EP1040616A4 - System and method of authenticating a key and transmitting secure data - Google Patents

System and method of authenticating a key and transmitting secure data

Info

Publication number
EP1040616A4
EP1040616A4 EP19990970527 EP99970527A EP1040616A4 EP 1040616 A4 EP1040616 A4 EP 1040616A4 EP 19990970527 EP19990970527 EP 19990970527 EP 99970527 A EP99970527 A EP 99970527A EP 1040616 A4 EP1040616 A4 EP 1040616A4
Authority
EP
Grant status
Application
Patent type
Prior art keywords
user
key
data file
system
method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP19990970527
Other languages
German (de)
French (fr)
Other versions
EP1040616A1 (en )
Inventor
Lynn Spraggs
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ULTRA INFORMATION SYSTEMS LLC
Original Assignee
ULTRA INFORMATION SYSTEMS LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/009Trust
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

Authenticating a key of a user is provided by decrypting an encrypted data file provided by the user with a password provided by the user into the authentication key of the user. The encrypted data file can be stored on a RF smart card (106) and can contain encrypted biometric data identifying the user, such as a fingerprint. An additional measure can be used by taking a digitized biometric fingerprint scan (108) of the user and probabilistically comparing the digitized fingerprint scan of the user with the authenticated key of the user (102). The user's key can then be used to securely encrypt and transmit data (110) accordingly knowing that the key has been authenticated.

Description

SYSTEM AND METHOD OF AUTHENTICATING A KEY AND TRANSMITTING SECURE DATA

BACKGROUND OF THE INVENTION

1. Field of the invention

The present invention relates generally to computer security and more specifically to allow the authentication of a key for the transmission of secure data between computers using the key.

2. Description of the Prior Art

In order to securely transfer data between computers on the Internet, various different types of encryption/ decryption methods are used. One way of securely transferring data over the Internet includes the use of a public key/private key system.

A public key is provided by some designated authority as a key that, combined with a private key derived from the public key, can be used to effectively encrypt and decrypt messages and digital signatures.

In public key cryptography, a public and private key are created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority. The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet. The private key is used to decrypt text that has been enciypted with the public key counterpart by someone else who has the public key.

The private key is vital key to a user. If the private key is copied or stolen from the user, then secured data can be compromised as well as causing problems in properly authenticating the private key and the user using the private key. Thus, it would be desirable to provide a system and method of authenticating a key so that the transmission of secure data using the key can be reliably originating from an authenticated key and/or an identifiable user.

SUMMARY OF THE INVENTION

A system and method is provided for authenticating a key of a user by decrypting an encrypted data file provided by the user with a password provided by the user into the authenticated key of the user. The encrypted data file can be stored on a RF smart card and can contain enciypted biometric data identifying the user, such as a fingerprint. An additional security measure can be used by taking a digitized biometric fingerprint scan of the user and probabilistically comparing the digitized fingerprint scan of the user with the authenticated key of the user. The user's key can then be used to securely encrypt and transmit data accordingly knowing that the key has been authenticated.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention may be better understood, and its numerous objects, features, and advantages made apparent to those skilled in the art by referencing the accompanying illustrations. For simplicity and ease of understanding, common numbering of elements is employed where an element is the same in different illustrations.

FIG. 1 is a schematic diagram illustrating a user's key being authenticated prior to transmitting secure data over the Internet, in accordance with the present invention;

FIG. 2 is a block diagram of the client computer shown in FIG. 1 , in accordance with the present invention;

FIG. 3 is a block diagram of one embodiment of the non-volatile memory module located within the client computer of FIG. 2; and

FIG. 4 is a flowchart of a method illustrating the authentication of a key at a client computer, according to the invention. DETAILED DESCRIPTION OF THE INVENTION

The following is a detailed description of illustrative embodiments of the present invention. As these embodiments of the present invention are described with reference to the aforementioned illustrations, various modifications or adaptations of the methods and or specific structures described may become apparent to those skilled in the art. All such modifications, adaptations, or variations that rely upon the teachings of the present invention, and through which these teachings have advanced the art, are considered to be within the spirit and scope of the present invention. Hence, these descriptions and drawings should not be considered in a limiting sense, as it is understood that the present invention is in no way limited to only the embodiments illustrated. Referring now to FIG. 1, a schematic diagram illustrates a web server 100 and a client computer 102 connected to the Internet 110. For security purposes, the client computer 102 has a RF reader (radio frequency reader) 104 for reading a RF smart card 106 having a user's private key. The private key on the RF smart card 106 can be very long (i.e. 1000 bytes) and could include any type of biometric data, such as a digitized fingerprint of the user. The private key could be very long and any data that is enciypted using this private key would be virtually impossible to decrypt by a hacker, since this private key can be much longer than a typical private key (64 bytes) used in a private /public key system. The client 102 also has a fingerprint scanner 108 for helping to authenticate the private key of the user. Biometric readings employed by this invention are not limited to fingerprints. Other types of biometric readings can also be used, such as the reading from the eye and analysis of the face.

FIG. 2 is a block diagram of the client computer 102 shown in FIG. 1. Computer 102 includes a CPU 202, a RAM 204, a non-volatile memory 206, an input device 208, a display 210, an Internet interface 212 for providing access to the Internet, a RF reader interface 214, and a fingerprint scanner interface 216.

FIG. 3 is a block diagram of one embodiment of the non-volatile memory module 206 located within the client computer 102 of FIG. 2. The non-volatile memory 206 includes an encrypt/ decrypt engine 302 for encrypting and decrypting data. The encrypt/ decrypt engine 302 is programmed to encrypt and decrypt data using a password or a key. Excellent results can be obtained when using the blowfish algorithm for encryption and decryption. Other types of symmetric key encryption/ decryption algorithms can also be employed within the encrypt/ decrypt engine 302.

FIG. 4 is a flowchart of a method illustrating the authentication of a key at a client computer in accordance with the invention. The authentication process begins at step 400. The authentication process includes three security levels, however, not every level of security is required to authenticate the key of the user. Depending on the type of application, only one or two of the security levels may be employed.

Security level I 402 begins at step 404 where the user scans his user's RF key card 106 with the RF reader 104. Security level II 406 then begins at step 408 where the user enters his password at the client computer 102. At step 410 the data scanned from the user's RF key card is decrypted with the encrypt/ decrypt engine 302 using the user's password. At step 414, security level III 412 begins and a digitized fingerprint scan is taken from the user. At step 416 the digitized fingerprint scan is compared with the data decrypted from the RF key card. At step 418 it is determined if there is a probabilistic match between the digitized fingerprint scan and the data decrypted from the RF key card. If it is determined that there is not a match, then at step 420 the authentication of the user's key fails and is rejected. If at step 418 it is determined that there is a match, then at step 422 the user's key is authenticated. The decrypted data from the RF key card can then be used as an authenticated encryption key for sending data to a server over and unsecure network, such as the Internet.

Claims

I Claim:
1. A system for authenticating a key of a user, comprising a decrypt engine for decrypting an encrypted data file provided by the user with a password provided by the user into the key of the user.
2. The system of claim 1, wherein the encrypted data file is stored on a RF smart card.
3. The system of claim 1, wherein the enciypted data file contains enciypted biometric data identifying the user.
4. The system of claim 3, wherein the biometric data includes a digitized fingerprint of the user.
5. The system of claim 3, further including a scanned biometric reading of the user, wherein the scanned biometric reading of the user is probabilistically compared with the key of the user in order to additionally authenticate the key of the user.
6. The system of claim 5, wherein the scanned biometric reading of the user is a fingerprint scan.
7. A method for providing an authenticated key of a user, comprising the steps of: providing an enciypted data file; providing a password; and decrypting the enciypted data file using the password into an authenticated key of the user.
8. The method of claim 7, wherein the encrypted data file is stored an a RF smart card.
9. The method of claim 7, wherein the encrypted data file contains encrypted biometric data identifying the user.
10. The method of claim 9, wherein the biometric data includes a digitized fingerprint of the user.
11. The method of claim 9, further including the steps of: scanning a biometric feature of the user; and probabilistically comparing the scanned biometric feature of the user with the key of the user in order to additionally authenticate the key of the user prior to securely transmitting data using the key.
12. The method of claim 11 , wherein the scanned biometric feature of the user is a fingerprint.
13. A computer-readable medium comprising program instructions for providing an authenticated key of a user, comprising the step of: decrypting an enciypted data file provided by the user using a password provided by the user into an authenticated key of the user.
EP19990970527 1998-10-14 1999-10-14 System and method of authenticating a key and transmitting secure data Ceased EP1040616A4 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US10427098 true 1998-10-14 1998-10-14
US104270P 1998-10-14
PCT/US1999/024157 WO2000022774A1 (en) 1998-10-14 1999-10-14 System and method of authenticating a key and transmitting secure data

Publications (2)

Publication Number Publication Date
EP1040616A1 true EP1040616A1 (en) 2000-10-04
EP1040616A4 true true EP1040616A4 (en) 2000-12-27

Family

ID=22299551

Family Applications (4)

Application Number Title Priority Date Filing Date
EP19990970527 Ceased EP1040616A4 (en) 1998-10-14 1999-10-14 System and method of authenticating a key and transmitting secure data
EP19990956566 Withdrawn EP1038217A1 (en) 1998-10-14 1999-10-14 System and method of securing a computer from unauthorized access
EP19990970526 Expired - Fee Related EP1125393B1 (en) 1998-10-14 1999-10-14 Method of sending and receiving secure data with a shared key
EP19990960133 Withdrawn EP1038369A2 (en) 1998-10-14 1999-10-14 System and method of sending and receiving secure data using anonymous keys

Family Applications After (3)

Application Number Title Priority Date Filing Date
EP19990956566 Withdrawn EP1038217A1 (en) 1998-10-14 1999-10-14 System and method of securing a computer from unauthorized access
EP19990970526 Expired - Fee Related EP1125393B1 (en) 1998-10-14 1999-10-14 Method of sending and receiving secure data with a shared key
EP19990960133 Withdrawn EP1038369A2 (en) 1998-10-14 1999-10-14 System and method of sending and receiving secure data using anonymous keys

Country Status (4)

Country Link
EP (4) EP1040616A4 (en)
CA (4) CA2312981A1 (en)
DE (1) DE69941958D1 (en)
WO (4) WO2000022496A3 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9767167B2 (en) * 2000-04-27 2017-09-19 Proquest Llc Method and system for retrieving search results from multiple disparate databases
WO2001086480A3 (en) * 2000-05-11 2003-01-16 Sun Microsystems Inc Network library service
GB0203054D0 (en) * 2002-02-08 2002-03-27 Microbar Security Ltd Key exchange and synchronisation system for digital cryptography
JP2005525662A (en) 2002-07-31 2005-08-25 トレック・2000・インターナショナル・リミテッド System and method for authentication
JP4102290B2 (en) * 2003-11-11 2008-06-18 株式会社東芝 The information processing apparatus
DE102005045119A1 (en) * 2005-09-21 2007-02-15 Siemens Ag Identification code generating method for bio-bank, involves providing biometric information, and associating or combining deoxyribonucleic acid information and biometric information of person into identification code according to algorithm
US20130283060A1 (en) * 2012-04-23 2013-10-24 Raghavendra Kulkarni Seamless Remote Synchronization and Sharing of Uniformly Encrypted Data for Diverse Platforms and Devices
US9264221B2 (en) 2014-01-31 2016-02-16 Google Inc. Systems and methods for faster public key encryption using the associated private key portion

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5590199A (en) * 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
US5719941A (en) * 1996-01-12 1998-02-17 Microsoft Corporation Method for changing passwords on a remote computer
WO1998012670A1 (en) * 1996-09-18 1998-03-26 Dew Engineering And Development Limited Biometric identification system for providing secure access

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4193131A (en) * 1977-12-05 1980-03-11 International Business Machines Corporation Cryptographic verification of operational keys used in communication networks
EP0085130A1 (en) * 1982-02-02 1983-08-10 Omnet Associates Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission
US4802217A (en) * 1985-06-07 1989-01-31 Siemens Corporate Research & Support, Inc. Method and apparatus for securing access to a computer facility
US5148479A (en) * 1991-03-20 1992-09-15 International Business Machines Corp. Authentication protocols in communication networks
US5596718A (en) * 1992-07-10 1997-01-21 Secure Computing Corporation Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor
JP2519390B2 (en) * 1992-09-11 1996-07-31 インターナショナル・ビジネス・マシーンズ・コーポレイション De - data communication method and apparatus
US5649118A (en) * 1993-08-27 1997-07-15 Lucent Technologies Inc. Smart card with multiple charge accounts and product item tables designating the account to debit
US5544246A (en) * 1993-09-17 1996-08-06 At&T Corp. Smartcard adapted for a plurality of service providers and for remote installation of same
DE69431306D1 (en) * 1993-12-16 2002-10-10 Open Market Inc Data network aided payment system and method for use of such a system
US5475757A (en) * 1994-06-07 1995-12-12 At&T Corp. Secure data transmission method
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5790668A (en) * 1995-12-19 1998-08-04 Mytec Technologies Inc. Method and apparatus for securely handling data in a database of biometrics and associated data
US5872847A (en) * 1996-07-30 1999-02-16 Itt Industries, Inc. Using trusted associations to establish trust in a computer network
US5949882A (en) * 1996-12-13 1999-09-07 Compaq Computer Corporation Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
US5887131A (en) * 1996-12-31 1999-03-23 Compaq Computer Corporation Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5590199A (en) * 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
US5719941A (en) * 1996-01-12 1998-02-17 Microsoft Corporation Method for changing passwords on a remote computer
WO1998012670A1 (en) * 1996-09-18 1998-03-26 Dew Engineering And Development Limited Biometric identification system for providing secure access

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO0022774A1 *

Also Published As

Publication number Publication date Type
CA2313081A1 (en) 2000-04-20 application
EP1125393B1 (en) 2010-01-20 grant
DE69941958D1 (en) 2010-03-11 grant
CA2312980A1 (en) 2000-04-20 application
EP1125393A4 (en) 2001-12-19 application
CA2312981A1 (en) 2000-04-20 application
EP1038369A2 (en) 2000-09-27 application
EP1040616A1 (en) 2000-10-04 application
WO2000022773A1 (en) 2000-04-20 application
WO2000022496A2 (en) 2000-04-20 application
WO2000022510A1 (en) 2000-04-20 application
WO2000022496A3 (en) 2000-07-06 application
EP1125393A1 (en) 2001-08-22 application
WO2000022774A1 (en) 2000-04-20 application
EP1038217A1 (en) 2000-09-27 application
CA2312967A1 (en) 2000-04-20 application
CA2312967C (en) 2008-02-05 grant

Similar Documents

Publication Publication Date Title
US6173400B1 (en) Methods and systems for establishing a shared secret using an authentication token
US6925182B1 (en) Administration and utilization of private keys in a networked environment
US5721779A (en) Apparatus and methods for verifying the identity of a party
Chang et al. An efficient and secure multi-server password authentication scheme using smart cards
US6708272B1 (en) Information encryption system and method
US7020778B1 (en) Method for issuing an electronic identity
US5418854A (en) Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user
US6938157B2 (en) Distributed information system and protocol for affixing electronic signatures and authenticating documents
US6230269B1 (en) Distributed authentication system and method
US5878142A (en) Pocket encrypting and authenticating communications device
US6918042B1 (en) Secure configuration of a digital certificate for a printer or other network device
US6535980B1 (en) Keyless encryption of messages using challenge response
Clancy et al. Secure smartcardbased fingerprint authentication
US7051209B1 (en) System and method for creation and use of strong passwords
US6073237A (en) Tamper resistant method and apparatus
US20040068650A1 (en) Method for secured data processing
US20030196084A1 (en) System and method for secure wireless communications using PKI
US20100202609A1 (en) Securing multifactor split key asymmetric crypto keys
US20070258594A1 (en) Secure login using a multifactor split asymmetric crypto-key with persistent key security
US20040218762A1 (en) Universal secure messaging for cryptographic modules
US20030101348A1 (en) Method and system for determining confidence in a digital transaction
US20060129824A1 (en) Systems, methods, and media for accessing TPM keys
US9049010B2 (en) Portable data encryption device with configurable security functionality and method for file encryption
US20060107312A1 (en) System for handing requests for access to a passcode protected entity

Legal Events

Date Code Title Description
AK Designated contracting states:

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17P Request for examination filed

Effective date: 20001011

A4 Despatch of supplementary search report

Effective date: 20001110

AK Designated contracting states:

Kind code of ref document: A4

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RIC1 Classification (correction)

Free format text: 7H 04L 9/00 A, 7G 06F 1/00 B

17Q First examination report

Effective date: 20061023

18R Refused

Effective date: 20081023