JP2002507025A - Internet, intranet and other network communication protection system using entrance and exit keys - Google Patents

Abstract

(57) [Summary] An ultra-long key for controlling access to a host computer or server from a remote computer via the Internet or an intranet such as the Internet or an intranet is set on a portable storage medium such as a CD-ROM. Security system enhanced by the use of enhanced electronic "double side passkeys". It has an ultra-long, constantly modified entry code that authorizes server access, and an ultra-long, constantly modified exit code that authenticates or validates actions taken during legitimate access and prior to termination of the connection. . If the proper exit code is not received, the processing of the connection is erased, thus preventing a hijack connection. In addition, the portable storage medium contains defense tools to prevent invasive attacks on the security system, such as electronic staining markers and electronic homing beacons to help identify and locate intruders.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

【Technical field】

Most protection programs for personal computers and networks rely on simple user passwords and can therefore be compromised. There are two ways to gain access to the host computer without authorization.
In the first method, an intruder obtains a user ID and a password of an authorized user in an inappropriate manner and uses it illegally. The second method switches the user's connection to the thief's terminal and steals the ongoing session of the legitimate user. Without a way to verify a user's identity, it is almost impossible to prevent intruders from gaining unauthorized access to user accounts by stealing user IDs and passwords.

[0002]

[Background of the present invention]

This lack of security has been a problem in various businesses and other networks, including the Internet, and has been a factor limiting commercial use of these networks.

One existing authentication system is C. Mueller-S, dated March 27, 1984.
As described in U.S. Pat. No. 4,438,824 to Chloer, entitled "Apparatus and Method for Cryptographic Identity Verification", a card reader is added to a personal computer to allow a user to identify a user identification card. It has been proposed to be able to verify the identity. However, few users spend time and money on expensive card readers. Furthermore, the user identification card is a very limited storage medium, which usually stores a short identification key. The same short identification key is used in most, if not all, authentication processes.

[0004] US Patent No. 5,371,792 issued to Toshinori Asai and Masaki Kawahori on December 6, 1994 concerning "CD-ROM disk and security check method therefor" is disclosed in a CD-ROM for a video game machine. It relates to ROM. The purpose of the security check is to prevent an unlicensed disc from being used in the SEGA game machine. The CD-ROM disc identifier disclosed in the above patent is not unique to each CD-ROM disc, but merely indicates the type of the CD-ROM disc.
All CD-ROM disks of the same type have the same disk identifier. In the above patent, two types of identifiers, "SEGADISKSYSTEM" and "SEGABOOTDISK", are shown. The security code includes a program that indicates that the CD-ROM disk is properly licensed and generates a message displayed on the user's monitor screen that the disk is licensed.

There are many patents relating to integrated circuit cards and other computerized portable protection devices. For example, US Pat. No. 4,430,7 issued to Beitel et al.
No. 28 employs a physical protection key that is coupled to the connector of the remote terminal.
The key has the two access keys required to access the central computer. The invention, like the credit card reader of Mueller-Schloer U.S. Pat. No. 4,438,824, requires the addition of special hardware to the computer and the need for expensive protection keys. I do. Since the intruder can use another terminal at another place, locking the terminal does not prevent the intruder from illegally accessing the public network.

[0006]

SUMMARY OF THE INVENTION

It is an object of the present invention to provide a practical and effective protection system for secure remote terminals or terminal emulation or for secure computer access to a host computer. This is due to the use of a very large database of very long passwords and / or identification keys, ie the use of CD-ROM disks or other portable mass storage media storing databases of identification keys, long identification keys or combinations thereof. Achieved by The following description of the present invention is a CD-ROM
Although described in connection with a disc, other portable storage media, such as Zip
Disk, floppy disk, digital multipurpose disk (DVD disk),
Also considered are Bernoulli disks, portable hard disks (eg, PCMCIA hard disks), and portable semiconductor memory devices (eg, PCMCIA memory devices). The authentication system further includes a portable mass storage media reader and a remote terminal having a connector, and also includes a communication device and a system for connecting the remote terminal to a host computer having a mass storage medium.

[0007] In certain applications, where a selective protection or user function is imprinted, a microprocessor or logic circuit can be added to the portable storage medium. Further, the system of the present invention can be incorporated into a portable electronic device.

According to the present invention, the novel protection system comprises one or more CD-ROMs, including inexpensive disks and hard disk drives or a hybrid redundant array thereof, storing a database of user identification keys, other Portable storage media and other storage device disks can be used.

The present invention also allows for encryption and other protection methods for authenticating a user's identity. In particular, the enhanced protection system requires the use of separate entry and exit codes at the start and end of each communication session, with multiple authentication codes during each session as required for super security. I do. The present invention also includes means for adding or identifying tags to hackers attempting to break into the new system, wherein the program means for adding or identifying the tags is on a portable storage medium or It can be imprinted on the central computer (server) or both of the system.

[00010]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE INVENTION

The new and improved protection system according to the present invention is provided with what is generally characterized as an "ultra-long identification key" for individual users. The identification key is embodied on an object, such as a CD-ROM disc, provided to authorized individual users. By the term "extremely long", an individual user code is defined as at least 20 characters or 20 digits (as passwords used by consumer credit cards and the like are usually understood to be 16 characters).
(Each takes 20 or 10 bytes). However, the use of a CD-ROM allows even a few hundred character password to be easily used.

In the following description, the use of a CD-ROM disc as a portable storage medium will be described, but the use of another portable storage medium instead of a CD-ROM is also included in the scope of the present invention. And

The first step of the new protection method is to generate a separate user access code for each and every target user. Intended users are those who are stored in or associated with a "home" server or base computer, and are about to be authorized to access databases, sources, information storage locations and networks that are desired to be protected. . The individual user access code is generated by an algorithm or a circuit or a combination thereof. The circuit can be optionally provided in a well-known manner for generating the encryption key code and in a separate means according to industry standards. According to the principles of the present invention, the individual access key code is "
It's "extremely long", of course too long and too cumbersome for individuals to drive into the system conveniently.

[0013] A central registry or other compilation of all personalized user access codes is set up and loaded into the terminal or server of the home or main computer, or the server acts as a protection mechanism. Selectively encrypted. In parallel with this development step of the protection system, the individual user access key codes are individually recorded, for example by a set of known types of optical recording devices for recording information on CD-ROM discs. Each disc is in the form of a "CD-ROM key" personalized for a particular end user (e.g., a catalog sales organization customer, a secret database user, a financial institution customer, etc.).

At this stage of the system configuration, a complete registry of “ultra-long” identification key codes stored on the server is included, providing physical access to individual users who are authorized to provide access to the database. The distribution of CD-ROM disk keys is included.

[0015] To provide legitimate access to a database or "authorized user" to a "transaction program", the user must provide a CD-ROM to his personal computer remote terminal equipped with a CD-ROM reader. Load the ROM disk and log on to the access program or user program (this can also be selectively recorded on a CD-ROM disk). The user program then transmits the user's individual access key code (which can be selectively encrypted) to the host computer or server via a communication network or telephone line network. These can perform a check of the user's access key against an appropriately programmed and stored registry of authorized individual user access key codes. The server program further includes the necessary steps. The step includes a step of prohibiting access to the server or the processing program by the transmitted access code that is not stored in the database of the authorized individual user access key code or terminating the attempt. The server program disconnects and informs the user that an unauthorized access key code has been sent.

Also, assuming that the CD-ROM disk is appropriate and has an approved access key code, the program on the host computer includes a step for allowing the user to access the program, thereby allowing the user to access the remote computer. Communication between the host servers is continued, and a session is started. As described below, a host computer program, a server program, and a user program can selectively encrypt a session using a user's encryption key. The user encryption key is also stored on the server database and on the CD-ROM disk of the individual user. Optional encryption can also include an encryption key stored on the user's CD-ROM disk key.

[0017] At this stage, the host server, which executes a process from the mere ordering of the product to the financial transaction or the research into the protected database, the user desires the result,
Access to a protected database or "protected server processing program" allows an authorized user to communicate through a personal computer that the user owns. Alternatively, another type of two-way communication occurs between a remote computer terminal and a host computer via a communication network or a telephone line network. A level of security previously unavailable to remote consumers communicating with a host computer is a CD-ROM
Provided by the new system uses a very long identification key which is typically stamped or stored on a "large key" in the form of a disk or the like. The very long identification key is checked and approved through a database of identification keys stored on a remote host computer or server.

Security can be enhanced by providing multiple keys or a database or table of keys (which can be a one-time encryption book of keys) on each user's CD-ROM disc. .

The user program provides keys either continuously or according to a preset pattern or algorithm or from a location requested by the server. The server requests keys consecutively or from any location, i.e. keys from any random sequence or other algorithm. It is important that one or more keys or keys can be provided by the user program or requested by the server at different times during the session process. As described below, the use of a one-time pad on a key ensures that the key is not sent twice, thereby allowing an intruder to gain access to the system by intercepting or decrypting the key. Can not.

In certain applications, the key generation algorithm is executed on the server itself or on the user's computer. In the latter case, means for preventing the generation of a double key is required (for example, in addition to a random number function in a key generation algorithm or a circuit, a double key performed every time a new key is added to the database). By checking the key).

Numerous other modifications will be readily apparent to those skilled in the art. In a preferred embodiment, each user issues a unique CD-ROM disc containing one or more unique identification keys. Individual users can use their own C
The D-ROM disc "key" is inserted into a computer connected to a host computer (also called a server) via a network or other communication device.
An access program on the CD-ROM "key" connects to the host computer and sends a unique identification key from the CD-ROM disk key to the host computer in encrypted form. A security authentication program stored on the server decrypts the identification key and compares the identification key with an identification key from a user identification key database located on a mass storage device connected to the host computer to identify the user's identity. Prove identity. The host computer or user access program may include a program or routine that requires the user to enter a password. When the identification key matches the identification key in the user identification key database of the host computer and the user enters a formal password, the host computer grants the user access through the program.

The host computer (server) can be further programmed to request or call the user's remote access terminal program for re-authentication at regular time intervals during the communication session. Or
The user's program can perform such re-authentication, and the host computer can be programmed to require this re-authentication. This helps to protect against hackers who obtain an identification key to make a connection to the host computer or steal or steal the user's connection. Unless the hacker owns the user's own CD-ROM "key", unauthorized access cannot be used for longer than the required re-authentication interval. Means for ensuring that an intercepted identification key or message cannot be reused by an intruder will be described below.

Similarly, it is also possible to program a user's program or a host computer (server) to request or call for re-authentication at regular time intervals during a communication session. Alternatively, the server program
Such re-authentication can be performed, and the user program can be programmed to require this re-authentication. This helps defend against hackers impersonating the host computer. Alternatively, the host computer and the remote access terminal program may be configured to periodically request or expect an identification key from each other.

Note that such re-authentication can be selectively requested at each critical time of a communication session, for example, when processing is completed or when a database is accessed. Such re-authentication may be required before the operation starts, or may be required afterwards to validate the operation.

In order to ensure that an intercepted identification key or message is not reused by an intruder, the use of a plurality of mutually different identification keys or the encryption of the identification key or message, ideally eg identification A defense method including a time-dependent means such as combining a key with date and time information and subsequently encrypting the key has been developed.

Another method of authenticating the user to the host computer using the identification key and authenticating the user to the host computer is to exchange the identification key one digit at a time. In a typical implementation of the method, the user's access program (executed on the user's terminal or computer) sends the first digit of the identification key to the host computer. The host computer determines whether the transmitted digit is correct. If the digit is valid, the host computer sends the first digit of the identification key to the user's terminal or computer. The user's access program determines whether the digits returned by the host are correct. This process is continued until one of the user program and the host computer completes transmission of all digits of the identification key, or until the host computer or the user's access program receives an incorrect digit.

Hackers mimicking the host computer or the user's terminal or computer often make the first digit mistake. Then, the hacker only obtains one digit of the user password or the password of the host computer. Thus, this technique provides selective security against "man in the middle" attempting to gain unauthorized access to a user or host password. It is also possible to exchange several digits of the identification key for each repetition.

While individual identification keys have been considered, in certain applications it is also possible to share some of those identification keys for each class or subclass of user.

According to another embodiment, the host computer is programmed to send the encryption key to the remote terminal. A terminal program executed on the remote terminal is used to encrypt an identification key on a CD-ROM disc. Next, the encrypted identification key is transmitted to the host computer for confirmation.
If the encryption means is a public key encryption algorithm using a sufficiently long key, it becomes very difficult for a third party to extract the decrypted identification key. A variation of this method is that some of the encryption keys are included in the user's CD-ROM "key" while others are transmitted from the host computer. The host computer always has access to a complete database of all encryption and identification keys.
Without the CD-ROM or part of the encryption key from the host computer, the remote terminal program cannot decrypt the message. If the encryption key from the host computer changes over time, is chosen randomly, or is unique for each user session, the user's computer will use the same encrypted identification key. Transmitting twice will result in virtually no transmission.

The remote terminal program can inflate the identification key with any or invalid or meaningless prefix or suffix or intermediate character. To ensure that the same identification key is not transmitted twice, the encryption algorithm preferably has good spreadability (the encryption of text encrypted by any character change in simple text). Change many or all characters). The padding is preferably specified by the host computer, so that the previously used encrypted identification key is not repeated.

This inflation can be changed over time in a predetermined manner.
For example, the padding can be a date and time. The host computer checks whether the padding is correct based on the date and time. The padding can also be changed for each logon. Further, the user ID or user number can be inflated as described above.

According to another embodiment, the encryption key is included on the user's CD-ROM,
Never sent. The remote terminal program inflates the identification key as described above. The host computer is programmed to check the encryption key for a user-required identity in a database of stored encryption and identification keys. The host computer decrypts the unique identification key, removes the padding, and compares the decrypted key with a key retrieved from the host computer database to confirm the user's identity. Again,
If the encryption algorithm has good spreading properties, the added characters will surely prevent the user's computer from sending the same identification key twice.

According to another embodiment, the central server selects the current encryption key from a table on the user's CD-ROM. A copy of the table resides on a central server. This prevents transmission of the encryption key over the connection. What is sent is which entry in the key table was used, not the encryption key itself.

According to another embodiment, the remote terminal sends a simple text or an encrypted user ID or an identification key from an identification key database on the user's CD-ROM key to the host computer. The second encrypted identification key is
Sent from the remote terminal to the host computer. The first identification key is used by the host computer to look up a unique encryption key for the user. The second identification key is decrypted using a unique encryption key and a user-identified self-identity. If the decrypted identification key is legitimate, the identity requested by the user is confirmed. Since both the remote terminal and the host computer have locally stored encryption keys, no encryption keys are transmitted.

Further, other parts of the transmission or the entire transmission or session may be stored on the user's CD-R
The encryption can be performed using the unique encryption key for each user on the OM. Once the server recognizes the user's identity, the server does not need to look up its own tables and send keys between the user and the server. Also in this case, a technique such as inflating is generally used. This embodiment not only provides selective security but also allows the host computer to securely authenticate to the remote terminal program. The "impersonation" server does not have a database of the user's encryption keys, and therefore cannot decrypt the remote terminal's messages and therefore cannot respond to multiple remote terminals.

A one-time encryption book stored in both the user's CD-ROM disk key and the host computer is used as an encryption means or as a key for encrypting the user's identification key. Provide selective security. The host computer can be programmed to look up the one-time cipher book in the one-time cipher book database based on the self-identity requested by the user after receiving the encrypted identification key. After decrypting the identification key, the host computer authenticates the user's identity.

Further, the one-time encryption book of one and only identification key is stored in each user's CD-ROM key disk. The central server always requests a new key and verifies the new key by copying the one-time cryptobook of the user with the owning ID key. The central server keeps the one-time use of the cipherbook information and prevents its reuse. The user's portable storage medium is writable and software or access software, usage records or tables of the user terminal are kept on the portable storage medium or the user overwrites the used keys. If the user accesses the server from only one terminal, the user maintains a usage record or table on the user terminal, for example, on a hard disk.

Preferably, the usage record is kept both on the central server and on the user's portable storage medium or terminal, and a discrepancy between the user's portable storage medium or terminal and the usage record on the central server is determined by a third party. This indicates that unauthorized access was attempted.
Such a mismatch indicates that either the user program or the server has attempted to use a one-time encryption book key or a one-time encryption book entry already used by the server or user program. Such inconsistencies can also result in an out-of-sequence or other `` out-of-sync episode '' of a key or one-time cryptobook entry. It can also be shown.

The one-off cipherbook arrangement also prevents the same user's authentication key or message from being sent twice. Further, the one-time encryption book can be used to encrypt other important information to be transmitted. For example, suppose that a 250 kilobyte user-specific one-time encryption book is used to encrypt a user's credit card number (eg, simultaneously with a consumer catalog) and one byte is used to encrypt each digit. , 16-digit credit card numbers use 16 bytes of a 250-kilobyte one-time encryption book. Assuming a user does 10 tasks a day, a 250-kilobyte one-time cipherbook can be used up in four years.

For any of the above identification techniques, the terminal program and the host computer are programmed to require the user to enter (via a keyboard) a previously specified password. Password is CD-ROM or user ID
Is compared with the user password stored in the host computer.

All of the encryption methods described above are used for encrypting important information to be transmitted. As can be readily appreciated, all of the above-described authentication methods can also be used to revoke authentication of a host computer to a remote terminal.

[0042] The most secure encryption techniques, such as public key encryption, process 1000 times longer than more routine encryption methods, unless a dedicated processor for special algorithms is added to the user's computer. Can be done. One way to speed up is to use the most secure means of encrypting only the most sensitive parts of the transmission, and use a faster encryption method for less important parts of the transmission. To use. Since the CD-ROM has a large capacity and a high speed, the database of the encryption key for each encryption method and the host computer can be easily stored and accessed. Portions of the communication that are common and do not require protection can be transmitted as simple text. Repetitive text or graphics that all users can see are selectively stored on a CD-ROM, reducing the amount of information transmitted from the host computer to the remote terminal.

A special encryption device can be attached to the host computer to facilitate encryption and decryption of the transmitted data. Since the host computer is likely to serve a large number of users, the encryption device becomes very economical when amortized by a large number of users. The cost of having a very large key and key database is the cost of the space on the CD-ROM that is not available for other information and the space required to store these keys on the host computer. . Since the cost of creating a CD-ROM disc is low,
The use of is very economical. Therefore, the new authentication system of the present invention is more economical and more effective than the conventional system.

Further. The user's CD-ROM key according to the present invention may store different identification keys or tables or databases of identification keys used by various servers or providing different databases or any individual server. For example, several catalogs from different vendors can be
In applications where the D-ROM key is stored or the CD-ROM key is accessed, a different database of identification and encryption keys is assigned to provide access to each vendor's host computer or database. . Also, the user's CD-ROM key according to the present invention includes different identification keys or a database of tables or identification keys that provide different levels of access to one or more host computers. Alternatively, the host computer gives different access privileges to different users. For example, in the case of a corporate network, the president's CD-ROM key has maximum access to all information on the host computer, while the employee's CD-ROM key has access only to specific data. Is limited. Similarly, in consumer applications, different consumers have different credit limits. The required privilege or level of privilege is encoded on the CD-ROM and is preferably contained on a host computer database.

Obviously, a single authentication server or a set of authentication servers is used for legitimate access to many other servers, many databases or services. In this case, what authority is given to the given user can be stored separately in the user's portable storage medium (for example, the user's CD-ROM disk) or the central computer or both. Are typically maintained on a single server or set of servers to facilitate updates.

When the user program contacts another server directly, the other server can access a single server or a set of servers to obtain authentication. A user program can access other servers via a single server or a set of servers (eg, the server function that authorizes the authority is performed by the server of the Internet service provider).

If a single server or a set of servers authorizes access to another server or a different database or server, the new server or database or service simply determines what privileges are granted to the user. By updating the table, the authority of a predetermined user can be given.
However, if the user's portable storage medium is writable, the authority table on the portable storage medium can be updated in a similar manner. Thus, a user can use an existing CD-ROM or other portable storage medium to access a new server, database or service.

Also, preferably, rather than requesting access to a central server or a similar set of servers, if a different host computer grants access, a new server, database or existing key to an existing CD-ROM key may be used. It can also be used to access services. Therefore, each CD-ROM
The disc contains an identification key or a database of tables or identification keys not assigned to any server, database or service. These will be at a later date. Allocated new servers, computers, programs, databases, information functions or services. This configuration avoids having to distribute a new CD-ROM each time a new server is added.

Information about the new server, database or service, such as name, network address and telephone number, is assigned to the new server on the CD-ROM disc and added to the user's access program with identification of the key database. This information may be stored (in encrypted or unencrypted form) on an update floppy disk or other portable storage medium, sent to a bulletin board or server, or by a remote terminal access program during a subsequent communication session. Updated automatically. Such information is generally the same for all users who have been granted access to the new server.

When the user key is on a writable portable storage medium, the update information is generally written directly to the portable storage medium.

If the portable storage medium is not writable, such as a conventional CD-ROM disc, the user's access program will typically store the update information for the new server in a small file on the user's hard disk. Store. If the user has a writable CD-ROM drive, the information can be stored on a CD-ROM drive.
It can be added to a ROM disk key. If the information about each server consists of 50 characters or less, at least 100 new server information can be stored in a 10 kilobyte disk file. A file that is a few megabytes in size gives a short description of each server.

As a result, the new server has an updated CD distributed to all users
-Will be included in the ROM disk key. Databases and services for information, transactions or promotions are all for ever increasing commercial interests. Access is controlled, verified and tabulated by the CD-ROM key of the present invention. In addition, individual CD-ROM disks are provided with all or some of these databases. Portions of the database that do not change often are encoded and stored on the user's CD-ROM disc and updated each time the correct disc is adjusted;
Stored on server.

The response speed of the user authentication system is increased when the accessed server or host computer initiates a communication session in parallel with checking the identification key from the user program against a database of identification keys of authorized users. This is advantageous when the response time of the key database is slow, for example during peak usage hours. Also, the server or host computer accessed is
As noted above, it is advantageous when it takes time to contact another server or set of servers to check the database or gain authority.

Such a case is advantageous in a host computer accessed to execute a fast key check algorithm to check if the user identification key is a legitimate key. In some applications, the accessed server can use this validity check, in which case temporary or restricted access is granted until the identification key check results against the database .

Further, in some applications, a process that is temporarily started when the host computer receives a legitimate identification key is permitted, but the process is performed when the ID is confirmed in the server database. Can only be completed. As a result, the responsiveness to the user is further improved, and the demand for high-speed storage means is eased. For example, a credit card transaction starts when a legitimate ID is received, but until the ID database is checked and approved,
Cannot be completed.

In one such key checking technique, a CD-ROM key according to the present invention has both an unencrypted version and an encrypted version of one or more identification keys. The encryption is performed using a key before or at the time the disc is written, and the encryption method is performed using an encryption means that is transparent to the user and completely transparent to the user. . For the purpose of user authentication, the host computer with the key can be programmed to require both an unencrypted version of the identification key and an encrypted version of the key. In that case, the encrypted version of the key is decrypted and compared to the unencrypted version. If the two keys are the same, the user identification key is almost certainly a legitimate key. For example, if the encryption is the inverse of long key public key encryption, the public key is kept only on the host computer (the reverse or private key is kept only by the disc creator). The intruder must generate a fake identification key corresponding to the encrypted version that requires a reverse or private key. Because the server does not have a private key. It is impossible to forge to create a new fake user identification key even if the server is accessed illegally. Therefore, it is impossible to forge a legitimate user identification number.

A further security measure involves concatenating the encrypted version of the identification key after the unencrypted version to form a single long key. It is also possible for the final key to consist of two encrypted keys, a non-encrypted key. Still further, the final key can be a function of both the unencrypted version and the truncated encryption function of the parity or other unencrypted version.

Such a key validity checking algorithm helps protect user disks or portable storage media from forgery or counterfeiting. They do not protect against the use of stolen user disks or portable storage media to gain access to temporary or restricted servers.

One of the ways to help protect against the use of stolen user disks or portable storage media to gain access to at least provisional or restricted servers in the above systems is to use known stolen theft. Providing a list of keys to each server, the database is much smaller and can be checked more quickly than a complete database of user keys.

Unlike a human user, the computer does not make mistakes when entering the identification key. Thus, unless line confusion is indicated, the preferred software implementation is to disconnect from a single attempt with all the incorrect CD-ROM keys. This quickly rejects attempts by hackers and other offenders, and prevents the system from becoming involved in their unauthorized attempts. Disconnecting after a single enforcement makes it impossible for a hacker to try multiple identification keys at high speed.

The host computer's database of user identification keys is well protected from attempts to steal or copy it. Regardless, it would be advantageous to better protect the host computer's database of user identification keys or user access keys from attempts to steal or copy it to prevent forgery or counterfeiting of a user's own CD-ROM. . Accordingly, the server database of the preferred embodiment of the present invention stores an encrypted or inverted version of the user identification key. The server according to the present invention uses a trapdoor authentication algorithm, which stores the user ID or access key taken from the incoming data stream with respect to the identity claimed by the user with the inverted version in the database owned by the server. Compare. The trapdoor authentication algorithm performs authentication only if or if the encrypted identification key in the server's database is the same as the embedded or encrypted identification key in the incoming data stream. . The trapdoor authentication algorithm is not practical to use to recover the actual identification key from the encrypted key in the host computer's database. Since the server's database does not have an actual identification key, trapdoor authentication does not help in reducing their playback time; simply owning the host computer's database is Insufficient for key playback. Therefore, by stealing or copying the database of the identification key of the host computer, the user's CD-ROM access key disk cannot be disguised, and the thief cannot access even the authorized user.

The trap door authentication algorithm is implemented in the following manner. When creating the user's CD-ROM and the database of the host computer, the user's unique identification key is encrypted with a long key code that is difficult to decipher. The encrypted key is copied to a database on the host computer and the unencrypted identification key is written to the user's CD-ROM key. In use,
The host computer recovers the identification key from the data stream coming from the user, encrypts it by the same means used to encrypt the data verse, and compares the encrypted key with the database entry for the user. If the keys are the same, the user is authenticated and access is granted.

Another class of trapdoor authentication algorithms transitions directly from the encrypted version of the password embedded in the data stream from the user to another encrypted version in the server's database. Thus, the unencrypted version of the password will not leave the server and will not be stolen or recorded by malicious programs or viruses on the server.

In yet another embodiment, each CD-ROM key is provided with multiple databases of identification and encryption keys. Server or host computer
It is programmed to use or access only one database. A copy of another database on the user CD-ROM is stored in the vault. If the host computer's identification key is stolen, the host computer simply loads one of the user databases from the vault and uses the new identification key.
Since the user already has a new key database on the CD-ROM, there is no need to distribute the new CD-ROM to all users, and the thief is locked out of the host computer. Further, if a portion of the server's database is copied or stolen, only a portion of the database needs to be changed, and only the corresponding user CD-ROM disc requires the use of another identifying database.

In one embodiment, rather than simply requesting a previously used key, the server requests a new or different key from the user program, and the user program can access the user's CD-ROM key or portable storage device. Access another location on the media. If the user has a separate database or one-time key book of the key, the user program accesses the user's CD-ROM key or another database on the portable storage medium. The server also sends a re-authentication code to access all keys or a database of keys or a one-time cryptobook of keys.

Preferably, a protection means is used which causes the user's computer to use another database of identification keys on the CD-ROM. All the above mentioned authentication algorithms are used for this purpose. One technique for a server to encrypt with a private key is a message with a time-dependent pad. CD-RO
The user program on M uses the public key stored on the CD-ROM to decrypt the message, check if the time-dependent pad is legitimate, and change the user ID or identification key database. Switch.
The private key and the surrogate database are provided to the host computer at the same time.

The host computer is provided with a plurality of databases that require a special combination to access all identification keys. For example, according to one embodiment, one database has a one-time encryption book and the other database has a database of identification keys encrypted using the one-time encryption book. A thief who has stolen or copied only one database cannot regenerate any keys.

In a corporate application, the user's CD-ROM key is used exclusively or mainly on a company-owned computer, and changes to other user IDs require that the word be stored in a small file on the hard disk. Permanent by recording. When the files on all the computers in the enterprise have changed, the change is complete.
This can be done at each user's next logon.

In the next execution, the host computer can use an array of inexpensive CD-ROM drivers to store the identification key database. This new C
The advantage of the D-ROM array approach is that the cost per megabyte is less than the cost of a magnetic disk drive, and in most cases the failure of the driver does not impair the recorded data. You can simply turn the CD-ROM disk into another driver. Further, there is the security advantage that the written data is in durable form.

Occasional delays in processing are acceptable, so backup data used to store data or to store user keys or user key tables or parts of the database that are not yet needed or A magnetic tape can be arbitrarily used as the redundant storage means. Secondly, the storage means has a faster storage means (e.g. a CD-ROM disk or hard disk driver) for storing data needed in the near future, and a larger capacity for storing keys which are not yet needed. It consists of low-speed storage means (magnetic tape) having low cost.

The user's CD-ROM disk can be configured to include a network access program, an encryption routine, and other data and programs useful to the user.

A portable mass storage medium can be configured to include a read-only portion and a read / write portion, which is a portion that can be read many times by writing once or a portion that can be read many times by writing several times. (For a CD-ROM disc having a writable portion, see and illustrate, for example, U.S. Patent Nos. 5,287,335 and 5,206,063, which are disclosed and incorporated herein by reference. (See disclosed disc.) Generally, the read-only portion is the program or information common to many users, such as network access programs and / or encryption routines and / or other data useful to many users. Alternatively, a configuration including a program can be adopted. For example, in a consumer application, the read-only portion may include catalogs, advertisements, or other market information. In general, the part that can be read or written, or that can be read a lot once, contains a unique user access key code, a unique user encryption key (if used), and other information unique to a particular user. Can be.

In the execution of the CD-ROM, it is possible to quickly and economically write the read-only portion of the user disk by pressing. The individualized parts, typically those that can be read a lot once written, are then quickly recorded on a suitable recording CD-ROM drive. This approach can be advantageous in a variety of high volume applications.

If the user's portable storage medium key according to the invention is rewritable, the medium may be “recharged” with a new key. Examples of such media keys include semiconductor memory devices or cards, and writable CD-Rs.
There are an OM disk and a floppy disk. In one implementation, a user key consisting of a portable storage medium having less capacity can be "recharged" from another user key consisting of a larger capacity portable storage medium. For example, a user's memory card key can be recharged from the user's CD-ROM key. Yet another variation is an exchange program that recharges with a new supply of keys or replaces a user's depleted portable storage medium for a new storage medium. Other methods will be readily apparent to one skilled in the art. Using conventional means of authentication or any of the means of the present invention,
Only the appropriate user with the appropriate storage key can recharge it.

Further, the portable storage medium key of the present invention can be used for a credit or debit disk,
Alternatively, in a case where it can be used as a unit or a card, it can be configured to be recharged with additional funds or the like. Further, for example, if the card or portable storage medium is used in a device that does not contact the server of the protection system of the present invention, for example, a device that is not connected to a network, the processing information may be used as an authentication or for subsequent download. Can be logged on to the portable storage medium.

Further, the present invention can be configured to be incorporated in a portable electronic device. The portable electronic device may have a portable storage medium for storing a very long identification key and / or a database of identification keys. The microprocessor and / or logic circuit may be configured to be incorporated into a portable electronic device, as will be described below for the microprocessor. In many forms of memory ICs, simple microprocessors can be formed on the same IC at low or minimal cost. If the portable storage medium is a portable hard disk drive, the microprocessor or logic functions can be performed, typically by adding additional code or programming to the microprocessor already present in the hard disk driver. In this case as well, the cost is very small as before.

A microprocessor can provide selective protection. further,
Any protection functions we have described as being performed by a user terminal program or user access program running on the user's terminal or PC can be performed, and these functions can be offloaded from the user's PC to increase speed. These functions can be enhanced or the software simplified, or these functions can be performed to provide selective assurance that, for example, rogue programs or viruses on the user's PC will not be compromised.

Conversely, any task described herein as being performed by a microprocessor and / or clock of a portable electronic device can be configured to be accomplished by a microprocessor and / or a clock of a remote terminal. .

In addition, the microprocessor can be programmed to “recharge” the storage medium with the new key, which can include appropriate protection measures. Further, the microprocessor can be programmed to write processing information according to the above, eg, for stand-alone use when a user uses a portable electronic device to process a transaction without access to a PC. . In many implementations of such portable electronic devices, a microprocessor is used to prevent unauthorized individuals or software from accessing, copying or using the identification key on the portable storage medium. Selective protection can be provided.

For example, the microprocessor can be programmed to require a password from the user whenever the user attempts to access the identification key on the portable storage medium. To access the identification key on a portable storage medium,
The user must enter his or her appropriate user identification password. The user may be configured to input a password via the keypad of the remote terminal or the portable storage medium.

The microprocessor may be configured to deny access to the identification key on the portable storage medium for a specified period if several incorrect user passwords are typed in succession. For example, if three incorrect user identification passwords are successively typed, access to the identification key of the portable storage medium can be stopped for one hour.

Further, the portable electronic device can be configured to have a clock. For example, a clock can be used to determine when the microprocessor denies access to the portable storage medium as described above. Alternatively, the time of rejection can be determined by a software timing loop or by matching the running time of each (known) execution time of the function performed by the microprocessor. Clock circuits are inexpensive and use a small amount of power. A small wristwatch battery or the like can easily supply power to the clock circuit for many years. If the portable storage medium is a semiconductor memory, the clock circuit can be easily integrated on the same IC as the memory and the microprocessor.

In addition, or in the alternative, the microprocessor may be configured to disable access to the portable storage medium if a plurality of incorrect user passwords are typed consecutively. . For example, the microprocessor can revoke access when ten incorrect user passwords are typed in a row. Re-enabling the device requires human intervention from a central server, or the provision of a special password, or the removal of the contents of the portable storage medium.

Additionally or alternatively, the microprocessor may be configured to limit the number of passwords at a specified time or a one-time encryption book entry previously accessed from a portable storage device. . This can prevent the identification key stored in the portable storage medium from being quickly copied. In this case as well, a timing function such as a clock or a software timing loop or a running time running meter is required. For example, the microprocessor may be programmed to limit the number of identification keys in a predetermined number of seconds, minutes, hours, or days, or a one-time encryption book entry accessed from a portable storage device. Can be. Alternatively, the microprocessor can prevent access to the identification key or one-time encryption book entry at a faster rate than is used by the user's terminal program, or the remote terminal can It is possible to prevent one-time access to the cipher book entry at a speed higher than the maximum transmission speed between the computers. Other desirable speed limits will be readily apparent to those skilled in the art.

Alternatively, or in addition, the microprocessor may be configured to output a time-dependent identification key or a one-time cryptobook entry, etc .; (Including) a time mechanism and a number determined by the contents of the portable storage device. For example, the storage or key accessed is determined by a time-of-day clock rather than the storage or key accessed in a sequential order;
Select the appropriate number or key from the portable storage medium based on the current time. If necessary, the microprocessor can be configured to combine the entries accessed from the portable storage medium with the timing mechanism information. For example, a key may be added or bound so that the result encrypted by the microprocessor is sent from the portable storage device. Other time-dependent key techniques will be readily apparent to those skilled in the art. In some time-dependent technology, the host computer (server) can be configured accordingly, so that the result can be expected to be used as an identification key or encryption means; Is available only at the time it was obtained.

Time-dependent key technology can be used on any portable storage medium to produce a key that is only valid at the time of manufacture; if the portable storage medium does not have its own microprocessor, The algorithm described above or a similar algorithm can be executed on the processor of the user's terminal or PC. Also,
Time-dependent key technology can be used on the host computer or server; the above-described or similar algorithms are implemented by a server or external microprocessor associated with the key storage as much as possible. Thus, the time-dependent key technique described above can be activated as opposed to authenticating the server to the user in addition to authenticating the user to the server.

[0087] Still or alternatively, the microprocessor may be configured to access the portable storage medium only when the user terminal is running on the user's machine. For example, a microprocessor (which incorporates clocking information whenever possible) may require an access protocol or password.

[0088] Still or alternatively, the microprocessor may be programmed to access the portable storage medium only when the user terminal is accessing the host computer. In addition to restrictive access to the portable storage medium to justify the request, this authentication function can be made available to the user terminal program.

There are many ways to connect peripheral devices or electronic storage media to terminals or computers. Accordingly, a portable electronic storage medium or device in accordance with the principles of the present invention may further comprise a PCMCIA interface, or a serial port, or a parallel port, or a SCSI port, or a "fireline" port, or an infrared link, or a wireless link. Or it may be configured with a "memory reader", or other port, or communication means capable of passing information and receiving information from a user terminal or computer. For portable electronic devices or storage media that communicate with a remote terminal via an infrared or wireless link, the transmission between the portable electronic device and the remote terminal is preferably encrypted. In addition, the processor and / or logic circuit of the portable electronic device can be arbitrarily configured to handle communication with a user's computer or PC.

In another embodiment, the portable electronic device may be used to identify which identification keys and / or one-time cryptobook entries, etc., have been previously accessed, and thus possibly used, rather than the user's terminal program. Configuration or access to software that performs this function. When the portable storage medium is rewritable, it is possible to adopt a configuration in which an identification key, a one-time encryption book entry or the like is overwritten on a once used one. Alternatively, when the portable storage medium is rewritable, the usage record, table or list can be managed. Alternatively, for example, if the portable storage medium is read-only, the portable storage medium may further include a second writable portable storage medium for managing usage records, tables or lists there. Configuration. This prevents the identification key or the one-time entry of the encryption book from being used more than once.

The usage record can be alternatively managed by a server or a host computer. It is desirable to maintain usage records at both locations, and any inconsistency between usage records on the user's portable storage media and usage records on the server indicates that a third party has attempted to gain unauthorized access. . Again, such fraud attempts to use a one-time encryption book key or one-time encryption book entry already used by the server or user program in the user program or server, respectively. The configuration shown by the above can be adopted. Also, such fraud may be indicated by attempting to use keys, or out-of-synch episodes, or other out-of-synch episodes. it can.

What indicates that an attempt has been made to illegally access and use the contents of the storage medium, or that an attempt has been made to gain unauthorized access to the server, or whether the user has forged the server. Alternatively, the portable electronic device or user program, or the server, may detect a forgery of the user against the server or an indication of a "man in the middle attack" by the portable electronic device or the user program. . Such suggestive cases include those described above. For example, repeated incorrect passwords typed by the user, attempts to access extra keys from portable storage media, later attempts to use time-sensitive keys, Failed to authenticate the user to the server or to authenticate the server to the user, the one-time password or other "not synchronized" (out-of- synch) Includes attempts to reuse episodes. Further, an attempt to use a known stolen user key or an invalid or forged user key indicates an attack as a usage pattern that suggests that the user key may have been stolen. In one implementation, one or both may be configured to connect to or otherwise notify the server if an incident is detected by the portable electronic device or user program. If the incident is detected by the server, the server may be configured to program to connect to the portable electronic device or user program.

Procedures for handling suspicious attacks include, but are not limited to, blocking access to a portable storage medium or device during a set time, a portable storage device or device. Disable access to the unit or device (especially if the incident indicates that the unit or device was stolen), during a set time or until the situation is analyzed (eg, by a server operator). This includes blocking the user's access to the server, notifying the true user (e.g., by email or telephone to the true user), or notifying the server operator.

[0094] In another embodiment, a portable electronic device comprises a portable storage medium, a microprocessor, and a modem. The microprocessor may be configured to process an authentication protocol for the server. Further, the microprocessor may be configured to process all encryption of information transmitted by the remote terminal via the modem and decrypt all information received from the host computer by the remote terminal via the modem. it can. Also, by having a modem, a user can perform a stand-alone process via a network, and a microprocessor is provided so that if the user does not access a normal terminal or PC, the user does not download later. Can be programmed.

There are various alternative techniques and embodiments according to the present invention that can be implemented using a CD-ROM key as described above, or other portable storage media key, or a portable electronic device key.

For example, in another embodiment of the present invention, the host computer (server) can be configured to request the identification key from an arbitrary allocation location on the user's CD-ROM or portable storage medium. . The remote terminal or portable electronic device can read the identification key from the appropriate allocation location on the storage medium and transmit it to the host computer.

In the most preferred embodiment, the protection system employs the use of “double-sided” key technology, including the use of separate entry and exit keys at the beginning and end of the communication session, respectively. In need of. In this method, the remote terminal program (or portable electronic device) transmits the identification key to the host computer (server) at the beginning of the communication session, and authenticates the access itself for access. The remote terminal (or portable electronic device) transmits a second identification key to the server at the end of the communication session; generally this can be used to validate the session. For example, the server is programmed to not process information transmitted if both identification keys are incorrect; for example, at a processing device, the user's process is received by the server during a session, but a valid exit key Will not be accepted or validated or processed until it is received or received at the end of the session. Thus, the first key functions to authorize provisional access and the second key functions to grant final authority for processing.

To authenticate the server to the user's terminal program (or portable electronic device), the server transmits a separate entry and exit key to the user in a similar manner directly; The exchange of identification keys between the user program and the server occurs mainly at both the beginning and end of the communication session. Further, the identification key can be time dependent, for example, using the techniques described above.

By authenticating the user and server to each other at the beginning and end of the session, attempts to simply “hijack” the communication session are prevented. However, attempts to insert information or delete information from other valid sessions are not prevented. In addition, the use of time-dependent identification keys imposes the constraint that any tampering must take place in real time, such as by using "dispute arbitrator" technology to obtain valid entry and exit keys. Attempts to do so are blocked. In order to maximize protection, an authentication means for authenticating such an entire session or at least a significant part of the session, such as processing information or processing requests, should always be included.

In order to authenticate a session or an important part thereof, the session or an important part thereof may be encrypted. Record-breaking encryption techniques serve to authenticate the encrypted message or information. Thus, for example,
Encrypting a significant portion of the session using a portable storage medium key and a one-time encryption book stored on a central server authenticates the information. Another technique for authenticating a session or a significant part thereof is to use means to calculate one or more checksums or check functions (hereinafter referred to as check functions), and (a) check It is difficult or impossible to forge the function, and (b) it is difficult or impossible to form a fake message having the same check function as the legitimate message intercepted.

In a two-sided key technology, such key functions can be included in or combined with the end-of-session key described above. The end-of-session key not only authenticates the user or server, but also authenticates the contents of the session. For example, if the check function from the user to the server includes the processing information from the user, the processing information is authenticated;
If they also contain relevant information from the server, authenticate them as well; confirm that the user has received the message sent by the server. Further, if the check function includes the entire session, the entire session is authenticated. If the check function has a time function, the time function is similarly authenticated.

Since it is preferable to combine the check function with the end-of-session key using a combination function with good “spreading”, the attacker cannot separate the check function from the end-of-session key and Attack separately. For example, simply adding a check function (without or with carry) to the end-of-session key cannot be overridden by an attacker if the latter was a one-time keybook . Other techniques include encrypting the combination of the two using a convolution or encryption algorithm with good spreading.

It is preferred that the combination function have good “spreading” so that some bits contain only passwords, some bits contain only checksums, It is impossible for a hacker to discover that the bits only contain time-of-day clock information, and a combination function with good spreading will help to change their frequency at the same time. Good spread can be achieved simply by adding checksums or functions to some or all of the exit signs, or by using other algorithms that include or include them, or mix information. Further, another means can be configured to encrypt the two with an encryption function having good spreading.

There are many different ways to calculate a check function that is difficult to forge, and a fake message with a given check function is also difficult to forge, and likewise the same check function as the intercepted message The fake message having the following is difficult to forge. For example, it can be configured to assign different parts or characters or fragments of different weight transmissions; for example, depending on keys or random numbers from portable storage media or from a server.

There are various ways to combine the weight function with the message or its parts; one way is to add binary without doing it on a bit-by-bit basis; another way is to group and accumulate, or A method of grouping and adding, generally truncating higher order bits. Next, the results of these operations are summed. In general, the checksum or check function is the sum or, preferably, the low-order digits or bits of the sum.

Further, it is possible to use a changing unique or one-time weighting function.
For example, the range of the user's one-time encryption book (or another pad) is reserved for use as a weighting function, and the starting point and / or the order of entries are changed from session to session. One way to do this is to change the starting point or the order of the entries, or both, according to a number taken from a one-time encryption book or a number calculated from a server or user program or date and time information. It is. Since there are N orders in the set, the same pads are (optionally)
Can be reused with little risk (especially if only the sum of the lower bits is used as described above). Yet another way to calculate the check function is to encrypt the message locally and then check the function on the encrypted message
(checkfuntion).

Still further, the checksum and the check function may be combined or include date and time information or (preferably) a function calculated from the date and time information.

The double side key or password technique of the present invention can be used for keys or passwords from portable storage media or strings sent by algorithms or servers. For example, the double side key is implemented by an algorithm unique to each user, such as encrypting the date and time using a key unique to each user.

[0109] The second password can be obtained from the same database or circuit or algorithm as the first password, or from the same database or circuit or algorithm as the first password. It should be noted that a single portable storage medium, database, circuit or algorithm, or two or more algorithms or two or more passwords from two or more circuits or ICs can be used.

Also, instead of the second key or password, the key or password is divided, one part is transmitted at the start of the session, and the second part is transmitted at the end of the session.

The double-sided key technology reverses the key, and therefore implements the novel protection system of the present invention using a semiconductor memory key or a portable electronic device key with a semiconductor memory or has a limited capacity. Particularly suitable for other implementations using portable memory media.

In addition, any technique that detects and falsifies unauthorized intrusions, including system intrusions, theft of identification keys, and hijacking of communication sessions, can be combined with programs to keep attackers or intruders linked. To track the person's call and create a decoy session to identify and capture the person. A decoy session can be programmed to elicit selective information from an attacker or intruder, or his or her computer or intermediary server.

In addition, all portable storage means of the present invention, including portable electronic devices, store “cookies”, information packets or converting programs or “identifying viruses”.
On the attacker's computer to facilitate identification of a subsequent attacker or at least the computer he or she is using. Cookies and conversion programs are launched when an unauthorized attack is detected by any of the above methods. These programs are part of all user terminal programs or user access programs on the portable storage means, and need to operate the portable storage device. It is also part of all the software drivers needed for its access, or part of all the programs on our system (the only function of the "identifying virus" is Detection and identification, not a malicious virus, an identification virus is programmed to be executed only if queried or activated by a server, for example, and when a malicious attack is detected, The server places the cookie or convert program on the attacker's computer using means known to the public (conventional cookies are typically located on a central server and not on the user's computer).

Furthermore, it is possible to program the service provider's computer to launch such a cookie or conversion program when a fraudulent attack is detected, and a new security program will secure the service provider's service. Can be maintained. Cookies are requested and retrieved from other programs, Internet service providers or protected services that are routinely linked to the computer. Similarly, the convert program is launched and retrieved by other programs, Internet service providers or secured services that are routinely linked to the computer.

The conversion program includes means for capturing the true identity of the attacker, for example, if the attacker used it to access the Internet. These ID programs optionally include a name on the hacker's system, a software serial number, a hardware identifier or serial number, an account number, logon information (eg, not including a user name, but preferably including a password).
Detect identification information, such as, but not limited to, the owner's own or other number or character string associated with the owner or the user of the computer or the computer. If the conversion program runs properly when the attacker is linked to the server (eg, when the attacker is bound by the dummy session described above), the conversion program can immediately send information to the server.

In addition, the conversion program or identification program or “identifying virus” is generally a means of switching to a central or host computer to access and track calls, or “I am here! Includes means for sending the converted e-mail to the server along the line, such as "capturing", or other means for contacting a central or host computer.

Therefore, in the conversion program, the “hacker homing device” functions as an Internet staining marker similar to a bank staining marker.

Also, all such converting programs and cookies record special actions taken by the attacker, especially those that indicate criminal or intentional fraud. Alternatively, the entire unauthorized access attempt can be recorded. In addition, in view of the case where the hacker is using the legitimate user's machine, the system of the present invention has a means of recording the hacker's session and, in addition, other sessions immediately thereafter. (For example, when a hacker uses the user's legitimate machine for other purposes, such as sending email).

A particular advantage of the “identifying virus” method is that it is attached to an existing program and is not as separable as another file. Similarly, the tracking cookie of the present invention is attached to an existing cookie. Also, means for hiding a conversion program, cookies, and the like can be used. They can generate hidden files, behave like system or application files, or write "
Marking "unusable" (reversed when an attempt is made to read it)
, But is not limited thereto. The virus does not run outside of asking questions or other limited environments.

Further, such “cookies”, markers or programs can be set up on all intermediate servers. For example, this could mean that a server maintenance worker or operator would notify the Internet service provider that the service was tackled.

The means for protecting and controlling access to a host computer or server described herein may also be referred to as "not a host computer or server"
It may be performed by an auxiliary or special purpose processor or computer, such as a "firewall" processor, network processor, switching system, and the like.
An auxiliary or dedicated processor or computer reduces the processing load on the host computer because it eliminates the need for the host computer to perform authentication.

The CD-ROM or other portable storage medium provides access to, or access to, any processor with a program that has direct or indirect access to sufficient storage capacity to hold the required database of user key codes. Can be used. Indirect access comprises remote access via a network or access from another processor or memory system.

As will be readily apparent to those skilled in the art, a host computer, server, or database or transaction processing system implemented therein may be implemented by other computers or networks, databases, or transaction processing systems implemented or accessed thereon. Can be used for access control. The read-write and write-on sections generally store unique user access key codes and unique user encryption keys (if used) and other information unique to a particular user.

In a CD-ROM implementation, the read-only part of the user disk is quickly written and pressed economically. Generally, an individualizing unit composed of a write-once unit is quickly recorded on an appropriate recording CD-ROM drive. This method demonstrates advantages in a variety of high volume applications.

While the preferred embodiment has been described above, it will be readily apparent to one of ordinary skill in the art that other embodiments are possible in light of the appended claims. Therefore, reference should be made in determining the full scope of the invention.

[Brief description of the drawings]

FIG. 1 is a schematic diagram of a preferred embodiment showing the various steps required to implement the basic protection system of the present invention, the basic system itself being implemented for the implementation of the CD-ROM based basic system itself. Required hardware and software are indicated.

FIG. 2 is a schematic diagram of another embodiment including a double side key or password.

──────────────────────────────────────────────────続 き Continuation of front page (81) Designated country EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE ), AP (GH, GM, KE, LS, MW, SD, SZ, UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AL, AM, AT , AU, AZ, BB, BG, BR, BY, CA, CH, CN, CZ, DE, DK, EE, ES, FI, GB, GE, HU, IL, IS, JP, KE, KG, KP, KR, KZ, LK, LR, LS, LT, LU, LV, MD, MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, S , SG, SI, SK, TJ, TM, TR, TT, UA, UG, UZ, VN (72) Inventor Williams, Gareth United States of America, 11372, New York, Jackson Heights, 85th Street 35-11 F Term (reference) 5B085 AE03 AE09 AE12 AE13 BG07 5J104 AA07 EA03 KA01 KA04 NA02 NA05 PA07

Claims (11)

[Claims] 1. A method for providing secure access from a remote computer terminal to a database stored on a host computer or a server processing program, wherein a very long identification key code and / or a very large database of the identification key code is stored. A method for providing user identification and authentication using: (a) using a key generation algorithm to generate both individual or class specific user access key codes that can optionally include individual encryption keys; (B) generating one or more media access codes using a key generation algorithm; (c) generating a database or generated for a predetermined authorized user of a processing program of a server. The individual and class specific user access keys Performing an existing database update consisting of a set of codes, (d) a separate individual that is directly compatible with the remote computer terminal and can be easily inserted and ejected Recording individual and class-specific user access key codes and media access codes, along with optional individual encryption keys, on a portable storage medium; (e) separate for server acting as host computer; Loading or providing a complete registry or complement of generic and class-specific user access key codes, and selective individual encryption keys generated by a key generation algorithm; (f) for each authorized user Individual or class-specific access key code of the authorized user (G) providing an individual and class-specific access key code transmitted from a user's remote computer terminal via a telephone line network or a communication network to a regular access key; Comparing the stored set of codes to a stored set of codes, and permitting access to the processing program of the server when an exact match is obtained, while denying access by an incorrect access key code. (H) comparing the media access code entered by the user with the media access code stored in the portable storage medium for the user's remote computer, and if the two match exactly Individually on portable storage media Or providing a computer program including a step of allowing access to a class-specific access key code. (I) connecting to a server via a communication network or a telephone line network for a user's remote computer terminal; And transmitting an individual and class-specific access key code to the server using the remote computer terminal using a portable storage medium reader, to the server's processing database. Provide a program to gain access to
And (j) conducting a communication session between a user's remote terminal computer and said server via said telephone network or communication network. 2. A method for providing secure access from a remote computer terminal to a database stored on a host computer or a server processing program, wherein a very long identification key code and / or a very large database of the identification key code is provided. A method for providing user identification and authentication using: (a) using a key generation algorithm to generate both individual or class specific user access key codes that can optionally include individual encryption keys; (B) generating a database or updating an existing database consisting of the set of access key codes generated for a given authorized user of the processing program of the server; (c) Direct compatibility with remote computer terminals And recording the individual and class-specific user access key code, along with the optional individual encryption key, on a separate individual portable storage medium that can be easily inserted and ejected; (d) Load or provide the server acting as the host computer with a complete registry or complement of individual and class-specific user access key codes, and selective individual encryption keys generated by a key generation algorithm (E) providing, to each authorized user, a portable storage medium storing an individual or class-specific access key code of the authorized user; (f) a telephone line network or communication network Individual and class features sent from the user's remote computer terminal via Comparing the configured access key code against a stored set of legitimate access key codes, and permitting access to the processing program of the server when an exact match is obtained, while an unauthorized access key code (G) permitting a user's remote computer terminal to connect to the server via a communication network or a telephone line network, and individually Providing a program for transmitting an access key code specific and class specific to a server using the remote computer terminal using a reading device for a portable storage medium to obtain access to a processing database of the server To do,
And (h) conducting a communication session between a user's remote terminal computer and the server via the telephone line network or communication network. 3. A method for providing secure access from a remote computer terminal to a database stored on a host computer or a server processing program, wherein a very long identification key code and / or a very large database of the identification key code is stored. A method for providing user identification and authentication using: (a) using a key generation algorithm to generate both individual or class specific user access key codes that can optionally include individual encryption keys; (B) generating a database or updating an existing database consisting of the set of access key codes generated for a given authorized user of the processing program of the server; (c) Direct compatibility with remote computer terminals Recording the individual and class-specific user access key code, together with a selective individual encryption key, on a separate individual portable storage medium having, easily insertable and ejectable; (d) A) A complete registry or complement of individual and class-specific user access key codes for the server acting as the host computer, portable for storing each individual and class-specific access key code Loading or providing the location on the storage medium and the selective individual encryption key generated by the key generation algorithm; (e) for each authorized user, individual or class-specific of the authorized user Providing a portable storage medium storing a secure access key code (f) a computer program including the following steps: Providing the server with a unique access key code transmitted from a user's remote computer terminal via a telephone line network or a communication network. (Ii) permitting access to the server's processing program when there is an exact match, while denying access with an incorrect access key code (g) the user's remote computer The remote computer terminal using a portable storage medium reader to allow the terminal to connect to the server via a communication network or a telephone line network, and to provide an individual and class-specific access key code. Sent to the server using Providing a program for gaining access to the processing database of the server;
And (h) conducting a communication session between a user's remote terminal computer and the server via the telephone line network or communication network. To provide users with identification and authentication configured in such a way. 4. A method for providing secure access from a remote computer terminal to a database stored on a host computer or a server processing program, wherein an ultra-long identification key code and / or an ultra-large database of the identification key code is provided. A method for providing user identification and authentication using: (a) using a key generation algorithm to generate both individual or class specific user access key codes that can optionally include individual encryption keys; (B) generating a database or updating an existing database consisting of the set of access key codes generated for a given authorized user of the processing program of the server; (c) Direct compatibility with remote computer terminals Recording the individual and class-specific user access key code, together with a selective individual encryption key, on a separate individual portable storage medium having, easily insertable and ejectable; (d) 2.) Loading or loading the server acting as the host computer with a complete registry or complement of individual and class-specific user access key codes, and selectively individual encryption keys generated by a key generation algorithm. (E) providing, for each authorized user, a portable storage medium storing a class-specific access key code for each authorized user, and (f) via a telephone line network or a communication network. Individual and class-specific information sent from the user's remote computer terminal Comparing the obtained access key code against a stored set of legitimate access key codes, and permitting access to the processing program of the server when there is an exact match, while permitting access to the unauthorized access key code. Denying access to the server. (G) allowing the user's remote computer terminal to connect to the server via a communication network or a telephone line network, and individually And providing a program for transmitting a class-specific access key code to a server using the remote computer terminal using a portable storage medium reading device to obtain access to a processing database of the server. thing,
And (h) permitting the user's remote computer terminal to copy information or one or more programs from a server or portable storage medium to the remote computer terminal; and (i) the user's remote terminal computer via a communication network. A method of providing users with identification and authentication configured to have a communication session between the server and the server. 5. The method of claim 2, wherein the step of providing the user's remote computer computer program includes transmitting an individual and class-specific access key code before and after the communication session. How to provide to the user. (A) Counting information transmitted from a remote terminal to a server by a predetermined algorithm, and counting the count each time an access key code specific to a server and specific to a class is transmitted to the server. The method of providing user identification and authentication according to claim 2, wherein the method comprises: 7. User identification and authentication using a very long key code and / or a very large database of identification key codes to provide protected access from a remote computer terminal to a database or server processing program stored on a host computer. The system comprises: (a) a host computer having a database of ultra-long pre-authorized user access keys; and (b) a remote terminal computer that is directly compatible with the remote terminal computer. A series of individual portable storage media that can be easily inserted and removed from the server, each comprising: (i) a unique or unique class of key codes distributed among authorized users of the server processing program; and (ii) one or more. Media access code and (D) Compare the entire media access code with the media access code stored in the portable storage medium, and deny all unauthorized media access codes access to the access key code stored in the portable storage medium. But comparing the received access key code with the stored authorized access key with a remote terminal programmed to allow access to the user who has entered the authorized media access code,
A server programmed to deny access to the server processing program to all users who have transmitted the incorrect key code, but to allow access to all users who have entered the legitimate access key; A user identification and authentication system, wherein each access key is very long and comprises at least 20 characters or digits (requiring 20 or 10 bytes each). 8. Identification and authentication using a very long key code and / or a very large database of identification key codes to provide secure access from a remote computer terminal to a database or server processing program stored on a host computer. To the user: (a) generating an individual and / or class specified user code using a key generation algorithm that can additionally include an individual encryption key; and (b) Update an existing database consisting of a set of access key codes generated or generated for a given authorized user of the server processing program; (c) compatible with the remote computer terminal, easily Can be inserted into and ejected from each other Personalized including an individual encryption key additionally on the storage medium for
Recording the class-specific access key code; and (d) storing a personalized, class-specific set of user access key codes, including a complete registry or additional individual encryption keys, on the server acting as the host computer. (E) providing, for each authorized user, a portable storage medium storing a class-specific access key code for each authorized user, and (f) via a telephone network or a communication network. Comparing the individual, class-identified access key code transmitted from the user's remote computer terminal against a set of legitimate access key codes; and Allow access and use an unauthorized access key code to access (G) connecting the user's remote computer terminal to the server via a communication network or a telephone network, and carrying an individual, class-specified access key code. Providing a program to a user's remote computer terminal for transmission to a server using a storage medium reader to gain access to the server's transaction database; and (h) a user's remote terminal computer via a communications network. To provide user identification and authentication configured to have a communication session between the server and the server. 9. User identification and authentication using a very long key code and / or a very large database of identification key codes to provide protected access from a remote computer terminal to a database or server processing program stored on a host computer. The system comprises: (a) a host computer having a database of ultra-long pre-authorized user access keys; and (b) a remote terminal computer that is directly compatible with the remote terminal computer. A series of individual portable storage media which can be easily inserted and removed from the server, each having a unique or unique class of key code distributed among authorized users of the processing program of the server; Access key code Compared to skiing,
A server programmed to deny access to the server processing program to all users who have transmitted the incorrect key code, but to allow access to all users who have entered the legitimate access key; A user identification and authentication system, wherein each access key is very long and comprises at least 25 characters or 25 bytes. 10. An algorithm for generating a one-time encryption book, and (b) storing the one-time encryption book in a CD-ROM as the portable storage medium,
(C) the one-time encryption book is a user access key used for encryption by the remote computer terminal access program before transmission to the host computer. Item 9. The method according to Item 8. 11. The method of claim 10 including providing an additional program on said CD-ROM.