EP0465571A4 - Method and apparatus for protecting material on storage media - Google Patents

Method and apparatus for protecting material on storage media

Info

Publication number
EP0465571A4
EP0465571A4 EP19900905961 EP90905961A EP0465571A4 EP 0465571 A4 EP0465571 A4 EP 0465571A4 EP 19900905961 EP19900905961 EP 19900905961 EP 90905961 A EP90905961 A EP 90905961A EP 0465571 A4 EP0465571 A4 EP 0465571A4
Authority
EP
European Patent Office
Prior art keywords
personal
information processing
user
storage medium
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP19900905961
Other languages
English (en)
Other versions
EP0465571A1 (fr
Inventor
Gerald S Lang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP0465571A1 publication Critical patent/EP0465571A1/fr
Publication of EP0465571A4 publication Critical patent/EP0465571A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • the storage media is relatively small in size and, due to the need for allowing access to the material provided on this storage media to various authorized personnel remote from one another, it is important that a system be developed in which the storage media can be sent to various locations without the security of the material on the media being compromised.
  • the sto ⁇ rage media provided with software program information thereon, is used to allow access to only a portion of the program information, or one or more programs from a plurality of programs.
  • the deficiencies of the prior art are overcome by the present invention which is directed to a method and system for granting complete or limited access to information stored in a storage medium or media utilizing information physically stored in the storage medium or media.
  • the particular storage medium or media are included in an appropriate reader which is connected to a standard personal computer, minicomputer, or a mainframe computer having a means for entering personal and system access data therein, such as a keyboard.
  • the storage medium can be any permanent or erasable item such as an optical disk, a CD ROM, a WORM, a floppy disk, a disk pack, a smart card, an integrated circuit card, an optical card, as well as special items such as a BERNOULLI box disk, or any other type of storage medium.
  • a storage accessing device (used interchangeably herein with the following terms- personal accessing device and smart card) provided with an encrypted or non-encrypted personal security key as well as personal identification code is included to allow an individual access to the storage medium or media.
  • a storage accessing device used interchangeably herein with the following terms- personal accessing device and smart card
  • an encrypted or non-encrypted personal security key as well as personal identification code is included to allow an individual access to the storage medium or media.
  • SMART card that does not require an electronic, optical, capacitive or magnetic reader to receive or transmit personal and system data.
  • the information storage portion of the CD ROM is broken up according to a predetermined classification system and stored in various logical zones , each of which contains a discrete set of databases or other material therein. There may be one or more logical zones recorded on the CD ROM. Users, based on their need to know, as well as the sensitivity of the material to be stored on the CD ROM, are accorded access privileges that correspond to previously designated logical zones. Based on an organization's or person's storage classification system, material are categorized and stored in the corresponding logical zones when the CD ROM is manufactured. Therefore, for each user being granted access privileges, a determination is made as to which logical zones each particular user would be allowed access.
  • each user is assigned a particular zone access code (ZAC) which is translated into corresponding logical zones using an index table stored in the CD ROM.
  • ZAC zone access code
  • SK personal security key
  • Each authorized user is assigned a ZAC and a unique system identification code.
  • the intended user's bio etric coded information can be paired with the personal security key.
  • the ZAC, the system identification code, the personal security key code, plus the possible use of biometric coded information, as well as the logical zones assigned to the ZAC for each user or class of user, is included on the CD ROM in the form of an index table when it is manufactured.
  • the user When an individual wishes to gain access to the CD ROM, the user would correctly enter his particular personal identification code in the aforementioned smart card which would then display both the ZAC as well as the system identification code in either encrypted or non-encrypted form.
  • the user utilizing a keyboard, would enter this code into the computer which then compares the decrypted or encrypted codes obtained from both the smart card and CD ROM and if a match is obtained, would then verify that this particular system ID code is proper and that material this accessor seeks access to is stored on the storage medium or media.
  • the computer retrieves the paired personal security key (SK) .
  • the computer would then generate a random number which is displayed upon its screen to serve as a challenge to the personal accessing device (smart card) .
  • the user would input this random number into the smart card via its keypad.
  • the smart card as well as the computer are provided with a particular encryption/decryption algorithm (alternately a security microprocessor chip) .
  • Both the computer and the smart card would simultaneously compute a response to the challenge code (random number) and this response is displayed on the smart card screen.
  • This displayed response is then entered into the computer through its keyboard to determine whether there is a match. If a match is shown to have occurred, the computer will then display all the logical zones and material names therein to which access privileges have been granted and allow the user access to these logical zones provided in the storage media.
  • system security key SSK
  • RAM volatile random access memory
  • security microprocessor chip board installed in the information processing device.
  • the system security key is used to decrypt all the encrypted material transferred from the CD ROM.
  • the information processing device's copy of the system security key is destroyed when the information processing device loses its power or if said device concludes its CD ROM activities and is then used for other applications.
  • Each CD ROM has its own system security key recorded on it which would be retrieved by the information processing device for use during search and retrieval activities when authorized user access is established.
  • the CD ROM search and retrieval program can be stored either on items such as floppy disks to be used at the time of CD ROM operation, on the information processing device's permanent memory, or on the CD ROM.
  • the personal identification code can be entered via the computer keyboard or via a keypad on the card reader. The entry of the correct personal identification code enables the smart card to start transmission and the paired ZAC and system identification codes which are stored in the smart card microcomputer's EPROM or EEPROM are transmitted to the computer. Based on the transmitted ZAC, the index table on the storage media is searched to determine if there is a match. If the corresponding ZAC is not stored in the index table of the storage medium or media, a message is displayed on the computer screen that access will not be granted.
  • the associated system identification codes stored on the storage medium or media are accessed until an exact match is found. If no match is found, the accessor will not be granted access. If an exact match is found, the personal security key paired with the user's system identification code is retrieved by the computer and is used to operate upon a randomly computer generated number. At the same time, the random number is also transmitted to the smart card reader which inputs the number to the smart card.
  • the authorized user's smart card has both an identical encryption/decryption algorithm or microprocessor chip and personal security key to that of the information processing device and the CD ROM. The smart card operates on the random number using its internally stored personal security key and transmits the result through the card reader to the computer (information processing device) .
  • the information processing device uses an encryption/decryption algorithm or microprocessor chip to compare the results of both operations upon the random number. If a match occurs, the accessor's authorized status is ascertained and the predetermined access privileges are granted.
  • prior art devices include verification routines provided on the storage media to protect access to the entire program, no prior art device, however, limits access to only a portion of this program, or access to one program from two or more stored programs. Additionally, access can be provided to one or more programs from a plurality of programs. To prevent unauthorized access , the storage accessing device can be programmed to permit only one download or a specific number of downloads of the portion of the program or one or more programs from a plurality of programs on the media allowed access by the user.
  • Fig. 1 is a block diagram of the system of the present invention
  • Fig. 2 is a diagram of a typical personal accessing device
  • Fig. 3 is a flow diagram of a method of granting access to the storage media based upon the present invention
  • Fig. 4 is a diagram showing a single entry in the index table of a storage medium.
  • the present invention is directed to a method and apparatus for granting access to information such as data and databases, messages and other textual information, graphs, tables, maps, facsimiles (FAX) of all manner of transmitted materials, audio such as speech and music, video, images, photographs, or the like provided on a storage medium or media such as a CD ROM or the like.
  • a storage medium or media such as a CD ROM or the like.
  • the present invention grants access to the storage media itself or a portion thereof based upon an indexed table included directly on the storage medium or media.
  • the storage media hereinafter a CD ROM, can be, if desired, divided into a plurality of logical zones.
  • access can be granted to all of the logical zones or a particular combination of logical zones.
  • the user is assigned a zone access code, along with a system identification code, and a personal security key.
  • biometric coded information can also be assigned as part of the personal identifier. This information for each of the users is stored on the CD ROM along with the translation of each zone access code into its corresponding logical zone(s) .
  • each of the users is assigned a personal identification code for use with the smart card to corroborate the user's identity and thereafter enable the smart card to initiate the challenge-response dialogue with the storage medium or media.
  • a user can gain access utilizing the system 10 illustrated with respect to FIG. 1.
  • access to the storage media CD ROM is nrovided utilizing a personal accessing device 12.
  • This device 12 can be various configurations of devices.
  • a smart card it can be of types of smart card which would automatically interface with an automatic reader 16 connected to a computer or information processing device 20, or through the intervention of a human reader 14 with a keyboard 18.
  • the computer or information processing device would run the gamut from microcomputers, minicomputers to mainframe computers.
  • a smart card 24 shown in Fig. 2 with a keypad and light crystal display.
  • An ON/OFF key 26 of the smart card 24 is depressed and the smart card is turned on.
  • the smart card may use an encryption/decryption algorithm or microprocessor chip or any other encryption device if a security key device is employed with the CD ROM.
  • the integrated circuit or microprocessor chip provided in the smart card contains the system identification code that will let the computer or information processing device know the identity of the authorized user.
  • Typical system identification codes 34 are shown in the illustrative storage medium index table with respect to FIG. 4.
  • the authorized user's security identification code consists of a two-digit zone access code, and a six-digit system identification code, the exact number of digits employed, as well as the use of alphanumerics can be modified based, upon system needs and preference.
  • the code is displayed at 30 of the smart card. Once the security identification code is displayed on the smart card 24, the accessor enters it into the computer or information processing device 20 via keyboard 18.
  • the corresponding zone access code is searched for in the index table to find out if the storage medium or media contains stored material for that zone's access privileges. If the corresponding zone access code is missing from the storage medium or media index table, then a message will be displayed on the computer or information processing device screen 20 indicating that access is denied. If the zone access codes match, then the computer or information processing device verifies that the accessor may have privileges to material stored on the CD ROM(s) and will look up the paired personal security key 38 stored on the CD ROM. To ensure that the security aspect of the present invention is as inclusive as possible, the personal security key can be encrypted directly in the CD ROM.
  • the zone access code 32 corresponds to the particular logical zones assigned to one or more authorized users. For example, as shown in FIG.
  • a zone access code of 33 corresponds to the logical zone 36 portion of the index table indicating that logical zones 10 and 11 will be allowed access.
  • Any one of the logical zones on the CD ROM can contain one or more databases or other material. Therefore, as shown, any one of the zone access codes can be assigned to a user, who in turn, can be assigned an individualized system identification code associated with that zone access code from the total of up to 1,000,000 unique code numbers available. Certainly, if more user codes are required, alphanumeric characters can be used or the number of characters of the system identification codes 34 can be increased.
  • a special logical zone can be set aside to control the downloading of data from the storage medium or media.
  • the zone access code 32 value of 01 corresponds to logical zone access privileges 1, 9, 26.
  • Zone access code 02 gives authorized users access to the same three logical zones of 1, 9 and 26, but the addition of logical zone 99 enables the authorized user to download the stored material. Without logical zone 99 privileges, an authorized user could not perform downloading.
  • the personal security key code paired with this system identification code is utilized to verify the proper identification of the accessor.
  • a random number generator provided within the computer or information processing device 20 generates a random number, such as a four-digit number which is displayed by the computer or information processing device and serves as a challenge to the smart card 24.
  • the user depresses the challenge key 38 and enters the random number into a smart card 24 using the keypad 28 and then depresses the enter key 40.
  • An identical encryption/decryption algorithm or microprocessor chip and personal security key provided in both the computer or information processing device 20 as well as the smart card 24 performs an operation on the random number.
  • the response to the challenge by the smart card is displayed and this number is entered into the keyboard 18.
  • the computer or information processing device then compares this result with the result that it generated utilizing the CD ROM transmitted personal security key which is paired to the system identification code. If these two results are identical, access to the particular logical zones corresponding to the zone access code 32 would be allowed to that particular user.
  • This type of accessing system would allow the CD ROM to be circulated among a number of authorized users, allowing each user access potentially to all or only a discrete portion of the information included in the CD ROM, according to each person's access privileges.
  • the CD ROM or any type of storage media which is uti ⁇ lized would operate in conjunction with retrieval software stored in a number of ways such as on the CD ROM or on the computer or information processing device non-volatile memory. If it is stored on floppy disks or other reusable media, such as the computer's hard disk, it can be updated as necessary to detect and deactivate outdated, duplicated or lost personal accessing devices, such as smart cards, which are presented for system access. An added feature could be that if a reported lost smart card 12 was used to gain access, and the computer or information processing device 20 determined it was a lost smart card, a "killer" challenge code could be displayed, which when entered into the smart card would deactivate the device.
  • an automatic reader 16 can be employed instead of manually inputting the information onto the smart card 12 or the computer keyboard by the human reader.
  • the smart card 12 and the computer or information processing device 20 would after the correct personal identification code is given, engage in its dialogue automatically to determine whether access by the accessor would be allowed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Un procédé et un appareil accordent sélectivement l'accès à des informations codées sur des supports d'enregistrement dans un ou plusieurs dispositifs de lecture associés à un ordinateur (20). Un dispositif (12) d'accès à la mémoire est utilisé avec l'ordinateur afin de déterminer si un utilisateur particulier est autorisé à avoir accès à des supports spécifiques d'enregistrement. Le support d'enregistrement peut être subdivisé en une pluralité de zones logiques et l'accès à toutes les informations ou à une partie des informations enregistrées sur le support d'enregistrement est accordé sur la base des zones logiques auxquelles l'utilisateur peut avoir accès. Les informations enregistrées sur le support d'enregistrement comprennent une table d'index dans laquelle sont énumérés un code d'identification de sécurité, les zones logiques attribuées à un utilisateur particulier, et une clé personnelle de sécurité utilisée avec une clé personnelle de sécurité qui fait partie du dispositif d'accès (12) et la table d'index enregistrée sur le support d'enregistrement détermine l'accès et les privilèges accordés à l'utilisateur.
EP19900905961 1989-04-03 1990-03-30 Method and apparatus for protecting material on storage media Withdrawn EP0465571A4 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US33180089A 1989-04-03 1989-04-03
US35826389A 1989-05-30 1989-05-30
US358263 1989-05-30
PCT/US1990/001634 WO1990012464A1 (fr) 1989-04-03 1990-03-30 Procede et appareil de protection de materiaux sur des supports d'enregistrement
US331800 2008-12-10

Publications (2)

Publication Number Publication Date
EP0465571A1 EP0465571A1 (fr) 1992-01-15
EP0465571A4 true EP0465571A4 (en) 1994-11-17

Family

ID=26987930

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19900905961 Withdrawn EP0465571A4 (en) 1989-04-03 1990-03-30 Method and apparatus for protecting material on storage media

Country Status (3)

Country Link
EP (1) EP0465571A4 (fr)
CA (1) CA1329657C (fr)
WO (1) WO1990012464A1 (fr)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2678124A1 (fr) * 1991-06-24 1992-12-24 Widmer Michel Procede de transmission de documents par une ligne de transmission de signaux electriques et systeme pour la mise en óoeuvre de ce procede.
US5276735A (en) * 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
DE4404841C2 (de) * 1994-02-16 2002-11-28 Bayer Ag Speicher- und selektives Informationsübermittlungssystem für persönliche Daten
DE19580995D2 (de) 1994-09-13 1997-12-04 Irmgard Rost Personendaten-Archivierungssystem
US5657470A (en) * 1994-11-09 1997-08-12 Ybm Technologies, Inc. Personal computer hard disk protection system
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
WO1999018489A1 (fr) * 1997-10-07 1999-04-15 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Cryptage et decryptage de donnees multimedia
CA2396811A1 (fr) * 2000-01-11 2001-07-19 Tso, Inc. Procede et systeme pour la documentation, analyse, certification, protection, enregistrement et verification des secrets de fabrications
EP1158448A1 (fr) * 2000-05-22 2001-11-28 Paul-Henri Descat Serveur d'informations médicales
FR2817640B1 (fr) * 2000-12-04 2003-08-29 Pharma Reference Systeme de gestion de donnees pharmaceutiques et medicales d'un patient
AUPR371901A0 (en) * 2001-03-14 2001-04-12 Pharmacy Guild of Australia Limited, The Method and system for sharing personal health data
AUPR372601A0 (en) * 2001-03-14 2001-04-12 C.R. Group Pty Limited Method and system for secure information
WO2007039674A1 (fr) * 2005-10-03 2007-04-12 Decroix Gregoire Cartouche amovible de stockage de donnees numeriques et lecteur de cartouches amovibles.

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4785361A (en) * 1982-11-08 1988-11-15 Vault Corporation Method and apparatus for frustrating the unauthorized copying of recorded data
US4677434A (en) * 1984-10-17 1987-06-30 Lotus Information Network Corp. Access control system for transmitting data from a central station to a plurality of receiving stations and method therefor
US4731841A (en) * 1986-06-16 1988-03-15 Applied Information Technologies Research Center Field initialized authentication system for protective security of electronic information networks
US4930073A (en) * 1987-06-26 1990-05-29 International Business Machines Corporation Method to prevent use of incorrect program version in a computer system
US4864616A (en) * 1987-10-15 1989-09-05 Micronyx, Inc. Cryptographic labeling of electronically stored data

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
No further relevant documents disclosed *
See also references of WO9012464A1 *

Also Published As

Publication number Publication date
WO1990012464A1 (fr) 1990-10-18
EP0465571A1 (fr) 1992-01-15
CA1329657C (fr) 1994-05-17

Similar Documents

Publication Publication Date Title
US5065429A (en) Method and apparatus for protecting material on storage media
US5191611A (en) Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
US6470449B1 (en) Time-stamped tamper-proof data storage
US6268788B1 (en) Apparatus and method for providing an authentication system based on biometrics
AU674560B2 (en) A method for premitting digital secret information to be recovered.
US6052468A (en) Method of securing a cryptographic key
US6351813B1 (en) Access control/crypto system
US5058162A (en) Method of distributing computer data files
TWI291109B (en) Method and apparatus for storing data records on a database system
US20070136593A1 (en) Secure information storage apparatus
CA1329657C (fr) Methode et appareil de protection d'informations enregistrees
JPH02135938A (ja) 情報通信システム
CN100385434C (zh) 数据安全管理系统
AU742717B2 (en) Digital signature generating server and digital signature generating method
CA2317138A1 (fr) Methode souple d'authentification des utilisateurs pour reseau a mots de passe
CN1263324A (zh) 指纹辨识键盘装置及其辨识方法
GB2204971A (en) Transportable security system
WO2001057628A1 (fr) Dispositif et procede d'identification physique et de securite informatique
WO1994000936A1 (fr) Procede et appareil servant a proteger des donnees dans un support de stockage et a transferer des donnees du support
AU2005308697A1 (en) Method for identifying a user by means of modified biometric characteristics and a database for carrying out said method
JP4137468B2 (ja) プログラム使用認証方法
JPH05134863A (ja) 記録媒体上の資料の保護方法及びそのための装置
JP2008033805A (ja) 個人情報保護システム、個人情報保護方法、及び個人情報保護プログラム
US20040221164A1 (en) Method for the encryption and decryption of data by various users
WO1994004972A1 (fr) Procede et dispositif interdisant l'acces non autorise a un systeme informatique

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19911010

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB IT LI LU NL SE

A4 Supplementary search report drawn up and despatched

Effective date: 19940929

AK Designated contracting states

Kind code of ref document: A4

Designated state(s): AT BE CH DE DK ES FR GB IT LI LU NL SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 19951003