Remote generated, device identifier key for use with a dual-key reflexive encryption security system

US 6,044,154 A
Filed: 09/24/1997
Issued: 03/28/2000
Est. Priority Date: 10/31/1994
Status: Expired due to Term

First Claim

Patent Images

1. A security system for granting access to a host computer in response to a demand from a remote computer, each said computer having a central processing unit (CPU), an operating system, and device data for identifying an associated portion thereof, said security system comprising:

a data encryption standard (DES) program within said remote computer, said DES program, in turn, comprising;

a first encryption key with an associated identifier in encrypted form in said remote computer;

key initiator means for generating a device-data-derived (D³) key, said key initiator means within said remote computer providing retrieval of said device data, usage thereof to generate said D ³ key, said D³ key for decrypting said first encryption key, and transfer of said D³ key to the DES program;

a second encryption key in said host computer providing encrypting/decrypting corresponding to that of said first encryption key, said second encryption key being selected by utilizing said associated identifier of said first key;

a transitory encryption key generated by said host computer , said transitory encryption key for decrypting encrypted identifying data transmitted from said remote computer and for encrypting challenge data for transmission to said remote computer;

comparator means in said host computer for authenticating access demands in response to encryptions of said identifying data and said challenge data transmitted from said remote computer;

whereby access is granted by the host computer to the remote computer upon said unencrypted identifier provided by the remote computer enabling the selection of said selectable encryption key, the encryption therewith of a transitory encryption key and the transmission thereof to said remote computer, and the successful comparison at the host computer of encrypted identifying data encrypted with the transitory key at the remote computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system is disclosed, which system is for granting access to a host computer in response to a demand from a remote computer. The security system has a permanent encryption key mounted on the remote computer. The software portion of the system provides for the identification number associated with the permanent encryption key to be sent unencrypted to the host computer. Using the identification number the host computer selects an encryption device and encrypts a transitory encryption key generated by the host computer and transmits the transitory encryption key to the remote for emplacement on a write-only receptor in the permanent encryption key. Thereafter a comparator in the host computer, in response to encrypted identifying data transmitted from the remote computer and encrypted with said the transitory encryption key, authenticates the access demand. Access is granted by the host computer to the remote computer upon the favorable comparison of an encrypted identifier provided by the remote computer.

204 Citations

19 Claims

1. A security system for granting access to a host computer in response to a demand from a remote computer, each said computer having a central processing unit (CPU), an operating system, and device data for identifying an associated portion thereof, said security system comprising:
- a data encryption standard (DES) program within said remote computer, said DES program, in turn, comprising;
  
  a first encryption key with an associated identifier in encrypted form in said remote computer;
  
  key initiator means for generating a device-data-derived (D³) key, said key initiator means within said remote computer providing retrieval of said device data, usage thereof to generate said D ³ key, said D³ key for decrypting said first encryption key, and transfer of said D³ key to the DES program;
  
  a second encryption key in said host computer providing encrypting/decrypting corresponding to that of said first encryption key, said second encryption key being selected by utilizing said associated identifier of said first key;
  
  a transitory encryption key generated by said host computer , said transitory encryption key for decrypting encrypted identifying data transmitted from said remote computer and for encrypting challenge data for transmission to said remote computer;
  
  comparator means in said host computer for authenticating access demands in response to encryptions of said identifying data and said challenge data transmitted from said remote computer;
  
  whereby access is granted by the host computer to the remote computer upon said unencrypted identifier provided by the remote computer enabling the selection of said selectable encryption key, the encryption therewith of a transitory encryption key and the transmission thereof to said remote computer, and the successful comparison at the host computer of encrypted identifying data encrypted with the transitory key at the remote computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A security system as described in claim 1 further comprising:
    - validating program in said host computer for authenticating access demands, said validating program having a transitory encryption; and
      
      ,an encryption program in said remote computer capable of detecting, upon the occurrence of an access demand, the presence of said validating program in said host computer.
  - 3. A security system as described in claim 2 wherein said unencrypted identifying data is an identification number and said encrypted identifying data is a password.
  - 4. A security system as described in claim 3 wherein said encryption program at said remote computer using said first encryption key, decrypts the transitory key received from the host computer, and, using the transitory key, encrypts the password for reflexive transmission thereof to the host computer, said validating program means authenticating the access demand by decoding the encrypted password and comparing the same to a record thereof.
  - 5. A security system as described in claim 4 wherein said first encryption key is within said data encryption standard (DES) program and wherein after decoding, said transitory key is placed on a write-only portion of said DES program.
  - 6. A security system described in claim 5 wherein said remote computer has installed therein a communications program, wherein upon the remote computer detecting said validating program, the encryption program interrupts said communications program during said authenticating procedures;
    - and, upon authentication, resumes said communications program.
  - 7. A security system as described in claim 1 wherein said unencrypted identifying data is an identification number and said encrypted identifying data is a challenge statement received encrypted from the said host computer using the selectable encryption key.
  - 8. A security system as described in claim 7 wherein said encryption program at said remote computer using said first encryption key, decrypts the transitory key received from the host computer, and, using the transitory key, encrypts the challenge statement for reflexive transmission to the host computer, said validating program means authenticating the access demand by decoding the encrypted challenge statement and comparing the same to a record thereof.
  - 9. A security system as described in claim 8 wherein said encryption key is a data encryption standard (DES) token and wherein after decoding, said transitory key is placed on a write-only portion of said DES program.
  - 10. A security system described in claim 9 wherein said remote computer has installed therein a communications program, wherein upon the remote computer detecting said validating program, the encryption program interrupts said communications program during said authenticating procedures;
    - and, upon authentication, resumes said communications program.

11. A method of providing security for a first computer in a system having a second computer making access demands upon said first computer, each said computer having a central processing unit (CPU), an operating system, and device data for identifying an associated portion thereof, said second computer having installed thereon a device-data derived (D³) key generator, a permanent encryption key, and an encryption program therefor, said first computer having a validating program for authenticating access demands including a selectable encryption key corresponding to said permanent encryption key, said method comprising the steps of:
- (1) generating a D³ key using the device data of the second computer;
  
  (2) encrypting the D³ key and storing the resultant encryption thereof in said first encryption key;
  
  (3) upon making an access demand, detecting by the second computer the presence of said validating program in said first computer;
  
  (4) entering identifying data transmitted from said first computer into said permanent encryption key of said second computer;
  
  (5) authenticating said access demand by said first computer by dual-key reflexive encryption transmission including encrypted D³ key from said second computer and by an acceptable comparison of the decrypted form thereof at said first computer;
  
  (6) upon authentication, connecting said second computer to said first computer; and
  
  ,(7) providing access by said second computer to said first computer.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. A method as described in claim 11 wherein said identifying data is an identification number and a password.
  - 13. A method as described in claim 12 wherein step (3) further comprises the substeps of:
    - (a) sending unencrypted an identification member from said second computer to said first computer;
      
      (b) by use of said selectable encryption key, sending encrypted a transitory key from said first computer to said second computer;
      
      (c) by use of said permanent encryption key, decoding at the second computer said encrypted transitory key;
      
      (d) by use of said transitory key at the second computer, sending encrypted said password from said second computer to said first computer; and
      
      , (e) completing authentication at the first computer by decrypting said password and comparing the same to a record thereof.
  - 14. A method as described in claim 13 wherein said permanent encryption key is a data encryption standard (DES) token and wherein said transitory key is placed on a write-only portion of said DES program.
  - 15. A method as described in claim 14 wherein said second computer has installed therein a communications program, said method further comprising the step of:
    - upon the second computer detecting said validating program, interrupting said communications program during said authenticating procedures; and
      
      ,said method further comprising the step of;
      
      upon authentication, resuming the communications program.
  - 16. A method as described in claim 11 wherein said identifying data is an identification number and a challenge statement.
  - 17. A method as described in claim 16 wherein step (3) further comprises the substeps of:
    - (a) sending unencrypted an identification number from said second computer to said first computer;
      
      (b) by use of said selectable encryption key, sending encrypted transitory key with a challenge statement from said first computer to second remote computer;
      
      (c) by use of said permanent encryption key, decoding at the second computer said encrypted transitory key;
      
      (d) by use of said transitory key at the second computer, sending encrypted said challenge statement from said second computer to said first computer;
      
      (e) completing authentication at the first computer by decrypting said challenge statement and comparing the same to a record thereof.
  - 18. A method as described in claim 17 wherein said permanent encryption key is a data encryption standard (DES) token and wherein said transitory key is placed on a write-only portion of said DES program.
  - 19. A method as described in claim 18 wherein said second computer has installed therein a communications program, said method further comprising the step of:
    - upon the second computer detecting said validating program, interrupting said communications program during said authenticating procedures; and
      
      ,said method further comprising the step of;
      
      upon authentication, resuming the communications program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Communications Devices Incorporated
Original Assignee
Communications Devices Incorporated
Inventors
Kelly, Tadhg
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/937,547
Time in Patent Office

916 Days
Field of Search

380/21, 380/25, 708/229, 713/201
US Class Current

713/155
CPC Class Codes

G06F 21/31   User authentication

G06F 2211/007   Encryption, En-/decode, En-...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

Remote generated, device identifier key for use with a dual-key reflexive encryption security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

204 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Remote generated, device identifier key for use with a dual-key reflexive encryption security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

204 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links