WO1998007249A1 - Systeme et procede d'acces commande - Google Patents

Systeme et procede d'acces commande Download PDF

Info

Publication number
WO1998007249A1
WO1998007249A1 PCT/US1997/012840 US9712840W WO9807249A1 WO 1998007249 A1 WO1998007249 A1 WO 1998007249A1 US 9712840 W US9712840 W US 9712840W WO 9807249 A1 WO9807249 A1 WO 9807249A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
key
information
access
cryptographic
Prior art date
Application number
PCT/US1997/012840
Other languages
English (en)
Inventor
A. Michael Cheponis
H. Paul Rubin
Original Assignee
California Wireless, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by California Wireless, Inc. filed Critical California Wireless, Inc.
Publication of WO1998007249A1 publication Critical patent/WO1998007249A1/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method
    • G07C2009/00396Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method starting with prompting the keyless data carrier
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/0042Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed
    • G07C2009/00476Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed dynamically
    • G07C2009/005Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed dynamically whereby the code is a random code
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00968Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys shape of the data carrier
    • G07C2009/00984Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys shape of the data carrier fob
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • This invention pertains generally to systems to which access is limited and, more particularly, to a system and method for controlling access to such systems.
  • Examples of systems to which access is limited include computers, files stored in computers, automated teller machines, and entrances to buildings.
  • the system to be accessed is sometimes referred to generically as the host system, or simply the host, with the understanding that it can be any type of system to which access is limited and not just the systems enumerated above.
  • Biometric measurement devices are one way of verifying "something you are”, and physical tokens such as ordinary door keys, magnetic cards and cryptographic access devices are examples of "something you have”. Each of these devices has certain limitations and disadvantages. Mechanical keys are inexpensive and reliable, but they are also easy to copy. Biometric measurement devices require elaborate specialized equipment if they are to provide high security. Cryptographic devices such as the Security Dynamics "Secure ID” card system can require a special server, and magnetic cards require a special reader and can be copied by a "hacked" reader.
  • Another object of the invention is to provide a system and method of the above character which overcome the limitations and disadvantages of techniques heretofore employed.
  • an encryption code in a small cryptographic key which can be carried by a person desiring access to the host, bringing the key into proximity with a wireless transceiver connected to the host, transmitting information over a wireless communication link between the host and the key, encrypting information transmitted from the key to the host in accordance with the encryption code in the key, decrypting the information received by the host, and processing the decrypted information to determine whether access to the host is authorized.
  • Figure 1 is block diagram of one embodiment of a controlled access system according to the invention.
  • FIG. 2 is a block diagram of the cryptographic key in the embodiment of Figure 1.
  • Figure 3 is an isometric view of the cryptographic key in the embodiment of Figure 1 , with the cover open and the components visible on a circuit board within the housing or case.
  • Figures 4 - 7 are flow charts illustrating operation of the system with different authentication and cryptographic protocols.
  • the system includes a host 16 and a cryptographic key 17.
  • the host is illustrated as a computer having a microprocessor 18 with a random access memory (RAM) 19 for temporarily storing data and operating variables, a read-only memory (ROM) 21 for storing system software, a drive unit 22 for more permanent storage of software and data, a keyboard 23 and a monitor 24.
  • RAM random access memory
  • ROM read-only memory
  • the host also includes a transceiver 26 for transferring data and other information over a wireless communications link between the computer and the cryptographic key.
  • That link can utilize any suitable form of communication such as infrared, visible light, radio frequency or inductive coupling, and in one presently preferred embodiment, an infrared transceiver is employed.
  • IrDA Infrared Data Association
  • the transceiver can either be an integral part of the host or it can be located remotely of the host, possibly even being connected to the host through an insecure network. In either case, the key is brought into proximity with the transceiver and actuated to exchange information with the host.
  • the cryptographic key has generally rectangular housing or case 28 of a size which fits easily in the hand or pocket. In one present embodiment, it has a width on the order of 1-1/4 inches, a length on the order of 2 inches, and a thickness on the order of 1/2 inch. In the embodiment illustrated, it is attached to a keychain 29.
  • the cryptographic key includes a central processing unit (cpu) 31 , a random number generator 32, RAM 33, ROM 34, non-volatile memory 36, input switches 37, and a transceiver 38.
  • the transceiver is chosen to match the one in the host, and in the presently preferred embodiment is an IrDA-compatible infrared transceiver.
  • the components of the key are mounted on a circuit board 39 inside the housing or case.
  • Those components include a microcontroller 41 which contains the microprocessor, memory and registers, a battery 42, switches 37, transceiver 38, and a light emitting diode (LED) 43 which indicates the status of the key.
  • the infrared light source and sensor in the transceiver communicate with the host through an infrared transparent window 44 in the end wall of the housing opposite the keychain.
  • One relatively simple cryptographic protocol which can be employed in the invention is authentication of the user by a cryptographic variable or secret key which is shared between the cryptographic key and the host.
  • the secret key can, for example, be a large number (e.g., 128 bits) which cannot be guessed by an attacker without an unfeasibly large, exhaustive search.
  • the host has a database of authorized users, which contains a user ID and a secret key for each user. As illustrated in Figure 4, the host generates a random number or cipher block R and sends that number as a challenge. The key encrypts the number R using the secret key K and sends the encrypted number CR back to the host. It also sends its user ID so that the host will know which secret key to use. The host then encrypts the number R using the secret key K and compares its result with the encrypted number CR received from the key. If the results match, the user is authenticated (i.e., determined to be authorized to have access to the host), and access is permitted. If not, access is denied.
  • Another authentication protocol which can be utilized is hash-based authentication of the user. According to this protocol, the cryptographic key and the host both implement a secure has function H(x) such as the NIST Secure Hash Algorithm designed for use with the Digital Signature Standard (FIPS PUB 186). Numerous authentication techniques can be based on such functions.
  • HN(n,x) denote the iterated hash function, i.e., the function H iterated n times.
  • HN(4,x) is the same as H(H(H(H(x)))).
  • K the secret key
  • the host stores an iterated hash of K in its database.
  • the number of iterations is a parameter of the implementation. For 100 iterations, for example, the host initially stores HN(100,K) as the user's authentication challenge AC. It also records the number n (in this case, 100) in the database.
  • the host sends the number n to the cryptographic key.
  • the host then replaces AC in its database with R and replaces n with n-1.
  • n reaches zero, the user must re-enroll in the system with a new K.
  • This approach has the advantage that the host does not need to store secret keys. Each new secret key it receives is used once, then discarded.
  • DSA digital signature algorithm
  • the cryptographic key contains a secret key KS and a corresponding public key KP, which is also a cryptographic variable.
  • the host also stores the public key. As illustrated in Figure 6, the host generates a random number or challenge string R and transmits it to the cryptographic key.
  • That key then generates a random "salt" string S and concatenates that string with the random number R, producing a new string R' which consists of the contents of the random number R followed by the contents of the salt string S. It also computes the digital signature DSA(R') using its secret key KP. The cryptographic key then transmits the digital signature DSA(R') to the host, along with the salt string S. The host then verifies the signature on the string R' using the public KP.
  • This technique is advantageous in that the cryptographic key needs to hold only one secret key, which can be used with as many hosts as desired. There is no need for concern about hosts revealing the public keys since those keys are already public. Even if the host is totally compromised, the secret component rests entirely in the cryptographic key and is still secure.
  • the salt string prevents a potentially malicious host from gathering legitimate signatures on arbitrary strings of its own choosing.
  • the secret/public keys can generated be within the cryptographic key by use of a random number generator, or they can be downloaded from a secure host.
  • Generation within the cryptographic key has the advantage that the secret key never leaves the cryptographic key, and there is no need to worry about security of a generating host.
  • the cryptographic key can authenticate a user either by the inputting of an identifying code (e.g., a PIN) through a keypad or by other means such as a biometric sensor to scan a unique feature of the body (e.g., a fingerprint or a retinal scan). If desired, the infrared transceiver in the key can be utilized to perform the scan as well as to communicate with the host. In addition to authenticating users, the cryptographic key can also transmit a stored secret key to the host. This mode makes it convenient to access encrypted files on the host without the user having to remember or type a long password. There are several ways in which the secret key can be transmitted to the host.
  • an identifying code e.g., a PIN
  • a biometric sensor e.g., a biometric sensor
  • the infrared transceiver in the key can be utilized to perform the scan as well as to communicate with the host.
  • the cryptographic key can also transmit a stored secret key to the host. This mode makes it convenient
  • the protocol for the simple approach is that the host requests the secret key from the cryptographic key, and the cryptographic key sends the secret key to the host.
  • Another approach is to transmit the secret key in encrypted form, using a public key protocol such as Diffie-Hellman key exchange or the Hughes key transmission protocol.
  • a public key protocol such as Diffie-Hellman key exchange or the Hughes key transmission protocol.
  • Diffie-Hellman key exchange is described in detail in U.S. Patent 4,200,770, the disclosure of which is incorporated herein by reference. However, its use might require the payment of license fees until the patent expires.
  • the transaction proceeds as follows.
  • the host and the cryptographic key share a common prime modulus P and generator G, similar to those used in Diffie-Hellman key exchange.
  • the modulus P is typically between 512 and 1024 bits.
  • the host requests a secret key transfer from the cryptographic key and sends Y' as part of the request.
  • the cryptographic key can now use K to encrypt a stored secret.
  • a few calculations could be saved by letting K be the secret key needed by the host. In this case, X would be reused in different sessions, so there would be no need for the cryptographic key to compute G mod P every time.
  • the cryptographic key can be provided with a keypad (not shown) for entry of a PIN or other identifying data which is known only to the user. That data can be combined with data stored in the nonvolatile memory of the key to provide the secret key which is used in the various protocols.
  • the requirement for the user to enter a PIN prevents unauthorized users from accessing the host with a stolen cryptographic key.
  • the cryptographic key can be programmed to erase the data stored in its internal non-volatile memory if too many incorrect PIN's are entered, or if hardware tampering is detected. Entering the PIN through the cryptographic key rather than through the host avoids sending secret information over networks which may not be secure.
  • the transmitted message can be authenticated with digital signatures, or other means, if desired.
  • the cryptographic key can also be used for authenticating hosts to a user using the techniques discussed above. This assures a user accessing a remote host through a network that no intruder has tampered with the network and substituted his own computer for the real host. A visual indication as to the success or failure of the authentication protocol is provided by the LED in the cryptographic key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Ce système comprend une clé de chiffrement (17) émettant un signal en direction d'un émetteur/récepteur sans fil (26), lequel est relié à un microprocesseur (18), à un clavier (23), à un entraînement (22), à un moniteur (24), à une mémoire ROM (21) et à une mémoire RAM (19). La clé de chiffrement (17) émet un signal chiffré sans fil en direction du système hôte (16), aux fins de demande d'autorisation d'utilisation de ce système (16). Le signal est décodé et traité après avoir été reçu, aux fins de détermination si l'accès au système hôte est accordé.
PCT/US1997/012840 1996-08-09 1997-08-01 Systeme et procede d'acces commande WO1998007249A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US69481496A 1996-08-09 1996-08-09
US08/694,814 1996-08-09

Publications (1)

Publication Number Publication Date
WO1998007249A1 true WO1998007249A1 (fr) 1998-02-19

Family

ID=24790380

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/012840 WO1998007249A1 (fr) 1996-08-09 1997-08-01 Systeme et procede d'acces commande

Country Status (1)

Country Link
WO (1) WO1998007249A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2341061A (en) * 1998-06-16 2000-03-01 Nec Corp Portable data communication terminal with separate user authenticating security device in radio communication with the terminal
GB2360610A (en) * 2000-03-22 2001-09-26 Newmark Technology Group Plc Computer access control and security system
WO2002031778A1 (fr) * 2000-10-13 2002-04-18 Nokia Corporation Systeme de verrouillage sans fil
EP1460508A1 (fr) * 2003-03-08 2004-09-22 c.a.r.u.s. Information Technology AG Authentification d'un utilisateur par un dispositif sans-fil transporté sur lui; test de présence de ce utilisateur
EP1016947A3 (fr) * 1998-12-31 2006-04-26 Texas Instruments Incorporated Clef pour appareil électronique portatif
GB2513669A (en) * 2013-06-21 2014-11-05 Visa Europe Ltd Enabling access to data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US5377269A (en) * 1992-10-29 1994-12-27 Intelligent Security Systems, Inc. Security access and monitoring system for personal computer
US5402492A (en) * 1993-06-18 1995-03-28 Ast Research, Inc. Security system for a stand-alone computer

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US5377269A (en) * 1992-10-29 1994-12-27 Intelligent Security Systems, Inc. Security access and monitoring system for personal computer
US5402492A (en) * 1993-06-18 1995-03-28 Ast Research, Inc. Security system for a stand-alone computer

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2341061B (en) * 1998-06-16 2001-03-14 Nec Corp Method and system for authenticating a user
GB2341061A (en) * 1998-06-16 2000-03-01 Nec Corp Portable data communication terminal with separate user authenticating security device in radio communication with the terminal
US6515575B1 (en) 1998-06-16 2003-02-04 Nec Corporation Method of authenticating user and system for authenticating user
EP1016947A3 (fr) * 1998-12-31 2006-04-26 Texas Instruments Incorporated Clef pour appareil électronique portatif
GB2360610A (en) * 2000-03-22 2001-09-26 Newmark Technology Group Plc Computer access control and security system
WO2002031778A1 (fr) * 2000-10-13 2002-04-18 Nokia Corporation Systeme de verrouillage sans fil
US7624280B2 (en) 2000-10-13 2009-11-24 Nokia Corporation Wireless lock system
EP1460508A1 (fr) * 2003-03-08 2004-09-22 c.a.r.u.s. Information Technology AG Authentification d'un utilisateur par un dispositif sans-fil transporté sur lui; test de présence de ce utilisateur
GB2513669A (en) * 2013-06-21 2014-11-05 Visa Europe Ltd Enabling access to data
GB2513669B (en) * 2013-06-21 2016-07-20 Visa Europe Ltd Enabling access to data
US10445484B2 (en) 2013-06-21 2019-10-15 Visa Europe Limited Enabling access to data
US11275821B2 (en) 2013-06-21 2022-03-15 Visa Europe Limited Enabling access to data
US11868169B2 (en) 2013-06-21 2024-01-09 Visa Europe Limited Enabling access to data

Similar Documents

Publication Publication Date Title
US7624280B2 (en) Wireless lock system
US7979716B2 (en) Method of generating access keys
US8559639B2 (en) Method and apparatus for secure cryptographic key generation, certification and use
KR101198120B1 (ko) 홍채정보를 이용한 양방향 상호 인증 전자금융거래시스템과 이에 따른 운영방법
US7669236B2 (en) Determining whether to grant access to a passcode protected system
JP3222111B2 (ja) 個人識別機器を用いる遠隔同一性検証方法及び装置
US5491752A (en) System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
US6956950B2 (en) Computer readable medium having a private key encryption program
US7178025B2 (en) Access system utilizing multiple factor identification and authentication
US7707622B2 (en) API for a system having a passcode authenticator
US7886155B2 (en) System for generating requests to a passcode protected entity
US7178034B2 (en) Method and apparatus for strong authentication and proximity-based access retention
EP1844567B1 (fr) Mots de passe
US20060107312A1 (en) System for handing requests for access to a passcode protected entity
US20060107063A1 (en) Generating requests for access to a passcode protected entity
JPH0652518B2 (ja) セキュリティ・システムおよびその管理方法
US20010054147A1 (en) Electronic identifier
JP2005512204A (ja) データキー作動デバイスにアクセスするための、ポータブルデバイスおよび方法
WO1999024895A1 (fr) Appareil et procede anti-effraction
US7702911B2 (en) Interfacing with a system that includes a passcode authenticator
WO2003065169A2 (fr) Systeme d'acces utilisant une identification et une authentification multi-facteurs
WO2001013201A2 (fr) Protocole d'authentification de l'utilisateur de reseau point-a-point
KR20030033863A (ko) Usb 모듈방식의 능동형 사용자 인증카드를 이용한다단계 사용자 인증방법 및 시스템
WO1998007249A1 (fr) Systeme et procede d'acces commande
JP2002530930A (ja) ローミング中のユーザに認証信用証明を安全に配布するための方法および装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): BR CA CN JP KR MX PL TR

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 98509728

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase