System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record
First Claim
1. A machine system having plural work stations and being adapted for maintaining confidential digital information in encrypted form while granting intelligible access to such confidential information to users who are authorized for such access by a combination of a user-supplied password and a presented passport, said machine system comprising:
- (a) a passport generator, provided within a first of the plural stations of said system, for generating within the first station an in-station passport, wherein the in-station passport includes;
(a.1) a first secured-by-encryption key derived from a first password of a first authorized user; and
(a.2) a second secured-by-encryption key that is different from the first secured key;
where provision within the first station is required of plaintext versions of both of the first and the second secured keys for allowing occurrence of said intelligible access to the first authorized user for accessing corresponding confidential information; and
(b) a passport exporter, provided within the first station, for generating within the first station an exportable passport, wherein said exportable passport includes a copy of the first secured key but does not include a copy of the second secured key.
1 Assignment
0 Petitions
Accused Products
Abstract
A system is disclosed for controlling intelligible access to secured files by means of a user-memorized password in combination with a user-associated passport record. The passport record takes on two forms, one when it is physically secured within the workstation and a different second form when the passport record is in-transit. Log-in privileges are granted after a presented passport record passes a number of tests including digital signature authentication, and the ability to extract two different encrypted keys from the passport record. The in-transit record does not carry one of those two keys.
-
Citations
73 Claims
-
1. A machine system having plural work stations and being adapted for maintaining confidential digital information in encrypted form while granting intelligible access to such confidential information to users who are authorized for such access by a combination of a user-supplied password and a presented passport, said machine system comprising:
-
(a) a passport generator, provided within a first of the plural stations of said system, for generating within the first station an in-station passport, wherein the in-station passport includes;
(a.1) a first secured-by-encryption key derived from a first password of a first authorized user; and
(a.2) a second secured-by-encryption key that is different from the first secured key;
where provision within the first station is required of plaintext versions of both of the first and the second secured keys for allowing occurrence of said intelligible access to the first authorized user for accessing corresponding confidential information; and
(b) a passport exporter, provided within the first station, for generating within the first station an exportable passport, wherein said exportable passport includes a copy of the first secured key but does not include a copy of the second secured key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
(a.3) random number generating means for producing a substantially random first bit sequence defining a plaintext version of said first secured key;
(a.4) a hasher for receiving said first password and producing therefrom a hashed password signal; and
(a.5) a first encrypting unit for receiving as inputs, the hashed password signal and the first bit sequence, for carrying out a first encrypting operation on its received inputs, and for responsively outputting the first secured key.
-
-
3. A machine system according to claim 2 wherein said passport generator further includes:
-
(a.6) a private key supplier for supplying a second bit sequence defining a plaintext version of said second secured key; and
(a.7) a second encrypting unit for receiving as inputs, the first bit sequence and the second bit sequence, for carrying out a second encrypting operation on its received inputs, and for responsively outputting the second secured key.
-
-
4. A machine system according to claim 3 wherein said passport generator further includes:
-
(a.8) a public key supplier for supplying a third bit sequence representing a public key of the first user; and
(a.9) a third encrypting unit for receiving as inputs, the first bit sequence and the third bit sequence, for carrying out a third encrypting operation on its received inputs, and for responsively outputting a third secured key; and
further wherein;
the in-station passport includes a copy of the third secured key; and
the exportable passport does not include a copy of the third secured key.
-
-
5. A machine system according to claim 4 wherein:
-
(a.5a) said first encrypting operation is a symmetric encryption (SE) using the first bit sequence as a data-input and using the hashed password signal as a key-input;
(a.7a) said second encrypting operation is a symmetric encryption (SE) using the first bit sequence as a key-input and using the second bit sequence as a data-input; and
(a.9a) said third encrypting operation is an asymmetric encryption (AE) using the using the first bit sequence as a data-input and using the public key of the first user as a key-input.
-
-
6. The machine system of claim 2 wherein said random number generating means is kept physically secured within said first station.
-
7. The machine system of claim 2 wherein said random number generating means produces a pseudo-random bit sequence which is at least 128 bits in length.
-
8. The machine system of claim 7 wherein said hasher produces a hashed result which is at least 128 bits in length.
-
9. A machine system according to claim 1 further comprising:
-
(c) first data conveyance means, provided within the first station, for conveying either into the first station, or out of the first station, first data representing said encrypted form of the confidential digital information; and
(d) second data conveyance means, provided within the first station, for conveying out of the first station, second data representing the exportable passport.
-
-
10. A machine system according to claim 9 wherein:
-
(c.1) said first data conveyance means records the first data into a portable memory means; and
(d.1) said second data conveyance means transmits the second data by way of a conveyance channel that does not include said first portable memory means.
-
-
11. The machine system of claim 1 wherein said exportable passport is an exported electronic signal.
-
12. The machine system of claim 1 wherein said in-station passport is kept physically secured within said first station.
-
13. A machine system for maintaining confidential digital information in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for such access by a combination of a password and a passport, said machine system comprising:
-
(a) a passport inspector for receiving a user password supplied at a given station, for locating an in-station passport associated with the user, and for verifying correlation between the user-supplied password and the user-associated in-station passport;
wherein the in-station passport includes;
(a.1) a first secured-by-encryption key derived from a valid password of the passport-associated user;
(a.2) a second secured-by-encryption key covered by a plaintext version of the first secured key; and
(a.3) a third secured-by-encryption key that is different from the first secured key; and
wherein the correlation verification carried out by the passport inspector includes;
(a.4) generating a first attempt signal by attempting to uncover the first secured key with the user-submitted password;
(a.5) generating a second attempt signal by attempting to uncover the second secured key with the first attempt signal;
(a.6) generating a third attempt signal by attempting to uncover the third secured key; and
(a.7) performing format checking on each of the second attempt signal and the third attempt signal to verify that said second and third attempt signals conform to respective and predefined formats. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
(a.2a) said second secured-by-encryption key is part of a first public/private key pair and said predefined format of the second attempt signal corresponds to a predefined encryption and decryption algorithm that uses said first public/private key pair; and
(a.3a) said third secured-by-encryption key is part of a second public/private key pair and said predefined format of the third attempt signal corresponds to a predefined encryption and decryption algorithm that uses said second public/private key pair.
-
-
15. A machine system according to claim 13 wherein:
-
(a.7a) said respective and predefined format verifications for the second and third attempt signals are defined by at least one member of the group consisting of;
(a.7a1) verifying that the attempt signal has a predefined number of fields and that entries is such fields conform to a preestablished definition of what entries are valid in each of those fields;
(a.7a2) verifying that the attempt signal has a predefined bit length;
(a.7a3) verifying that predefined value ranges for exponent and modulus parts of the respective attempt signal are conformed to;
(a.7a4) verifying that the attempt signal has a predefined and embedded error detection or error detection and correction field and that such an error detection and/or correction field provides a self checking indication that the attempt signal is free of error; and
(a.7a5) verifying that the attempt signal conforms to ASN.1 notation format.
-
-
16. A machine system according to claim 13 wherein:
(a.8) said in-station passport that is associated with said user is one of a plurality of in-station passports that are associated with respective ones of plural users.
-
17. The machine system of claim 16 wherein:
-
(a.8) each of said plural in-station passports includes a user identification field containing a plaintext user identification of a respective one of the plural users; and
(a.9) said passport inspector is further adapted for receiving a user identification signal supplied at the given station, and for performing said locating of the in-station passport associated with the user by finding an in-station passport whose user identification field contains a plaintext user identification matching the supplied user identification signal.
-
-
18. A machine system according to claim 13 and further comprising within said first station:
-
(b) a hashing unit for hashing a supplied password and thereby producing a hashed password signal; and
(c) a first symmetric encrypting unit coupled to receive as an encrypting key, a symmetric key derived from said hashed password signal, and coupled to receive as input data, a plaintext version of said first secured-by-encryption key, the first symmetric encrypting unit being adapted to responsively produce said first secured-by-encryption key.
-
-
19. A machine system according to claim 13 and further comprising within said first station:
(b) password changing means, responsive to a supplying of a new, substitute password to the first station by the user associated with the in-station passport and adapted to correspondingly change fields of the associated in-station passport that contain said first secured-by-encryption key.
-
20. The machine system of claim 19 and further comprising within said first station:
-
(c) a random number generator adapted to generate a new random bit sequence in response to the supplying of said new, substitute password to the first station by the user;
(b.1) wherein the password changing means includes;
(b.1a) a symmetric encrypting unit coupled to receive the new random bit sequence as data that is to be encrypted thereby, and further coupled to receive a hashed version of the new, substitute password as an encryption key for use in encrypting the new random bit sequence; and
(b.1b) passport overwrite means, for overwriting into said in-station passport as a substitute for the first secured-by-encryption key, a modified first secured-by-encryption key that is derived from an output of said symmetric encrypting unit.
-
-
21. The machine system of claim 20 wherein said password changing means allows authorized users to change their respective passwords without intervention from a system administrator.
-
22. A machine system according to claim 13 and further comprising within said first station:
(b) a release-blocking mechanism, operatively coupled to said passport inspector, for receiving one or more format error signals from the passport inspector indicative of findings of errors by said format checking on one or both of the second attempt signal and the third attempt signal, and for blocking release of a file-decrypting key in response to one or more indications of such format errors.
-
23. The machine system of claim 22 wherein said release-blocking mechanism comprises:
(b.1) a decrypting mechanism, operatively coupled to the in-station passport for deriving therefrom a plaintext version of the second secured-by-encryption key and for using the derived plaintext version of the second key to produce a plaintext version of said file-decrypting key.
-
24. The machine system of claim 23 wherein said decrypting mechanism includes an asymmetric decrypting unit and wherein said second key is a private key of the user.
-
25. A machine-implemented method for maintaining confidential digital information in encrypted form while allowing for intelligible access to such confidential information by users who are authorized for such access by a combination of a password and a passport, said method comprising the steps of:
-
(a) receiving a user password supplied at a given station;
(b) fetching an in-station passport associated with the user, wherein the in-station passport includes;
(b.1) a first secured-by-encryption key derived from a valid password of the passport-associated user;
(b.2) a second secured-by-encryption key covered by a plaintext version of the first secured key; and
(b.3) a third secured-by-encryption key that is different from the first secured key; and
(c) verifying correlation between the user-supplied password and the user-associated in-station passport, wherein said correlation verification includes performance within the given station of the following steps;
(c.1) generating a first attempt signal by attempting to uncover the first secured key with the user-submitted password;
(c.2) generating a second attempt signal by attempting to uncover the second secured key with the first attempt signal;
(c.3) generating a third attempt signal by attempting to uncover the third secured key; and
(c.4) performing format checking on each of the second attempt signal and the third attempt signal to verify that said second and third attempt signals conform to respective and predefined formats. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
(a.2a) said second secured-by-encryption key is part of a first public/private key pair and said predefined format of the second attempt signal corresponds to a predefined encryption and decryption algorithm that uses said first public/private key pair; and
(a.3a) said third secured-by-encryption key is part of a second public/private key pair and said predefined format of the third attempt signal corresponds to a predefined encryption and decryption algorithm that uses said second public/private key pair.
-
-
27. A machine-implemented method according to claim 25 wherein:
-
(a.7a) said respective and predefined format verifications for the second and third attempt signals are defined by at least one member of the group consisting of;
(a.7a1) verifying that the attempt signal has a predefined number of fields and that entries is such fields conform to a preestablished definition of what entries are valid in each of those fields;
(a.7a2) verifying that the attempt signal has a predefined bit length;
(a.7a3) verifying that predefined value ranges for exponent and modulus parts of the respective attempt signal are conformed to;
(a.7a4) verifying that the attempt signal has a predefined and embedded error detection or error detection and correction field and that such an error detection and/or correction field provides a self checking indication that the attempt signal is free of error; and
(a.7a5) verifying that the attempt signal conforms to ASN.1 notation format.
-
-
28. A machine-implemented method according to claim 25 wherein:
-
(a.8) said in-station passport that is associated with said user is one of a plurality of in-station passports that are associated with respective ones of plural users and said step of fetching includes;
(b.1) identifying from among said plurality of in-station passports, the in-station passport that is associated with said user.
-
-
29. The machine-implemented method of claim 25 wherein said step (c.1) of generating the first attempt signal includes performing the following steps within said given station:
-
(c.1a) hashing the supplied password to thereby produce a hashed password signal;
(c.1b) obtaining said first secured key from the fetched in-station passport; and
(c.1c) symmetrically decrypting said obtained first secured key while using as a decryption key, a symmetric key derived from said hashed password signal.
-
-
30. The machine-implemented method of claim 29 wherein said step (c.2) of generating the second attempt signal includes performing the following steps within said given station:
-
(c.2a) obtaining said second secured key from the fetched in-station passport; and
(c.2b) symmetrically decrypting said obtained second secured key while using as a decryption key, said first attempt signal.
-
-
31. The machine-implemented method of claim 29 wherein said step (c.3) of generating the third attempt signal includes performing the following steps within said given station:
-
(c.3a) obtaining the third secured key from the fetched in-station passport; and
(c.3b) symmetrically decrypting said obtained third secured key while using as a decryption key, said first attempt signal.
-
-
32. The machine-implemented method of claim 25 and further comprising performance of the following steps within said given station:
(d) changing the valid password that is to be supplied by the user at the given station by overwriting fields of the associated in-station passport that contain at least said first secured key, said second secured key, and said third secured key.
-
33. The machine-implemented method of claim 32 and further comprising performance of the following steps within said given station:
-
(e) generating a random number signal to serve as a new plaintext version of the first secured key;
(f) symmetrically encrypting the random number signal while using as a encrypting key, a new, substitute password supplied to the given station by the user to thereby produce a new version of the first secured key; and
(g) using the new version of the first secured key for overwriting the corresponding field in said in-station passport that stores the first secured key.
-
-
34. The machine-implemented method of claim 32 wherein said password changing step (d) can be carried out by authorized users without intervention from a system administrator.
-
35. The machine-implemented method of claim 32 wherein a plaintext version of said third secured-by-encryption key is obtained within the given station from an in-station passport before the field of the third secured key is overwritten in the associated in-station passport of the user whose password is being changed.
-
36. The machine-implemented method of claim 25 and further comprising performance of the following steps within said given station:
(d) controlling release of a needed file-decrypting key by blocking such release in response to one or more indications of format errors found during said format checking on one or both of the second attempt signal and the third attempt signal.
-
37. The machine-implemented method of claim 36 wherein said step (c.4) of performing format checking includes:
-
(c.4a) obtaining said second secured key from the fetched in-station passport; and
(c.4b) decrypting the obtained second secured key for deriving therefrom a plaintext version of the obtained second secured key;
and wherein said needed file-decrypting key is stored in encrypted form and wherein said release-controlling step further includes;
(d.1) using the derived plaintext version of the second key to produce a plaintext version of said file-decrypting key.
-
-
38. The machine-implemented method of claim 37 wherein said decrypting of the encrypted and stored file-decrypting key includes performance of an asymmetric decrypting algorithm and wherein said second key is a private key of the user.
-
39. A machine-readable memory for use in a machine system where said machine system includes confidentiality control means which grants to users who are authorized to intelligibly access confidential information, intelligible access such confidential information when digitally stored in encrypted form, where before granting said intelligible access, the confidentiality control means requires authorized users to demonstrate their authorization by presenting a valid user-associated password and by presenting for secured storage in a designated storage location a user-associated passport, said machine-readable memory storing a passport data structure comprising:
-
(a) a first region storing a first secured-by-encryption key derived from a valid password of the passport-associated user;
(b) a second region storing a second secured-by-encryption key that is covered by a plaintext version of the first secured key; and
(c) a third region storing a third secured-by-encryption key that is different from the first secured-by-encryption key and is unique to said designated storage location of the user-associated passport. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
being contained within an interior portion of a housing of a local workstation such that a momentary interloper will find it difficult to easily take possession of the machine-readable memory by indiscernibly removing the machine-readable memory from said housing.
-
-
41. The machine-readable memory of claim 40 wherein said state of being physically-secured within the machine system further includes:
being securely fastened to the interior portion of the housing.
-
42. The machine-readable memory of claim 41 wherein said state of being securely fastened further includes:
being securely fastened to the interior portion of the housing by way of nonconventional fasteners that need specially-keyed tools for unfastening of said fasteners.
-
43. The machine-readable memory of claim 39 where said machine-readable memory is physically-secured within the machine system and said state of being physically-secured within the machine system includes at least:
being contained within an interior portion of a housing, where said housing is fastened to a desk or a floor.
-
44. The machine-readable memory of claim 39 where said machine-readable memory is physically-secured within the machine system and said state of being physically-secured within the machine system includes at least:
being contained within an interior portion of a key-locked computer case.
-
45. The machine-readable memory of claim 39 where said machine-readable memory is physically-secured within the machine system and said state of being physically-secured within the machine system includes at least:
being contained within a local workstation such that signals of the machine-readable memory cannot be easily tapped into by a momentary interloper.
-
46. The machine-readable memory of claim 39 wherein said passport data structure further comprises:
(d) a fourth region storing a digital signature that covers data contained in at least the first, second and third regions.
-
47. The machine-readable memory of claim 46 wherein said digital signature is signed by a private key of the associated user so that a counterpart public key of the associated user can be used to authenticate the digital signature and thereby assure that the passport had not been tampered with and wherein said passport data structure further comprises:
(e) a fifth region storing said counterpart public key of the associated user.
-
48. The machine-readable memory of claim 39 wherein said passport data structure further comprises:
-
(e) a fourth region storing an origination flag that indicates whether the plaintext version of the first secured-by-encryption key originated locally or was imported; and
wherein;
(c.1a) said third secured-by-encryption key is covered by a locally-originated, fourth key;
(a.1) said plaintext version of the first secured-by-encryption key is the same as the fourth key if the origination flag indicates that the first secured-by-encryption key originated locally; and
(a.2) said plaintext version of the first secured-by-encryption key is different from the fourth key if the origination flag indicates that the first secured-by-encryption key was imported.
-
-
49. The machine-readable memory of claim 48 wherein said passport data structure further comprises:
-
(f) a fifth region;
(f.1) where said fifth region stores a secured-by-encryption version of the fourth key in situations where the machine-readable memory is physically-secured within said machine system, (f.2) where said fifth region is blank or is filled with irrelevant information in situations where the machine-readable memory is not physically-secured within said machine system.
-
-
50. The machine-readable memory of claim 49 wherein said passport data structure further comprises:
(e) a sixth region storing a digital signature that covers data contained in at least the first through fifth regions.
-
51. The machine-readable memory of claim 49 wherein said secured-by-encryption version of the fourth key is covered by a public key of the associated user so that, if said passport data structure is physically-secured, the fourth key can be uncovered from the passport data structure by using a counterpart private key of the associated user.
-
52. The machine-readable memory of claim 51 wherein said passport data structure further comprises:
(e) a sixth region storing an alternately encrypted version of the plaintext of the first secured-by-encryption key, said alternately encrypted version being covered by a public key of a trusted third party such that, if the alternately encrypted version is sent to the third party, said third party can uncover the sent and alternately encrypted version with a counterpart, private key of said trusted third party.
-
53. The machine-readable memory of claim 52 wherein said passport data structure further comprises:
-
(f) a seventh region storing a plaintext of a user identification associated with said passport-associated user; and
(g) an eighth region storing a plaintext of the public key associated with said passport-associated user.
-
-
54. The machine-readable memory of claim 39 wherein said passport data structure further comprises:
(e) a fourth region storing an encryption of a predefined string, where said encryption of the predefined string is covered by the plaintext of the first secured-by-encryption key.
-
55. A machine-implemented method for providing intelligible access to algorithmically-secured data stored at a first location in response to an access request submitted at the first location, wherein the access request includes submission of a password and submission of an identification of a requesting user at the first location, and further includes use of a user-associated passport, said method comprising the steps carried out at the first location of:
-
(a) finding a passport associated with the submitted identification, wherein said found passport includes;
(a.1) a first field having a user identification matching the submitted identification and associating the passport with a corresponding user;
(a.2) a second field containing a first algorithmically-secured key derived from a valid password of the passport-associated user; and
(a.3) a third field containing an algorithmically-secured copy of a prespecified bit sequence, said secured copy of the prespecified bit sequence being covered by a plaintext version of the first secured key;
(b) using the submitted password to attempt decryption from the second field of the first secured key, said attempt producing a putative first uncovering of the first secured key;
(c) using the putative first uncovering to attempt decryption from the third field of the secured copy of the prespecified bit sequence, said attempt producing a putative second uncovering of the prespecified bit sequence; and
(d) comparing the putative second uncovering against the prespecified bit sequence. - View Dependent Claims (56, 57, 58, 59)
by generating a random and physically secured, in-station key, by hashing the valid password of the passport-associated user, and by symmetrically encrypting the hashed password with the in-station key. -
59. The machine-implemented method of claim 55 wherein said found passport further includes:
(a.4) a fourth field containing data of a second algorithmically-secured key, where said second algorithmically-secured key is derived from a second counterpart and private key of the passport-associated user and from a plaintext version of said first algorithmically-secured key.
-
-
60. A machine-implemented method for maintaining confidential digital information in encrypted form while granting intelligible access by way of a workstation to such confidential information to a given one of plural users who demonstrates at said workstation proof of authorization to intelligibly access such confidential information;
- said method comprising the steps of;
(a) requiring a putatively authorized user to supply a user-memorized password;
(b) requiring a putatively authorized user to supply a user identification corresponding to the user-memorized password;
(c) requiring within the workstation, presence of a first, in-station-formed passport record that is physically secured within the workstation and that comprises;
(c.1) a user identification field having a user identifying signal corresponding to the supplied identification;
(c.2) a first covered-key field storing a first key that is covered by a covering signal derived from a password provided by an authorized user who corresponds to the user identifying signal; and
(c.3) a gate-keeping field containing a covered private key that is derived from a controlled release within said workstation of a private workstation key. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67)
(c.4) an authenticating text field storing authenticating text that is covered by said first key; and
said pre-authentication includes the steps of;
(d) using the supplied password to attempt a first uncovering from the first covered-key field of the first key; and
(e) using results of the first attempted uncovering to attempt a second uncovering from the authenticating text field of the authenticating text;
(f) comparing results of the second attempted uncovering against a system-specified version of the authenticating text.
- said method comprising the steps of;
-
67. The machine-implemented method of claim 60 wherein said controlled release is limited to a prespecified time of day.
-
68. A signal conveyance device for conveying into a programmable machine, instruction signals for causing said machine to carry out a machine-implemented security method for maintaining confidential digital information in encrypted form while granting intelligible access by way of said machine to such confidential information to one or more users who demonstrate at a user interface of said machine, proof of authorization to intelligibly access such confidential information;
- said security method comprising;
(a) requiring a putatively authorized user to supply at said interface, a user-memorized password;
(b) requiring the putatively authorized user to supply a user identification corresponding to the user-memorized password;
(c) requiring within the machine, presence of a first, in-machine-formed passport record that comprises;
(c.1) a user identification field having a user identifying signal corresponding to the identification supplied by the putatively authorized user;
(c.2) a first covered-key field storing a first key that is covered by a covering signal derived from a password provided by an authorized user who corresponds to the user identifying signal; and
(c.3) a gate-keeping field containing a covered private key that is derived from a controlled release within said machine of a private machine key. - View Dependent Claims (69, 70)
- said security method comprising;
-
71. A signal conveyance device for conveying into a given machine, an in-transit passport signal for allowing said machine to carry out a machine-implemented security method for maintaining confidential digital information in encrypted form while granting intelligible access by way of said machine to such confidential information to a user associated with said in-transit passport signal, provided said associated user demonstrates to said machine, proof of authorization to intelligibly access such confidential information;
- said security method comprising;
(a) requiring the putatively associated user to supply a user-memorized password;
(b) requiring the putatively associated user to supply a user identification corresponding to the user-memorized password;
(c) requiring within the machine, overwriting of at least one blank field of the in-transit passport signal with a gate-keeping signal containing a covered private key that is derived from a controlled release within said machine of a private machine key. - View Dependent Claims (72, 73)
- said security method comprising;
Specification