Field initialized authentication system for protective security of electronic information networks

US 5,020,105 A
Filed: 08/17/1989
Issued: 05/28/1991
Est. Priority Date: 06/16/1986
Status: Expired due to Fees

First Claim

Patent Images

1. In combination a method for authenticating the authority of any of a plurality of remote users to access a host computer, the method comprising:

(a) storing in the host computer and in each of a plurality of remote user computers the identical selected constant, instructions for using a first, non-invertible algorithm for raising a number to a power using modulo arithmetic, for performing a non-invertible authentication second algorithm which is a function of a secret key and for generating a random number;

(b) distributing the computers to the remote users;

(c) initializing the computers independently with the host computer and from a remote location selected by the remote user by;

(i) establishing communication between the host computer and a remote user computer;

(ii) independently generating a random first number as a first key in the remote user'"'"'s computer and in the host computer;

(iii) independently raising said selected constant in each of the communicating computers to that computer'"'"'s first key using modulo arithmetic and said first non-invertible algorithm to generate a second key for each computer;

(iv) communicating the second key of each communicating computer to the other;

(v) generating and storing in each communicating computer the identical secret key by raising in each computer the second key of the other computer to the power of the computer'"'"'s own first key using modulo arithmetic by the first non-invertible algorithm; and

(vi) disconnecting said communication;

(d) subsequently authenticating the authority of a remote user to access or continue to access the host computer by detecting whether a remote user communicating with and seeking access to the host computer has a remote user computer which has been subjected to steps (a), (b) and (c) by;

(i) generating a second number in the host computer;

(ii) communicating that second number to the remote user computer;

(iii) performing said stored, second non-invertible algorithm upon that second number in the remote user computer as a function of its stored secret key and in the host computer as a function of the same secret key;

(iv) communicating the result of said second algorithm in the remote user computer to the host computer; and

(v) comparing the transmitted result to the result obtained at the host computer; and

(e) permitting access to the host computer if the compared portions are identical and preventing access if they are not.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system for electronic information networks having small hand-held portable authenticating devices which are remotely initialized and can use 4 bit microprocessors in a challenge-response security system and yet permit practical communication of the large numbers which are necessary for sufficient security.

131 Citations

12 Claims

1. In combination a method for authenticating the authority of any of a plurality of remote users to access a host computer, the method comprising:
- (a) storing in the host computer and in each of a plurality of remote user computers the identical selected constant, instructions for using a first, non-invertible algorithm for raising a number to a power using modulo arithmetic, for performing a non-invertible authentication second algorithm which is a function of a secret key and for generating a random number;
  
  (b) distributing the computers to the remote users;
  
  (c) initializing the computers independently with the host computer and from a remote location selected by the remote user by;
  
  (i) establishing communication between the host computer and a remote user computer;
  
  (ii) independently generating a random first number as a first key in the remote user'"'"'s computer and in the host computer;
  
  (iii) independently raising said selected constant in each of the communicating computers to that computer'"'"'s first key using modulo arithmetic and said first non-invertible algorithm to generate a second key for each computer;
  
  (iv) communicating the second key of each communicating computer to the other;
  
  (v) generating and storing in each communicating computer the identical secret key by raising in each computer the second key of the other computer to the power of the computer'"'"'s own first key using modulo arithmetic by the first non-invertible algorithm; and
  
  (vi) disconnecting said communication;
  
  (d) subsequently authenticating the authority of a remote user to access or continue to access the host computer by detecting whether a remote user communicating with and seeking access to the host computer has a remote user computer which has been subjected to steps (a), (b) and (c) by;
  
  (i) generating a second number in the host computer;
  
  (ii) communicating that second number to the remote user computer;
  
  (iii) performing said stored, second non-invertible algorithm upon that second number in the remote user computer as a function of its stored secret key and in the host computer as a function of the same secret key;
  
  (iv) communicating the result of said second algorithm in the remote user computer to the host computer; and
  
  (v) comparing the transmitted result to the result obtained at the host computer; and
  
  (e) permitting access to the host computer if the compared portions are identical and preventing access if they are not.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method in accordance with claim 1 using modulo arithmetic for mathematical calculations based on the same modulus in the remote user computer and the host computer.
  - 3. A method in accordance with claim 2 further including the steps of:
    - (a) in the initializing steps communicating a remote user identity designation from the remote user to the host computer after communication is established and storing the generated secret key in the host computer in association with that identity designation; and
      
      (b) in the authenticating steps communicating the identity designation of the remote user to the host computer and then performing the authentication algorithm using only the secret key which is stored in association with that identity designation.
  - 4. A method in accordance with claim 2 wherein, in the authenticating steps, the authenticating algorithm is performed for a plurality of the secret keys stored in the host computer and the result of performing the authentication algorithm in the remote user'"'"'s computer is compared in sequence, to each of a plurality of results in the host computer and wherein access is permitted if any one of the host computer results is identical to the result from the remote user.
  - 5. A method in accordance with claim 2 or 3 or 4 wherein all inputs to said remote user computer are hand keyed into it by the remote user.
  - 6. A method in accordance with claim 5 wherein, in the initialization step, the communicated public keys are broken into and transmitted in separate alphanumeric portions and the host computer public key is input into the remote user computer in said portions.
  - 7. A method in accordance with claim 6 wherein the public keys are multibit binary numbers which are broken into separate portions by grouping the bits of each public key into groups, each group representing a binary coded digit and dividing the binary coded digits into blocks of associated digits, each block being one of the separate alphanumeric portions which is separately transmitted.
  - 8. A method in accordance with claim 7 wherein the bits are grouped into groups of three bits forming binary coded octal digits and the octal digits are associated in blocks including six such octal digits.
  - 9. A method in accordance with claim 7 wherein, after each said portion is transmitted from the remote user to the host computer, the received portion is transmitted back to the remote user for verification.

10. In combination an apparatus for authenticating the authority of any of a plurality of remote users to access a host computer, the apparatus comprising:
- (a) a plurality of identical, hand-held remote user portable computers which are distributed to the remote users;
  
  (b) means for storing in the host computer and in each of the plurality of substantially identical portable, remote user computer and identical selected constant, instructions for using a first, non-invertible algorithm for raising a number to a power using modulo arithmetic, for performing a non-invertible authentication second algorithm which is a function of a secret key and for generating a random number;
  
  (c) means for initializing the portable computers independently with the host computer and from a remote location selected by the remote user by;
  
  (i) establishing communication between the host computer and a remote user computer;
  
  (ii) independently generating a random first number as a first key in the remote user'"'"'s computer and in the host computer;
  
  (iii) independently raising said selected constant in each of the communicating computers to that computer'"'"'s first key using modulo arithmetic and said first non-invertible algorithm to generate a second key for each computer;
  
  (iv) communicating the second key of each communicating computer to the other;
  
  (v) generating and storing in each communicating computer the identical secret key by raising in each computer the second key of the other computer to the power of the computer'"'"'s own first key using modulo arithmetic by the first non-invertible algorithm; and
  
  ;
  
  (vi) disconnecting said communication;
  
  (d) means for subsequently authenticating the authority of a remote user to access or continue to access the host computer by detecting whether a remote user communicating with and seeking access to the host computer has a remote user computer which has been subjected to steps (a), (b) and (c) by;
  
  (i) generating a second number in the host computer;
  
  (ii) communicating that second number to the remote user computer;
  
  (iii) performing said stored, second non-invertible algorithm upon that second number in the remote user computer as a function of its stored secret key and in the host computer as a function of the same secret key;
  
  (iv) communicating the result of said second algorithm in the remote user computer to the host computer; and
  
  (v) comparing the transmitted result to the result obtained at the host computer; and
  
  (e) means for permitting access to the host computer if the compared portions are identical and preventing access if they are not.
- View Dependent Claims (11, 12)
- - 11. A system in accordance with claim 10 further comprising means associated with the host computer and with the authenticating means for computing using modulo arithmetic and for storing the identical modulus in the host computer and in each authenticating means.
  - 12. A system in accordance with claim 11 further comprising means associated with the host computer for breaking down and transmitting computed data groups of the alphanumeric characters representing different portions of the computed data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Foundation For Small Business Education The An Oh Non-Profit Corporation
Original Assignee
Solid Information Technology
Inventors
McCown, Robert B., Rosen, Richard D., Fleming, Matthew S.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
Cain, David

Application Number

US07/395,291
Time in Patent Office

649 Days
Field of Search

380/23-25, 380/28, 380/30, 380/44
US Class Current

705/66
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3415   Cards acting autonomously a...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 9/0833   involving conference or gro...

H04L 9/3271   using challenge-response

Field initialized authentication system for protective security of electronic information networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

131 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Field initialized authentication system for protective security of electronic information networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links