WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Apparatus and method for controlling access to and interconnection of computer system resources    
United States Patent5483596   
Link to this pagehttp://www.wikipatents.com/5483596.html
Inventor(s)Rosenow; Peter D. (Edmonds, WA); Trafton; Roger M. (Kirkland, WA)
AbstractA compact, physically secure, high-performance access controller (16, 18) is electrically connected to each access-managed resource (12, 14) or group of resources (10) in a computer system. Whenever access managed resources attempt to establish communications, their associated access controllers exchange sets of internally generated access authorization codes (106, 112, 120, 132, 202, 208, 216, 270, 272) utilizing protocols characterized by multiple random numbers, resource authorization keys, serial number (48, 72) verification, and session authorization keys. Each new session employs different encryption keys derived from multiple random numbers and multiple hidden algorithms. Tables of authorized requesting and responding resources are maintained in a protected memory (34, 38) in each access controller. An authorization table building procedure is augmented by an optional central access control system (56) that employs a parallel control network (62, 64, 66) to centrally manage the access control tables in an access-controlled system of resources.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5483596
Apparatus and method for controlling access to and interconnection of computer system resources - US Patent 5483596 Drawing
Apparatus and method for controlling access to and interconnection of computer system resources
Inventor     Rosenow; Peter D. (Edmonds, WA); Trafton; Roger M. (Kirkland, WA)
Owner/Assignee     Paralon Technologies, Inc. (Bellevue, WA)
Patent assignment
All assignments
Publication Date     January 9, 1996
Application Number     08/186,663
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     January 24, 1994
US Classification    
Int'l Classification    
Examiner     Gregory; Bernarr E.
Assistant Examiner    
Attorney/Law Firm     Rives; Stoel
Address
Parent Case    
Priority Data    
USPTO Field of Search    
Patent Tags     controlling access interconnection of computer resources
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5315657
Abadi
726/4
May,1994
[0 after 0 votes]		5297208
Schlafly

Mar,1994
[0 after 0 votes]
5297207
Degele

Mar,1994
[0 after 0 votes]		5253295
Saada
713/159
Oct,1993
[0 after 0 votes]
5204961
Barlow
726/1
Apr,1993
[0 after 0 votes]		5173939
Abadi
707/9
Dec,1992
[0 after 0 votes]
5153918
Tuai
713/182
Oct,1992
[0 after 0 votes]		5131025
Hamasaki
379/93.02
Jul,1992
[0 after 0 votes]
5018190
Walker
379/93.02
May,1991
[0 after 0 votes]		5003595
Collins
707/9
Mar,1991
[0 after 0 votes]
4995112
Aoyama
726/6
Feb,1991
[0 after 0 votes]		4956769
Smith
707/9
Sep,1990
[0 after 0 votes]
4905281
Surjaatmadja
726/23
Feb,1990
[0 after 0 votes]		4679226
Muehleisen
379/93.02
Jul,1987
[0 after 0 votes]
4546213
Dick
379/93.02
Oct,1985
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


We claim:

1. A system for transferring secure data across a data communication medium between first and second computer system resources, comprising:

first and second access controllers electrically connected to the data communication medium and to respective ones of the first and second resources, for transferring the secure data during a data transfer session after verifying that the first and second resources are both associated with at least one authorized access code;

the access controllers each including:

a memory storing a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of resources with authorized access control codes, the encryption keys and algorithms being identical in each access controller;

a processor randomly generating for the data transfer session, plural numbers and utilizing an access controller identifying number, the randomly generated numbers, selected ones of the stored algorithms, and a predetermined one of the stored encryption keys to generate in cooperation with the other access controller a unique session key; and

an encryption/decryption processor using the unique session key to encrypt the secure data transferred across the data communication medium.

2. The system of claim 1 in which the resources are selected from a group consisting of: computers, software, servers, networks, data bases, communications switches, communication controllers, mass memory devices, printers, and disk drives.

3. The system of claim 1 in which the communication medium is selected from a group consisting of: a modem, a network, a radio frequency transmission, a SCSI bus, an IEEE-488 bus, an RS-232 interconnection, a cellular radio, a CATV cable, an optical fiber, a switched network, and electrical wiring.

4. The system of claim 1 in which the access controllers verify an access level of authorization and a resource privilege level of authorization before connecting their respective first and second resources to the data communication medium.

5. The system of claim 1 in which the access controllers generate a new unique session key for each subsequent data transfer session.

6. The system of claim 1 further including a communication pathway that interconnects at least one of the access controllers to a central access control system that communicates access control code information to the access controllers through the communication pathway.

7. The system of claim 6 in which the communication pathway is selected from a group consisting of: the communication medium, a modem, a network, tan Ethernet,]a radio frequency transmission, a SCSI bus, an IEEE-488 bus, a computer bus, an RS-232 interconnection, a cellular radio, a CATV cable, an optical fiber, a switched network, and electrical wiring.

8. The system of claim 1 in which a major portion of at least one of the access controllers is encapsulated in a potting compound and the access controller further includes a self-destruct mechanism that erases the memory in response to detecting tampering with the potting compound.

9. The system of claim 8 in which the self-destruct mechanism includes an electret material oriented in the potting compound in proximity to an electric field detecting device.

10. A method for generating a table of authorized resources entry for use in a secure access control system, comprising:

establishing a secure data communication dialog between first and second access controllers;

storing in each access controller, a table of encryption keys, a table of algorithms, and a table of authorized resources that associates pairs of access controllers with authorized access control codes, the tables of encryption keys and algorithms being identical in each access controller;

generating a unique base key associated with the first and second access controllers by using the secure data communication dialog to exchange data derived from predetermined ones of the encryption keys and the algorithms; and

associating the first and second access controllers with the unique base key in the table of authorized resources of the first and second access controllers.

11. The method of claim 10 in which the first access controller is associated with a resource access control system that stores an ID number in the first access controller, the ID number being related to a production serial number of the first access controller.

12. A method for generating and using encryption keys to authorize and encrypt data exchanged between first and second computer system resources, comprising:

providing a master access controller and a slave access controller each including a processor and a memory;

storing in the memories tables of authorized resources and identical base key tables, encryption key tables, and algorithm tables;

randomly generating in the master access controller a number alpha1;

selecting a predetermined base key "a" from the master access controller base key table;

calculating "a" alpha1;

randomly generating in the slave access controller a number beta1;

selecting the predetermined base key "a" from the slave access controller base key table; determining a key A in the slave access controller by calculating "a" alpha1) beta1;

calculating "a" beta1;

determining key A in the master access controller by calculating ("a" beta1) alpha1;

selecting a base key x at random from the master access controller base key table;

determining a key B by calculating (x) alpha1*beta1;

determining base key x in the slave access controller by

calculating (key B) (1/beta1*alpha1); and

determining that base key x exists in the slave access controller base key table to verify the validity of key B.

13. The method of claim 12 further including:

mapping into a record A, a master access controller ID number, and an encryption key selected from the master access controller encryption key table;

unmapping record A in the slave access controller;

generating from record A a unique base key;

entering the master access controller ID number, the encryption key and the unique base key into the slave access controller table of authorized resources;

mapping a slave access controller serial number and the unique base key into a record B;

unmapping record B in the master access controller; and

entering the slave access controller serial number, the encryption key and the unique base key into the master access controller table of authorized resources.

14. The method of claim 12 in which predetermined base key "a" is replaced by a predetermined base key "b" and the method further comprises:

randomly generating in the master access controller a number alpha2;

mapping the master access controller ID number and alpha2 into a record C;

unmapping record C in the slave access controller;

randomly generating in the slave access controller a number beta2;

searching the slave access controller table of authorized resources for a match to the master access controller ID number;

mapping into a record D if a match to the master access controller ID number is found a slave access controller ID number and beta2;

unmapping record D in the master access controller;

searching the master access controller table of authorized resources for an existing entry including the slave access controller ID number;

storing in the master access controller table of authorized resources if the slave access controller ID number is found, the encryption key and the unique base key associated with the slave access controller ID number;

searching the slave access controller table of authorized resources for an existing entry including the master access controller ID number;

storing in the slave access controller table of authorized resources if the slave master controller ID number is found, the encryption key and unique base key associated with the master access controller ID number;

randomly generating in the slave access controller a number beta3,

calculating unique base key beta3 and sending unique base key beta3 to the master access controller;

randomly generating in the master access controller a number alpha3;

calculating unique base key alpha3 and sending unique base key alpha3 to the slave access controller;

determining a session key in the master access controller by calculating (the unique base key beta3) alpha3;

determining the session key in the slave access controller by calculating (the unique base key alpha3) beta3; and

transferring data between the first and second computer system resources by encrypting and decrypting the data in the associated access controllers using the session key.

15. A system for transferring secure data across a data communication medium between first and second computers comprising:

first and second access control means in communication with the data communication medium and with associated ones of the first and second computers, for transferring the secure data after verifying that the first and second computers are both associated with the authorized access control code;

the first and second access control means each having an associated memory for storing a table of predetermined encryption keys and a table of authorized resources for associating the first and second computers with an authorized access control code, and an associated processor for randomly generating numbers and using the randomly generated numbers in cooperation with a predetermined one of the stored encryption keys to generate in data communication with the other access control means a session key; and

an encryption/decryption processor using the session key to encrypt the secure data transferred across the data communication medium.

16. The system of claim 15 further including a self-destruct means that erases the associated memory in response to detecting tampering with the access control means.

17. The system of claim 16 in which the self-destruct means detects tampering with an electromechanical means coupled to at least one of the associated memory and a data communication connection.

18. The system of claim 15 in which at least a portion of one of the access control means is integral with its associated computer.

19. The system of claim 18 in which the communication medium is a switched network and each of the access control means is connected to the switched network through a modem.

20. The system of claim 19 in which the modem is integral with its associated access control means.

21. The system of claim 15 further including a communication pathway that interconnects the first access control means to a central access control system that includes at least a portion of the associated memory.

22. The system of claim 21 in which the communication pathway is selected from a group consisting of: the communication medium, a network, a radio frequency transmission, a SCSI bus, an IEEE-488 bus, an RS-232 interconnection, a cellular radio, a CATV cable, an optical fiber, a switched network, and electrical wiring.

23. A method for generating and using encryption keys to authorize and encrypt data transferred between first and second computer system resources, comprising:

providing a master access controller and a slave access controller each including a processor and a memory;

storing in the memories tables of authorized resources and identical encryption key tables;

randomly generating in the master access controller and the slave access controller respective first and second numbers;

selecting from the master access controller encryption key table and the slave access controller encryption key table a first predetermined encryption key;

determining in the master access controller and the slave access controller a key A by processing the first predetermined encryption key with the first and second randomly generated numbers;

selecting at random from the master access controller encryption key table a second encryption key;

determining a key B in the master access controller by processing the second encryption key with the first and second randomly generated numbers; and

encrypting key B with key A and sending encrypted key B to the slave access controller,

24. The method of claim 23 further including:

determining in the slave access controller the second encryption key by processing key B with the first and second randomly generated numbers; and

verifying that key B exists by determining whether the second encryption key exists in the slave access controller encryption key table.

25. The method of claim 23 further including:

providing the master access controller with a master access controller ID number and the slave access controller with a slave access controller ID number;

encrypting the master access controller ID number and sending the master access controller ID number to the slave access controller;

determining in the slave access controller a unique code by processing the master access controller ID number and the slave access controller ID number;

entering the master access controller ID number and the unique code into the slave access controller table of authorized resources;

encrypting the slave access controller ID number and the unique code and sending them to the master access controller; and

entering the slave access controller ID number and the unique code into the master access controller table of authorized resources.

26. The method of claim 25 further comprising:

encrypting the master access controller ID number and sending the master access controller ID number to the slave access controller;

encrypting the slave access controller ID number and sending the slave access controller ID number to the master access controller if the master access controller ID number is an existing entry in the slave access controller table of authorized resources;

registering the unique code associated with the slave access controller ID number if the slave access controller ID number is an existing entry in the master access controller table of authorized resources;

registering the unique code associated with the master access controller ID number if the master access controller ID number is an existing entry in the slave access controller table of authorized resources;

determining a session key in the master access controller and the slave access controller by processing the unique code registered in each access controller; and

decrypting with the session key the data transferred between the first and second computer system resources.

27. A method for authorizing access to and encrypting data transferred between first and second computer system resources, comprising:

connecting together through a first data communication medium first and second access controllers each associated with a table of authorized resources;

generating in the table of authorized resources an authorized resource pair entry associating the first and second access controllers;

detaching the first and second access controllers;

attaching the first and second access controllers to respective ones of the first and second computer system resources;

connecting the first and second access controllers through a second data communication medium;

exchanging data between the first and second access controllers to verify that both access controllers are associated by the authorized resource pair entry in the associated table of authorized resources;

establishing a session encryption key; and

encrypting and decrypting with the session key data transferred across the second data communication medium between the first and second computer system resources.

28. The method of claim 27 further including the step of providing each of the first and second access controllers with a memory and storing the table of authorized resources in the memory.

29. The method of claim 27 in which the connecting together and generating steps are carried out in data communication with a resource access control system that provides the table of authorized resources with identifying data unique to the first and second access controllers.

30. The method of claim 27 further including the steps of providing a central access control system in data communication with at least one of the access controllers and exchanging authorized resource data between the central access control system and the access controller.

31. The method of claim 30 further including the step of storing the table of authorized resources in the central access control system.

32. The method of claim 30 further including the step of providing a parallel control network that provides the authorized resource data through a third data communication medium interconnecting the central access control system and the first and second access controllers.

33. The method of claim 32 in which the first, second, and third data communication media are selected from a group consisting of: a modem, a network, a radio frequency,transmission, a SCSI bus, an IEEE-488 bus, a computer bus, an RS-232 interconnection, a cellular radio, a CATV cable, an optical fiber, a switched network, and electrical wiring.
 Description Submit all comments and votes
 


TECHNICAL FIELD

This invention relates to securing access to and data communication among computer system resources and, more particularly, to an apparatus and a method for managing and securing user resource access, user application access, and system resource configuration in electronic systems employing a potentially diverse mix of interconnected system resources.

BACKGROUND OF THE INVENTION

There are previously known measures for implementing computer security measures intended to prevent "hackers," disgruntled employees, industrial "spys," irregular security maintenance, and the like from obtaining unauthorized access to or compromising data transferred among computer system resources. It is well known that conventional computer "login" procedures that require entering a user name followed by a password do not provide a high level of security. Such login procedures and passwords are susceptible to disgruntled employees, easily broken, infrequently changed, and easily determined by recording data communications transferred on any signal carrier or telephone line. Never the less, user names and passwords remain the most commonly used type of computer security measure.

A slightly higher security level can be achieved by preventing access to a computer until an additional access code is received. U.S. Pat. No. 4,546,213 issued Oct. 8, 1985 for a MODEM SECURITY DEVICE describes a circuit that conceals a responding modem from a requesting device until an up to 10-digit touch-tone "DTMF" code is entered at the requesting device and is correctly decoded by the circuit. If the correct code is received, the requesting device is connected to the modem and the usual login procedure is followed. However, if a predetermined number of incorrect digits is received, the circuit prevents repeated login attempts by disabling the modem from all communications for a predetermined time period. Unfortunately, DTMF codes are easily determined by monitoring the telephone line, and the system is susceptible to all the problems associated with conventional login procedures.

U.S. Pat. No. 5,131,025 issued Jul. 14, 1992 for an INTELLIGENT MODEM SYSTEM WHICH DETERMINES PROPER ACCESS THERETO describes a login verification system in which the modem searches an authorized users list for a match with an identification code sent by a requesting caller. If a match is found, the modem connects the requesting caller to an associated computer, and the usual login procedure is followed. This system is susceptible to unauthorized use for all the above-described reasons. In addition, once an unauthorized user accesses the modem, the user can add identification codes to the called modem and any other modem identified in the authorized users list. There is no control over the assignment of identification codes, duplicate code prevention, or users that can establish codes.

The above-described problems caused prior workers to devise login procedures intended to mislead, confuse, and otherwise hide the computer from unauthorized users. For example, U.S. Pat. No. 4,905,281 issued Feb. 27, 1990 for a SECURITY APPARATUS AND METHOD FOR COMPUTERS CONNECTED TO TELEPHONE CIRCUITS describes a system in which a security controller is interposed between two modems wherein the first modem is connected to the telephone line and the second modem is connected to a computer. When the first modem receives a call, the caller is connected to the controller and hears either silence or a misleading voice response. If the caller then sends the proper response, the controller connects the first modem to the second modem and the usual login procedure is followed. However, unauthorized users can determine the required codes by monitoring the telephone line, and, as before, the system is not immune to disgruntled employees or poor security maintenance procedures.

An improved method for concealing a login procedure is described in U.S. Pat. No. 4,679,226 issued Jul. 7, 1987 for a COMPUTER SECURITY GUARD CIRCUIT in which a first modem connects a caller to the conventional login procedure of a computer. However, a security guard circuit disconnects the first modem from the computer unless the caller also calls the security guard circuit on a second telephone line within a predetermined time period. This system prevents unauthorized users from determining the complete login procedure by monitoring a single telephone line. However, the system is still not immune to disgruntled employees or poor security maintenance procedures.

Many computer-based applications, such as those found in banks, security houses, governments, and the military, require much higher data security levels. Therefore, a computer callback login procedure was developed in which a caller first follows a conventional login procedure with a computer and then immediately hangs up the phone. The computer then calls the user at a phone number stored in an authorized users list to establish an authorized connection. However, as for prior systems, this system is susceptible to disgruntled employees and poor security maintenance. In addition, the callback to an authorized phone number can be defeated by "hacking" the telephone switch computer and call-forwarding the callback phone number to an unauthorized phone number.

A modification of the callback procedure is described in U.S. Pat. No. 5,003,595 issued Mar. 26, 1991 for SECURE DIAL ACCESS TO COMPUTER SYSTEMS in which the caller's telephone number is identified by an automatic phone number identifying system, such as "caller ID," and then compared with phone numbers in an authorized caller list. This system allows calls only from authorized locations unless, of course, the caller ID system is susceptible to hacking. The system is also susceptible to the usual disgruntled employee and security maintenance problems, and monitoring the telephone line can provide access to an unauthorized user at an authorized phone number.

To circumvent many of the above-described computer security problems, prior workers have devised login procedures that further require the use of user-identifying devices such as magnetic card readers, speech recognizers, eye scanners, and encoded transponders. One such system is described in U.S. Pat. No. 5,153,918 issued Oct. 6, 1992 for a SECURITY SYSTEM FOR DATA COMMUNICATIONS in which access to a host computer is controlled by a central access controller that communicates via modems with transponders attached to each remote user terminal. A user attempting to access the host computer first calls the central access controller, which returns a random number across the telephone line to the user's transponder, which uses the random number to encrypt and decrypt all ensuing communications with the access controller. The user is prompted for a password that the transponder encrypts together with a unique transponder serial number. The encrypted password and serial number are sent to the access controller, which searches an authorization table for matches. If the password and serial number are both matched, the user is prompted to utter a code word into a speech digitizer unit and/or pass a card key through a magnetic card reader. The digitized speech is compressed, encoded, and transmitted to the access controller where its code pattern is verified against stored templates of authorized speech patterns, thereby providing an additional layer of security that is keyed to authorized users.

Even this system has potential security problems. For example, card keys and transponders can be stolen, lost, or not turned in by terminated employees who can then log in from any location until the authorization table is revised. Sending the random number used to establish an encryption key across a potentially monitored telephone line compromises the entire encryption process. Because all communications to the host computer must pass through the central access controller, such a system is not practical for use in widely scattered systems employing multiple host computers and/or diverse resources. Also, the complexity, expense, and unreliability associated with key devices such as voice recognizers, thumbprint readers, and eye scanners discourages their use.

Once logged into a system, a user (authorized or not) typically has unrestricted access to resources including networked servers, applications software, data bases, and user files. In some systems, certain resources have separately defined authorization levels that require users to follow a second login procedure. Users may also encrypt selected files under a user-defined encryption key. However, such multi-level security systems are easily broken or compromised by monitoring communications lines, sharing passwords and encryption keys among employees, poor security maintenance, and abuse by disgruntled employees.

Because authorized access to computer resources is so easily thwarted, data encryption methods ("cryptography") have evolved to prevent compromised data resources from being understood. Network World: Network Security secrets, David J. Stang and Sylvia Moon, 1993, IDG Books Worldwide, Inc., San Mateo, Calif., describes various practical data encryption systems and their relative strengths and weaknesses. Traditional cryptography is based on the sender and receiver of a message knowing and using the same secret key. The main problems with secret keys are generating them and keeping them secret. Of course, during World War II, the German "Enigma" and Japanese "Purple" secret key codes were broken without the use of computers, partly because of poor keys and partly because code books were captured. To solve the key generation and management problems, a public key cryptography system referred to as "RSA" (after its developers) was developed in 1977. Every user is issued or generates a pair of keys, one public and the other private. Every user publishes his public key and keeps the private key a personal secret. The need for senders and receivers to share keys is eliminated. All communications involve only the public keys that are openly transmitted. Clearly, it is a requirement that no one can deduce a private key from a corresponding public key. RSA is very secure. At its lowest level of security, today's fastest computers would require 10 years to break a single key. Unfortunately, RSA is so convoluted and complex that the fastest RSA encryption/decryption circuits can process only 64 kilobits of data per second.

Because encryption/decryption speed is often required, the Data Encryption Standard ("DES") was developed in 1977 by IBM. DES employs a 56-bit secret key system, processes data at a one megabyte per second rate, and is available on an inexpensive microchip. However, the National Security Agency can break DES keys in about one day, so many workers believe its 56-bit key is too short for many secure applications.

Skilled cryptography workers use a triangular (or three-legged stool) model to describe the three dominant factors of cryptography systems, degree of security, system cost, and ease of use. The conventional wisdom is that one of the three factors must be sacrificed to strengthen the other two.

Clearly a need exists for an improved means of establishing, monitoring, and maintaining computer resource data security, particularly in networks of widely distributed and diverse computing resources. Such a security management system should not sacrifice cost, the degree of security, or ease of use and should provide a solution to the key generation and management problem.

SUMMARY OF THE INVENTION

An object of this invention is, therefore, to provide an apparatus and a method for managing secure access to computer system resources that is transparent to the user, easy to use, does not require users to manage, generate, or even know any encryption keys, and is retrofittable into existing systems.

Another object is to provide an apparatus and a method for managing secure access to computer system resources that is low in cost, highly secure, easy to use, and employs techniques that prevent unauthorized users from breaking resource security by monitoring communications lines, hacking system resources, stealing security devices, reverse engineering, or sharing encryption keys.

A further object is to provide an apparatus and a method for managing secure access to computer system resources that verifies multiple levels of resource authorization before establishing a connection between requesting and responding resources.

Still another object is to provide an apparatus and a method for centrally managing secure access to widely distributed diverse computer system resources such as software, servers, computers, networks, data bases, communications switches, and related services such as controlling software distribution, licensing, and installation.

Accordingly, this invention provides a compact, physically secure, high-performance access controller that is electrically connected to each access-managed resource or group of resources in a computer system. Whenever access-managed resources attempt to establish communications, their associated access controllers exchange sets of internally generated DES encrypted access authorization codes utilizing protocols characterized by multiple random numbers, resource authorization keys, serial number verification, and session authorization keys. Each new session employs different encryption keys derived from multiple random numbers and multiple hidden algorithms. The access control management data exchanges are transparent to the user, and the keys employed are not transmitted across a communications line.

Tables of authorized requesting and responding resources are maintained in a protected memory in each access controller. A simple and automatic authorization table building procedure is augmented by an optional central access control system that employs a dedicated parallel control network, such as a LAN, to store, verify, update, erase, add, configure, restore, and otherwise centrally manage the access control tables of an access-controlled system of resources. All resources implementing the parallel control network are likewise access managed by access controllers. The access controllers are physically protected against theft and reverse engineering by a data self-destruct mechanism that erases the memory if physical tampering and/or removal of connectors is detected.

Additional objects and advantages of this invention will be apparent from the following detailed description of preferred embodiments thereof that proceed with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified block diagram showing an arrangement of computer system resources in which resources and services are selectively interconnected through secure access controllers in a manner according to this invention.

FIG. 2 is a block diagram showing a preferred embodiment of an access controller of this invention.

FIGS. 3A and 3B (collectively "FIG. 3") are a flow chart showing the secure process employed to generate an access authorization table and secret encryption keys used by the access controller of this invention.

FIG. 4 is a schematic block diagram showing the various levels of resource access control that can be achieved with this invention.

FIG. 5 is a simplified flow chart showing the process followed by a pair of access controllers to establish a valid connection between a requesting resource and a responding resource.

FIGS. 6A and 6B (collectively "FIG. 6") are a flow chart showing the secure process employed to establish a communication session and communicate between access controllers of this invention.

FIG. 7 is a simplified block diagram showing software and hardware data flow pathways employed by a computer with a built-in modem in which an access controller is connected to a parallel port to implement an alternate embodiment of this invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

FIG. 1 shows a computer system in which an access control system 10 allows a calling computer 12 ("requestor") to access a called computer 14 ("responder"). Access control system 10 includes substantially identical access controllers 16 and 18 and a conventional modem 20 associated with each of requestor 12 and responder 14. Modems 20 are selectively interconnected by a switched network 22, which together represent only one of many possible resource interconnection schemes manageable by this invention. Many separate instances of requestor 12 and responder 14 may be interconnected through access control system 10 of which personal computers are only a preferred form of resource.

When requestor 12 transmits a calling signal through modems 20 and switched network 22 to responder 14, access controller 18 intercepts the calling signal before it reaches responder 14. Access controller 18 causes associated modem 20 to turn on its carrier and waits for a response from modem 20 associated with access controller 16. Access controller 16 identifies itself by sending an access control code to access controller 18 along with a request for access controller 18 to identify itself. If access controller 18 determines that the access control code from access controller 16 is in a locally stored, authorized resource table, access controller 18 responds by transmitting its access control code to access controller 16. If access controller 16 determines that the access control code is in its locally stored authorized resource table, access controllers 16 and 18 connect requestor 12 and responder 14, thereby enabling modem data communications. However, if either of access controllers 16 or 18 determines that an access control code is not in their respective authorized resource tables, no communications are enabled between requestor 12 and responder 14. To ensure security, the access control codes are preferably generated, encrypted, and transmitted by processes described later with reference to FIGS. 2, 3, and 6.

FIG. 2 shows an electrical block diagram of a representative access controller such as 16 or 18 that includes a conventional dual universal asynchronous receiver transmitter ("DUART") 30 that controls communications among requestor 12, responder 14, and associated modems 20. Bidirectional data transferred between DUART 30 and modem 20 is conditioned by a signal interface 31, which preferably converts between conventional logic signal lev