WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Transaction system security method and apparatus    

Get related patents on CD
United States Patent5048085   
Link to this pagehttp://www.wikipatents.com/5048085.html
Inventor(s)Abraham; Dennis G. (Concord, NC); Aden; Steven G. (Charlotte, NC); Arnold; Todd W. (Charlotte, NC); Neckyfarow; Steven W. (Charlotte, NC); Rohland; William S. (Charlotte, NC)
AbstractAn improved security system is disclosed which uses an IC card to enchance the security functions involving component authentication, user verification, user authorization and access control, protection of message secrecy and integrity, management of cryptographic keys, and auditablity. Both the security method and the apparatus for embodying these functions across a total system or network using a common cryptographic architecture are disclosed. Authorization to perform there functions in the various security component device nodes in the network can be distributed to the various nodes at which they will be executed in order to personalize the use of the components.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History Custom Search
Inventor     Abraham; Dennis G. (Concord, NC); Aden; Steven G. (Charlotte, NC); Arnold; Todd W. (Charlotte, NC); Neckyfarow; Steven W. (Charlotte, NC); Rohland; William S. (Charlotte, NC)
Owner/Assignee     International Business Machines Corporation (Armonk, NY)
Patent assignment
All assignments
Company News
Publication Date     September 10, 1991
Application Number     07/418,068
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     October 6, 1989
US Classification     713/159 705/65 713/166 713/172
Int'l Classification     H04K 001/00
Examiner     Tarcza; Thomas H.
Assistant Examiner     Cain; David
Attorney/Law Firm     Hesse; Karl O.
Address
Parent Case    
Priority Data    
USPTO Field of Search     380/25 380/23
Patent Tags     transaction security
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
4969188
Schobi
380/277
Nov,1990
[0 after 0 votes]		4965827
McDonald
705/65
Oct,1990
[0 after 0 votes]
4962533
Krueger
711/163
Oct,1990
[0 after 0 votes]		4944008
Piosenka
380/46
Jul,1990
[0 after 0 votes]
4935962
Austin
713/159
Jun,1990
[0 after 0 votes]		4885788
Takaragi
705/67
Dec,1989
[0 after 0 votes]
4816653
Anderl
235/380
Mar,1989
[0 after 0 votes]		4694492
Wirstrom
713/159
Sep,1987
[0 after 0 votes]
4691355
Wirstrom
713/159
Sep,1987
[0 after 0 votes]		4211919
Ugon
235/487
Jul,1980
[0 after 0 votes]
3702464
Castrucci
235/492
Nov,1972
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B

[0 market size comments]
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 market share comments]
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 reasonable royalty comments]
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A

[0 Guesstimation of Royalty Value Comments]
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 license availability comments]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 owner/assignee comments]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]

[0 competitive advantage comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]

[0 commercial alternatives comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A security device comprising: a data processor:

memory connected to said processor;

data input and output means connected to said processor;

secure session establishing means programmed into said security device for controlling said processor to establish a secure session with another device:

an authorization profile stored in said memory, said profile defining the authority of a user of said security device to cause said processor to execute programmed commands:

transfer means for transferring at least part of said authorization profile from said security device to said another device for controlling said another device in accordance with said authority of said user defined in said authorization profile.

2. The security device of claim 1, wherein said security device is an IC card and said another device is an IC card reader.

3. The security device of claim 1, wherein said security device is a host computer and said another device is a computer work station.

4. The security device of claim 1, wherein said authorization profile defines the authority of said user to execute a command at a particular time.

5. The security device of claim 1, wherein said authorization profile defines the authority of said user to execute a command on a particular day.

6. The security device of claim 1, wherein said authorization profile defines the authority of said user to execute a command between particular times of day.

7. The security device of claim 1, wherein said authorization profile contains a plurality of command flags, each command flag defining the authority of said user to execute a command.

8. The security device of claim 1, wherein said authorization profile contains a plurality of access flags, each access flag defining the authority of said user to access a data file.

9. The security device of claim 1, wherein said authorization profile contains a plurality of program flags, each program flag defining the authority of said user to execute a program.

10. The security device of claim 1, wherein said authorization profile contains a user authorization level.

11. The security device of claim 1, wherein said authorization profile contains a user ID, a personal identification number, and an identity verification method identifier.

12. The security device of claim 2, wherein said authorization profile defines the authority of said user to execute a command at a particular time.

13. The security device of claim 2, wherein said authorization profile defines the authority of said user to execute a command on a particular day.

14. The security device of claim 2, wherein said authorization profile defines the authority of said user to execute a command between particular times of day.

15. The security device of claim 2, wherein said authorization profile contains a plurality of command flags, each command flag defining the authority of said user to execute a command.

16. The security device of claim 2, wherein said authorization profile contains a plurality of access flags, each access flag defining the authority of said user to access a data file.

17. The security device of claim 2, wherein said authorization profile contains a plurality of program flags, each program flag defining the authority of said user to execute a program.

18. The security device of claim 2, wherein said authorization profile contains a user authorization level.

19. The security device of claim 2, wherein said authorization profile contains a user ID, a personal identification number, and an identity verification method identifier.

20. The security device of claim 3, wherein said authorization profile defines the authority of said user to execute a command at a particular time.

21. The security device of claim 3, wherein said authorization profile defines the authority of said user to execute a command on a particular day.

22. The security device of claim 3, wherein said authorization profile defines the authority of said user to execute a command between particular times of day.

23. The security device of claim 3, wherein said authorization profile contains a plurality of command flags, each command flag defining the authority of said user to execute a command.

24. The security device of claim 3, wherein said authorization profile contains a plurality of access flags, each access flag defining the authority of said user to access a data file.

25. The security device of claim 3, wherein said authorization profile contains a plurality of program flags, each program flag defining the authority of said user to execute a program.

26. The security device of claim 3, wherein said authorization profile contains a user authorization level.

27. The security device of claim 3, wherein said authorization profile contains a user ID, a personal identification number, and an identity verification method identifier.

28. A security device comprising:

a data processor;

memory connected to said processor:

data input and output means connected to said processor:

secure session establishing means programmed into said security device for controlling said processor to establish a secure session with another device:

means for receiving at least part of an authorization profile stored in a memory of said another device, said profile defining the authority of a user to cause said processor to execute programmed commands.

29. The security device of claim 28, wherein said security device is an IC card reader and said another device is an IC card.

30. The security device of claim 28, wherein said security device is a computer work station and said another device is a host computer.

31. The security device of claim 28, wherein said authorization profile defines the authority of said user to execute a command at a particular time.

32. The security device of claim 28, wherein said authorization profile defines the authority of said user to execute a command on a particular day.

33. The security device of claim 28, wherein said authorization profile defines the authority of said user to execute a command between particular times of day.

34. The security device of claim 28, wherein said authorization profile contains a plurality of command flags, each command flag defining the authority of said user to execute a command.

35. The security device of claim 28, wherein said authorization profile contains a plurality of access flags, each access flag defining the authority of said user to access a data file.

36. The security device of claim 28, wherein said authorization profile contains a plurality of program flags, each program flag defining the authority of said user to execute a program.

37. The security device of claim 28, wherein said authorization profile contains an authority level.

38. The security device of claim 28, wherein said authorization profile contains a user ID, a personal identification number, and an identity verification method identifier.

39. The security device of claim 29, wherein said authorization profile defines the authority of said user to execute a command at a particular time.

40. The security device of claim 29, wherein said authorization profile defines the authority of said user to execute a command on a particular day.

41. The security device of claim 29, wherein said authorization profile defines the authority of said user to execute a command between particular times of day.

42. The security device of claim 29, wherein said authorization profile contains a plurality of command flags, each command flag defining the authority of said user to execute a command.

43. The security device of claim 29, wherein said authorization profile contains a plurality of access flags, each access flag defining the authority of said user to access a data file.

44. The security device of claim 29, wherein said authorization profile contains a plurality of program flags, each program flag defining the authority of said user to execute a program.

45. The security device of claim 29, wherein said authorization profile contains an authority level,

46. The security device of claim 29, wherein said authorization profile contains a user ID, a personal identification number, and an identity verification method identifier.

47. The security device of claim 30, wherein said authorization profile defines the authority of said user to execute a command at a particular time.

48. The security device of claim 30, wherein said authorization profile defines the authority of said user to execute a command on a particular day.

49. The security device of claim 30, wherein said authorization profile defines the authority of said user to execute a command between particular times of day.

50. The security device of claim 30, wherein said authorization profile contains a plurality of command flags, each command flag defining the authority of said user to execute a command.

51. The security device of claim 30, wherein said authorization profile contains a plurality of access flags, each access flag defining the authority of said user to access a data file.

52. The security device of claim 30, wherein said authorization profile contains a plurality of program flags, each program flag defining the authority of said user to execute a program.

53. The security device of claim 30, wherein said authorization profile contains an authority level.

54. The security device of claim 30, wherein said authorization profile contains a user ID, a personal identification number, and an identity verification method identifier.

55. An identification card comprising:

a data processor:

protected programmable memory connected to said processor;

data input and output means connected to said processor:

an authorization profile stored in said memory, said profile defining the authority of a user of said card to cause said processor to execute programmed commands;

means for receiving an authorization profile created by an authorized person and storing said received authorization profile into said memory to be used in place of said stored authorization profile.

56. The security device of claim 55 wherein said device is an IC card.

57. The IC card of claim 56 further comprising:

data blocks in said memory, each data block having a header, said header containing memory access prerequisites; and

means for comparing said access prerequisites with the authorization profile of said user.

58. The IC card of claim 57 wherein one of said access prerequisites is an authority level and further comprising:

means for comparing said authority level with an authorization level stored in said users authorization profile.

59. The IC card of claim 57 wherein one of said access prerequisites comprise a read flag and a write flag for each user and further comprising:

means for allowing read access to said memory only if said read flag is set and allowing write access to said memory only if said write flag is set.

60. The IC card of claim 57 wherein one of said access prerequisites is a secure session required flag and further comprising:

means for allowing access to said memory only is said IC card is in a secure session with another device which is requesting access to said memory.

61. A security device comprising:

a data processor:

protected programmable memory connected to said processor;

data input and output means connected to said processor:

a plurality of commands for controlling said processor stored in said memory, each command having a plurality of programmable execution prerequisites stored in said memory.

62. The security device of claim 61 wherein one of said execution prerequisites is an established secure session between the devices affected by the command, whereby the command to which it relates will not be executed unless a secure session has previously been established.

63. The security device of claim 61 wherein one of said execution prerequisites is an initial user verification whereby the command to which it relates will not be executed unless the identity of the user requesting the execution of the command has previously been verified during a current session.

64. The security device of claim 61 wherein one of said execution prerequisites is a pre-execution user verification whereby the command to which it relates will not be executed unless the identity of the user requesting the execution of the command has been verified specifically for each execution of said command to which it relates.

65. The security device of claim 61 wherein one of said execution prerequisites is time, whereby a command to which it relates will not be executed unless the time and date are within the limits authorized during which a user requesting execution of said command is authorized to execute said command.

66. The security device of claim 61 wherein one of said execution prerequisites is an authorization level, whereby a command to which it relates will not be executed unless a user requesting execution of said command has an authorization level at or above a specified level.

67. The method of communicating a secure boolean response comprising the steps of:

a) generating a random number in a security device:

b) encrypting said random number under a key;

c) sending said encrypted random number to another security device;

d) decrypting said encrypted random number in said another security device:

e) modifying said random number by a first function if said response is true:

f) modifying said random number by a second function if said response is false:

g) encrypting said modified random number:

h) sending said encrypted modified random number to said first security device;

i) decrypting said encrypted modified random number at said first security device: and

j) comparing said modified random number with said random number to determine the response.

68. The method of changing a value used in the generation of a random number comprising the steps of:

a) generate a first random number:

b) using a portion of said random number to select a bit of said value:

c) inverting said bit:

d) repeat steps a, b, and c to generate a second random number.
 Description Submit all comments and votes
 


BACKGROUND OF THE INVENTION

1. Technical Field

This invention relates to security for networks including computer terminals and portable personal data carriers such as IC cards, sometimes called smart cards or chip cards, having an onboard computer and electronic memory for storing data and processing commands.

2. Description of the Prior Art

The use of identification cards having computing power and memory built into the card, has been described in the technical literature for some time. Examples are U.S. Pat. No. 4,211,919 to Ugon, and U.S. Pat. No. 3,702,464 to Castrucci. A disadvantage of known prior art IC cards that use electrically erasable programmable read only memory (EEPROM) is that the life of an EEPROM is defined by the number of write cycles (e.g., 10,000) before a write failure occurs. Accordingly, the usable life of an IC card using the memory is also limited.

On-card security protection is taught by U.S. Pat. No. 4,816,653. Security is provided in this prior art teaching by having multiple levels of user authorization. Access to a command and to data depends upon who is the current holder of the card, the authority level required to execute a command, and also depends on password data protection contained in the header of each data file.

While providing significantly better user authority checking and security than provided by magnetic stripe identification cards, the above referenced IC cards operate primarily as only semi-intelligent peripheral memory devices. That is to say, the cards respond to read and write command primitives from the workstation, and provide data or record data if the password of the person at the workstation indicates that the person has the authority to perform the requested command. Further, the interface to the prior art IC cards is not well defended. An attack can be made by monitoring the interface while passwords are transferred to or from the card.

Also, the security systems in use with IC cards of the prior art are of a fixed architecture and not easily adapted to differing applications from point of sale to social security or other as of yet unidentified applications. Likewise, when each decision must be referred to the card for processing, a significant number of binary, yes/no responses are provided by the card which may expose the card to attack by unscrupulous persons.

SUMMARY OF THE INVENTION

In accordance with the invention, a highly flexible and secure identification IC card and a distributed authorization system are provided. The invention provides an integrated set of system security capabilities, utilizing the improved identification card of the invention to enhance system component authentication, user identity verification, user authorization and access control, message privacy and integrity protection, cryptographic key management, and transaction logging for audit purposes.

A security system using the invention embodies user authorization in the form of several independent profiles, configurable and programmable by the application owner subsequent to the manufacture of the IC card. Required conditions for the execution of each command are individually programmable by the application owner, using command configuration data. Access to a command is controlled by the content of a user's authorization profile in conjunction with the command configuration data for the requested command.

The user profiles may be downloaded into other security devices in the system for the purpose of controlling use of commands, files, and programs in system component devices, in addition to the IC card itself. The downloaded profile temporarily replaces the authorization profile already active in the other device.

The device command configuration data is not downloaded. The downloaded user authorization profile defines the user's security level and authorizations, while the device command configuration data defines the authorization required by that device to execute a requested command in that device. The same or different commands in other devices to which the user's authorization profile is tranferred may have greater or lesser security requirements defined in their command configurations.

The cryptographic keys associated with file and program authorization flag bits in the user authorization profiles that are downloaded into other security system components of an intelligent workstation or other computer facility, control access to files and programs in that workstation or computer facility.

The command set of the IC card is not fixed. Through use of tables and additional microcode, loaded into the electrically alterable programmable read only memory (EEPROM). new commands can be added to the command set, or existing commands can be replaced with updated versions. Control can also be passed to added microcode in the EEPROM at specific critical points in the IC card supervisor microcode, including initialization, communications, and authorization checking.

The definition of data storage blocks in nonvolatile memory and the read/write access to those data blocks are controlled by security and control information including access prerequisites, stored in the header of each data block in conjunction with the current users authorization profile.

The life of the EEPROM in the IC card is defined by the number of write cycles (e.g., 10,000) before any write failure occurs. For applicable functions, data is written into the memory in such a way as to optimize the total life of the IC card by spreading write cycles across many different storage locations.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a view of the security component devices of the system of the invention.

FIG. 2 is a more detailed block diagram of the IC card of the invention.

FIG. 3 is a block diagram of the circuits of the IC card read write unit.

FIG. 4 is a block diagram of the circuits of the cryptographic adapter card.

FIG. 5 is a block diagram of the software and hardware security components in a workstation.

FIG. 6 is a block diagram of the software and hardware security components of the security processor.

FIG. 7 is a high level flow diagram of authorization checking to execute a command.

FIG. 8 shows content of the user profile and command configuration data tables.

FIGS. 9, 9a and 9b is a more detailed flow chart of the authorization checking of FIG. 7.

FIG. 10 is a command decode flow diagram.

FIG. 11 shows the structure of data blocks in the memory of the IC card, according to the invention.

FIG. 12 is a summary of the commands for most of the security devices in the network of the invention.

FIG. 13 shows how encryption keys are distributed.

FIG. 14 shows two offline work station logon methods.

FIG. 15 shows an online work station logon method.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENT

Referring now to FIG. 1, the security component devices are shown in a network environment in which they find utility. The heart of such a network is a host computer 11 which usually will be connected via telecommunication lines to other host computers which are not shown. Host computer 11 performs all the usual data processing tasks for which it is programmed and, in addition, executes the network security processor support program which is the interface between the network security processor 13 and the host computer 11. The network security processor 13 is a small computer which may embody personal computer architecture. Processor 13 may have a display 15, as well as an IC card read write unit 17, according to the invention, and an IC card 19 embodying the invention. Processor 13 operates to provide the interface for the host computer requests for cryptographic and other security functions and directs the requests to an internal cryptographic adapter card 29.

Communication between host computer 11 and work stations is provided by either direct attach or through a communications concentrator 21. Concentrator 21 is in turn connected to one or more work stations 23 and 25 which may operate together on a local area network. Each workstation will have a keyboard and display and optionally may have a card read write unit 17 for reading and writing information to an IC card 19. In addition, reader 17 may have a signature verification pen 27 for use in capturing the acceleration and pressure dynamics while a holder of card 19 is signing a signature. Processor 13 and work stations 23, 25 may also have a cryptographic adapter card 29 installed into their computer bus. Card 29 has thereon a shielded module 31 which is secure from physical and electrical attempts to read or modify information stored in the memory in module 31.

Each device has the capability to establish a secure session with any of the other devices, or with a remote device which is capable of supporting the secure session establishment protocol. In order for two devices to establish a secure session, they must each contain an identical key encrypting key. This requirement guarantees that unauthorized devices cannot establish secure sessions with each other. A result of the secure session process is the establishment of a randomly derived cryptographic session key known to both devices. Neither the session key nor any other secret data is divulged on the interface between the devices during the session establishment process.

Multiple configurations of system security component devices at the intelligent workstation (IWS) are considered in the system of the invention.

The IWS may utilize only the cryptographic adapter card 29, into which user authorization profiles are downloaded from the host computer and in which high-speed cryptographic functions such as application program encryption are performed. User identification in such an IWS would be accomplished via password entry at the IWS keyboard.

An IWS, utilized primarily in an off-line environment, may have only the IC card read/write unit and the IC card. In this configuration, user identification is effected by entering a PIN on the read/write unit, verification taking place within the user's IC card. The user's authorization profile may be used to control functions performed in the IC card or may be downloaded into the IC card read/write unit to control its functions.

A third configuration, comprising the cryptographic adapter 29, the IC card read/write unit and the IC card, provides all of the functions of the first two configurations. Additionally, it allows the user's authorization profile to be downloaded from the IC card to the cryptographic adapter. A fourth IWS configuration adds to the third configuration the signature verification pen 37, attached to the read/write unit, thereby providing user verification either via PIN or signature dynamics.

FIG. 2 is a more detailed block diagram of the electrical circuits of IC card 19. In FIG. 2, the central processing unit 41 communicates via physical contact with card reader 17 through input/output circuits 43. Connected to the computer bus, CPU 41 is random access memory 45, read/only memory 47 and electrically erasable, programmable read/only memory 49.

A number of requests to the IC card require a boolean response, in which the response can have only one of two values. For the purposes of this description, the two values are referred to as TRUE and FALSE. A secure method is used by the programs in the IC card of FIG. 2 to communicate this response.

The method has two very desirable attributes: First, the response is kept secret. Even if the response data is read from the IC card interface, the boolean value of the message cannot be determined. Secondly, if the message is tampered with, as by an adversary who intercepts the message and inserts his own replacement, the act will be detected.

The response is secured through the following cryptographic operation:

1. The requestor generates an eight byte random number, encrypts it under the session key, and sends it to the IC card as part of the request message.

2. The IC card decrypts the random number. If the response value is TRUE, the random number is incremented by one. If the response value is FALSE, the random number is instead incremented by two.

3. The smart card re-encrypts the incremented number under the session key and sends it in the data field of the response message.

4. The requestor decrypts the data, and compares it with the random number he originally sent. If the number is one greater than his original random number, the response is TRUE. If the number is two greater, the response is FALSE. If the number has any other value, the response has been tampered with and is invalid.

Thus, we have accomplished the two goals stated above. The response is secret and cannot be determined by tapping the communications interface, and any attempt to alter the response can be detected.

The random number generator programmed into the IC card uses an 8-byte counter to create different output values each time the algorithm is called. The counter itself is not the random number; it is simply one variable, and is the one used to cause a different value to appear each time.

The counter is in the secure environment of the EEPROM on the IC card, where its value cannot be seen by the user. Thus, it is not important that the counter actually count upward in the conventional sense. What is really important is that it change each time a new random number is generated, and that it step through a very large number of states. Two to the sixty fourth power is the optimal case for a 64 bit counter, but other very large numbers of states are also acceptable under most circumstances.

The EEPROM is nonvolatile, so the counter value is maintained even when the device is powered off. There is one significant problem with EEPROM, however in that each memory cell gradually degrades each time it is written, and will eventually fail, for example, after being rewritten 10,000 times.

If we implement a simple counter, the low order bit changes each time the count is incremented. Thus we would only be guaranteed 10,000 counts before the device failed. This clearly does not meet the needs of the random number generator.

The improved method of this invention gives more possible values of the counter before the EEPROM fails. The improved method has a disadvantage in that it does not guarantee all counter values will be different, but it will generate many different values, in a way that cannot be determined from outside the secure environment. It also results in significantly more than the 10,000 cycles possible with the straightforward counter.

The method used updates the counter in a way which will maximize its life. For the EEPROM, this means trying to update each cell of the EEPROM equally often, so all cells will age at an equal rate. This is different from the simple counter, in which low order bits are always updated more frequently than higher order bits.

The method uses the random number itself to index to one of the 64 bits in the counter, then toggles (complements) that bit. The bits of the counter are numbered 0-63, where bit 0 is the low order bit and 63 is the high order bit. The low order 6 bits of the random number are interpreted as a value between 0 and 63, and are used to select the corresponding bit of the counter, which is then toggled. Since the random number generator produces a uniform distribution of values, the 64 bits of the counter are each selected an equal number of times, and none are written more often than any others. Consider the following simplified example, showing a 16-bit counter and the lower 4 bits of the random number.

______________________________________ Counter Random Number bits ______________________________________ 0000000000000000 (0) 1100 (bit 12) 0001000000000000 (4096) 0101 (bit 5) 0001000000100000 (4128) 1011 (bit 11) 0001100000100000 (6176) 0000 (bit 0) 0001100000100001 (6177) 0111 (bit 7) 0001100010100001 (6305) . . . . ______________________________________

Eventually, if the random number values are truly random, the counter would take on all two to the sixty fourth values. It is unlikely that this will happen in reality, but the majority of the values will be attained.

Ideally, the EEPROM would allow toggling of individual bits so that each counter update would result in only one of the 64 bits being written. In most real EEPROMs, however, the smallest unit that can be written is a byte. Thus, when any bit is toggled, the entire byte containing that bit will be written. The result of this is that each of the eight bytes are written 1/8 of the time. The lifetime of the counter is then 8 times 10,000, or 80,000 counts, rather than the 10,000 possible with a straightforward counter.

FIG. 3 shows a block diagram of the circuitry embodied in card reader 17. The computational heart of card reader 17 is microprocessor 51, connected to a bus 53 for communication with other elements of the card reader. Memory for microprocessor 51 is provided in the form of electrically programmable read/only memory 55 and static random access memory 57. Blocks 51, 55, 57, 59 and 65 are enclosed in a secure shielded module with intrusion detection circuitry 59 in order to protect the content thereof. Intrusion detection circuitry is shown, by way of example, in patent application 07/405910 of common assignee with this application.

In addition to memory, microprocessor 51 is served by real time clock 59. Processor 51 interacts with other devices and the operator, using the following blocks. Communication with the secure cryptographic adapter card 29 in a workstation 25 (or a network security processor 13) and with the standard RS-232 port of a workstation 25 is through asynchronous RS-232 interface 61. The primary communication between card reader 17 and an operator is through operator interface 63 which includes a keypad, an audible beeper, and light emitting diodes. In addition to those operator interface features, the card reader 17 supports a signature pen interface for receiving signals representing the signature of a holder of IC card 19 who wishes to obtain services authorized to the genuine holder of card 19. Pen interface circuitry 65 provides the input ports for receiving change of pressure and acceleration signals representing the signature of the person holding the card. This circuitry and supporting programs are defined in more detail in U.S. Pat. Nos. 3,983,535; 4,128,829; 4,553,258; 4,724,542; 4,736,445; and 4,789,934, of common assignee with this application.

The IC card 19 itself is read by circuits 67 which include physical and electrical contacts for connecting the circuitry of FIG. 2 to the bus 53 so that computer microprocessor 51 can act in conjunction with the computer 41 in the card under security programs to transfer information between the card reader and the card.

Referring now to FIG. 4 where the block diagram of the circuits of the cryptographic adapter card 29 are shown, there follows a brief description of each block. The heart of cryptographic adapter 29 is the cryptographic module 31 which provides a tamperproof environment for the encryption processor and storage which contains the cryptographic keys. The cryptographic adapter is controlled by microprocessor 71, using secure memories in the form of random access memory 73 and read/only memory 75. The cryptographic keys are stored in random access memory 73 which is kept active by battery backup circuit 77 and battery 79. In order to thwart an attack on the secure module, battery backup circuit 77 operates under control of tamper protection and detection circuit 81 which detects any attempt to access module 31 by physically attack. The physical and electrical protection of module 31 is set out in greater detail in patent application Ser. No. 07/405910, of common assignee with this application. Microprocessor 71 uses random access memory 83 which is located outside of the secure module 31, in addition to its secure memory. To prevent access to the contents of secure memory 73 and 75 while microprocessor 71 or encryption processor 85 is forming a secure process, gate 87 opens the connection of bus 89 to its outside extension 91 so that any information on bus 89 cannot be read from outside of module 31 at contacts connecting bus 91.

Turning now to FIG. 5, a block