|
|
|
| United States Patent | 4819267 |
| Link to this page | http://www.wikipatents.com/4819267.html |
| Inventor(s) | Cargile; William P. (Half Moon Bay, CA);
Freeman; Richard D. (Sunnyvale, CA);
Lyon; James M. (San Jose, CA) |
| Abstract | A semiconductor device that functions as a key to control access to a
computer or a software program resident in a computer or provides for
secure communications is disclosed. The device executes an algorithm that
combines a root and a seed to produce a password. The password is input to
the computer. The computer uses an equivalent algorithm to produce a
password within the computer. Comparison or other methods are employed to
allow access to the computer or computer program or to allow for secure
communications. The computer can be coded to produce on a video display
thereof a time-space stimulus pattern which can be received by sensors of
the key. Alternatively, a keypad can be employed to input the stimulus
output from the computer into the access key. Further the present system
allows for secure communication using algorithms between different
computers and between distant locations. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 4819267 |
|
|
Solid state key for controlling access to computer systems and to
computer software and/or for secure communications |
|
|
|
|
|
| Publication Date |
April 4, 1989 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Parent Case |
CONTINUATION-IN-PART CROSS-REFERENCE
This application is a continuation of application Ser. No. 813,647, filed
on Dec. 26, 1985, now abandoned which is a continuation-in-part of a prior
co-pending application entitled "Solid State Key for Controlling Access to
Computer Software," filed on Feb. 22, 1984, and given Ser. No. 582,302,
now U.S. Pat. No. 4,599,489. |
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 4720860
Weiss
713/184
Jan,1988 |  Your vote accepted
[0 after 0 votes] | | 4689606
Sato
380/46
Aug,1987 | Your vote accepted
[0 after 0 votes] | | 4609777
Cargile
713/184
Sep,1986 | Your vote accepted
[0 after 0 votes] | | 4599489
Cargile
705/52
Jul,1986 | Your vote accepted
[0 after 0 votes] | | 4596898
Pemmaraju
380/45
Jun,1986 | Your vote accepted
[0 after 0 votes] | | 4593353
Pickholtz
Jun,1986 | Your vote accepted
[0 after 0 votes] | | 4573119
Westheimer
713/190
Feb,1986 | Your vote accepted
[0 after 0 votes] | | 4523271
Levien
726/22
Jun,1985 | Your vote accepted
[0 after 0 votes] | | 4484025
Ostermann
380/279
Nov,1984 | Your vote accepted
[0 after 0 votes] | | 4484027
Lee
380/239
Nov,1984 | Your vote accepted
[0 after 0 votes] | | 4471163
Donald
705/55
Sep,1984 | Your vote accepted
[0 after 0 votes] | | 4369332
Campbell, Jr.
380/43
Jan,1983 | Your vote accepted
[0 after 0 votes] | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
What is claimed is:
1. Apparatus for affording access by a user to a computer and/or
information residing in a computer, and/or for affording secure
communications and comprising an access key capable of generating a
password and of being transported independently of the computer, and an
access key for verification means adapted to be resident in the computer,
for allowing access and use of the software program wherein:
said access key includes:
(a) first clock means for generating a signal;
(b) means for storing a root;
(c) forward algorithm means coupled to said clock means and root storing
means for encrypting the root, responsive to the signal from said clock
means, into a password;
said access key verification means includes:
(a) second clock means for generating a signal;
(b) means for receiving the password;
(c) inverse algorithm means coupled to said second clock means for
decrypting the password and for calculating the root;
(d) means for generating a stimulus and for communication said stimulus to
said inverse algorithm means and said access key;
(e) said inverse algorithm means including means for using the stimulus to
calculate the root from the password;
said access key includes:
(a) means for receiving the stimulus and communicating the stimulus to said
forward algorithm means;
(b) wherein said forward algorithm means includes means for combining the
stimulus with the root to produce the password;
(c) means for saving at least a portion of stimulus member;
(d) means for comparing the saved portion of the stimulus number with the
next available stimulus number;
(e) means for inverting at least part of the root before the root is
communicated to the forward algorithm module responsive to the comparing
means if the saved portion does not have a predescribed relationship with
the next available stimulus number; and
said access key verification means includes:
(a) second means for saving at least a portion of the stimulus number;
(b) means for merging the saved portion of the stimulus number with the
next stimulus number;
(c) second means for storing at least a portion of the root;
(d) means for comparing the portion of the root number saved in the second
storing means with the calculated root;
(e) means for generating a suspicion signal depending on whether there is a
predetermined relationship between the calculated root and the saved
portion of the root.
2. Apparatus for affording access by a user to a computer and/or
information residing in a computer, and/or for affording secure
communications and comprising an access key capable of generating a
password and of being transported independently of the computer, and an
access key verification means adapted to be resident in or function with
the computer, for allowing access and use of the software program wherein:
said access key includes:
(a) first clock means for generating a signal;
(b) means for storing a root;
(c) forward algorithm means coupled to said clock means and root storing
means for encrypting the root, responsive to the signal from said clock
means, into a password;
said access key verification means includes:
(a) second clock means for generating a signal;
(b) means for receiving the password;
(c) inverse algorithm means coupled to said second clock means for
decrypting the password and for calculating the root; and
wherein the computer has a video display, which can display another signal
from the access key verification means, and wherein said apparatus further
comprising:
said access key verification means including:
(a) a stimulus number generating means for generating a stimulus number;
(b) means for generating said another signal on the video display that is
representative of said stimulus number; and
said access key further including:
(a) at least one sensor accessible from the exterior of said access key so
that juxtaposition of the access key and the display efforts excitation of
the sensor by the another signal;
(b) means coupled to said sensor for using the another signal to produce
the stimulus number;
(c) said forward algorithm means including a means for combining the
stimulus number with the signal from the clock means to produce the
password; and
wherein the signal on the display is comprised of two optical differential
pairs; and
wherein each optical pair is comprised of a first field and a second field,
one of which fields can be illuminated more than the other field to
communicate selectively a logical one or a logical zero signal.
3. The apparatus of claim 2 wherein one of said optical differential pairs
represent a data signal and the other represents a clock signal.
4. The apparatus of claim 3 wherein the pairs alternate being the data
signal and the clock signal.
5. A system for transmitting information in a secure fashion comprising:
a first access key capable of generating a password and adapted to be
transported independently of a computer;
wherein said first access key includes:
(a) first means for storing a root;
(b) first forward algorithm means coupled to said first root storing means
for encrypting the root into a password;
a first access key verification means adapted to reside in or function with
a computer for receiving a password generated by the first access key and
for encrypting the information to be transmitted based on the root
calculated from the password;
wherein said first access key verification means includes:
(a) first inverse algorithm means for receiving and decrypting the password
for calculating the root in order to encrypt the information;
(b) encrypt module means for using the root to encrypt the information;
a second access key capable of generating another password and adapted to
be transported independently of another computer;
wherein said second access key includes:
(a) second means for storing the root;
(b) second forward algorithm means coupled to said second root storing
means for encrypting the root into another password;
a second access key verification means adapted to reside in or function
with the another computer for receiving the another password generated by
the second access key and for decrypting the encrypted information based
on a value calculated from the password; and
wherein said second access key verification means includes:
(a) second inverse algorithm means for receiving and decrypting the another
password for calculating the root in order to decrypt the information;
(b) decrypt module means for using the root to decrypt the information.
6. The system of claim 5 wherein:
at lease one of said first and second access key verification means
includes:
(a) means for generating a stimulus and for communicating said stimulus to
at least one of said first and second inverse algorithm means
respectively, and to at least one of said first and second access keys
respectively;
at least one of first and second access keys includes:
(a) means for receiving the stimulus and communicating the stimulus to at
least one of said first and second forward algorithm means respectively.
7. A system for protecting information residing in a computer and/or for
affording secure communication comprising:
means separate from the computer for encrypting information in accordance
with a root;
an access key capable of generating a password in accordance with the root
and of being transported independently of a computer;
wherein said access key includes:
(a) first clock means for generating a signal that is dependent on the
elapse of time;
(b) means for storing the root;
(c) forward algorithm means coupled to said clock means and root storing
means for encrypting the root into a password responsive to the signal
from said clock means;
an access key verification means, adapted to reside in or function with the
computer, for using the password to calculate the root and to decrypt the
encrypted information with the root;
wherein said access key verification means includes:
(a) second clock means for generating a signal that is dependent on the
elapse of time;
(b) means for receiving the password;
(c) inverse algorithm means coupled to said second clock means for
decrypting the password for calculating the root.
8. The apparatus of claim 7 wherein:
said access key verification means includes:
(a) means for generating a stimulus and for communication said stimulus to
said inverse algorithm and said access key;
said access key includes:
(a) means for receiving the stimulus and communicating the stimulus to said
forward algorithm means;
(b) wherein said forward algorithm means includes the means for combining
the stimulus with the root to produce the password; and
said access key verification means includes:
(a) said inverse algorithm means including means for using the stimulus to
calculate the root from the password.
9. Apparatus for affording access by a user to a computer and/or
information residing in a computer, and/or for affording secure
communications and comprising an access key capable of generating a
password and of being transported independently of the. computer, and an
access key verification means adapted to be resident in or function with
the computer, for allowing access and use of the software program wherein:
said access key includes:
(a) first clock means for generating a signal;
(b) means for storing a root;
(c) forward algorithm means coupled to said clock means and root storing
means for encrypting the root, responsive to the signal from said clock
means, into a password;
said access key verification means includes:
(a) second clock means for generating a signal;
(b) means for receiving the password;
(c) inverse algorithm means coupled to said second clock means for
decrypting the password and for calculating the root; and
wherein said signal of said first clock means includes a first signal
having shorter time intervals and a second signal having longer time
intervals comprised of more than one of the shorter time intervals and
with:
said forward algorithm means including means for selecting among a
plurality of algorithms;
said first signal for encrypting the root for any selected algorithm;
said second signal for selecting among the plurality of algorithms for
encrypting the root.
10. The apparatus of claim 9 wherein said access key includes:
means for displaying the password for a predetermined time frame and for
preventing the generation of another password for said predetermined time
period.
11. A system for communicating secure information including:
an information sender having
(a) a first clock means for generating a signal that is dependent on the
elapse of time;
(b) means for storing a root;
(c) forward algorithm means coupled to said clock means and root storing
means for encrypting the root, responsive to the signal from said first
clock, into a password and for sending said password;
(d) encryption means coupled to said root storing means for encrypting
information input to the sender in accordance with the root and for
sending encrypted information;
an information receiver having:
(a) a second clock means for generating a signal that is dependent on the
elapse of time;
(b) inverse algorithm means coupled to said second clock means for
receiving the password and for calculating said root in accordance with
the signal from the second clock means and said password;
(c) decryption module means for receiving said encrypted data and coupled
to said inverse algorithm means for receiving said calculated root and for
decrypting the encrypted data.
12. The system for claim 11 wherein:
said information receiver includes:
(a) means for generating a stimulus and for communicating said stimulus to
said inverse algorithm means and to said sender;
said sender include:
(a) said forward algorithm means for additionally receiving the stimulus
and for combining the stimulus with the root to produce the password;
said receiver includes:
(a) said inverse algorithm for additionally using said password and
stimulus to calculate the root.
13. The system of claim 12 wherein:
said sender includes:
(a) first means for storing a seed and for communicating the stored seed to
said forward algorithm means;
(b) said forward algorithm means includes means for selecting among a
plurality of algorithms responsive to the stored seed.
14. The system of claim 13 wherein:
(a) said seed is a time-dependent algorithm; and
(b) the output from said seed storing means changes with time.
15. A system for transporting valuable data in a highly portable, secure
fashion comprising a portable key in which the valuable data can be stored
and data extraction means adapted resident in or function of a computer
for extraction of the data from the key wherein:
said key includes:
(a) first clock means for generating a signal that is dependent on the
elapse of time;
(b) means for storing the data;
(c) forward algorithm means coupled to said clock means and data storing
means for encrypting the data into a password responsive to the signal
from said clock means;
said data extraction means includes:
(a) second clock means for generating a signal that is dependent on the
elapse of time;
(b) means for receiving the password;
(c) inverse algorithm means coupled to said second clock means for
decrypting the password in order to calculate the data.
16. The system of claim 15 wherein: said data extraction means includes:
(a) means for generating a stimulus and for communicating said stimulus to
said inverse algorithm means and said key;
said key includes:
(a) means for receiving the stimulus and communicating the stimulus to said
forward algorithm means;
(b) wherein said forward algorithm means includes means for combining the
stimulus with the data to produce the password; and
said access key verification means includes
(a) said inverse algorithm means including means for using the stimulus to
calculate the data.
17. A system for affording access by a user to a computer and/or
information residing in a computer with an output device, comprising
access key verification means adapted to be resident in or function with
the computer, for verfying an encrypted password and allowing access to
the computer and/or use of the information, an access key capable of
generating an encrypted password and of being transported independently of
the computer, and a keypad for facilitating communication between the
access key and the access key verification means, wherein:
said access key verification means includes:
(a) first clock means for generating a signal that is dependent on the
elapse of time;
(b) a stimulus number generating means for generating a stimulus number;
(c) means for generating a signal on the display that is representative of
said stimulus number; and
said access key includes:
(a) second clock means for generating another signal that is dependent on
the elapse of time;
(b) means for storing a root;
(c) at least one sensor accessible from the exterior of said access key,
said keypad includes:
(a) means for entering the stimulus number
(b) excitation means communicating with the stimulus entering means for
exciting the sensor of the access key when the excitation means of the
keypad is adjacent the sensor of the access key for communicating the
stimulus number to the access key;
said access key further includes:
(a) means coupled to said sensor for using the signal to produce the
stimulus number;
(b) password generating means for encrypting said another signal produced
by said second clock means and said stimulus number and said root for
producing an encrypted password;
(c) displaying means communicating with the password generating means for
display at least part of said encrypted password, so that the user can
input the encrypted password into the computer;
wherein said access key verification means further includes:
(a) means for decrypting the encrypted password displayed on the access key
to calculate said root. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
FIELD OF THE INVENTION
This invention relates to apparatus for affording access to computer
systems and/or computer software only by authorized persons and also for
secure communications of data, and more particularly to apparatus
physically independent of the computer but capable of executing an
algorithm that can also be executed by the computer to afford access or
secure communications of data.
BACKGROUND OF THE INVENTION
Numerous techniques for limiting access to computer systems (also known as
access management) and software (also known as software protection), and
for enabling secure communications of data are practiced. In multiuser
systems it is typical for each user to have an identification code and/or
a password which the user must enter before gaining access to the system.
Security of the system can be compromised when an authorized user reveals
his or her identification code and/or password to unauthorized persons or
the access code is discovered by a systematic attack such as that used by
hackers.
Another technique employed, particularly with respect to application
software that is provided on magnetic diskettes, is to encode on the
diskette a protective routine that prevents the making of usable copies
with standard copy methods. This technique has had only moderate success
in preventing unauthorized use or unauthorized copying because programs
for disabling such protective routines are widely available.
Further techniques for securing computers, software and communications
include the use of seemingly random generated passwords affording the
appropriate access. In some systems, these passwords are generated
independently of where access is desired and in other systems the random
passwords are generated in response to an inquiry or stimulus from the
computer, software or communication source to which access is desired. For
these types of systems, there are a number of approaches used by hackers
and those intent on stealing valuable information in order to break into
the system. One of the approaches is known as the "table attack" or "clear
text attack." In the table attack, a table is built out of the
relationship between the stimulus and the response or password generated
therefrom. If the system for controlling access is relative static, a
table can be built in a relatively short time so that given any particular
stimulus, one intent on breaking into the system can determine the
appropriate password from the table.
Another approach to break into such systems is known as the "cypher text
attack." This approach is appropriate when the response or password
results from a known or predictable stimulus. An analysis of the
relationship between the stimulus and the response using standard
cryptographic analysis techniques allows passwords appropriate to the
future to be predicted.
Still a further approach or attack applicable to time dependent devices is
time compression. This is accomplished by speeding up the clock to
generate passwords appropriate to the future so as to more rapidly build a
table for one of the other types of attack. Accordingly, when the future
time arrives, the password is known and used to break into the system.
SUMMARY OF THE INVENTION
The present invention is embodied in a device that is analogous to a key in
that it is a small portable device that can be conveniently carried by the
user and that can be employed to obtain access to computers and software
and for secure communications. The key contains solid state or
semiconductor electronic elements that can execute a prescribed algorithm
or one of a plurality of prescribed algorithms to produce a code which the
computer receives and affords access to the computer, computer software,
or provides secure communications if the code is correct.
A semiconductor key embodying the present invention includes a timer or
clock which produces a series of pulses at a repetition rate corresponding
to the elapse of real time. In the specific embodiments described
hereinafter in more detail, the timer produces one pulse per day. The
timer pulse changes the contents of a shift register, the output of the
shift register being a predetermined function of the calendar date. The
device includes a character output display of a password which is a
function of the previously mentioned function. When the user inputs the
displayed password to a computer, computer program or secure
communications system to practice the invention, the computer affords
access if the password is correct and/or has a prescribed relationship to
a number generated within the computer.
In order for the software in the computer to be able to produce an internal
password for comparison with the user input password, the user is first
prompted by the computer to enter at least initially the current date.
Most computers are presently configured with self-controlled battery
operated clock cards which maintain the current date whether or not power
to the system is maintained. The computer manipulates the current date by
an algorithm corresponding to that in the key to produce the internal
password.
An important aspect of the invention is that the shift register within the
key is pre-loaded at manufacturing time with a unique number or numbers so
that the likelihood of two keys being the same unique numbers is
insignificant. For example, if the size of the shift register in the key
is 32 bits, a size easily achievable under the present state of the art,
there are almost five billion bit combinations that can be produced.
Because the key is active, i.e., because a continuous supply of power is
necessary to maintain the register state, disassembly of the key for the
purposes of ascertaining the function is virtually impossible, because in
disassembly it is highly likely that power to the shift register would be
interrupted.
An enhanced version of a software access key embodying the invention, which
is even more difficult for unauthorized persons to decode, involves an
extra step to produce a password for input by the user. As in the version
to which reference has been previously made, the key contains a shift
register whose state changes with elapsed real time. The computer with
which the key is adapted to cooperate is coded to generate a stimulus
number which can be randomly generated and which is saved within the host
computer. The stimulus number is transmitted to the key without direct
connection. One technique for so transmitting the stimulus number involves
excitation of one or more predetermined sites on the video display of the
host computer and providing in the key one or more photo-sensors which
respond to the pattern of excitation of the sites. The key includes
circuitry for decoding the pattern of excitation at the display sites and
generating a password from a combination of the decoded signal and the
output of the above mentioned register that changes with real time. In
practicing the invention employing the enhanced version, the association
between the password displayed to the user and the current date as
manifested by the output of the timer within the key is even more tenuous
and therefore more difficult, if not impossible, to display by reverse
engineering.
A further improvement to the above enhanced version includes the use of a
keypad into which the access key can be placed. The keypad can be used
with a computer system that does not have a video display or has one which
will not properly excite the sensors on the access key itself. The keypad
includes key switches and excitation device such as light-emitting diodes
which can be placed in juxtaposition to the sensors of the access key. The
computer display or printer or other output device displays an appropriate
alphanumeric code which is then entered into the keypad. The keypad in
turn excites the sensors on the key in order to transfer the stimulus.
In a further aspect of the invention for access management, software
protection and secured communications, the key can have what is known as a
forward algorithm and the host computer can have what is known as an
algorithm which is inverse to the forward algorithm. An inverse algorithm
is sometimes referred to as a reverse algorithm. In such an arrangement
each key can be provided with an individually personalized root which is
encrypted into a password by the forward algorithm. The encrypted password
is then provided to the inverse algorithm of the host computer where the
original root is recalculated. This original root can be used for
comparison with a root stored within a computer for allowing access to the
computer or to the software. Alternatively, in the case where the root is
not stored within the host computer, the calculated root can be used as
part of the puzzle to decrypt previously encrypted software. The forward
and inverse algorithm modules of the invention can in fact contain a
plurality of algorithms which can be selected depending on the passage of
time or depending on yet another algorithm. The another algorithm can be
contained in a further module and is often times referred as a seed
module. This seed algorithm can provide output which is also time
dependent. Through the use of one or two time dependent algorithms,
possibilities of the system becoming susceptible to any of the attacks
previously described is minimal to non-existent. The reason for decreased
susceptibility to attack is that there is not enough time to build an
adequate table before the algorithm changes.
Yet another practical way to reduce drastically the odds that the system
can be broken is to increase the minimum of possibilities for the stimulus
number.
In yet another aspect of the invention, in a secured environment, a root is
selected and the appropriate software is encrypted using the root as part
of the encryption. The encrypted software is then stored in the computer.
The root is placed in the appropriate personalized key. The key is then
used to access the software in the computer by transferring the root from
the key to a decryption module in the computer where the root is used as
part of a puzzle to decrypt the software so that the software can be used.
This same approach is used for sending and receiving encrypted data,
computer programs and the like. Further, the key itself can be used to
transport valuable data. This is implemented by using the valuable data as
the root itself. The host computer then uses the password obtained from
the access key to recalculate the root and obtain the valuable data. As
the root in the access key will be destroyed should any attempt be made to
disassemble the key, the root is highly secure.
An object of the invention is to provide a hardware device that must be
employed to gain access to computers and software and for secure
communications. This object is achieved by producing and displaying a
password which must be input by the user and by arranging the circuitry in
the key so that it produces, each time the device is used, a different
password in accordance with an algorithm that is virtually impossible to
predict.
Another object of the invention is to provide a device of the type
described above that is inexpensive, portable and longlasting. The advent
of large scale integrated circuit technology, such as manifested in
existent wristwatches and the like, permits a key in accordance with the
invention to be produced at a moderate cost, particularly when compared to
the cost of many software programs.
A feature and advantage of the invention is that it employs digital
techniques which afford exponential expansion of the number of possible
combinations by merely extending by one or more bits the size of the
numbers that the apparatus employs in producing a password.
The foregoing, together with other objects, features and advantages, will
be more apparent after referring to the following specification and the
accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a perspective view of a computer access key embodying the
invention with portions being broken away to reveal internal details.
FIG. 2 is a block diagram showing the interaction between a relatively
uncomplex key in accordance with the invention and a computer containing
code in accordance with the invention.
FIG. 3 is a block diagram similar to FIG. 2 but showing an enhanced key
according to the invention.
FIG. 4 is a block diagram of exemplary circuitry within the key of FIG. 3.
FIG. 5 is a table showing logical states at various points in the circuit
of FIG. 4 during a typical operating sequence.
FIG. 6 is a block diagram f a key showing various enhancements in
accordance with the invention.
FIG. 7 is a block diagram of another embodiment of the access key and
access verification system of the invention which uses forward and inverse
algorithms.
FIG. 8 depicts the invention of FIG. 7 with the enhancement of a stimulus
number generator.
FIG. 9 depicts an enhanced version of the embodiment of FIG. 7 wherein a
calculated root is compared with a stored root to allow access to a
computer or software.
FIG. 10 depicts an enhanced version of the embodiment of FIG. 7 with the
use of a seed or a second personality characteristic in addition to the
root.
FIG. 11 depicts the block diagram of a system for encrypting and securing
software including a software encrypter, the access key, and access key
verification and decrypter system.
FIG. 12 depicts a block diagram of a secured communication system for
communicating secure data between two computers at distant locations.
FIG. 13 depicts another embodiment of a secured communications system for
communicating secure data between two computers.
FIG. 14 depicts an embodiment of the key pad of the invention.
FIG. 15 depicts a block diagram of the key pad of the invention.
FIG. 16 depicts patterns of optical signals of the invention.
FIG. 17 depicts a block diagram of an embodiment of the invention for
detecting misuse of the access key.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Referring more particularly to the drawings, reference numeral 12 indicates
a key embodying the present invention. The key includes a housing of
plastic or like imperforate material which is hollow so as to define a
central cavity 14. Within cavity 14 are elements, such as an integrated
circuit device indicated fragmentarily at 16. Accessible from the exterior
of the imperforate housing is a display 18 formed of conventional numeric
or alphanumeric display elements, there being four numeric display
elements in the embodiment shown in FIG. 1. Such elements are typically
liquid crystal display or LCD elements. In the specific example seen in
FIG. 1, display 18 displays the password or a displayed character
representation "1854."
The top surface of key 12 is formed with a circular recess 20. The bottom
surface of the recess contains one or more contact points 22, or openings
in alignment with contact points within cavity 14, for establishing
electrical contact with the circuitry 16 within the key. The contact
points are employed when the key is set or initialized during manufacture
to load a code or bit pattern that is unique to each user. After the key
has been so set, a disk-shaped cover 24 is installed in recess 20 to
insulate contacts 22. Disk-shaped cover 24 can be an adhesive-backed label
having an outer surface containing trademark or product identifying
information.
Key 12 has a front face 26. Mounted within face 26 and accessible from the
exterior of key are sensors 28a, 28b, 28c and 28d. In the specific
embodiment shown in the drawings, sensors 28a-28d are photoelectric diodes
which respond to images formed on the video display screen D of the
computer system containing software to which access is to be had. A
fragment of video display screen D is shown at reduced scale in FIG. 1. As
will be described subsequently, predetermined sites S on the screen are
excited in an appropriate time-space pattern to produce a signal that is
received by key 12 by way of sensors 28a-28d. The sensors and the sites on
the computer video display exemplify an information transmission link that
uses radiant energy and not direct connection between the key and the
computer. Other useful forms of radiant energy are sonic energy or radio
frequency energy.
As will be described hereinbelow with respect to FIGS. 14 and 15, in the
situation where the computer system does not have a video screen, but has
for example, a printer output or LCD or LED output, a keypad with sensors
cannot be used in the way contemplated by the present embodiment. In that
situation an access key can be inserted into the keypad with the
appropriate stimulus from the computer entered into the keypad and
simultaneously communicated through the light-emitting diodes of the
keypad.
Referring to FIG. 2, there is a key 12' which is somewhat less complex than
that shown in FIG. 1 in that key 12' is not equipped with sensors 28a-28d
Key 12' includes a crystal-controlled pulse generator or clock 30 that
produces a series of timing pulses that count real time. In one device
designed in accordance with the invention, pulse generator 30 produces one
pulse per day. The timing pulses supplied by pulse generator 30 are
coupled to a password generator 32. The password generator produces a
unique combination of binary digits depending on the number of date pulses
that have been supplied to it by pulse generator 30 since initialization.
Thus the binary bit pattern produced by password generator 32 is a
function of the current date, referred to in this description and in FIG.
1 as f'(date).
As will be described in more detail hereinafter in connection with the
embodiment of FIGS. 3 and 4, password generator 32 can be embodied in a
shift register into which pulses from pulse generator 30 are introduced
serially and which produces a bit pattern representing f'(dat | | |
