|
| 
Get related patents on CD |
| United States Patent | 5191611 |
| Link to this page | http://www.wikipatents.com/5191611.html |
| Inventor(s) | Lang; Gerald S. (812 Downs Dr., Silver Spring, MD 20904) |
| Abstract | A method and apparatus for granting privileges for securely and selectively
retrieving material such as data and databases, messages and other textual
information, graphics, tables, analogs such as maps, facsimiles (FAX) of
all manner of transmitted materials, audio such as voice or speech and
music, video, images, and photographs, provided on storage media utilizing
information encoded in the storage media. The storage media are included
in one or more reading devices associated with a computer or computers. A
storage retrieval device, such as a smart card, is used in conjunction
with the computer to determine whether information retrieval by a
particular user to specific storage media is granted. The storage media
can be sub-divided into a plurality of logical zones and access to all or
a portion of the material on the storage media is granted based upon the
logical zones to which the user is allowed information retrieval.
Information provided on the storage media would include access/information
management control device such as index table listing the security
identification code, the logical zones to which a particular user is
assigned as well as a personal security key used in conjunction with a
personal security key provided in the personal access device such as a
smart card. The interaction between the user's personal accessing device
and the access/information management control device provided on the
storage media determine if information retrieval is granted as well as
specific information retrieval privileges accorded to the user. The
present invention can be embedded in another device or system, such as a
facsimile system which would allow a user access to only those messages
specifically directed to him. Furthermore, the invention can be used in
local area networks, wide area networks, point-to-point communication
networks, as well as store-and-forward systems. |
| |
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 5191611 |
|
|
Method and apparatus for protecting material on storage media and for
transferring material on storage media to various recipients |
|
|
|
|
|
| Publication Date |
*
March 2, 1993 |
|
|
|
|
|
| Filing Date |
January 18, 1991 |
|
|
|
|
|
|
|
|
|
|
|
| Parent Case |
RELATED APPLICATIONS
This application is a continuation-in-part application of Ser. No.
07/626,409, filed Dec. 14, 1990, now U.S. Pat. No. 5,065,429, which is a
continuation of Ser. No. 07/358,263, filed May 30, 1989, now abandoned,
which is a continuation-in-part application of Ser. No. 07/331,800, filed
Apr. 3, 1989, now abandoned. |
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
Claims |
|
|
What is claimed is:
1. A security system for granting user entities access, according to their
uniquely assigned privileges, to material stored in logical zones on any
form of storage medium, and to permit user entities to manage, operate
upon and communicate, as enabled by those assigned privileges, both secure
and selective materials in said logical zones provided by one or more
storage entities, said system comprising:
a wired or wireless communications network provided with two or more nodes,
at each of which node an operation or procedure can be performed;
at least two computer processing and storage entities containing storage
medium or media, each of said computer processing and storage entities
connected to said communications network;
said storage entities containing storage medium or media allowing erasable
or non-erasable formatting and recording with stored material into a
plurality of information storage and retrieval and management control and
user entity material logical zones, each of said logical zones provided
with particular material therein, said storage medium or media directly
provided thereon with an access management control means for indicating
which of said user logical zone or zones on any of said storage medium or
media the user entity will be allowed to access and perform the selective
privileged operations of reading, writing, replacing, deleting, modifying
and communicating based upon access request information provided to the
system by the user, said access management control means provided in each
said storage medium or media at a location remote from, and non-contiguous
with, said user logical zones;
means in each storage entity for selectively reading material provided in
said plurality of logical zones as well as material provided in said
access management control means of said storage medium or media or for
selectively creating, modifying or deleting logical zones and selectively
reading, writing, replacing, deleting and modifying the content of
material provided in said plurality of logical zones as well as material
provided in said access management control means of said storage medium or
media;
a personal accessing device;
a means for providing an interface coupling for exchanging information
between said personal accessing device and at least one of said computer
processing and storage entities, said personal accessing device containing
a security identification code to enable said personal accessing device to
be in communication with any of said computer processing and storage
entities for transmitting said security identification code to said
computer processing and storage entities;
a means for disabling said personal accessing device if an incorrect
personal identification code is entered more than a predetermined amount
of times;
wherein said security identification code is compared or operated upon in
any of said computer processing and storage entities to said access
management control means provided on said storage medium or media to
determine the particular user logical zone or zones to which the user is
allowed access and other privileged operations.
2. The security system in accordance with claim 1 wherein said means for
interface coupling is provided with means for presenting information and
wherein access management control means information controlling logical
zones and user entity data contained within logical zones can be
transmitted to any of said computer processing and storage entities
connected to said communications network, whereat designation of logical
zones and information therein can be created, recorded and dynamically
updated.
3. The system in accordance with claim 2 in which said personal accessing
device incorporates a means of selective transaction monitoring and data
collection of usage of logical zone material comprising items such as type
of material accessed, type of operations performed, grade of service
initiation and disablement and termination of service and time and
frequency of usage.
4. The system in accordance with claim 3 further including a means for
billing the user based upon interrogating said personal accessing device
to determine history of usage.
5. The security system in accordance with claim 1, wherein said personal
accessing device is provided with a means for encrypting and decrypting
material.
6. The system in accordance with claim 1 further including a means for
billing the user based upon interrogating said personal accessing device
to determine history of usage.
7. The system in accordance with claim 1 in which said personal accessing
device incorporates a means of selective transaction monitoring and data
collection of usage of logical zone material comprising items such as type
of material accessed, type of operation performed, grade of service,
initiation and disablement and termination of service and time and
frequency of usage.
8. The system in accordance with claim 7 further including a means for
billing the user based upon interrogating said personal accessing device
to determine history of usage.
9. A security system for granting user entities access to materials
provided on a storage medium or media, said system comprising:
a computer system including at least one computer and means for presenting
information;
a storage medium or media capable of erasable or non-erasable formatting
and recording with stored material into a plurality of information storage
and retrieval and management control and user entity material logical
zones, each of said logical zones provided with particular material
therein, said storage medium or media directly provided thereon with an
access management control means for indicating which of said user logical
zone or zones or any of said storage medium or media the user entity will
be allowed to access and perform selective privileged operations of
reading, writing, replacing, deleting, modifying and communicating based
upon access request information provided to the system by the user, said
access management control means provided in each said storage medium or
media at a location remote from, and non-contiguous with, said user
logical zones;
means in each said computer system for selectively reading material
provided in said plurality of logical zones as well as material provided
in said access management control means of said storage medium or media or
for selectively creating, modifying or deleting logical zones and
selectively reading, writing, replacing, deleting, modifying and
communicating the content of material provided in said plurality of
logical zones as well as material provided in said access management
control means of said storage medium or media;
a personal accessing device;
means for providing interface coupling for exchanging information between
said personal accessing device and said computer system, said personal
accessing device containing a security identification code, to enable said
personal accessing device to be in communication with said computer system
for transmitting said security identification code to said computer
system;
wherein, said security identification code is compared to or operated upon
said access management control means provided on said storage medium or
media to determine the particular user logical zone or zones to which the
user is allowed access for purposes of selective privileged operations
based upon the content and storage requirements of material provided in
said user logical zones.
10. The security system in accordance with claim 9, wherein said personal
accessing device is provided with a means for encrypting and decrypting
material.
11. The system in accordance with claim 9 further including a means for
billing the user based upon interrogating said personal accessing device
to determine history of usage.
12. The system in accordance with claim 9 in which said personal accessing
device incorporates a means for selective transaction monitoring and data
collection of usage of logical zone material comprising items such as type
of material accessed, type of operations performed, grade of service,
initiation and disablement and termination of service and time and
frequency of usage.
13. The system in accordance with claim 12 further including a means of
transferring selective transaction monitoring and data collection
information onto the access management control logical zones of the
storage medium or media for physical return or electronic interrogation to
retrieve billing and usage history information.
14. A method of granting user access to, and information management and
control over material provided on a storage medium or media, with a means
for reading or reading and writing on said storage medium or media
connected to a computer system including at least one computer having
means for presenting information, said storage medium or media containing
one or a plurality of information management control and user material
logical zones, comprising the steps of:
assigning security identification codes to all users allowed access to the
storage medium or media;
preparing access management control means for indicating to which of said
user logical zone or zones a particular user is allowed access and
selective privileged operations corresponding to said security
identification code or codes, said access management control means
provided in a personal accessing device;
encrypting access management control means and user material and recording
said encrypted access management control means and user material directly
on the storage medium or media by using any type or combination of types
of encryption/decryption methods;
enabling said personal accessing device by utilizing the user's correct
personal identification code;
transmitting a starter program stored in said personnel accessing device or
in a means for providing interface coupling for exchanging information
between said personal accessing device and said computer system or on the
storage medium or media to said computer system and fetching search and
retrieval programs stored on said storage medium or media to said personal
accessing device;
determining if said search and retrieval programs are encrypted;
decrypting said search and retrieval programs, if appropriate;
requesting the directories of the user logical zone or zones to be
transmitted from said storage medium or media to said personal accessing
device based upon information provided in said secure user management
means;
determining if said requested directories are encrypted;
decrypting said requested directories if they are encrypted;
displaying said requested directories on said means for visually presenting
information;
requesting and transmitting to said personal accessing device the user
material stored on said storage medium or media in the user's privileged
logical zone or zones based upon said requested directories;
decrypting said user material in said personal accessing device; and
transmitting the decrypted material back to the computer for use.
15. The method in accordance with claim 14 further including the steps of
disabling said personal accessing device if an incorrect personal
identification code is entered more than a predetermined number of times.
16. The method in accordance with claim 15 further including the step of
initiating one or more alarms if an incorrect personal identification code
is entered.
17. The method in accordance with claim 14, wherein said search and
retrieval programs are decrypted in said personal accessing device.
18. The method in accordance with claim 14, wherein said requested
directories are decrypted in said personal accessing device.
19. The method in accordance with claim 14, further including the step of
assigning the user logical zone or zones to which a particular user is
granted selective privileged operations upon the content and zone storage
requirements for specific user logical zones, based upon the security
identification code assigned to each user.
20. The method in accordance with claim 14, further including the step of
determining which operational privileges the authorized user has been
assigned, based upon the security identification code assigned to each
user.
21. The method in accordance with claim 14, wherein new user material is
encrypted within said personal accessing device and transmitted to, and
stored in the appropriate logical zone or zones on said storage medium or
media.
22. The method in accordance with claim 14, wherein all of the material
provided on said storage media or medium is encrypted using any type or
combination of types of encryption/decryption methods.
23. The method in accordance with claim 51, wherein said encrypted material
is transmitted to said personal accessing device, and then decrypted in
said personal accessing device using an encryption key stored in said
personal accessing device for each of said logical zones, said decrypted
material being retransmitted to the computer for use.
24. The method in accordance with claim 23, wherein material provided in
the user's logical zone or zones is dynamically and remotely updated.
25. The method in accordance with claim 24 wherein only updated material
belonging to a particular user's privileged logical zone or zones is
encrypted/decrypted in the user's said personal accessing device using the
user's encryption/decryption key or keys and then transmitted to the
computer system for recording in the secure storage medium or media.
26. The method in accordance with claim 25, wherein the computer system is
provided as part of a communications network. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
BACKGROUND OF THE INVENTION
In the approximately 45 years since the development of the first crude
computer, our society has seen a virtual explosion of information storage
as well as information processing machines. With the advent of the
personal computer, this information explosion has permeated virtually
every facet of our daily lives. In the business community, personal
computers are used to store and process a large amount of material which
was previously maintained in paper files. Similarly, many homes now
include a personal computer for the storage of personal data as well as
the processing of other types of information.
During the infancy of the computer industry, when only very large companies
or the government were able to afford to purchase and maintain relatively
large mainframe computers provided with bulky storage media, security for
access to this storage media was generally maintained by limiting access
to the area in which the computer was stored as well as access to the
computer itself. Typically, an authorized user was issued nothing, a
computer password, or security card allowing access to the computer and
any files included in the storage media utilized with the company. In
other words, the person attempting to gain access to the computer must
possess the knowledge and/or the tools of the authorized user. However,
used in the context of today's smaller personal computers and the
utilization of relatively small, portable storage media, this type of
security program has proven to be inadequate. For example, if the password
or security card would be stolen from the authorized personnel, computer
access to an unauthorized person would be granted. Additionally, since the
storage media is relatively small in size and, due to the need for
allowing access to the material provided on this storage media to various
authorized personnel remote from one another, it is important that a
system be developed in which the storage media can be sent to various
locations without the security of the material on the media being
compromised.
In this context, several methods have been developed for protecting access
to software programs stored on storage media such as read-only-memory
(ROM) Examples of these devices are discussed in U.S. Pat. No. 4,757,468
issued to Domenik et al and U.S. Pat. No. 4,740,890 issued to William.
Both of these patents describe apparatuses for protecting software
programs which will be distributed on a magnetic disk or similar storage
media. Verification routines provided directly on the storage media are
utilized to protect access to the entire program. However, no device has
been developed in which storage media itself is utilized to protect
non-program information, such as textual material, data, graphs, or other
digitally stored material. Furthermore, since various personnel may be
granted access to only selective material which would be on the storage
disk, the scenarios described with respect to the Domenik et al and
William patents would not be applicable to an instance in which various
personnel would be granted access to only a limited portion of the
material provided on the storage media. This is important since only a
single master print of any entire file may be manufactured and distributed
to various personnel with limited access of material granted to each of
the personnel. If limiting access was not possible, various storage
devices and quite possibly many more storage devices, must be manufactured
and given to each of the personnel, based upon the section of the material
to which each individual has been granted access.
Similarly, no device was discovered in which the storage media, provided
with software program information thereon, is used to allow access to only
a portion of the program information, or one or more programs from a
plurality of programs.
SUMMARY OF THE INVENTION
The deficiencies of the prior art are overcome by the present invention
which is directed to a method and system for granting complete or limited
access to information stored in a storage medium or media utilizing
information physically stored in the storage medium or media. The
particular storage medium or media are included in an appropriate reader
mechanism which is connected to a personal computer, minicomputer, or a
mainframe computer having a means for entering personal and system access
data therein, such as a keyboard. The storage medium can be any permanent
or erasable item such as an optical disk, a CD ROM, a WORM, a floppy disk,
a disk pack, or an integrated circuit card such as a smart card or memory
card), an optical card, as well as special items such as a BERNOULLI box
disk, or any other type of storage medium. However, for simplicity's sake,
we shall describe the present invention with respect to a CD ROM storage
medium. Additionally, a storage accessing device (used interchangeably
herein with the following terms--personal accessing device (PAD) and smart
card) provided with an encrypted or non-encrypted personal security key as
well as personal identification code is included to allow an individual
access to the storage medium or media. Furthermore, for ease of
understanding the present invention, we shall describe the storage
accessing device with respect to a SMART card that does not require an
electronic, optical, capacitive or magnetic reader to receive or transmit
personal and system data.
Initially, when the CD ROM is mastered, the information storage portion of
the CD ROM is broken up according to a predetermined classification system
and stored in various logical zones, each of which contains a discrete set
of databases or other material therein. There may be one or more logical
zones recorded on the CD ROM. Users, based on their need to know, as well
as the sensitivity of the material to be stored on the CD ROM, are
accorded access privileges that correspond to previously designated
logical zones. Based on an organization's or person's storage
classification system, materials are categorized and stored in the
corresponding logical zones when the CD ROM is manufactured. Therefore, to
grant each user information retrieval privileges, a determination is made
as to which logical zones each particular user would be allowed access.
Based upon this determination, each user is assigned a particular zone
access code (ZAC) which is translated into corresponding logical zones
using an access/information management control device, such as an index
table stored in the CD ROM. At the same time, paired to the ZAC, is a list
of authorized system identification codes, each with its assigned unique
Personal Security Key (PSK). Each authorized user is assigned a ZAC and a
unique system identification code. For extremely secure applications, the
intended user's biometric coded information can be paired with the
personal security key. The access/information management control device
would include the ZAC, the system identification code, the personal
security key code, plus the possible use of biometric coded information,
as well as the logical zones assigned to the ZAC for each user. This
device can be included on the CD ROM in the form of an index table when it
is manufactured.
For example, when an individual wishes to gain access to the CD ROM, the
user would correctly enter his particular personal identification code in
the aforementioned smart card PAD to activate it, which would then display
both the ZAC as well as the system identification code in either encrypted
or non-encrypted form. The user, utilizing a keyboard, would enter this
code into the computer which then compares the decrypted or encrypted
codes obtained from both the smart card and CD ROM and if a match is
obtained, would then verify that this particular system identification
(ID) code is proper and that material this accessor seeks access to is
stored on the storage medium or media. The computer then retrieves the
paired personal security key (SK). The computer would then generate a
random number which is displayed upon its screen to serve as a challenge
to the personal accessing device (smart card). The user would input this
random number into the smart card via its keypad. The smart card as well
as the computer are provided with a particular encryption/decryption
algorithm (alternately a security processor chip). Both the computer and
the smart card would simultaneously compute a response to the challenge
code (random number) and this response is displayed on the smart card's
display screen. This displayed response is then entered into the computer
through its keyboard to determine whether there is a match. If a match is
shown to have occurred, the computer will then display all the material
names (directories) therein for the logical zones which access privileges
have been granted and allow the user access to these logical zones
provided in the storage medium or media.
Further, the system then releases the System Security Key (SSK), or
alternatively the security key paired with each logical zone, which is
transferred to the information processing device's or computer's volatile
random access memory (RAM) or to the security processor chip board
installed in the information processing device or computer. The system
security key or logical zone security key is used to decrypt all the
privileged encrypted material transferred from the CD ROM. The information
processing device's or computer's copy of the system security key or
logical zone security key(s) is destroyed when the information processing
device or computer loses its power or if said device or computer concludes
its CD ROM activities and is then used for other applications. Each CD ROM
has its own system security key and/or logical zone security key(s)
recorded on it which would be retrieved by the information processing
device or computer for use during search and retrieval and indexing
activities when authorized user access is established. Alternatively, the
decryption algorithm can be stored on the smart card and the decryption of
information would take place in the smart card and this information is
then transferred to the computer for viewing and processing.
The CD ROM search and retrieval and indexing program can be stored either
on items such as floppy disks to be used at the time of CD ROM operation,
on the information processing device's or computer's permanent memory, on
the CD ROM, or on both the CD ROM and smart card PAD.
If a type of contact or contactless smart card is used which requires a
non-human reader, the operation is very similar to the activities
described above. The personal identification code can be entered via the
computer keyboard or via a keypad on the PAD reader. The entry of the
correct personal identification code enables the smart card to start
transmission and the paired ZAC and system identification codes which are
stored in the smart card processor's memory (e.g., EPROM or EEPROM) are
transmitted to the computer. Based on the transmitted ZAC, the
access/information management control device such as an index table on the
storage media is searched to determine if there is a match. If the
corresponding ZAC is not stored in the access/information management
control device of the storage medium or media, a message is displayed on
the computer screen that access will not be granted. If there is a match
of the ZAC's, then the associated system identification codes stored on
the storage medium or media are accessed until an exact match is found. If
no match of the system identification code is found, the accessor will not
be granted access. If an exact match is found, the personal security key
paired with the user's system identification code is retrieved by the
computer and is used to operate upon a randomly computer generated number.
At the same time, the random number is also transmitted to the smart card
PAD reader which inputs the number to the smart card. The authorized
user's smart card PAD has both an identical or cooperating
encryption/decryption algorithm or processor chip and personal security
key to that of the information processing device or computer and the CD
ROM. The smart card operates on the random number using its internally
stored personal security key and transmits the result through the PAD
reader to the computer or information processing device. The information
processing device or computer uses an encryption/decryption algorithm or
processor chip in its process to compare the results of both operations
upon the random number. If a match occurs, the accessor's authorized
status is ascertained and the predetermined access privileges are granted.
With respect to the software program application, while prior art devices
include verification routines provided on the storage media to protect
access to the entire program, no prior art device, however, limits access
to only a portion of this program, or access to one program from two or
more stored programs. Additionally, access can be provided to one or more
programs from a plurality of programs. To prevent unauthorized display and
retrieval of material, the personal accessing device can be programmed to
permit metering such as only one download or a specific number of
downloads of the portion of the program or one or more programs from a
plurality of programs on the media allowed access by the user.
Furthermore, the present invention can have application when the computer
is embedded in another device or system. For example, if the computer is
provided in a facsimile system, material recovered by the facsimile device
or system could be accessed only by the proper use of an individual's PAD.
Additionally, the present invention is not limited to be used within a
single stand-alone computer, processor or microprocessor, but could also
be used in a local area network (LAN), wide area network (WAN) or
point-to-point (PTP) communication network.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other advantages of the objects of the invention can be
understood from the following detailed description of a preferred
embodiment of the invention described in conjunction with the drawings
wherein:
FIG. 1 is a block diagram of the system of the present invention;
FIG. 2 is a diagram of a typical personal accessing device;
FIG. 3 is a flow diagram of a method of obtaining information retrieved of
material on the storage media based upon the present invention;
FIG. 4 is a diagram showing multiple entries or user accounts in the index
table of a storage medium;
FIG. 5 is a flow diagram of a second method of granting display and
retrieval of material recorded on the storage media;
FIG. 6 is a diagram showing the use of the present invention in the field
of facsimile transmissions;
FIG. 7 and 8 are diagrams showing the use of the present invention in
various communication networks; and
FIG. 9 is a diagram showing paired security keys with multiple user system
identification codes (SIC) in the sample index table of a storage medium
for one user.
DETAILED DESCRIPTION OF THE DRAWINGS
The present invention is directed to a method apparatus for granting access
to information such as data and databases, messages and other textual
information, graphics, tables, analogs such as maps, facsimiles (FAX) of
all manner of transmitted materials, audio such as voice or speech and
music, video, images, photographs, or the like provided on a storage
medium or media such as a CD ROM, or erasable optical and magnetic media,
or the like. Contrary to most methods and devices for allowing access to
the material provided on a storage medium or media, wherein access is
granted to a computer included a storage media file, the present invention
grants access to the storage media itself or a portion thereof based upon
an access/information management control device such as an index table
included directly on the storage medium or media. The storage medium, for
example purposes hereinafter a CD ROM, can be, if desired, divided into a
plurality of logical zones. Based upon a user's need to know, access can
be granted to all of the logical zones or to one or a particular
combination of logical zones. Based upon these logical zones, the user is
assigned a zone access code, along with a system identification code or
codes, and a personal security key or keys. For a more secure system,
biometric coded information can also be assigned as part of the personal
identifier. This information for each of the users is stored on the CD ROM
along with the translation of each zone access code into its corresponding
logical zone(s). Additionally, each of the users is assigned a Personal
Identification Code (PIC) for use with the smart card PAD to corroborate
the user's identity and thereafter enable the smart card to initiate the
challenge-response dialogue with the storage medium or media.
Once all of the relevant information is directly provided for a user within
the CD ROM as well as a Personal Accessing Device (PAD) such as a smart
card, a user can gain access to privileged storage media contents
utilizing the system 10 illustrated with respect to FIG. 1. As shown
therein, access to the storage media CD ROM is provided utilizing a
personal accessing device 12. This device 12 can be various configurations
of devices. As a smart card, it can be the type of smart card which would
automatically interface with an automatic reader 16 connected to a
computer or information processing device 20, or through the intervention
of a human reader 14 with a keyboard 18. The computer or information
processing device would run the gamut from equipment such as
microcomputers, to minicomputers to mainframe computers. For illustrative
purposes only, we shall discuss the present invention with respect to a
smart card PAD 24 shown in FIG. 2 with a keypad and liquid crystal
display. An ON/OFF key 26 of the smart card 24 is depressed and the smart
card is turned on. Inactivity within a predetermined time period will turn
the PAD off automatically. Additionally, it is noted that the smart card
may use an encryption/decryption algorithm and/or processor chip, or any
other encryption device if a security key device is employed with the CD
ROM. Once the smart card is turned on and the correct personal
identification code is entered into the smart card, and with the CD ROM
inserted into a storage medium reader or drive 22, the challenge-response
process is ready to begin.
Initially, the user would input a four digit or character personal
identification code (PIC) into the smart card 24 via the keyboard 28. It
is noted that the exact number of digits of the PIC is sized commensurate
with the degree of protection sought and could consist of alphanumeric
characters. The integrated circuit or microprocessor chip provided in the
smart card contains the user's system identification code that will enable
the computer or information processing device identify the authorized user
of the PAD. Typical system identification codes 34 are shown in the
illustrative storage medium's access/information management control
devices index table with respect to FIG. 4. Although the authorized user's
security identification code consists of a two-digit zone access code, and
a six-digit system identification code, the exact number of digits
employed, as well as the use of alphanumerics can be modified based upon
system needs and preference. The code is displayed on 30 of the smart
card. Once the security identification code is displayed on the smart card
24, the user enters it into the computer or information processing device
20 via keyboard 18. At this point, the corresponding zone access code is
searched for in the index table to find out if the storage medium or media
contains stored material for that zone access code's privileges. If the
corresponding zone access code is missing from the storage medium's or
media's index table(s), then a message will be displayed on the computer
or information processing device screen 20 indicating that access is
denied. If the zone access codes match, then the computer or information
processing device verifies that the accessor may have privileges to
material stored on the CD ROM(s) and will look up the paired personal
security key 38 stored on the CD ROM to determine if the user is the owner
of the PAD. To ensure that the security aspect of the present invention is
as inclusive as possible, the personal security key can be encrypted
directly in the CD ROM. The zone access code 32 corresponds to the
particular logical zones assigned to one or more authorized users. For
example, as shown in FIG. 4, a Zone Access Code (ZAC) of 33 corresponds to
the logical zone 36 portion of the index table indicating that for logical
zones 10 and 11, a maximum of nine authorized users will be allowed
access.
Any one of the logical zones on the CD ROM can contain one or more
databases or other material and therefore each logical zone is of varying
size. Therefore, as shown, for example, any one of the zone access codes
can be assigned to one or more users, who in turn, can be assigned
individualized system identification codes associated with that zone
access code from the total of up to 1,000,000 unique code numbers
available for a six digit code. Certainly, if more user codes are
required, alphanumeric characters can be used or the number of characters
of the system identification codes 34 can be increased.
To further the example, a special logical zone can be set aside to control
the downloading of data from the storage medium or media. As shown in FIG.
4, the zone access code 32 value of 01 corresponds to logical zone access
privileges 1, 9, 26. Zone access code 02 gives authorized users access to
the same three logical zones of 1, 9, 26, but the addition of logical zone
99 enables the authorized user to download the stored material. Without
logical zone 99 privileges, an authorized user could not perform
downloading. Also, downloading privileges can be assigned to one or more
but not to all the logical zones to which a user has privileges.
Once the zone access code and system identification code are entered and
accessed and matches confirmed, the personal security key code paired with
this system identification code is utilized to verify that the user is not
just the possessor but indeed the true owner of the PAD.
A random number generator provided within the computer or information
processi | | |
