WO2002045339A1 - Enhance authorization system and method for computer security - Google Patents

Enhance authorization system and method for computer security Download PDF

Info

Publication number
WO2002045339A1
WO2002045339A1 PCT/SG2001/000241 SG0100241W WO0245339A1 WO 2002045339 A1 WO2002045339 A1 WO 2002045339A1 SG 0100241 W SG0100241 W SG 0100241W WO 0245339 A1 WO0245339 A1 WO 0245339A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
server
computer system
authorization code
authorization
Prior art date
Application number
PCT/SG2001/000241
Other languages
French (fr)
Inventor
Juel Hoi Tang
Hock Lye Michael Loh
Krishnan Ambudy Umni
Original Assignee
Temasek Polytechnic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Temasek Polytechnic filed Critical Temasek Polytechnic
Priority to AU2002218644A priority Critical patent/AU2002218644A1/en
Publication of WO2002045339A1 publication Critical patent/WO2002045339A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Definitions

  • the present invention relates to computer security and more specifically, to a computer software protocol for providing enhanced security for an electronic transaction.
  • Electronic security is an important aspect to the integrity of a computer system whether connected to additional computers, such as through a local or wide area network, such as the Internet, or simply as a stand alone system.
  • the present invention is directed to a dynamic password authentication system and protocol for providing a high level of security for a computer system.
  • an authorization code is generated and provided to the computer network.
  • an intelligent key within the computer network is configured to process the authorization code to generate a correlated authentication code.
  • the correlated authentication code is provided to the computer system so that the authenticity of the computer system can be verified.
  • Fig. 1 is a block diagram of a computer security system in accordance with the invention
  • Fig. 2 is a flowchart illustrating a dynamic code authentication protocol that uses an intelligent key to authenticate a user in accordance with the invention
  • Fig. 3 is a schematic diagram illustrating the processing of encryption logic using a programmable dynamic modulator in accordance with the invention
  • Figs. 4A and 4B are respective circuit diagrams of an embodiment of the programmable dynamic modulator.
  • Fig. 5 is a timing diagram showing the electrical signals provided to and from the programmable dynamic modulator.
  • the present invention provides a system and method for enhancing the security of a computer system.
  • a "Dynamic Code Authentication Protocol” (or DCAP) refers to a protocol for authenticating a user of the computer system in accordance with the invention.
  • a “Programmable Dynamic Modulator” (or Prodym) refers to an electronic circuit that performs key encryption processing in accordance with the invention.
  • an “intelligent key” refers to the combination of a microcontroller and the programmable dynamic modulator. This terminology is consistent with the following description.
  • Fig. 1 is a block diagram of a computer security system 10 in accordance with the invention.
  • the system 10 may include a remote server 11 connected with one or more clients 12 across a wide area network (WAN) 13, such as the Internet, or more particularly, the World Wide Web.
  • WAN wide area network
  • the client computer system 12 may include a display device 14, a chassis 15, one or more user input devices, such as a mouse 16 and a keyboard 17 and a network port 18 for communicating with the server 11, or with additional computer systems.
  • the chassis 15 may house a permanent storage system 19, such as a hard disk drive, optical disk drive, tape drive, or the like, which may store one or more software applications such as a web browser application.
  • the client computer system 12 may have a memory 20 resident therein and the software application from the disk 19 may be transferred to the memory 20 to be executed by a CPU 21.
  • the browser application may be configured to connect the client 12 to the server 11 over the Internet 13 and receive data and graphical information (such as web pages) that may be displayed on the display device 14 to the client 12.
  • the browser application may also permit the client 12 to interact with the server 11, such as for initiating an electronic transaction.
  • one or more components of electronic circuitry such as a programmable dynamic modulator 22 may be located in the client computer system 12 and may be executed by the microcontroller 21 in the client computer system 12 in order to operate as the computer security system 10 of the invention.
  • the programmable dynamic modulator 22 may be located externally from the client computer system 12 and electrically connected to the client computer system 12.
  • the server 11 may be connected to the Internet 13 and may contain one or more pieces of software code to operate in accordance with the invention.
  • the Internet 13 permits the server 11, when accessed by an individual client 12, to display a graphical user interface on the client's 12 computer which permits the client 12 to interact with the server 11.
  • an embedded software module 23 may be stored in a memory 24 of the server system 11.
  • the embedded software module 23 is configured to communicate, via the communication port 18 of the client computer system 12, with the microcontroller 21 in the client computer system 12.
  • the microcontroller 21 is configured to communicate with the programmable dynamic modulator 22 in the client computer system 12, in order to perform as the computer security system 10 of the invention.
  • the server system 11 can authenticate a client computer system 12 attached to the network.
  • the server 11 In operation, the server 11 generates an authorization code that is received by the programmable dynamic modulator 22 and a correlated authentication code is accordingly generated by the programmable dynamic modulator 22 that is used by the server 11 to authenticate a particular client system 12.
  • the dynamic modulator 22 is electrically implemented with an Application Specific Integrated Circuit (ASIC) chip that is hardwired into the client computer system 12, or alternatively, could be hardwired into an auxiliary unit (not shown) that is in communication with the either the client system 12, the server 11, or both the client system 12 and the server 11.
  • ASIC chip may be hardwired into the server system 11 itself.
  • Fig. 2 is a flow chart illustrating a Dynamic Code Authentication Protocol for authenticating a client computer system 12.
  • the code used for authentication may be changed each time an authentication check is performed so that it is extremely difficult to compromise the system 10.
  • the programmable dynamic modulator 22 resides in the client computer system 12, however, as noted earlier, it may reside externally to the client computer system 12.
  • the server 11 first generates (Step 30) a random authorization code that is provided to the client computer system 12 (Step 31) via the communication, i.e. network, port 18.
  • the authorization code is received by the microcontroller 21 of the client computer system 12 (Step 32) and processed by the microcontroller 21 in the client computer system 12 that provides the authorization code (Step 33) to the programmable dynamic modulator 22.
  • the programmable dynamic modulator 22 thereby generates a correlated authentication code and transmits the correlated authentication code to the microcontroller 21 (Step 34).
  • a detailed description of the generation of the correlated authentication code follows shortly with specific reference to the programmable dynamic modulator 22.
  • the microcontroller 21 receives the correlated authentication code from the programmable dynamic modulator 22 and provides the correlated authentication code to the server 11 (Step 35).
  • the server 11 determines whether the correlated authentication code is authentic (Step 36). If the correlated authentication code is authentic, i.e., when processed by the server 11 the authentication code mirrors the authorization code, the client computer system 12 and the server 11 initiate a communication session (Step 37a), and the authentication cycle is repeated (for every authentication cycle, the generated authentication code and correlated authentication code will be different). Otherwise, the communication session between the client system 12 and the server 11 is terminated (Step 37b).
  • the dynamic code generation and verification system in accordance with the invention is realized with the programmable dynamic modulator 22.
  • the programmable dynamic modulator 22 may comprise an electronic circuit embodied in an ASIC chip as part of the computer security system 10, or it may comprise software code programmed or otherwise stored in a memory resident in client computer system 12 or in the server 11.
  • the dynamic modulator 22 resides in the client computer system 12 so that authentication can be performed on a client system 12 negotiating a session with a server 11.
  • the server 11 provides an authorization code to the client system 12, via the communications port 18 of the computer 12. Thereafter, the intelligent key gains control of the authentication process. Each time the server 11 generates an authorization code and provides the code to the intelligent key, the intelligent key thereby generates a correlated authentication code. The server 11 will then verify the return correlated authentication code and authenticate the intelligent key.
  • a scrambling algorithm may be provided that is used to encrypt the correlated authentication code. As will be described in detail herein, the scrambling code may be programmed by a user thereby allowing a user to program an encryption algorithm for encryption processing.
  • the computer system is capable of allowing at least 281 trillion different algorithms for encrypting the authorization code. Therefore, any attempt to compromise the security of the system 10 requires not only advance knowledge of the encryption algorithm being utilized, but also the ability to respond to the computer quickly, before the code is dynamically changed by the system 10.
  • the authentication code is changed every time a verification attempt is performed by the system 10. Moreover, when the server 11 receives an incorrect authentication code, or does not receive an authentication code after a predetermined period of time, the electronic transaction is automatically terminated by the system 10 and the authentication code is no longer valid.
  • Figs. 3, 4A and 4B are schematic diagrams showing the operation and a respective embodiment of the programmable dynamic modulator 22 in accordance with the invention.
  • the programmable dynamic modulator 22 may be segmented into different operational stages 40.
  • the modulator 22 may be segmented into five operational stages 40a-e, however any number of stages may suffice.
  • the first stage 40a (shown in Fig. 4A), is a timing stage, and may include a binary counter 41.
  • the binary counter 41 may be, for example, a 4-bit binary counter and may be preset to count incrementally, for example from 1 to 4.
  • the timing stage 40a may be used to control the processing of an authentication code.
  • the second stage 40b (also shown in Fig. 4A), a decoding stage, may include decoding circuitry 42 that is configured to decode the binary count generated by the binary counter 41.
  • decoding circuitry 42 that is configured to decode the binary count generated by the binary counter 41.
  • the following decoding properties may be applicable, depending on the functionality of the counter 41, however, it should be noted that other decoding properties can be practiced without departing from the invention, depending on the number of operational stages and on the functionality of the modulator 22.
  • a decoded binary count of 1 is used to clock a third stage 40c, an encrypting stage, of the modulator 22.
  • this third stage 40c may include a memory, such as a load register 43, i.e., an 8-bit parallel load register.
  • a decoded binary count of 2 is used to clock a fifth stage 40e, i.e., an output stage, of the modulator 22.
  • the fifth stage 40e may include another memory, such as a load register 44, i.e., another 8-bit parallel load register.
  • a decoded binary count of 3 may be reserved as a redundant state, or a wait state.
  • a decoded binary count of 4 is used to reset the counter 41.
  • the third stage 40c may include an 8-bit parallel load register 43.
  • the 8-bit parallel load register 43 may, for example, comprise a pair of 4-bit parallel load registers 43 a, 43b that are configured to function as an 8-bit parallel load register 43.
  • the load register 43 stores an 8-bit binary authorization code provided by the server 11.
  • the fourth stage 40d may include a series of logic components, such as binary adders 45, i.e., two 4-bit binary adders 45a, 45b. These binary adders 45 logically process the authorization code provided by the server 11 to determine a correlated authentication code.
  • the binary adders 45a, 45b may operate separately and independently.
  • each adder 45 may, for example, add two 4-bit numbers from any of the 8-bits of data stored in the parallel load register 43.
  • a 16-bit octal number which may be programmed by a user is utilized as the scrambling sequence code for the encryption algorithm to determine the selection of bits from the authorization code.
  • the programmable dynamic modulator 15 In accordance with the selected bits from the authorization code, the programmable dynamic modulator 15 generates a correlated authentication code that is provided to the server 11 in order to authenticate a client computer system 12.
  • the fifth stage 40e may include a memory, such as a load register 44, i.e. an 8-bit parallel load register.
  • the 8-bit parallel load register 44 may also include a pair of 4-bit parallel load registers 44a, 44b that are configured to function as an 8-bit parallel load register 44.
  • the load register 44 stores the correlated authentication code that is generated from the binary adders 45a, 45b, as described above. The stored code is sent to the server 11 for verification. To be verified as authentic, the correlated authentication code, when processed by the server 11, will mirror the generated authorization code.
  • an authorization code is provided by the server 11.
  • an authorization code may be the 8-bit binary number code 1010 0011.
  • the code may be randomly or otherwise generated by the server 11 and stored in the load register 43 of the programmable dynamic modulator 22 in the client computer system 12.
  • a scrambling code may be programmed into the system 10, such as by being programmed into an ASIC chip utilized by the system 10.
  • the scrambling code may, for example, be a 16-bit octal code, thereby providing in excess of 281 trillion different encryption combinations.
  • the scrambling code is used by the system 10 as the scrambling sequence to generate the correlated authentication code.
  • the ASIC chip may include an EEPROM so that the scrambling code can be changed, such as by electrically erasing the earlier programmed scrambling code and programming a new scrambling code into the EEPROM. Programming and erasing of data into EEPROMS can be accomplished according to principles well known in the art.
  • Logical circuitry such as binary adders 45, logically process the authorization code to determine which bits of the authorization code to select in order to generate a correlated authentication code.
  • the 4-bit binary numbers to be provided to the binary adders 45 are selected in accordance with the 16-bit octal scrambling code.
  • a 16-bit octal scrambling code may be 4567 5053 0123 3051.
  • the first binary adder 45 a is provided the bits from the authorization code that correlate to the 4 th , 5 th , 6 th and 7 th bits of the 8-bit code as the first series of bits to be added with the provided bits from the authorization code that correlate to the 5 th , 0 th , 5 th and 3 rd bits of the 8- bit code.
  • the second binary adder 45b is provided the bits from the authorization code that correlate to the 0 th , 1 st , 2 nd and 3 rd bits of the 8-bit code as the first series of bits to be added with the provided bits from the authorization code that correlate to the 3 rd , 0 ,h , 5 ,h and 1 st bits of the 8-bit code.
  • the operation of the adders 45 is as follows:
  • a correlated authentication code may be generated by the system 10.
  • This correlated code may be stored in a load register 44.
  • the correlated code 0011 0011 is stored in the load register 44.
  • This stored code is sent to the server 11 for verification.
  • the server 1 1 preferably includes a software algorithm or other hardware devices configured to verify the scrambled code.
  • the hardware or software on the server 11 performs a similar binary addition process on the correlated authentication code to verify the accuracy of the scrambled code.
  • the scrambling code programmed into the system 10 is used by the server 11 to perform a similar "reverse" process on the correlated authentication code provided by the client computer system 12 in order to verify the accuracy of the scrambled code.
  • FIGs. 4A and 4B illustrate a circuit diagram 50 of an embodiment of the programmable dynamic modulator 22 of the invention.
  • the programmable dynamic modulator 22 includes a binary counter 41, such as a 4-bit binary counter commonly available in the art.
  • the binary counter 41 together with the additional circuitry 42 shown in Fig. 4A is configured to control the processing of the authentication code by controlling the timing of the several stages 40a-e of the modulator 22.
  • the programmable dynamic modulator 22 includes a plurality of shift registers 43, for example, a plurality of 4-bit parallel access shift registers 43a, 43b, such as are common in the art.
  • the shift registers 43 are configured to store a binary number, such as an 8-bit binary authorization code, that is generated by a server 11.
  • the 8 bits of the binary code can be stored as 4 respective bits in each of the shift registers 43a, 43b.
  • bits DO, Dl, D2 and D3 can be stored in a first shift register 43a
  • bits D4, D5, D6 and D7 can be stored in a second shift register 43b.
  • larger or smaller capacity shift registers may be used without departing from the invention.
  • the binary number stored in the shift registers 43a, 43b may be provided to an encryption logic circuit 52, such as an EEPROM.
  • a scrambling code such as a 16-bit octal number, may be stored in the encryption logic circuit 52.
  • the encryption logic circuit 52 may be configured to generate a scrambling code that is used to encrypt the 8-bit binary number stored in the shift register 43.
  • a sequence of bits from the authorization code are selected and provided to a logical component, such as an adder 45, i.e., a 4-bit binary full adder 45 that is common in the art.
  • the programmable dynamic modulator 22 may include a plurality of adders 45a, 45b. These binary adders 45 are configured to logically process the authorization code in accordance with the scrambling code to determine which bits of the authorization code to process in order to generate a correlated authentication code.
  • a first sequence of bits A0, Al, A2, A3, and a second sequence of bits BO, Bl, B2, B3 are selected from the authorization code in accordance with the scrambling code as described above and are provided to the first adder 45a.
  • a second sequence of bits A4, A5, A6, A7 and a second sequence of bits B4, B5, B6, B7 are selected from the authorization code in accordance with the scrambling code and are provided to the second adder 45b.
  • Each binary adder 45 provides an output, such as a 4-bit output, to another shift register 44, such as another parallel shift register 44 that is common in the art.
  • the 4-bits output from each binary adder 45 that are provided to the shift register 44 comprise a correlated authentication code that is provided to the server 11 in order to determine authorization verification.
  • Fig. 5 is a timing diagram showing the different electrical signal states of the modulator 22 for one operational cycle of the modulator 22. Shown in Fig. 5 are the controlling enable signal 60 for enabling the shift registers 43, 44, a pulsed clock signal 61 for controlling the timing of the circuit 50, differential count signals 62a-d for driving different stages 40a-e of the modulator 22 as described above, a data input signal 63, an adder input signal 64 and a data output signal 65.
  • the enable signal 60 is provided as an input to the shift registers 43, 44.
  • the shift registers 43, 44 are enabled, such as when the enable signal 60 is HIGH, or a logic level 1, data can be input to the shift registers 43, 44 and the adders 45, i.e. the data input signal 63 and the adder input signal 64 will both be HIGH (logic level 1).
  • the clock signal 61 is used to control the timing of the counter 41. For example, at every clock pulse, i.e., when the clock signal 61 is HIGH (logic level 1), a different stage 40a-e of the modulator 22 is active. That is, at the first clock pulse, the first stage 40b will be active; at the second clock pulse, the- second stage 40c will be active; at the nth clock pulse, the nth stage will be active, etc.
  • the counter 41 drives various stages 40a-e of the modulator 22.
  • the data input and adder input signals 63, 64 are both switched HIGH (logic level 1) and the respective circuit components are active and remain active until the counter 41 resets itself (after the clock pulses through the fourth periodic pulse).
  • the clock signal 61 also controls the timing of switching the data output signal 65 HIGH (logic level 1). This signal 65 is switched HIGH during the second clock pulse.
  • a dynamic password authentication protocol and system that establishes a high level of security for a computer system.
  • an authentication code is dynamically changed by the system over a period of time or in accordance with an authentication sequence to ensure that the system cannot become compromised.
  • the security of the system is significantly enhanced by the present invention.
  • any circuit capable of operating as the programmable dynamic modulator 22 may be practiced.
  • any length or numerical system bit code may be used to generate authorization codes and authentication codes.
  • any length or numerical system bit code may be used as a scrambling code for encrypting the authentication codes.

Abstract

The present invention is directed to a dynamic password authentication system and protocol for providing a high level of security for a computer system. In accordance with the invention, an authorization code is generated by a server and provided to at least one client computer system in communication with the server. In accordance with a scrambling code, an intelligent key within the computer network is configured to process the authorization code to generate a correlated authentication code. The correlated authentication code is provided to the computer system so that the authenticity of the computer system can be verified.

Description

ENHANCED AUTHORIZATION SYSTEM AND METHOD FOR COMPUTER SECURITY
The present invention relates to computer security and more specifically, to a computer software protocol for providing enhanced security for an electronic transaction.
BACKGROUND OF THE INVENTION
Electronic security is an important aspect to the integrity of a computer system whether connected to additional computers, such as through a local or wide area network, such as the Internet, or simply as a stand alone system.
Traditionally, there have been several ways to protect data integrity on a computer, such as by using certain hardware or software configured to authenticate users of the computer system. Unfortunately, these protection methods are not completely secure. Most conventional hardware and software protection systems employ static password encryption technology or cryptography to protect the computer system. The emphasis of these protection systems is to create a large number of password combinations so that the time required to compromise the system is prolonged. Unfortunately, it is becoming increasingly simple to "crack" software protection systems as the computing power of microprocessors increases. Hardware protection systems are equally compromisable. While hardware security systems are more difficult to compromise, it is possible to reverse engineer the electronic circuitry within the hardware to discover its operation, and then counter the operation of the hardware, thereby compromising the security system. Therefore, it is desirable to provide a computer security system that is less susceptible to being compromised and that can thereby enhance the security of the entire system.
SUMMARY OF THE INVENTION
The present invention is directed to a dynamic password authentication system and protocol for providing a high level of security for a computer system. In accordance with the invention, an authorization code is generated and provided to the computer network. In accordance with a scrambling code, an intelligent key within the computer network is configured to process the authorization code to generate a correlated authentication code. The correlated authentication code is provided to the computer system so that the authenticity of the computer system can be verified.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a block diagram of a computer security system in accordance with the invention;
Fig. 2 is a flowchart illustrating a dynamic code authentication protocol that uses an intelligent key to authenticate a user in accordance with the invention;
Fig. 3 is a schematic diagram illustrating the processing of encryption logic using a programmable dynamic modulator in accordance with the invention;
Figs. 4A and 4B are respective circuit diagrams of an embodiment of the programmable dynamic modulator; and
Fig. 5 is a timing diagram showing the electrical signals provided to and from the programmable dynamic modulator.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention provides a system and method for enhancing the security of a computer system. As used herein, a "Dynamic Code Authentication Protocol" (or DCAP) refers to a protocol for authenticating a user of the computer system in accordance with the invention. A "Programmable Dynamic Modulator" (or Prodym) refers to an electronic circuit that performs key encryption processing in accordance with the invention. Finally, an "intelligent key" refers to the combination of a microcontroller and the programmable dynamic modulator. This terminology is consistent with the following description.
Fig. 1 is a block diagram of a computer security system 10 in accordance with the invention. The system 10 may include a remote server 11 connected with one or more clients 12 across a wide area network (WAN) 13, such as the Internet, or more particularly, the World Wide Web. It should be noted that while the system 10 is described as being provided over the World Wide Web, it may also be provided on stand-alone computer systems, over a local area network, such as an intranet, and additional computer network structures. The client computer system 12 may include a display device 14, a chassis 15, one or more user input devices, such as a mouse 16 and a keyboard 17 and a network port 18 for communicating with the server 11, or with additional computer systems. The chassis 15 may house a permanent storage system 19, such as a hard disk drive, optical disk drive, tape drive, or the like, which may store one or more software applications such as a web browser application. The client computer system 12 may have a memory 20 resident therein and the software application from the disk 19 may be transferred to the memory 20 to be executed by a CPU 21. The browser application may be configured to connect the client 12 to the server 11 over the Internet 13 and receive data and graphical information (such as web pages) that may be displayed on the display device 14 to the client 12. The browser application may also permit the client 12 to interact with the server 11, such as for initiating an electronic transaction. Additionally, one or more components of electronic circuitry, such as a programmable dynamic modulator 22 may be located in the client computer system 12 and may be executed by the microcontroller 21 in the client computer system 12 in order to operate as the computer security system 10 of the invention. Alternatively, the programmable dynamic modulator 22 may be located externally from the client computer system 12 and electrically connected to the client computer system 12.
The server 11 may be connected to the Internet 13 and may contain one or more pieces of software code to operate in accordance with the invention. The Internet 13 permits the server 11, when accessed by an individual client 12, to display a graphical user interface on the client's 12 computer which permits the client 12 to interact with the server 11. Additionally, an embedded software module 23 may be stored in a memory 24 of the server system 11. The embedded software module 23 is configured to communicate, via the communication port 18 of the client computer system 12, with the microcontroller 21 in the client computer system 12. The microcontroller 21 is configured to communicate with the programmable dynamic modulator 22 in the client computer system 12, in order to perform as the computer security system 10 of the invention. Thus, as will be described herein, the server system 11 can authenticate a client computer system 12 attached to the network. In operation, the server 11 generates an authorization code that is received by the programmable dynamic modulator 22 and a correlated authentication code is accordingly generated by the programmable dynamic modulator 22 that is used by the server 11 to authenticate a particular client system 12. Preferably, the dynamic modulator 22 is electrically implemented with an Application Specific Integrated Circuit (ASIC) chip that is hardwired into the client computer system 12, or alternatively, could be hardwired into an auxiliary unit (not shown) that is in communication with the either the client system 12, the server 11, or both the client system 12 and the server 11. Alternatively, the ASIC chip may be hardwired into the server system 11 itself. Thus, in accordance with the invention, when a client computer system 12 initiates a communication with the server 11, an authentication procedure is performed on the client system 12 to determine whether the client system 12 has the necessary rights (authentication) to access the server 11.
Fig. 2 is a flow chart illustrating a Dynamic Code Authentication Protocol for authenticating a client computer system 12. In accordance with the invention, the code used for authentication may be changed each time an authentication check is performed so that it is extremely difficult to compromise the system 10. In the embodiment shown in Fig. 2, the programmable dynamic modulator 22 resides in the client computer system 12, however, as noted earlier, it may reside externally to the client computer system 12. As shown in Fig. 2, the server 11 first generates (Step 30) a random authorization code that is provided to the client computer system 12 (Step 31) via the communication, i.e. network, port 18. The authorization code is received by the microcontroller 21 of the client computer system 12 (Step 32) and processed by the microcontroller 21 in the client computer system 12 that provides the authorization code (Step 33) to the programmable dynamic modulator 22. The programmable dynamic modulator 22 thereby generates a correlated authentication code and transmits the correlated authentication code to the microcontroller 21 (Step 34). A detailed description of the generation of the correlated authentication code follows shortly with specific reference to the programmable dynamic modulator 22.
Returning to Fig. 2, the microcontroller 21 receives the correlated authentication code from the programmable dynamic modulator 22 and provides the correlated authentication code to the server 11 (Step 35). The server 11 then determines whether the correlated authentication code is authentic (Step 36). If the correlated authentication code is authentic, i.e., when processed by the server 11 the authentication code mirrors the authorization code, the client computer system 12 and the server 11 initiate a communication session (Step 37a), and the authentication cycle is repeated (for every authentication cycle, the generated authentication code and correlated authentication code will be different). Otherwise, the communication session between the client system 12 and the server 11 is terminated (Step 37b).
As described above, the dynamic code generation and verification system in accordance with the invention is realized with the programmable dynamic modulator 22. The programmable dynamic modulator 22 may comprise an electronic circuit embodied in an ASIC chip as part of the computer security system 10, or it may comprise software code programmed or otherwise stored in a memory resident in client computer system 12 or in the server 11. Preferably, the dynamic modulator 22 resides in the client computer system 12 so that authentication can be performed on a client system 12 negotiating a session with a server 11.
In summary, the server 11 provides an authorization code to the client system 12, via the communications port 18 of the computer 12. Thereafter, the intelligent key gains control of the authentication process. Each time the server 11 generates an authorization code and provides the code to the intelligent key, the intelligent key thereby generates a correlated authentication code. The server 11 will then verify the return correlated authentication code and authenticate the intelligent key. In accordance with the invention, a scrambling algorithm may be provided that is used to encrypt the correlated authentication code. As will be described in detail herein, the scrambling code may be programmed by a user thereby allowing a user to program an encryption algorithm for encryption processing.
This is quite different from allowing the user to program an authentication password, as occurs in prior art computer security systems. In these prior art systems, once a password is set, it remains the password until it is changed and the security of the network can be compromised once a certain key combination matches the programmed password. In contrast, using a programmable encryption algorithm in accordance with the invention, the controlling or authentication code is dynamically changed at every authentication request so that the security of the network cannot be compromised easily.
In a preferred embodiment, the computer system is capable of allowing at least 281 trillion different algorithms for encrypting the authorization code. Therefore, any attempt to compromise the security of the system 10 requires not only advance knowledge of the encryption algorithm being utilized, but also the ability to respond to the computer quickly, before the code is dynamically changed by the system 10.
Preferably, the authentication code is changed every time a verification attempt is performed by the system 10. Moreover, when the server 11 receives an incorrect authentication code, or does not receive an authentication code after a predetermined period of time, the electronic transaction is automatically terminated by the system 10 and the authentication code is no longer valid.
Figs. 3, 4A and 4B are schematic diagrams showing the operation and a respective embodiment of the programmable dynamic modulator 22 in accordance with the invention. The programmable dynamic modulator 22 may be segmented into different operational stages 40. For example, the modulator 22 may be segmented into five operational stages 40a-e, however any number of stages may suffice. The first stage 40a (shown in Fig. 4A), is a timing stage, and may include a binary counter 41. The binary counter 41 may be, for example, a 4-bit binary counter and may be preset to count incrementally, for example from 1 to 4. As will be described, the timing stage 40a may be used to control the processing of an authentication code.
The second stage 40b (also shown in Fig. 4A), a decoding stage, may include decoding circuitry 42 that is configured to decode the binary count generated by the binary counter 41. The following decoding properties may be applicable, depending on the functionality of the counter 41, however, it should be noted that other decoding properties can be practiced without departing from the invention, depending on the number of operational stages and on the functionality of the modulator 22. In the second stage 40b, a decoded binary count of 1 is used to clock a third stage 40c, an encrypting stage, of the modulator 22. As will be described herein, this third stage 40c may include a memory, such as a load register 43, i.e., an 8-bit parallel load register. A decoded binary count of 2 is used to clock a fifth stage 40e, i.e., an output stage, of the modulator 22. Similarly, the fifth stage 40e may include another memory, such as a load register 44, i.e., another 8-bit parallel load register. For timing purposes, a decoded binary count of 3 may be reserved as a redundant state, or a wait state. Finally, a decoded binary count of 4 is used to reset the counter 41.
As illustrated in Figs. 3 and 4B, the third stage 40c may include an 8-bit parallel load register 43. The 8-bit parallel load register 43 may, for example, comprise a pair of 4-bit parallel load registers 43 a, 43b that are configured to function as an 8-bit parallel load register 43. The load register 43 stores an 8-bit binary authorization code provided by the server 11.
The fourth stage 40d, otherwise referred to as an encryption stage, may include a series of logic components, such as binary adders 45, i.e., two 4-bit binary adders 45a, 45b. These binary adders 45 logically process the authorization code provided by the server 11 to determine a correlated authentication code. The binary adders 45a, 45b may operate separately and independently. In operation, each adder 45 may, for example, add two 4-bit numbers from any of the 8-bits of data stored in the parallel load register 43. Preferably, a 16-bit octal number which may be programmed by a user is utilized as the scrambling sequence code for the encryption algorithm to determine the selection of bits from the authorization code. However, it should be noted that any bit-length code formed of any numerical system, i.e. binary, hexadecimal, etc., can be used as the scrambling code without departing from the invention. In accordance with the selected bits from the authorization code, the programmable dynamic modulator 15 generates a correlated authentication code that is provided to the server 11 in order to authenticate a client computer system 12.
The fifth stage 40e may include a memory, such as a load register 44, i.e. an 8-bit parallel load register. Like that of the third stage 40c, the 8-bit parallel load register 44 may also include a pair of 4-bit parallel load registers 44a, 44b that are configured to function as an 8-bit parallel load register 44. The load register 44 stores the correlated authentication code that is generated from the binary adders 45a, 45b, as described above. The stored code is sent to the server 11 for verification. To be verified as authentic, the correlated authentication code, when processed by the server 11, will mirror the generated authorization code.
The following example illustrates the function of the programmable dynamic modulator 22 of the invention. As described, an authorization code is provided by the server 11. For example, an authorization code may be the 8-bit binary number code 1010 0011. The code may be randomly or otherwise generated by the server 11 and stored in the load register 43 of the programmable dynamic modulator 22 in the client computer system 12.
In order to encrypt the authorization code, a scrambling code may be programmed into the system 10, such as by being programmed into an ASIC chip utilized by the system 10. The scrambling code may, for example, be a 16-bit octal code, thereby providing in excess of 281 trillion different encryption combinations. Once programmed, the scrambling code is used by the system 10 as the scrambling sequence to generate the correlated authentication code. Advantageously, the ASIC chip may include an EEPROM so that the scrambling code can be changed, such as by electrically erasing the earlier programmed scrambling code and programming a new scrambling code into the EEPROM. Programming and erasing of data into EEPROMS can be accomplished according to principles well known in the art.
Logical circuitry, such as binary adders 45, logically process the authorization code to determine which bits of the authorization code to select in order to generate a correlated authentication code. In an embodiment of the invention, the 4-bit binary numbers to be provided to the binary adders 45 are selected in accordance with the 16-bit octal scrambling code. For example, a 16-bit octal scrambling code may be 4567 5053 0123 3051. Thus, in accordance with the invention, the first binary adder 45 a is provided the bits from the authorization code that correlate to the 4th, 5th, 6th and 7th bits of the 8-bit code as the first series of bits to be added with the provided bits from the authorization code that correlate to the 5th, 0th, 5th and 3rd bits of the 8- bit code.
Similarly, the second binary adder 45b is provided the bits from the authorization code that correlate to the 0th, 1st, 2nd and 3rd bits of the 8-bit code as the first series of bits to be added with the provided bits from the authorization code that correlate to the 3rd, 0,h, 5,h and 1st bits of the 8-bit code. Thus, for the given authorization code 1010 0011, and the given scrambling code 4567 5053 0123 3051, the operation of the adders 45 is as follows:
Figure imgf000011_0001
Therefore, for a given binary authorization code and scrambling code, a correlated authentication code may be generated by the system 10. This correlated code may be stored in a load register 44. In the example set forth above, the correlated code 0011 0011 is stored in the load register 44. This stored code is sent to the server 11 for verification. The server 1 1 preferably includes a software algorithm or other hardware devices configured to verify the scrambled code. In accordance with the invention, the hardware or software on the server 11 performs a similar binary addition process on the correlated authentication code to verify the accuracy of the scrambled code. To verify the correlated authentication code, the scrambling code programmed into the system 10 is used by the server 11 to perform a similar "reverse" process on the correlated authentication code provided by the client computer system 12 in order to verify the accuracy of the scrambled code.
Having described the functionality of the computer protection system 10, reference is now made to an electronic circuit 50 configured to perform as the programmable dynamic modulator 15 of the invention. It should be noted that while reference is made to a specific circuit layout, any circuit configured to perform as the programmable dynamic modulator 15 can be used without departing from the invention. Figs. 4A and 4B illustrate a circuit diagram 50 of an embodiment of the programmable dynamic modulator 22 of the invention. As shown in Fig. 4A, the programmable dynamic modulator 22 includes a binary counter 41, such as a 4-bit binary counter commonly available in the art. As described above, the binary counter 41 , together with the additional circuitry 42 shown in Fig. 4A is configured to control the processing of the authentication code by controlling the timing of the several stages 40a-e of the modulator 22.
As shown in Fig. 4B, the programmable dynamic modulator 22 includes a plurality of shift registers 43, for example, a plurality of 4-bit parallel access shift registers 43a, 43b, such as are common in the art. The shift registers 43 are configured to store a binary number, such as an 8-bit binary authorization code, that is generated by a server 11. As shown in Fig. 4B, the 8 bits of the binary code can be stored as 4 respective bits in each of the shift registers 43a, 43b. For example, bits DO, Dl, D2 and D3 can be stored in a first shift register 43a, while bits D4, D5, D6 and D7 can be stored in a second shift register 43b. Of course, larger or smaller capacity shift registers may be used without departing from the invention.
The binary number stored in the shift registers 43a, 43b may be provided to an encryption logic circuit 52, such as an EEPROM. A scrambling code, such as a 16-bit octal number, may be stored in the encryption logic circuit 52. Alternatively, instead of storing a programmed scrambling code, the encryption logic circuit 52 may be configured to generate a scrambling code that is used to encrypt the 8-bit binary number stored in the shift register 43.
In accordance with the scrambling code, a sequence of bits from the authorization code are selected and provided to a logical component, such as an adder 45, i.e., a 4-bit binary full adder 45 that is common in the art. The programmable dynamic modulator 22 may include a plurality of adders 45a, 45b. These binary adders 45 are configured to logically process the authorization code in accordance with the scrambling code to determine which bits of the authorization code to process in order to generate a correlated authentication code.
For example, a first sequence of bits A0, Al, A2, A3, and a second sequence of bits BO, Bl, B2, B3 are selected from the authorization code in accordance with the scrambling code as described above and are provided to the first adder 45a. Similarly, a second sequence of bits A4, A5, A6, A7 and a second sequence of bits B4, B5, B6, B7 are selected from the authorization code in accordance with the scrambling code and are provided to the second adder 45b. These bit sequences are logically processed by the adders 45.
Each binary adder 45 provides an output, such as a 4-bit output, to another shift register 44, such as another parallel shift register 44 that is common in the art. The 4-bits output from each binary adder 45 that are provided to the shift register 44 comprise a correlated authentication code that is provided to the server 11 in order to determine authorization verification.
Fig. 5 is a timing diagram showing the different electrical signal states of the modulator 22 for one operational cycle of the modulator 22. Shown in Fig. 5 are the controlling enable signal 60 for enabling the shift registers 43, 44, a pulsed clock signal 61 for controlling the timing of the circuit 50, differential count signals 62a-d for driving different stages 40a-e of the modulator 22 as described above, a data input signal 63, an adder input signal 64 and a data output signal 65.
The enable signal 60, as described above, is provided as an input to the shift registers 43, 44. When the shift registers 43, 44 are enabled, such as when the enable signal 60 is HIGH, or a logic level 1, data can be input to the shift registers 43, 44 and the adders 45, i.e. the data input signal 63 and the adder input signal 64 will both be HIGH (logic level 1). The clock signal 61 is used to control the timing of the counter 41. For example, at every clock pulse, i.e., when the clock signal 61 is HIGH (logic level 1), a different stage 40a-e of the modulator 22 is active. That is, at the first clock pulse, the first stage 40b will be active; at the second clock pulse, the- second stage 40c will be active; at the nth clock pulse, the nth stage will be active, etc.
As described above, the counter 41 drives various stages 40a-e of the modulator 22. At the first clock pulse, the data input and adder input signals 63, 64 are both switched HIGH (logic level 1) and the respective circuit components are active and remain active until the counter 41 resets itself (after the clock pulses through the fourth periodic pulse). The clock signal 61 also controls the timing of switching the data output signal 65 HIGH (logic level 1). This signal 65 is switched HIGH during the second clock pulse.
Thus, a dynamic password authentication protocol and system is provided that establishes a high level of security for a computer system. Advantageously, an authentication code is dynamically changed by the system over a period of time or in accordance with an authentication sequence to ensure that the system cannot become compromised. As a result, the security of the system is significantly enhanced by the present invention.
While the invention has been described with reference to a particular embodiment, it should be understood that modifications can be made without departing from the invention. For example, while the invention was described as being implemented by the circuit 50 shown in Figs. 4 A and 4B, any circuit capable of operating as the programmable dynamic modulator 22 may be practiced. In addition, any length or numerical system bit code may be used to generate authorization codes and authentication codes. Similarly, any length or numerical system bit code may be used as a scrambling code for encrypting the authentication codes.

Claims

WHAT IS CLAIMED IS:
1. A computer security system, comprising: a computer network, including a server system and a plurality of individual client computer systems connected to the computer network; means for generating an authorization code by the server system and for providing the generated authorization code to at least one of the client computer systems in communication with the server system; means for storing a scrambling code; means for processing the authorization code in accordance with the scrambling code to generate a correlated authentication code; and means for verifying the authenticity of the at least one computer system to the computer network.
2. The computer security system of Claim 1, wherein the computer network is a local area network.
3. The computer security system of Claim 1, wherein the computer network is a wide area network.
4. The computer security system of Claim 3, wherein the wide area network comprises the Internet.
5. The computer system of any one of the preceding claims, wherein the authorization code is randomly generated by the server.
6. The computer system of Claim 5, wherein the authorization code comprises an 8-bit binary code.
7. The computer system of any one of the preceding claims, wherein the scrambling code is programmed into a memory that is resident in the server.
8. The computer system of any one of claims 1 to 6, wherein the scrambling code is programmed into a memory that is resident in the at least one client computer system.
9. The computer system of any one of the preceding claims, wherein the scrambling code defines at least one bit sequence to be selected from the authorization code.
10. The computer system of any one of the preceding claims, wherein the scrambling code comprises a 16-bit octal code.
11. The computer system of any one of the preceding claims, wherein the processing means comprises an intelligent key.
12. The computer system of Claim 11, wherein the intelligent key comprises a microprocessor and a programmable dynamic modulator coupled with the microprocessor, the programmable dynamic modulator configured to receive a plurality of bit sequences from the microprocessor, the bit sequences determined in accordance with the scrambling code, and to logically process the bit sequences to generate a resulting correlated authentication code.
13. The computer system of Claim 12, wherein the programmable dynamic modulator comprises a first memory configured to store an authorization code therein; a second memory configured to store a scrambling code therein; at least one logical component configured to receive a plurality of bit sequences of the authorization code, the bit sequences determined in accordance with the scrambling code, and to logically process the plurality of bit sequences to generate a correlated authentication code; and a third memory configured to store the correlated authentication code therein.
14. The computer system of any one of the preceding claims, wherein the verification means comprises a software algorithm resident on the server and configured to process the correlated authentication code to determine if the processed correlated authentication code mirrors the generated authorization code.
15. A computer security system, comprising: a computer network, including a server system and a plurality of individual client computer systems connected to the computer network; a generator configured to randomly generate an authorization code by the server system and to provide the randomly generated authorization code to at least one of the client computer systems in communication with the server system; a memory configured to store a scrambling code, the scrambling code defining a plurality of bit sequences to be selected from the authorization code; an intelligent key configured to receive the plurality of bit sequences selected from the authorization code and to logically process the bit sequences to generate a resulting correlated authentication code; and a verifier configured to process the correlated authentication code to determine if the processed correlated authentication code mirrors the generated authorization code and thereby authenticate the at least one client computer system.
16. A dynamic code authentication protocol for authenticating a computer system in a computer network including a server system and a plurality of client computer systems connected to the computer network, comprising: generating an authorization code by the server and providing the authorization code to at least one client computer system in communication with the server; providing a scrambling code to encrypt the authorization code; and providing an intelligent key configured to logically process the authorization code in accordance with the scrambling code and thereby provide a correlated authentication code to the server that is processed by the server to determine if the processed correlated authentication code mirrors the randomly generated authorization code to thereby authenticate the at least one client computer system.
17. The dynamic code authentication protocol of Claim 16, wherein the authorization code is randomly generated at every authentication request by the computer system.
18. The dynamic code authentication protocol of claim 16 or 17, wherein if the processed correlated authentication code and the generated authorization code are identical, an information session is established between the computer system and the server.
19. A programmable dynamic modulator, comprising: means for storing an authorization code; means for storing a scrambling code; means for processing the authorization code in accordance with the scrambling code to generate a correlated authentication code; and means for storing the correlated authentication code.
20. The programmable dynamic modulator of Claim 19, wherein the authorization code storing means comprises a load register.
21. The programmable dynamic modulator of claim 19 or 20, wherein the scrambling code storage means comprises a EEPROM.
22. The programmable dynamic modulator of claim 19, 20 or 21, wherein the processing means comprises at least one logical component.
23. The programmable dynamic modulator of Claim 22, wherein the logic component is a logical adder.
24. The programmable dynamic modulator of any one of claims 19 to 23, wherein the correlated authentication code storing means comprises a load register.
25. A programmable dynamic modulator, comprising: a first memory configured to store an authorization code therein; a second memory configured to store a scrambling code therein; at least one logical component configured to receive a plurality of bit sequence s of the authorization code, the bit sequences determined in accordance with the scrambling code, and to logically process the plurality of bit sequences to generate a correlated authentication code; and a third memory configured to store the correlated authentication code therein.
26. A method for authenticating a computer system in a computer network including a server system and a plurality of client computer systems connected to the computer network, comprising the steps of: generating an authorization code by the server system and providing the authorization code to at least one client computer system in communication with the server system; providing a scrambling code; processing the authorization code in accordance with the scrambling code to generate a correlated authentication code; providing the correlated authentication code to the server system; and verifying the authenticity of the at least one client computer system to the server.
PCT/SG2001/000241 2000-11-29 2001-11-20 Enhance authorization system and method for computer security WO2002045339A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002218644A AU2002218644A1 (en) 2000-11-29 2001-11-20 Enhance authorization system and method for computer security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG200007078 2000-11-29
SG200007078-9 2000-11-29

Publications (1)

Publication Number Publication Date
WO2002045339A1 true WO2002045339A1 (en) 2002-06-06

Family

ID=20430698

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2001/000241 WO2002045339A1 (en) 2000-11-29 2001-11-20 Enhance authorization system and method for computer security

Country Status (2)

Country Link
AU (1) AU2002218644A1 (en)
WO (1) WO2002045339A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100356351C (en) * 2002-11-21 2007-12-19 国际商业机器公司 System and method for code authentication
US7451322B2 (en) 2002-03-05 2008-11-11 Samsung Electronics Co., Ltd. User authentication method using password
WO2009018685A1 (en) * 2007-08-08 2009-02-12 Kamfu Wong The device and the method of encrypting and authenticating against trojan horse with one time key
WO2009018684A1 (en) * 2007-08-08 2009-02-12 Kamfu Wong The keyboard for encrypting and authenticating against trojan horse with one time key
CN109743159A (en) * 2018-01-09 2019-05-10 詹贯峰 A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0427465A2 (en) * 1989-11-09 1991-05-15 AT&T Corp. Databaseless security system
EP0588519A2 (en) * 1992-08-31 1994-03-23 AT&T Corp. Continuous authentication using an in-band or out-of-band side channel
EP0807911A2 (en) * 1996-05-15 1997-11-19 RSA Data Security, Inc. Client/server protocol for proving authenticity
WO1998052115A1 (en) * 1997-05-13 1998-11-19 Passlogix, Inc. Generalized user identification and authentication system
WO1999000958A1 (en) * 1997-06-26 1999-01-07 British Telecommunications Plc Data communications
WO2000029965A1 (en) * 1998-11-16 2000-05-25 Saison Information Systems Co., Ltd. Method and apparatus for network authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0427465A2 (en) * 1989-11-09 1991-05-15 AT&T Corp. Databaseless security system
EP0588519A2 (en) * 1992-08-31 1994-03-23 AT&T Corp. Continuous authentication using an in-band or out-of-band side channel
EP0807911A2 (en) * 1996-05-15 1997-11-19 RSA Data Security, Inc. Client/server protocol for proving authenticity
WO1998052115A1 (en) * 1997-05-13 1998-11-19 Passlogix, Inc. Generalized user identification and authentication system
WO1999000958A1 (en) * 1997-06-26 1999-01-07 British Telecommunications Plc Data communications
WO2000029965A1 (en) * 1998-11-16 2000-05-25 Saison Information Systems Co., Ltd. Method and apparatus for network authentication

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7451322B2 (en) 2002-03-05 2008-11-11 Samsung Electronics Co., Ltd. User authentication method using password
CN100356351C (en) * 2002-11-21 2007-12-19 国际商业机器公司 System and method for code authentication
WO2009018685A1 (en) * 2007-08-08 2009-02-12 Kamfu Wong The device and the method of encrypting and authenticating against trojan horse with one time key
WO2009018684A1 (en) * 2007-08-08 2009-02-12 Kamfu Wong The keyboard for encrypting and authenticating against trojan horse with one time key
CN101933315B (en) * 2007-08-08 2014-03-26 黄金富 The keyboard for encrypting and authenticating against trojan horse with one time key
CN109743159A (en) * 2018-01-09 2019-05-10 詹贯峰 A kind of inter-authentication method for realizing authentication with authorization using bidirectional dynamic password

Also Published As

Publication number Publication date
AU2002218644A1 (en) 2002-06-11

Similar Documents

Publication Publication Date Title
KR100340936B1 (en) Method of Eeffecting Mutual Authentication
AU776552B2 (en) Security access and authentication token with private key transport functionality
US8392978B2 (en) Secure authentication using hardware token and computer fingerprint
US8434138B2 (en) One time password
AU2005318933B2 (en) Authentication device and/or method
CA2591968C (en) Authentication device and/or method
EP0848315B1 (en) Securely generating a computer system password by utilizing an external encryption algorithm
US7853794B2 (en) Efficient method for providing secure remote access
EP1873960A1 (en) Method for session key derivation in a IC card
JP2001514834A (en) Secure deterministic cryptographic key generation system and method
WO2006041517A2 (en) Partition and recovery of a verifiable digital secret
US20080040617A1 (en) Apparatus and method for secure field upgradability with unpredictable ciphertext
EP1042882A4 (en) Method for strongly authenticating another process in a different address space
US7216235B1 (en) Drive/host locking system
M'Raihi et al. RFC 4226: HOTP: An HMAC-based one-time password algorithm
CN114499859A (en) Password verification method, device, equipment and storage medium
WO2002045339A1 (en) Enhance authorization system and method for computer security
CN2888514Y (en) A computer system with safe transfer trust
WO2000028493A1 (en) A method of encryption and apparatus therefor
Hoornaert et al. Network Working Group D. M’Raihi Request for Comments: 4226 VeriSign Category: Informational M. Bellare UCSD

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP