system decrypting said encrypted answering system password with said encryption key to produce a second answering system password, and transmitting said second answering system password to said token system, said token system verifying authenticity of said second answering system password by comparing said second answering system password with said answering system password produced by said token system to gain a fourth match, and said originating system transmitting said encrypted originating system ID and said encrypted originating system password by way of said communication link to said answering system, said answering system decrypting said encrypted originating system ID and said encrypted originating system password with said encryption key to produce respectively said originating system ID and a second originating system password, said answering system verifying authenticity of said originating system ID by comparing with said n originating system IDs to gain a fifth match and verifying authenticity of said second originating system password by comparing with said originating system password produced by said answering system to gain a sixth match;
  
  said token system and said answering system independently altering said one of said n dynamic secrets upon successful completion of both of above bilaterally authenticating steps;
  
  said answering system and said originating system exchanging information encrypted with said encryption key over said communication link to complete a task; and
  
  repeating all of above steps in event a new system connection between said originating system and said answering system is made.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 21. The method set forth in claim 20, wherein both of the bilaterally authenticating steps occur at machine speeds of said originating system and said answering system.
  - 22. The method of claim 20, wherein said token system is portable, readily carried on a person and tamper resistant.
  - 23. The method of claim 20, wherein said bit-shuffling operation includes an algebraic or logic operation, and a many-to-few bit mapping.
  - 24. The method of claim 20, wherein said many-to-few bit mapping is accomplished by said token system and said answering system applying a Secure Hash Algorithm to said first pseudo-random result.
  - 25. The method of claim 20, wherein said bit shuffling operation is accomplished by executing an equation A⊕
    - B, where A is said one of said n static secrets and B is said one of said n dynamic secrets.
  - 26. The method of claim 20, wherein said encryption key may be generated upon request after both of the bilaterally authenticating steps are performed.
  - 27. The method of claim 20, wherein the step of altering said one of said n dynamic secrets is accomplished by combining a non-zero prime constant and said change value with said one of said n dynamic secrets.
  - 28. The method of claim 27, wherein said second pseudo-random result is non-recurring and is used only once per system connection.
  - 29. The method of claim 20, wherein the step of altering said one of said n dynamic secrets is accomplished by adding said change value to said one of said n dynamic secrets.
  - 30. The method of claim 20, wherein said bit shuffling operation and said many-to-few bit mapping are cryptographic functions.
  - 31. The method of claim 20, wherein a plurality of bit shuffling operations are applied to said one of said n dynamic secrets and said one of said n static secrets to produce said first pseudo-random result.
  - 32. The method of claim 20, wherein a plurality of many-to-few bit mappings are applied to said second pseudo-random result.
  - 33. The method of claim 20, wherein said encryption key is a deterministic, non-predictable, pseudo-random, and symmetric encryption key.
  - 34. The method of claim 20 wherein said encryption key may be generated at any time upon request of either of said answering system and said originating system.
  - 35. The method of claim 20, wherein last eight steps of said method are repeated at end of a system session.
  - 36. The method of claim 20, wherein said static secret, said dynamic secret, said change value, and said encryption key at all times remain within said token system, said originating system, and said answering system without being shared over said communication link.

37. A method of authenticating an originating system, a token system, and an answering system, and protecting information to be exchanged over a communication link, with said token system and said answering system having a static secret and a dynamic secret, and said token system in communication with said originating system, and said originating system and said answering system in communication by way of said communication link, which comprises the steps of:
- said originating system transmitting a token activation code to said token system;
  
  said token system verifying said token activation code;
  
  said token system transmitting a token system ID to said originating system;
  
  said originating system transmitting a begin authentication command and a first answering system ID to said token system;
  
  said token system verifying authenticity of said first answering system ID;
  
  said token system transmitting a session encryption key to said originating system;
  
  transmitting an access request and said token system ID from said originating system to said answering system;
  
  verifying authenticity of said token system ID at said answering system;
  
  transmitting a second answering system ID from said answering system to said originating system;
  
  verifying authenticity of said second answering system ID by said originating system;
  
  said originating system transmitting an acknowledgment of verification of said second answering system ID to said answering system;
  
  said token system and said answering system independently combining said static secret and said dynamic secret with a first function to shuffle all bits in said static secret and said dynamic secret and perform a first many-to-few bit mapping to produce a first pseudo-random result;
  
  said token system and said answering system independently hashing said first pseudo-random result with a secure hash algorithm (SHA) to perform a second many-to-few bit mapping to produce a second pseudo-random result;
  
  said token system and said answering system independently extracting an originating system password, an answering system password, an encryption key, and a change value from said second pseudo-random result;
  
  encrypting said answering system password with said encryption key by said answering system to generate a first encrypted password;
  
  transmitting said first encrypted password by said answering system to said originating system;
  
  receiving said encryption key from said token system and decrypting said first encrypted password with said encryption key by said originating system to produce a second answering system password;
  
  transmitting said second answering system password to said token system by said originating system;
  
  verifying authenticity of said second answering system password by said token system;
  
  said originating system receiving said originating system password from said token system and encrypting said originating system ID and said originating system password with said encryption key by said originating system to generate respectively an encrypted originating system ID and a second encrypted password;
  
  transmitting said encrypted originating system ID and said second encrypted password to said answering system by said originating system;
  
  decrypting said encrypted originating system ID and said second encrypted password with said encryption key to produce respectively said originating system ID and a second originating system password and verifying authenticity of said originating system ID and said second originating system password by said answering system, thereby verifying combination of said token system and said originating system as an authorized pair;
  
  transmitting an access granted signal by said answering system to said originating system;
  
  said token system and said answering system independently altering said dynamic secret with said change value to produce a second dynamic secret;
  
  said originating system encrypting information to be sent by said originating system to said answering system, and decrypting information received by said originating system from said answering system until all sessions of a system connection between said originating system and said answering system are completed;
  
  said answering system encrypting information to be sent by said answering system to said originating system, and decrypting information received by said answering system from said originating system until all sessions of a system connection between said originating system and said answering system are completed; and
  
  repeating all of the above steps in event a new system connection between said originating system and said answering system is made.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The method of claim 37, wherein said token system ID, said answering system ID, and said originating system ID are altered by a component of said second pseudo-random result upon completion of said system connection.
  - 39. The method of claim 37, wherein said token system ID and said answering system ID are altered by a component of said second pseudo-random result upon completion of said system connection.
  - 40. The method of claim 37, wherein a component of said first pseudo-random result is used to alter said static secret and said dynamic secret, and a component of said second pseudo-random result is used to alter said token system ID, said answering system ID, and said originating system ID.
  - 41. The method of claim 37, wherein the step of said token system and said answering system independently combining, and the step of said token system and said answering system independently hashing are repeated to increase a bit length of said second pseudo-random result.

42. A method of securing information exchanged over a communication link between an answering system, and an originating system in electrical communication with a token system, which comprises the steps of:
- said token system verifying authenticity of a first answering system ID received from said originating system, said originating system verifying authenticity of a second answering system ID received from said answering system by way of said communication link, and said answering system verifying authenticity of a token system ID received from said token system by way of said originating system and said communication link;
  
  said token system and said answering system independently creating a pseudo-random message digest, and independently extracting from said pseudo-random message digest an encryption key, an originating system password, an answering system password, and a change value;
  
  said originating system receiving an encrypted answering system password from said answering system by way of said communication link, and said encryption key and said originating system password from said token system, using said encryption key to decrypt said encrypted answering system password to produce a second answering system password which is provided to said token system, and to encrypt an originating system ID and said originating system password to provide respectively an encrypted originating system ID and an encrypted originating system password that are sent by way of said communication link to said answering system;
  
  said token system verifying authenticity of said second answering system password;
  
  said answering system receiving said encrypted originating system ID and said encrypted originating system password from said originating system by way of said communication link, using said encryption key to decrypt said encrypted originating system ID and said encrypted originating system password to produce respectively said originating system ID and a second originating system password, and to encrypt said answering system password created by said answering system to produce said encrypted answering system password, and verifying authenticity of said originating system ID, said second originating system password, and use of said token system in combination with said originating system; and
  
  said answering system and said originating system using said encryption key to encrypt and decrypt said information exchanged over said communication link.
- View Dependent Claims (43, 44, 45, 46)
- - 43. The method of claim 42 wherein said encryption key also is pseudo-random, symmetric, deterministic, and non-predictable.
  - 44. The method of claim 42, wherein said method is a single sign-on method.
  - 45. The method of claim 42, wherein said pseudo-random message digest is created by said token system and said answering system independently bit-shuffling a static secret and a dynamic secret, and performing a many-to-few bit mapping to produce a pseudo-random result, and thereupon performing a second many-to-few bit mapping on said result.
  - 46. The method of claim 45, wherein said second many-to-few bit mapping is accomplished by said token system and said answering system independently applying a Secure Hash Algorithm to said result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
The PacID Group, LLC (Marathon Patent Group, Inc.)
Inventors
Alito, Paul N, Fielder, Guy L
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/815,403
Time in Patent Office

995 Days
Field of Search

380/4, 380/9, 380/21, 380/23, 380/25, 380/28, 380/49, 380/50, 380/59, 380/29, 380/30, 395/186, 395/187.01
US Class Current

713/169
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Bilateral authentication and information encryption token system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Bilateral authentication and information encryption token system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links