Tamper detection and secure power failure recovery circuit

US 7,205,883 B2
Filed: 10/07/2002
Issued: 04/17/2007
Est. Priority Date: 10/07/2002
Status: Active Grant

First Claim

Patent Images

1. A security system comprising:

a token comprising;

non-volatile random access memory (NVRAM) for storing security data for use during a step of secure authentication;

an interface for providing communication between the token and a host system when coupled thereto; and

a processor for performing the steps of;

receiving authentication data via the interface;

authenticating the token for performing security functions in response to correct authentication data;

providing secure information via the interface in response to the correct authentication data;

storing security data relating to the secure information within the NVRAM of the token in response to correct authentication data; and

re-authenticating the token for performing security functions using the security data stored in the NVRAM of the token in response to receipt of the secure information after a reset of the token has occurred.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system including a token and a host system. The token includes volatile random access memory for storing security data for use during a step of secure authentication, an interface for providing communication with a host system when coupled thereto, and a processor. The processor performs the steps of authenticating a host system and the token, providing secure information to the host system upon authentication therewith, and re-authenticating the host system and the token in response to receipt of the secure information after a reset of the token has occurred.

Citations

18 Claims

1. A security system comprising:
- a token comprising;
  
  non-volatile random access memory (NVRAM) for storing security data for use during a step of secure authentication;
  
  an interface for providing communication between the token and a host system when coupled thereto; and
  
  a processor for performing the steps of;
  
  receiving authentication data via the interface;
  
  authenticating the token for performing security functions in response to correct authentication data;
  
  providing secure information via the interface in response to the correct authentication data;
  
  storing security data relating to the secure information within the NVRAM of the token in response to correct authentication data; and
  
  re-authenticating the token for performing security functions using the security data stored in the NVRAM of the token in response to receipt of the secure information after a reset of the token has occurred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A security system according to claim 1, wherein the host system further comprises:
    - an interface port for interfacing with the token,a host processor for performing instructions in dependence upon instruction data, andmemory comprising instruction memory for storing of instructions for performing a step of secure re-authentication and non-volatile random access host memory for storing secure information received from the token and for use in secure re-authentication.
  - 3. A security system according to claim 2, wherein the token further comprises:
    - a tamper detection device for detecting of tampering within the security system and for providing a tamper signal when tampering is detected; and
      
      a memory clear circuit for clearing the security data within the token in response to the tamper signal.
  - 4. A security system according to claim 3, wherein the tamper detection device comprises a secure housing and tamper detection circuitry, the non-volatile random access host memory being located within the physical boundaries of the secure housing.
  - 5. A security system according to claim 4, wherein the tamper detection circuitry comprises a circuit for transmitting a tamper signal when then the secure housing is opened.
  - 6. A security system according to claim 4, wherein the tamper detection circuitry comprises a circuit for transmitting a tamper signal when the security system is other than coupled to a ground.
  - 7. A security system according to claim 4, wherein the tamper detection circuitry comprises a circuit for transmitting a tamper signal when the token is removed from a peripheral component interface slot.
  - 8. A security system according to claim 1, comprising:
    - a voltage source internal to the token for providing a supply voltage to the token for a predetermined amount of time, when an external voltage source providing a supply voltage to the security system is disrupted.

9. A method for secure re-authentication of a secure server comprising the steps of:
- transmitting authentication data from a host system to a token for authentication by the token;
  
  receiving key data provided by the token at the host system in response to the transmitted authentication data;
  
  storing the key data on the host system in non-volatile memory thereof;
  
  storing re-authentication data within the token based on the key data provided to the host system;
  
  providing the key data from the host system to the token for secure re-authentication by the token upon a resumption of power following a power failure resulting in a power outage to the token;
  
  retrieving the stored re-authentication data within the token;
  
  comparing the authentication data received from the host to the retrieved re-authentication data within the token; and
  
  re-authenticating the host system to the token when the key data is correct key data associated with the stored re-authentication data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. A method for secure re-authentication according to claim 9, wherein authentication code is a password.
  - 11. A method for secure re-authentication according to claim 9, wherein memory within the token is powered by a capacitor such that for a predetermined time after external power is other than provided to the token, the memory within the token retains data stored therein.
  - 12. A method for secure re-authentication according to claim 9, wherein the step of storing re-authentication data within the token includes a step of encrypting the re-authentication data.
  - 13. A method for secure re-authentication according to claim 9, further comprising the steps of:
    - generating on the token the key data.
  - 14. A method for secure re-authentication according to claim 9, comprising the steps of:
    - generating on the token a first, a second, and a third additional secondary authentication key;
      
      storing on the token at a least one of the first, second and third additional secondary authentication keys in memory; and
      
      securing on the token secondary authorization key data with the at least one of the additional secondary authentication keys stored within memory.
  - 15. A method for secure re-authentication according to claim 14, wherein the third additional secondary authentication key is created in dependence upon the first and the second additional secondary authentication keys.
  - 16. A method for secure re-authentication according to claim 15, wherein the third additional secondary authentication key is created by means of a bit-wise exclusive-or (XOR) operation.
  - 17. A method for secure re-authentication according to claim 12, further comprising the steps of:
    - creating on the host system an encryption key; and
      
      sending from the host system to the token the encryption key.
  - 18. A method for secure re-authentication according to claim 17, wherein at least one of a first, a second and a third additional secondary authorization keys is encrypted and decrypted with the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rainbow Technologies, Inc. (Thales SA)
Original Assignee
SafeNet Incorporated (Thales SA)
Inventors
Bailey, Doug
Primary Examiner(s)
Hofsass; Jeffery
Assistant Examiner(s)
AU, SCOTT D

Application Number

US10/265,127
Publication Number

US 20040066274A1
Time in Patent Office

1,653 Days
Field of Search

340/5.3, 713179-185, 235375-382
US Class Current

340/5.3
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 21/554   involving event detection a...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 9/40   Network security protocols

Tamper detection and secure power failure recovery circuit

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Tamper detection and secure power failure recovery circuit

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links