Solid state key for controlling access to computer systems and to computer software and/or for secure communications

US 4,819,267 A
Filed: 06/09/1987
Issued: 04/04/1989
Est. Priority Date: 02/22/1984
Status: Expired due to Term

First Claim

Patent Images

1. Apparatus for affording access by a user to a computer and/or information residing in a computer, and/or for affording secure communications and comprising an access key capable of generating a password and of being transported independently of the computer, and an access key for verification means adapted to be resident in the computer, for allowing access and use of the software program wherein:

said access key includes;

(a) first clock means for generating a signal;

(b) means for storing a root;

(c) forward algorithm means coupled to said clock means and root storing means for encrypting the root, responsive to the signal from said clock means, into a password;

said access key verification means includes;

(a) second clock means for generating a signal;

(b) means for receiving the password;

(c) inverse algorithm means coupled to said second clock means for decrypting the password and for calculating the root;

(d) means for generating a stimulus and for communication said stimulus to said inverse algorithm means and said access key;

(e) said inverse algorithm means including means for using the stimulus to calculate the root from the password;

said access key includes;

(a) means for receiving the stimulus and communicating the stimulus to said forward algorithm means;

(b) wherein said forward algorithm means includes means for combining the stimulus with the root to produce the password;

(c) means for saving at least a portion of stimulus member;

(d) means for comparing the saved portion of the stimulus number with the next available stimulus number;

(e) means for inverting at least part of the root before the root is communicated to the forward algorithm module responsive to the comparing means if the saved portion does not have a predescribed relationship with the next available stimulus number; and

said access key verification means includes;

(a) second means for saving at least a portion of the stimulus number;

(b) means for merging the saved portion of the stimulus number with the next stimulus number;

(c) second means for storing at least a portion of the root;

(d) means for comparing the portion of the root number saved in the second storing means with the calculated root;

(e) means for generating a suspicion signal depending on whether there is a predetermined relationship between the calculated root and the saved portion of the root.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A semiconductor device that functions as a key to control access to a computer or a software program resident in a computer or provides for secure communications is disclosed. The device executes an algorithm that combines a root and a seed to produce a password. The password is input to the computer. The computer uses an equivalent algorithm to produce a password within the computer. Comparison or other methods are employed to allow access to the computer or computer program or to allow for secure communications. The computer can be coded to produce on a video display thereof a time-space stimulus pattern which can be received by sensors of the key. Alternatively, a keypad can be employed to input the stimulus output from the computer into the access key. Further the present system allows for secure communication using algorithms between different computers and between distant locations.

179 Citations

17 Claims

1. Apparatus for affording access by a user to a computer and/or information residing in a computer, and/or for affording secure communications and comprising an access key capable of generating a password and of being transported independently of the computer, and an access key for verification means adapted to be resident in the computer, for allowing access and use of the software program wherein:
- said access key includes;
  
  (a) first clock means for generating a signal;
  
  (b) means for storing a root;
  
  (c) forward algorithm means coupled to said clock means and root storing means for encrypting the root, responsive to the signal from said clock means, into a password;
  
  said access key verification means includes;
  
  (a) second clock means for generating a signal;
  
  (b) means for receiving the password;
  
  (c) inverse algorithm means coupled to said second clock means for decrypting the password and for calculating the root;
  
  (d) means for generating a stimulus and for communication said stimulus to said inverse algorithm means and said access key;
  
  (e) said inverse algorithm means including means for using the stimulus to calculate the root from the password;
  
  said access key includes;
  
  (a) means for receiving the stimulus and communicating the stimulus to said forward algorithm means;
  
  (b) wherein said forward algorithm means includes means for combining the stimulus with the root to produce the password;
  
  (c) means for saving at least a portion of stimulus member;
  
  (d) means for comparing the saved portion of the stimulus number with the next available stimulus number;
  
  (e) means for inverting at least part of the root before the root is communicated to the forward algorithm module responsive to the comparing means if the saved portion does not have a predescribed relationship with the next available stimulus number; and
  
  said access key verification means includes;
  
  (a) second means for saving at least a portion of the stimulus number;
  
  (b) means for merging the saved portion of the stimulus number with the next stimulus number;
  
  (c) second means for storing at least a portion of the root;
  
  (d) means for comparing the portion of the root number saved in the second storing means with the calculated root;
  
  (e) means for generating a suspicion signal depending on whether there is a predetermined relationship between the calculated root and the saved portion of the root.

2. Apparatus for affording access by a user to a computer and/or information residing in a computer, and/or for affording secure communications and comprising an access key capable of generating a password and of being transported independently of the computer, and an access key verification means adapted to be resident in or function with the computer, for allowing access and use of the software program wherein:
- said access key includes;
  
  (a) first clock means for generating a signal;
  
  (b) means for storing a root;
  
  (c) forward algorithm means coupled to said clock means and root storing means for encrypting the root, responsive to the signal from said clock means, into a password;
  
  said access key verification means includes;
  
  (a) second clock means for generating a signal;
  
  (b) means for receiving the password;
  
  (c) inverse algorithm means coupled to said second clock means for decrypting the password and for calculating the root; and
  
  wherein the computer has a video display, which can display another signal from the access key verification means, and wherein said apparatus further comprising;
  
  said access key verification means including;
  
  (a) a stimulus number generating means for generating a stimulus number;
  
  (b) means for generating said another signal on the video display that is representative of said stimulus number; and
  
  said access key further including;
  
  (a) at least one sensor accessible from the exterior of said access key so that juxtaposition of the access key and the display efforts excitation of the sensor by the another signal;
  
  (b) means coupled to said sensor for using the another signal to produce the stimulus number;
  
  (c) said forward algorithm means including a means for combining the stimulus number with the signal from the clock means to produce the password; and
  
  wherein the signal on the display is comprised of two optical differential pairs; and
  
  wherein each optical pair is comprised of a first field and a second field, one of which fields can be illuminated more than the other field to communicate selectively a logical one or a logical zero signal.
- View Dependent Claims (3, 4)
- - 3. The apparatus of claim 2 wherein one of said optical differential pairs represent a data signal and the other represents a clock signal.
  - 4. The apparatus of claim 3 wherein the pairs alternate being the data signal and the clock signal.

5. A system for transmitting information in a secure fashion comprising:
- a first access key capable of generating a password and adapted to be transported independently of a computer;
  
  wherein said first access key includes;
  
  (a) first means for storing a root;
  
  (b) first forward algorithm means coupled to said first root storing means for encrypting the root into a password;
  
  a first access key verification means adapted to reside in or function with a computer for receiving a password generated by the first access key and for encrypting the information to be transmitted based on the root calculated from the password;
  
  wherein said first access key verification means includes;
  
  (a) first inverse algorithm means for receiving and decrypting the password for calculating the root in order to encrypt the information;
  
  (b) encrypt module means for using the root to encrypt the information;
  
  a second access key capable of generating another password and adapted to be transported independently of another computer;
  
  wherein said second access key includes;
  
  (a) second means for storing the root;
  
  (b) second forward algorithm means coupled to said second root storing means for encrypting the root into another password;
  
  a second access key verification means adapted to reside in or function with the another computer for receiving the another password generated by the second access key and for decrypting the encrypted information based on a value calculated from the password; and
  
  wherein said second access key verification means includes;
  
  (a) second inverse algorithm means for receiving and decrypting the another password for calculating the root in order to decrypt the information;
  
  (b) decrypt module means for using the root to decrypt the information.
- View Dependent Claims (6)
- - 6. The system of claim 5 wherein:
    - at lease one of said first and second access key verification means includes;
      
      (a) means for generating a stimulus and for communicating said stimulus to at least one of said first and second inverse algorithm means respectively, and to at least one of said first and second access keys respectively;
      
      at least one of first and second access keys includes;
      
      (a) means for receiving the stimulus and communicating the stimulus to at least one of said first and second forward algorithm means respectively.

7. A system for protecting information residing in a computer and/or for affording secure communication comprising:
- means separate from the computer for encrypting information in accordance with a root;
  
  an access key capable of generating a password in accordance with the root and of being transported independently of a computer;
  
  wherein said access key includes;
  
  (a) first clock means for generating a signal that is dependent on the elapse of time;
  
  (b) means for storing the root;
  
  (c) forward algorithm means coupled to said clock means and root storing means for encrypting the root into a password responsive to the signal from said clock means;
  
  an access key verification means, adapted to reside in or function with the computer, for using the password to calculate the root and to decrypt the encrypted information with the root;
  
  wherein said access key verification means includes;
  
  (a) second clock means for generating a signal that is dependent on the elapse of time;
  
  (b) means for receiving the password;
  
  (c) inverse algorithm means coupled to said second clock means for decrypting the password for calculating the root.
- View Dependent Claims (8)
- - 8. The apparatus of claim 7 wherein:
    - said access key verification means includes;
      
      (a) means for generating a stimulus and for communication said stimulus to said inverse algorithm and said access key;
      
      said access key includes;
      
      (a) means for receiving the stimulus and communicating the stimulus to said forward algorithm means;
      
      (b) wherein said forward algorithm means includes the means for combining the stimulus with the root to produce the password; and
      
      said access key verification means includes;
      
      (a) said inverse algorithm means including means for using the stimulus to calculate the root from the password.

9. Apparatus for affording access by a user to a computer and/or information residing in a computer, and/or for affording secure communications and comprising an access key capable of generating a password and of being transported independently of the. computer, and an access key verification means adapted to be resident in or function with the computer, for allowing access and use of the software program wherein:
- said access key includes;
  
  (a) first clock means for generating a signal;
  
  (b) means for storing a root;
  
  (c) forward algorithm means coupled to said clock means and root storing means for encrypting the root, responsive to the signal from said clock means, into a password;
  
  said access key verification means includes;
  
  (a) second clock means for generating a signal;
  
  (b) means for receiving the password;
  
  (c) inverse algorithm means coupled to said second clock means for decrypting the password and for calculating the root; and
  
  wherein said signal of said first clock means includes a first signal having shorter time intervals and a second signal having longer time intervals comprised of more than one of the shorter time intervals and with;
  
  said forward algorithm means including means for selecting among a plurality of algorithms;
  
  said first signal for encrypting the root for any selected algorithm;
  
  said second signal for selecting among the plurality of algorithms for encrypting the root.
- View Dependent Claims (10)
- - 10. The apparatus of claim 9 wherein said access key includes:
    - means for displaying the password for a predetermined time frame and for preventing the generation of another password for said predetermined time period.

11. A system for communicating secure information including:
- an information sender having(a) a first clock means for generating a signal that is dependent on the elapse of time;
  
  (b) means for storing a root;
  
  (c) forward algorithm means coupled to said clock means and root storing means for encrypting the root, responsive to the signal from said first clock, into a password and for sending said password;
  
  (d) encryption means coupled to said root storing means for encrypting information input to the sender in accordance with the root and for sending encrypted information;
  
  an information receiver having;
  
  (a) a second clock means for generating a signal that is dependent on the elapse of time;
  
  (b) inverse algorithm means coupled to said second clock means for receiving the password and for calculating said root in accordance with the signal from the second clock means and said password;
  
  (c) decryption module means for receiving said encrypted data and coupled to said inverse algorithm means for receiving said calculated root and for decrypting the encrypted data.
- View Dependent Claims (12, 13, 14)
- - 12. The system for claim 11 wherein:
    - said information receiver includes;
      
      (a) means for generating a stimulus and for communicating said stimulus to said inverse algorithm means and to said sender;
      
      said sender include;
      
      (a) said forward algorithm means for additionally receiving the stimulus and for combining the stimulus with the root to produce the password;
      
      said receiver includes;
      
      (a) said inverse algorithm for additionally using said password and stimulus to calculate the root.
  - 13. The system of claim 12 wherein:
    - said sender includes;
      
      (a) first means for storing a seed and for communicating the stored seed to said forward algorithm means;
      
      (b) said forward algorithm means includes means for selecting among a plurality of algorithms responsive to the stored seed.
  - 14. The system of claim 13 wherein:
    - (a) said seed is a time-dependent algorithm; and
      
      (b) the output from said seed storing means changes with time.

15. A system for transporting valuable data in a highly portable, secure fashion comprising a portable key in which the valuable data can be stored and data extraction means adapted resident in or function of a computer for extraction of the data from the key wherein:
- said key includes;
  
  (a) first clock means for generating a signal that is dependent on the elapse of time;
  
  (b) means for storing the data;
  
  (c) forward algorithm means coupled to said clock means and data storing means for encrypting the data into a password responsive to the signal from said clock means;
  
  said data extraction means includes;
  
  (a) second clock means for generating a signal that is dependent on the elapse of time;
  
  (b) means for receiving the password;
  
  (c) inverse algorithm means coupled to said second clock means for decrypting the password in order to calculate the data.
- View Dependent Claims (16)
- - 16. The system of claim 15 wherein:
    - said data extraction means includes;
      
      (a) means for generating a stimulus and for communicating said stimulus to said inverse algorithm means and said key;
      
      said key includes;
      
      (a) means for receiving the stimulus and communicating the stimulus to said forward algorithm means;
      
      (b) wherein said forward algorithm means includes means for combining the stimulus with the data to produce the password; and
      
      said access key verification means includes(a) said inverse algorithm means including means for using the stimulus to calculate the data.

17. A system for affording access by a user to a computer and/or information residing in a computer with an output device, comprising access key verification means adapted to be resident in or function with the computer, for verfying an encrypted password and allowing access to the computer and/or use of the information, an access key capable of generating an encrypted password and of being transported independently of the computer, and a keypad for facilitating communication between the access key and the access key verification means, wherein:
- said access key verification means includes;
  
  (a) first clock means for generating a signal that is dependent on the elapse of time;
  
  (b) a stimulus number generating means for generating a stimulus number;
  
  (c) means for generating a signal on the display that is representative of said stimulus number; and
  
  said access key includes;
  
  (a) second clock means for generating another signal that is dependent on the elapse of time;
  
  (b) means for storing a root;
  
  (c) at least one sensor accessible from the exterior of said access key,said keypad includes;
  
  (a) means for entering the stimulus number(b) excitation means communicating with the stimulus entering means for exciting the sensor of the access key when the excitation means of the keypad is adjacent the sensor of the access key for communicating the stimulus number to the access key;
  
  said access key further includes;
  
  (a) means coupled to said sensor for using the signal to produce the stimulus number;
  
  (b) password generating means for encrypting said another signal produced by said second clock means and said stimulus number and said root for producing an encrypted password;
  
  (c) displaying means communicating with the password generating means for display at least part of said encrypted password, so that the user can input the encrypted password into the computer;
  
  wherein said access key verification means further includes;
  
  (a) means for decrypting the encrypted password displayed on the access key to calculate said root.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vasco Corp. (OneSpan, Inc.)
Original Assignee
Thumbscan, Inc. (OneSpan, Inc.)
Inventors
Freeman, Richard D., Cargile, William P., Lyon, James M.
Primary Examiner(s)
Cangialosi, Salvatore

Application Number

US07/062,322
Time in Patent Office

665 Days
Field of Search

380/23, 380/25, 380/28, 380/43-47
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2103   Challenge-response

G07C 2009/00785   by light

G07C 9/21   having a variable access code

G07C 9/215   the system having a variabl...

G07C 9/23   by means of a password

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

Solid state key for controlling access to computer systems and to computer software and/or for secure communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

179 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Solid state key for controlling access to computer systems and to computer software and/or for secure communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

179 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links