Remote generated, device identifier key for use with a dual-key reflexive encryption security system
First Claim
1. A security system for granting access to a host computer in response to a demand from a remote computer, each said computer having a central processing unit (CPU), an operating system, and device data for identifying an associated portion thereof, said security system comprising:
- a data encryption standard (DES) program within said remote computer, said DES program, in turn, comprising;
a first encryption key with an associated identifier in encrypted form in said remote computer;
key initiator means for generating a device-data-derived (D3) key, said key initiator means within said remote computer providing retrieval of said device data, usage thereof to generate said D 3 key, said D3 key for decrypting said first encryption key, and transfer of said D3 key to the DES program;
a second encryption key in said host computer providing encrypting/decrypting corresponding to that of said first encryption key, said second encryption key being selected by utilizing said associated identifier of said first key;
a transitory encryption key generated by said host computer , said transitory encryption key for decrypting encrypted identifying data transmitted from said remote computer and for encrypting challenge data for transmission to said remote computer;
comparator means in said host computer for authenticating access demands in response to encryptions of said identifying data and said challenge data transmitted from said remote computer;
whereby access is granted by the host computer to the remote computer upon said unencrypted identifier provided by the remote computer enabling the selection of said selectable encryption key, the encryption therewith of a transitory encryption key and the transmission thereof to said remote computer, and the successful comparison at the host computer of encrypted identifying data encrypted with the transitory key at the remote computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A security system is disclosed, which system is for granting access to a host computer in response to a demand from a remote computer. The security system has a permanent encryption key mounted on the remote computer. The software portion of the system provides for the identification number associated with the permanent encryption key to be sent unencrypted to the host computer. Using the identification number the host computer selects an encryption device and encrypts a transitory encryption key generated by the host computer and transmits the transitory encryption key to the remote for emplacement on a write-only receptor in the permanent encryption key. Thereafter a comparator in the host computer, in response to encrypted identifying data transmitted from the remote computer and encrypted with said the transitory encryption key, authenticates the access demand. Access is granted by the host computer to the remote computer upon the favorable comparison of an encrypted identifier provided by the remote computer.
204 Citations
19 Claims
-
1. A security system for granting access to a host computer in response to a demand from a remote computer, each said computer having a central processing unit (CPU), an operating system, and device data for identifying an associated portion thereof, said security system comprising:
-
a data encryption standard (DES) program within said remote computer, said DES program, in turn, comprising; a first encryption key with an associated identifier in encrypted form in said remote computer; key initiator means for generating a device-data-derived (D3) key, said key initiator means within said remote computer providing retrieval of said device data, usage thereof to generate said D 3 key, said D3 key for decrypting said first encryption key, and transfer of said D3 key to the DES program; a second encryption key in said host computer providing encrypting/decrypting corresponding to that of said first encryption key, said second encryption key being selected by utilizing said associated identifier of said first key; a transitory encryption key generated by said host computer , said transitory encryption key for decrypting encrypted identifying data transmitted from said remote computer and for encrypting challenge data for transmission to said remote computer; comparator means in said host computer for authenticating access demands in response to encryptions of said identifying data and said challenge data transmitted from said remote computer; whereby access is granted by the host computer to the remote computer upon said unencrypted identifier provided by the remote computer enabling the selection of said selectable encryption key, the encryption therewith of a transitory encryption key and the transmission thereof to said remote computer, and the successful comparison at the host computer of encrypted identifying data encrypted with the transitory key at the remote computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing security for a first computer in a system having a second computer making access demands upon said first computer, each said computer having a central processing unit (CPU), an operating system, and device data for identifying an associated portion thereof, said second computer having installed thereon a device-data derived (D3) key generator, a permanent encryption key, and an encryption program therefor, said first computer having a validating program for authenticating access demands including a selectable encryption key corresponding to said permanent encryption key, said method comprising the steps of:
-
(1) generating a D3 key using the device data of the second computer; (2) encrypting the D3 key and storing the resultant encryption thereof in said first encryption key; (3) upon making an access demand, detecting by the second computer the presence of said validating program in said first computer; (4) entering identifying data transmitted from said first computer into said permanent encryption key of said second computer; (5) authenticating said access demand by said first computer by dual-key reflexive encryption transmission including encrypted D3 key from said second computer and by an acceptable comparison of the decrypted form thereof at said first computer; (6) upon authentication, connecting said second computer to said first computer; and
,(7) providing access by said second computer to said first computer. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification