WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Integrated network security system    
United States Patent5237614   
Link to this pagehttp://www.wikipatents.com/5237614.html
Inventor(s)Weiss; Kenneth P. (Newton, MA)
AbstractAn integrated network security system is provided which permits log-on to a normally locked client on the network in response to at least one coded non-public input to the client by a user. At least a selected portion of the coded input is encrypted and sent to a network server where the user is authenticated. After authentication, the server preferably returns a decryption key, an encryption key for future use and any critical files previously stored at the server to the client. The decryption key is utilized to decrypt any material at the client which were encrypted when the client was locked, including any material sent from the server, thereby unlocking the client. The decryption key may be combined with untransmitted portions of the original coded input in a variety of ways to generate an encryption key for the next time the terminal is to be locked. When one of a variety of client locking conditions occurs, the previously generated encryption key is utilized to encrypt at least selected critical material at the client. Critical directories or the like in encrypted form may be sent to the server and a message is sent to the server that the client is locked, which message is utilized by the server to inhibit the client from further access to at least selected resources on the network.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5237614
Integrated network security system - US Patent 5237614 Drawing
Integrated network security system
Inventor     Weiss; Kenneth P. (Newton, MA)
Owner/Assignee     Security Dynamics Technologies, Inc. (Cambridge, MA)
Patent assignment
All assignments
Publication Date     August 17, 1993
Application Number     07/712,186
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     June 7, 1991
US Classification     713/159 713/165
Int'l Classification     H04K 009/00
Examiner     Cangialosi; Salvatore
Assistant Examiner    
Attorney/Law Firm     Wolf, Greenfield & Sacks
Address
Parent Case    
Priority Data    
USPTO Field of Search     380/4 380/23 380/24 380/25 380/46 340/825.31 340/825.34 395/725
Patent Tags     integrated network security
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5077792
Herring

Dec,1991
[0 after 0 votes]		5046125
Takizawa
455/411
Sep,1991
[0 after 0 votes]
5023908
Weiss
713/184
Jun,1991
[0 after 0 votes]		5023907
Johnson
710/200
Jun,1991
[0 after 0 votes]
4998279
Weiss
340/5.52
Mar,1991
[0 after 0 votes]		4944008
Piosenka
380/46
Jul,1990
[0 after 0 votes]
4890323
Beker

Dec,1989
[0 after 0 votes]		4885778
Weiss
713/184
Dec,1989
[0 after 0 votes]
4856062
Weiss
713/184
Aug,1989
[0 after 0 votes]		4849613
Eisele
235/379
Jul,1989
[0 after 0 votes]
4819267
Cargile
713/184
Apr,1989
[0 after 0 votes]		4802216
Irwin
380/2
Jan,1989
[0 after 0 votes]
4731841
Rosen
713/159
Mar,1988
[0 after 0 votes]		4720860
Weiss
713/184
Jan,1988
[0 after 0 votes]
4677617
O'Connor
370/478
Jun,1987
[0 after 0 votes]		4641322
Hasegawa
375/145
Feb,1987
[0 after 0 votes]
4636583
Bidell
380/260
Jan,1987
[0 after 0 votes]		4609777
Cargile
713/184
Sep,1986
[0 after 0 votes]
4599489
Cargile
705/52
Jul,1986
[0 after 0 votes]		4589066
Lam
713/375
May,1986
[0 after 0 votes]
4582434
Plangger
368/46
Apr,1986
[0 after 0 votes]		4543657
Wilkinson
375/367
Sep,1985
[0 after 0 votes]
4536647
Atalla
705/70
Aug,1985
[0 after 0 votes]		4509093
Stellberger
340/5.26
Apr,1985
[0 after 0 votes]
4494211
Schwartz
375/356
Jan,1985
[0 after 0 votes]		4471216
Herve
235/380
Sep,1984
[0 after 0 votes]
4326098
Bouricius
713/155
Apr,1982
[0 after 0 votes]		4320387
Powell
705/39
Mar,1982
[0 after 0 votes]
4302281
Ryham
162/30.11
Nov,1981
[0 after 0 votes]		4295039
Stuckert
235/380
Oct,1981
[0 after 0 votes]
4277837
Stuckert
235/380
Jul,1981
[0 after 0 votes]		4193073
Kohnen
342/56
Mar,1980
[0 after 0 votes]
4185166
Kinch, Jr.
380/43
Jan,1980
[0 after 0 votes]		4145569
Ehrat
380/262
Mar,1979
[0 after 0 votes]
4145568
Ehrat
380/47
Mar,1979
[0 after 0 votes]		4126761
Graupe
380/28
Nov,1978
[0 after 0 votes]
4104694
Hargrove
340/5.65
Aug,1978
[0 after 0 votes]		3995111
Tsuji
375/358
Nov,1976
[0 after 0 votes]
3900867
Wagner
342/45
Aug,1975
[0 after 0 votes]		3886451
Chu
368/118
May,1975
[0 after 0 votes]
3806874
Ehrat
713/185
Apr,1974
[0 after 0 votes]		3764742
Abbott
713/185
Oct,1973
[0 after 0 votes]
4578530
Zeidler
705/71
Dec,1969
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. An integrated security system for a network having a server and at least one client comprising:

means for normally locking each client to restrict in a selected way use of the client itself and use of the client in gaining access to the network;

means at the client for receiving at least one coded input from a user;

means at the client for transmitting to the server signals which are a representation of at least a selected portion of the coded input;

means at the server for utilizing the received signal representation to authenticate the user, for retrieving unlock inputs for the user and, when the user has been authenticated, for sending to the client signals representative of the unlock inputs; and

means at the client for utilizing the unlock input signals to unlock the client.

2. A system as claimed in claim 1 including means at the client for saving a selected portion of the coded input, said means for transmitting transmitting signals which are a representation of the remaining portion of the coded input.

3. A system as claimed in claim 2 wherein the coded input from the user includes the current value of a dynamically varying non-predicatable number generated by a device in the possession of the user;

wherein signals indicative of a client ID are transmitted to the server with the representation signals; and

wherein the means to authenticate at the server includes means for using the client ID signals to retrieve appropriate representation signals for the user, and means for matching the retrieved representation signals with the transmitted representation signals to authenticate the user.

4. A system as claimed in claim 3 wherein the user has a PIN which is inputted into the device by the user and combined in a selected way in the device in producing the non-predictable number inputted by the user.

5. A system as claimed in claim 3 wherein the user has an alpha numeric PIN (AN-PIN), wherein the coded input from the user includes the AN-PIN, wherein a selected portion of both the non-predictable number and the AN-PIN are saved at the client, and wherein remaining portions of the non predictable number and the AN-PIN are combined in a predetermined way to produce the representation signals transmitted to the server.

6. A system as claimed in claim 2 wherein, when the client is locked, at least selected material stored at the client is stored in encrypted form, and wherein the unlock inputs sent to the client include a decryption key for said selected material.

7. A system as claimed in claim 6 wherein the server includes means for transmitting an encryption key to the client after user authentication; and

wherein the client includes means for utilizing the encryption key the next time the client is to be locked to encrypt said selected material.

8. A system as claimed in claim 7 wherein the means at the client for encrypting includes means for combining the transmitted encryption key from the server with at least a portion of the coded input saved at the client to product an encryption key for the selected material.

9. A system as claimed in claim 8 wherein the user has a device which generates a dynamically varying non predictable number which is unique to the user, the coded input from the user including the current non predictable number from the device.

10. A system as claimed in claim 9 wherein the device includes a user controlled means for generating a second non-predictable code for the user which may also form part of said coded input; and

wherein the client includes means for combining the second non-predictable code with the transmitted encryption key to product a longer encryption key for the selected material.

11. A system as claimed in claim 7 including means for running the encryption key, at least a portion of the stored coded input and selected non-secret data through a one-way function to obtain a longer encryption key.

12. A system as claimed in claim 2 including means for passing all of the coded input from the user through a one-way function, the transmitted representation signals including at least a sufficient portion of the output from the one-way function to assure that all of the coded input is correct when authentication occurs at the server.

13. A system as claimed in claim 1 including means for utilizing selected data, including at least a portion of the coded input from the user, to generate an encryption key, means for utilizing at least a portion of said encryption key for end-to end encryption of communications with the client, and means for utilizing at least a portion of the encryption key to encrypt at least selected material at the client when the client is locked.

14. A system as claimed in claim 13 wherein the portion of the encryption key utilized for end-to-end encryption and the portion utilized for encryption on client locking are not identical.

15. A system as claim in claim 1 including means at the client for running at least a portion of the coded input and selected non-secret data through a one-way function to obtain a value having more characters than the coded input, which value may be utilized as all or a portion of an encryption key.

16. A system as claimed in claim 1 wherein selected material required to operate a client is zeroized at the client when the client is locked and is transmitted in encrypted form to be stored at the server; and wherein the server includes means operative when the user has been authenticated for retransmitting the stored encrypted material to the client along with a decryption key.

17. A system as claimed in claim 1 including means responsive to selected conditions at the client for locking the client.

18. A system as claimed in claim 17 wherein one of said selected conditions is a discourteous disconnect of the client.

19. A system as claimed in claim 17 wherein one of said selected conditions is an end-of-session input from the user.

20. A system as claimed in claim 17 wherein one of said selected conditions is there being no activity by the user at the client for a selected time interval.

21. A system as claimed in claim 17 including means for storing a release code at the client, and means responsive to the release code for inhibiting the full locking of the client in response to a selected condition.

22. A system as claimed in claim 21 wherein said means for inhibiting permits the locking of the client from access to the network, but permits at least the selected continued use of the client.

23. A system as claimed in claim 21 wherein the client may generate or receive selected protected files, each of which contains a protection flag, and means responsive to the detection of a protection flag for preventing use of the protected file at the client after one of said selected conditions has occurred.

24. A system as claimed in claim 23 wherein said means for preventing use of the protected file includes means for removing or reducing the release code so that the client cannot access the file after a selected condition occurs.

25. A system as claimed in claim 23 wherein said means for preventing includes means for encrypting or zeroizing the protected file at the client when a selected condition occurs.

26. A system as claimed in claim 25 including means for indicating if the protected file may be written into at the client, and including means responsive to an indication that a protected file may be written into for transmitting the protected file to the server prior to zeroizing the file.

27. A method for providing integrated security on a network having a server and at least one client comprising the steps of:

normally locking each client to restrict in a selected way use of the client itself and use of the client in gaining access to the network;

receiving at the client at least one coded input from a user;

transmitting signals which are a representation of at least a selected portion of the coded input from the client to the server;

utilizing the received representation signals at the server to authenticate the user, to retrieve unlock inputs for the user and, when the user has been authenticated, to send the unlock inputs to the client; and

utilizing the unlock inputs at the client to unlock the client.

28. A method as claimed in claim 27 including the step performed at the client of saving a selected portion of the coded input, the representation signals transmuted during the transmitting step being of the remaining portion of the coded input.

29. A method as claimed in claim 28 wherein the coded input from the user includes the current value of a dynamically varying non-predictable number generated by a device in the possession of the user;

wherein signals indicative of a client ID are transmitted to the server with the representation signals; and

wherein the authenticating step at the server includes the steps of using the client ID signals to retrieve the appropriate representation signals for the user, and matching the retrieved representation signals with the transmitted representation signals to authenticate the user.

30. A method as claimed in claim 29 wherein the user has a PIN which is inputted into the device by the user and combined in a selected way in the device in producing the non-predictable number inputted by the user.

31. A method as claimed in claim 29 wherein the user has an alphanumeric PIN (AN-PIN), wherein the coded input from the user includes the AN-PIN, wherein a selected portion of both th