CA2241745C - Method and apparatus for controlling access to encrypted data files in a computer system - Google Patents
Method and apparatus for controlling access to encrypted data files in a computer system Download PDFInfo
- Publication number
- CA2241745C CA2241745C CA002241745A CA2241745A CA2241745C CA 2241745 C CA2241745 C CA 2241745C CA 002241745 A CA002241745 A CA 002241745A CA 2241745 A CA2241745 A CA 2241745A CA 2241745 C CA2241745 C CA 2241745C
- Authority
- CA
- Canada
- Prior art keywords
- password
- passwords
- hashed
- key
- hash2
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 150000003839 salts Chemical class 0.000 claims description 54
- 230000006870 function Effects 0.000 claims description 40
- 238000012545 processing Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 10
- 102100022144 Achaete-scute homolog 2 Human genes 0.000 description 9
- 101000901109 Homo sapiens Achaete-scute homolog 2 Proteins 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 102100022142 Achaete-scute homolog 1 Human genes 0.000 description 2
- 101000901099 Homo sapiens Achaete-scute homolog 1 Proteins 0.000 description 2
- 230000002153 concerted effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/40—User authentication by quorum, i.e. whereby two or more security principals are required
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
In a system in which encrypted information can be protected and maintained by multiple users using passwords in concert, a file with secure data contains both an unencrypted header and an encrypted data portion. The data portion contains both the secured data and a list of hashed passwords and is encrypted with a single file key. The unencrypted file header contains two tables. The first table is a list of passwords, where each password is cryptographically hashed using a second, different hashing technique than the hashed passwords in the data portion of the file. The second table is a list of cryptographically hashed combinations of cryptographically hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data portion of the file. Each hashed combination on the list is also used as a password key to encrypt the file key. During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum.
If there is a quorum, then passwords of the users in the quorum are hashed with the first hashing technique, combined and hashed again to form a password key. The file key can be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists.
If there is a quorum, then passwords of the users in the quorum are hashed with the first hashing technique, combined and hashed again to form a password key. The file key can be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists.
Description
.~'L'~~_ , ,L. y ' ~ , ' . , .
~ > , ~ . , , METHOD AND APPARATUS FOR CONTROLLING ACCESS TO
ENCRYPTED DATA FILES IN A COMPUTER SYSTEM
s FIELD OF THE INVENTION
This invention relates to computer security and, in particular, to systems in which encrypted information can be protected and maintained by multiple users using passwords in concert.
~o BACKGROUND OF THE INVENTION
Many computer systems utilize some type of security to prevent unauthorized use. In the vast majority of systems this security takes the form of a single password per user for a particular company. The password is conventionally an arbitrary combination of characters known only to the user. The combination of characters is generally encoded in the system as _ a combination of bits and may be used to control ~login to the system as well as access to secure information in selected files.
For example, a solution for controlling single user access to encrypted multimedia files is illustrated in U.S. patent No. 5,319,705. The solution discloses a cryptographic means for protecting software distributed over an open channel or via a high density media such as a CD ROM and is based on a use of encryption keys issued to the user by the centralized softv~rare distribution center. To accomplish this, a multimedia file is encrypted with a secret data key (KD), the encrypted file is then distributed is over an open channel or by some other means to a user to be stored and used on that user's computer. A customer key is also produced using a customer number, a counter value equal to zero and a secret key generating key (KGK), known only to a software distribution center. A special function is used with the customer key to derive a variant customer key. The secret so data key (KD) associated with the multimedia file is then encrypted with this variant customer key. The resulting encrypted data key and the customer , , . ;
~ - , " , key are provided to the customer, in many instances by being recorded on the shrink wrap license which accompanies the software. When the software is installed on the user's process or computer a file recovery program associated with the multimedia file, uses the two keys known to the s user to decrypt and recover multimedia file. In this regard, only the specific customer possessing the specific customer number and encrypted data key can decrypt and use multimedia file. This solution is vulnerable to unauthorized users getting and copying the hardcopy customer key and encrypted data key printed on the license and obtaining the multimedia files ~o through intercetpion, if transmitted over an open channel, or by copying if resident on a computer or if a media itself is obtained. Also, once the multimedia file is decrypted, which it must be for the customer to make use of it, access to' it is no longer controlled.
A different method and device for controlling single user access to a s personal computer (PC) by requiring authentication of a human user on the PC is disclosed in U.S. Patent Application 5,210,795. The solution requires encryption of a user's private key with the user's password to create a secret key. The user also has a public key which may be shared and known by others. The secret key and two trusted log-in programs are stored on a zo writable floppy disk. The user boots his computer from the floppy disk. The first trusted login program prompts the user to input his password. Once the user has done so, the second trusted log-in program one-way hashes the password in the background. Meanwhile, the first trusted log-in program determines whether the disk is writeable. If it is writeable, the first trusted 25 login program verifies whether the computer clock is accurate and, if so, sets the "time of last log in" value associated with the trusted login program to the current time. Next, the program authenticates the PC's operating system by comparing it to an accepted operating system digest on the floppy disk, ensuring that the operating system has not been corrupted. Assuming the so second trusted login program has completed hashing password, the first 1a . .;
trusted login program attempts to decrypt the user's secret private key with the hashed password. If successful, the user has been "authenticated".
Next, the trusted login program creates a session key from the user's public-v private key pair and creates and signs a "delegation certificate" using the s decrypted secret key. The trusted log-in program erases the private key '' from PC memory and leaves the session key and the delegation certificate on the PC then runs PCs operating system and the user proceeds to use his PC as desired. Therefore, the user's private key could not later be retained by someone with access to that PC. Once the operating system is booted, it ~ o uses the session key and delegation certificate to prove to remote users that it has been authorized by a human user. In this way, private access to a single PC is controlled. However, once access is gained in a PC, no additional protection is provided to prevent unauthorized access to protect data files. Furthermore, the extra security gained from requiring a quorum of ~ s users to login in one session in order for any one user to gain access is not realized. So, a disgruntled user retains single handed access to any files either on or accessible by the PC.
A solution for providing a secure method of communications over workstation-server network is described in U.S. Patent No. 5,373,559. The zo solution requires a user at a workstation to input his user name or password and a "token" {continually generated by a passive token generator). The computer then hashes the user name or password with a token producing a transmission code. The transmission code is transmitted across a network to a server. The server, which has access to disk storage containing a fist of zs all user passwords or user names, recreates several tokens generated in small intervals of time before and after the transmission code was received by the server. The server then performs the same hashing scheme using those tokens and its list of passwords or user names and produces a set of transmission codes. The server compares the received transmission code 3o to those it produced. If they do not match, the user is not allowed entry to 1b the system through the server. If they do match, the server performs different hashing on the password and token and produces a session code.
The server then sends a message, encrypted using the session code, across the network back to the work station. Once the messeage is s received, the workstation produces a session code and uses it to decrypt the message. As a result, the user is allowed access to the network. Once the user has gained access to the network he has apparent access to a wide variety of files. A detriment of this solution is that it requires that unencrypted user passwords or user names be stored for access by the computer, making them vulnerable to access by intruders. Also, the solution does not provide for encryption of data files. Therefore, if an intruder does gain access to the workstation or the server, stored data files are vulnerable to being accessed. Furthermore, the solution allows one user to gain access to the system, so it does not provide the level of security realized by s a system which requires a quorum of authorized users to access the system at the same time for any user to gain access.
In some systems, additional security is provided by requiring two or more users to act in concert in order to access secure information in files.
In such systems, a group of users must all enter correct passwords in a single zo session in order to access the information. This type of operation is similar to the well-known protocols for the launching of nuclear weapons or financial documents which require two signatures (perhaps an employee and the employee's manager) to be valid.
A problem with such multiple user systems is that, if concerted action zs is needed for access to some information, there is a danger that one of the users required for concerted access to the file will forget his password or leave the company without telling anyone the password and thereby prevent the other remaining users from accessing the secured information. In many systems, it is possible to override the security system and obtain access to ao the information even if all users needed to access the information are not 1c available. However, in cryptographic systems where the information is secured by encrypting it, it may not be possible to decrypt the information without all of the passwords. In addition, resources which require several users acting in concert are often cumbersome to use simply because it is s often difficult to get all of the required users together in order to access the file.
One mechanism for avoiding these problems is to allow access to the secured information by a subset, or quorum, of the total group of users. For example, if there are five users, any two of the five users can concurrently enter passwords to access the secured data. Therefore, if one user forgets his password, leaves the company or is simply not available, a quorum can still be formed of the remaining users in order to access the data. This method works well with cryptographic systems because no special precautions need to be taken for lost or forgotten passwords.
In such a system, when a user name is entered, a password prompt would appear but two or more passwords would be required. Once the passwords were entered, one or more users could leave and let the remaining users work, or if the security constraints mandated, all users might be (administratively) required to remain present until the work was , zo done and the passwords "cleared". In either case, a user who left the company in possession of a valid password would find the password useless unless he could get the cooperation of other authorized users.
One problem with such quorum systems is that entry of the passwords can be cumbersome. Generally each user must enter his name zs and password. The passwords are then combined and the combination is checked against authorized combinations stored in an access file. However, if several users must enter passwords arrd the last person makes a mistake entering his password, then often all users must reenter their passwords.
Quorum systems also have problems with maintainability. For ao example, in order to change the size or composition of the possible groups, 1d ..~y~ . ., . - ... .: . . ~ '. , ;
some method must be provided to obtain combinations of the passwords to form the quorum password comf~inations.. Typically, all authorized users must reenter their passwords if ~ change is made to the size and ~:
composition of the quorum groups or if users are added or deleted.
s Accordingly, there is a need for a security system which is useful for cryptographic systems, but can easily be maintained and can recover if passwords are forgotten. There is also a need for a security system in which the entry of passwords is simplified.
,o SUMMARY OF THE INVENT10N
A secure system is achieved in accordance with the principles of the invention by utilizing both an unencrypted header file and an encrypted data file. The data file contains a list of cryptographically hashed passwords in addition to the data to be secured. Thus, the passwords cannot be s examined by persons examining the file.
The data file contents are encrypted with a single file key. The unencrypted header file contains two tables. The first table is a list of authorized user names and corresponding hashed passwords where the passwords are hashed using a second, different hashing technique than the ao hashed passwords in the data file. The second table is a list of hashed combinations of hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data file. Each hashed combination on the list is also used as a password key to encrypt the file is key.
During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum. If there is a quorum, then 3o passwords of the users in the quorum are hashed with the hashing 1e technique used on passwords in tf a data file, combined and hashed again to form a password key. The file kny can then be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists without requiring all users to reenter their passwords.
Anyone gaining access to the unencrypted file cannot obtain the passwords themselves. Similarly, anyone gaining access to the encrypted file can obtain the hashed passwords, but again cannot directly obtain the passwords. Since it is fairly common for users to utilize the same password for several files, the inventive arrangement prevents users from obtaining any password and possibly using it to improperly gain access to other files.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of a personal computer system suitable ~ a for use with the present invention.
Figure 2 is a schematic diagram illustrating the some of the contents of a data file secured in accordance with the principles of the invention.
Figure 3 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values.
2o Figure 4 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values different from that hashing mechanism shown in Figure 3.
Figure 5 is a flowchart illustrating an illustrative method for obtaining the file key used to encrypt the data file illustrated in Figure 2 by the action is of a quorum of users.
Figure 6 is a filowchart representing an illustrative method for maintaining the data file of Figure 2. ' 3o Figure 1 illustrates the system architecture for a conventional 1f WO 97!24675 ' ' ' PCT/US96/20487 available. However, in cryptographic systems where the information is secured by encrypting it, it may not be possible to decrypt the information without all of the passwords. In addition, resources which require several users acting in concert are often cumbersome to use simply because it is s often difficult to get all of the required users together in order to access the ' file.
One mechanism for avoiding these problems is to allow access to the secured information by a subset, or quorum, of the total group of users. For example, if there are five users, any two of the five users can concurrently enter passwords to access the secured data. Therefore, if one user forgets his password, leaves the company or is simply not available, a quorum can still be formed of the remaining users in order to access the data. This method works well with cryptographic systems because no special precautions need to be taken far lost or forgotten passwords.
~s In such a system, when a user name is entered, a password prompt would appear but two or more passwords would be required. Once the passwords were entered, one or more users could leave and let the remaining users work, or if the security constraints mandated, all users might be {administratively) required to remain present unfit the work was zo done and the passwords "cleared". in either case, a user who left the company in possession of a valid password would find the password useless unless he could get the cooperation of other authorized users.
One problem with such quorum systems is that entry of the passwords can be cumbersome. Generally each user must enter his name zs and password. The passwords are then combined and the combination is checked against authorized combinations stored in an access file. However, if several users must enter passwords and the last person makes a mistake entering his password, then often all users must reenter their passwords.
Quorum systems also have problems with maintainability. For ao example, in order to change the size or composition of the possible groups, SUBSTITUTE SHEET (RULE 2~) some method must be provided to obtain combinations of the passwords to form the quorum password combinations. Typically, all authorized users must reenter their passwords if a change is made to the size and composition of the quorum groups or if users are added or deleted.
Accordingly, there is a need for a security system which is useful for cryptographic systems, but can easily be maintained and can recover if passwords are forgotten. There is also a need for a security system in which the entry of passwords is simplified.
SUMMARY OF THE INVENTION
A secure system is achieved in accordance with the principles of the invention by utilizing both an unencrypted header file and an encrypted data file. The data file contains a list of cryptographically hashed passwords in addition to the data to be secured. Thus, the passwords cannot be examined by persons examining the file.
The data file contents are encrypted with a single file key. The unencrypted header file contains two tables. The first table is a list of authorized user names and corresponding hashed passwords where the passwords are hashed using a second, different hashing technique than the 2o hashed passwords in the data file. The second table is a list of hashed combinations of hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data file. Each hashed combination on the list is also used as a password key to encrypt the file key.
During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum. If there is a quorum, then so passwords of the users in the quorum are hashed with the hashing technique used on passwords in the data file, combined and hashed again to form a password key. The file key can then be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists without requiring all users to reenter their passwords.
Anyone gaining access to the unencrypted file cannot obtain the.
passwords themselves. Similarly, anyone gaining access to the encrypted file can obtain the hashed passwords, but again cannot directly obtain the passwords.
Since it is fairly common for users to utilize the same password for several files, ~o the inventive arrangement prevents users from obtaining any password and possibly using it to improperly gain access to other files.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of a personal computer system suitable for ~s use with the present invention.
Figure 2 is a schematic diagram illustrating the some of the contents of a data file secured in accordance with the principles of the invention.
Figure 3 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values.
2o Figure 4 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values different from that hashing mechanism shown in Figure 3.
Figure 5 is a flowchart illustrating an illustrative method for obtaining the file key used to encrypt the data file illustrated in Figure 2 by the action of a 25 quorum of users.
Figure 6 is a flowchart representing an illustrative method for maintaining the data file of Figure 2.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
3o Figure 1 illustrates the system architecture for a conventional computer system, such as an IBM PS/2~ computer on which the inventive WO 97/2467,5 ', ~ ' PCT/US96/20487 security system can operate. The exemplary computer system of Figure 1 is for descriptive purposes only. Though the description below may refer to terms commonly used in describing particular computer systems, such as an IBM PS/2 computer, the description and concepts equally apply to other s systems, including systems having architectures dissimilar to Figure 1.
The exemplary computer 100 includes a central processing unit ("CPU") 105, which may include a conventional microprocessor; a system random access memory ("RAM") 110 for temporary storage of information and a read only memory ("ROM") 115 for permanent storage of information.
A memory controller 120 is provided for controlling system RAM 110; a bus controller 125 is provided for controlling bus 130; and an interrupt controller 135 is used for receiving and processing various interrupt signals.
Mass storage may be provided by a diskette 142, a CD-ROM disk 147 or a hard disk 152. The diskette 142 can be inserted into a diskette drive 141, which is, in turn, connected to bus 130 by a controller 140.
Similarly, the CD-ROM disk 147 can be inserted info a CD-ROM drive 146, which is also connected by a controller 145 to bus 130. Finally, hard disks 152 are part of a fixed disk drive 151, which is connected to bus 130 by controller 150.
2o Input and output to computer system 100 are provided by a number of devices. For example, a keyboard and mouse controller 155 connects to bus 130 for controlling a keyboard input device 156 and a mouse input device 157. A DMA controller 160 is provided for performing direct memory access to system RAM 110. A visual display is generated by a video 25 controller 165, which controls a video output display 170. The computer also includes a communications adapter 190 which allows the system to be interconnected to a local area network (LAN) or a wide area network (WAN) which is schematically illustrated by bus 191.
The computer 100 is generally controlled and coordinated by ao operating system software, such as the OS/2~ operating system, available SUBSTITUTE SHEET (RULE 26) from the International Business Machves Corporation ("IBM"), Boca Raton, Florida. Conventional operating systems control and schedule computer processes for execution, perform memory management, provide file system, ':
networking, and I/O services, and provide a user interface, such as a s graphical user interface ("GUI"), among other things. User applications, such as editors and spread sheets, directly or indirectly, rely on these and other capabilities of the operating system.
Figure 2 illustrates the structure of a data file 200 constructed in accordance with the principles of the present invention. The file consists of ,o two main sections, although other sections may exist. These other sections are not necessary for an understanding of the invention and are omitted from the figure for clarity. In particular, the file consists of an unencrypted or "cleartext" header 202 and an encrypted data part 204. Although the unencrypted portion and the data portion are shown as two parts of a single s file, separate unencrypted and encrypted files could be used without departing from the invention. Similarly, although table 220 and data portion 222 are shown as part of the encrypted portion 204, they could also be placed in separate files.
The cleartext data in the encrypted data portion 204 of the file 200.is Zo encrypted using a single file key in a well-known manner. There are several conventional, single key encrypting techniques which could be used to encrypt the file including, but not limited to the DES encoding scheme, the RC2 encoding scheme, the RC4 encoding scheme or the IDEA technique.
This same encoding technique can also be used to encrypt the secured data zs portion 222 either as part of the data portion 204 of ale 200 or as a separate file.
The single file key used to encrypt the data portion of file 200 is then itself encrypted using the inventive multi-password scheme described in detail below.
ao The clear text header 202 includes several tables and a randomly-5 ' ' ' . PCT/US96/20487 chosen value 206 referred to herein as "salt" stored therein. The salt value 206 is typically provided as a randomly- selected value which may be selected using a random number generator of a computer, for example. The actual value is not critical, but the salt number should have a sufficient ~ s number of bits that the selection of duplicate salt numbers for different files is extremely unlikely. Illustratively, a salt value 206 having 64 bits can be used.
Also included in unencrypted header 202 is a first table 208 which consists of a plurality of entries with two fields for every entry. In particular, ~o each entry has a first field 210 containing a user name and a second field 212 containing a cryptographic hash of the password corresponding to the user name in field 210.
In an illustrative embodiment, a password corresponding to a user name is hashed using a one-way cryptographic "hash" of the actual ~ s password combined with the salt value. In particular, the password can be simply conoatenated with the salt value or combined in another manner and then hashed.
An illustrative apparatus for generating a cryptographic "hash" of input values is illustrated in Figure 3, but other, similar arrangements well-Zo known to those in the art can also be used without departing from the scope of the invention. in particular, as shown in Figure 3, the salt value on input 300 and the password on input 304 are provided to a concatenator 302.
Concatenator 302 simply concatenates the bits forming the salt value with the bits comprising the password and provides the resulting series of bits to z5 a one-way function 306.
A one-way function 306 is a well-known function which accepts a ~ series of bits and performs a series of mathematical operations on the bits such that it is substantially impossible, given only the output of the one-way n function, to reconstruct the input. There are several such functions well-ao known to those skilled in the art. One such function, suitable for use with SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' ' PCTIUS96/20487 the illustrative embodiment, is a one-way function called "MD2" which is described in detail in a book entitled Network Security, C. Kaufman, R.
Perlman and M. Speciner, Prentice Hall 1996. A cryptographic hash is _ distinct from a key encryption scheme in that the encrypted data can be s decrypted with the key. However, hashed data cannot be "unhashed." ' The hashed value generated at the output of function 306 is fed to a second MD2 hash function 308 which implements a second MD2 hash function and provides a second hashed value at an output port thereof. It is this second hashed value which is stored in the second field 212 of table ~ 0 208.
The hashing function represented by the two MD2 functions 306 and 308 (Figure 3) is denoted in Figure 2 by HASH1[ ... ]. The concatenation of two values is indicated by separating the values by two vertical fines ("~~") The mechanism shown in Figure 3 could be preferably implemented by a software routine but could also be implemented in hardware. In any case, the routine is part of the permanent file security program.
It should be noted that the order of the entries in table 208 establishes an implied order for the passwords. For example, the first entry corresponds to password 1, the second entry to password two, etc. This ao order is important because it determines the ordering of the entries in the other tables as will hereinafter be explained.
Unencrypted header 202 also includes a second table 214 which also includes a plurality of entries, each of which has two fields 216 and 218.
There is an entry for each combination of passwords which can be used to 25 form the quorum necessary for decrypting the encrypted portion of the file.
For example, assume that there are five authorized administrators and two are required for a quorum. Further assume that the five passwords ' are PW1, PW2, PW3, PW4, and PW6 (the password numbers here refer to the entry orders in table 208 and not the actual order in which the ao passwords are entered by the users.) Then, since the order of entry does SUBSTITUTE SHEET (RULE 26) WO 97124675 ~ ' ' PCT/US96J20487 not matter and a password cannot be paired with itself, there are ten possible combinations of two passwords, each of which defines a value combination for a quorum:
(1 ) PW1, PW2 s (2) PW1, PW3 (3) PW1, PW4 (4) PW1, PW5 (5) PW2, PW3 (6) PW2, PW4 ~ o (7) PW2, PW5 (8) PW3, PW4 (9) PW3,' (10) PW4, PW5 Each of these ten combination would have an entry in table 214. The first field 216 of each entry is a set of numbers indicating which passwords are in the combination. This field consists of the entry numbers for the entries in table 208. Thus, for example, if a particular quorum consisted of users with USER NAME1 and USER NAME2 (and corresponding passwords PW1 and 2o PW2, then the entry in the first field of table 214 would be 1,2.
The second field 218 of table 214 consists of the file key encrypted using hashed passwords in the combination. In particular, a cryptographic hash for each password in the combination for the entry is generated by concatenating if with the salt value and hashing the concatenation. It is as important that the hashing technique used in the second operation is different than the hashing technique used in forming table 208 for reasons ' that will be explained hereinafter.
An apparatus for performing the second cryptographic hash is illustrated in Figure 4, although other well-known techniques could also be so used. As shown in Figure 4, the procedure involves applying the salt value SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' ' PCT/LJS9G/20487 on input 400 and a password on input 404 to a concatenation function 406 which concatenates the bits from the two values. The output of the concatenator 402 is provided to a one-way function 406. As with the , previous hashing function, the MD2 hashing function can be used as the s one-way function. Here the MD2 function is only applied once to make the hashing function different from that used to construct table 208.
Alternatively, the hashed output could be made different by concatenating the salt/password concatenation with another predetermined constant before passing it through the one-way function or by simply using a one-way function different than MD2.
As with table 208, this second hashing function is represented in table 214 by HASH2[ ... J and concatenation is represented by vertical lines ("II")~ Each hashed concatenation of a password and salt is also represented by a combination number (C1 ... Cn). Therefore C1 = HASH2 Ts [PW1 II SALT]; C2 = HASH2 [PW2 II SALT], etc.
A password key is then formed of the combination values by concatenating the combination values and hashing the concatenated values with the second hashing function. For example, if an entry comprises passwords PW1 and PW2 the cryptographic key would be generated by ~o forming HASH2 [HASH2 [PW1 II SALT] II HASH2 [PW2 II SALT]] or HASH2 [C1 II C2]. The entries are concatenated in an order based on their ordering in table 208, not on the actual entry order. In addition, although the illustrative embodiment uses the hash function HASH2 to has the password combinations another hashing function could also be used.
as This password key is then used to encrypt the file key. Ideally, the encryption process used to encrypt the i'<le key is such that the file key can be easily recovered. in accordance with a preferred embodiment, the password key is simply exclusive-ORed with the file key. The result of the exclusive-OR operation is then stored in the second field 218 of the table ao 214. When this exclusive-OR function is used the file key can be easily SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' ' PCT/US96120487 recovered later by generating the password key from combination of entered passwords and exclusive=ORing the generated key with the value stored in the field 218 of the table 214.
In order to maintain the password files, it is possible to put the ~ s passwords into the encrypted data portion 204 of the file 200. However, if this were done, a user may legitimately obtain access to the passwords, but use them improperly in accessing other files, if, as previously mentioned, users use the same passwords in several contexts. Consequently, the encrypted data portion 204 of file 200 includes a series of hashed values 220 which are used to maintain the table 214 as will hereinafter be described. In particular, the entries in table 220 are the combination values C1 ... Cn described above. Thus, the passwords themselves do not appear in the file.
Figure 5 is a illustrative flowchart illustrating a method for obtaining ~s the fie key of an encrypted file which contains the tables illustrated in Figure 2 by a quorum of users. The rectangular elements (typified by element 500), herein denoted "processing blocks," represent computer software instructions or groups of instructions. The diamond-shaped elements (typifed by element 506), herein denoted "decision blocks," represent 2o computer software instructions or groups of instructions which effect the execution of the computer software instructions represented by the processing blocks. The flow diagram does not depict syntax of any particular computer programming language. Rather, the flow diagram illustrates the functional information which one of ordinary skill in the art as would require to generate computer software to perform the processing required to decrypt an encrypted file structure. It should be noted that many routine program elements, such as initialization of loops and variables and the use of temporary variables, are not shown.
Turning now to Figure 5, the program flow starts at 500 and proceeds so to processing block 502 where the file header (or header file) is read to SUBSTITUTE SHEET (RULE 26) WO 97124675 ' ' ' PCT/LJS96/20487 extract a list of authorized user names, the "salt" value and hashed passwords. The salt value, the user names and hashed passwords are typically extracted from tables such as tables 208 and 214 in the cfeartext .
file header 202 (Figure 2) and temporarily stored in memory. Next, in processing step 504, a list of the extracted user names is displayed, ' generally on a visual display screen. Decision block 506 implements a wait loop which waits for a password to be entered. In particular, the routine checks an input/output device such as a keyboard buffer to detect when a password has been entered. Alternatively, information may be entered by another equivalent method such as a magnetic stripe reader or other entry device. Although the following description describes entry by a keyboard, it is obvious that similar equivalent methods could be used. If no password has been entered, then the routine repeats step 506.
When a user enters a password, the routine proceeds to processing ~s step 508. In step 508, the entered password is concatenated with the retrieved salt value and hashed with the first hashing function to generate HASH1 [PW ~~ SALT, as shown in step 508.
Decision block 510 checks to see if the hashed password just computed matches any of the hashed passwords retrieved from the file 2o header 202 in step 502. if a match is not found, then the password has been entered incorrectly and the routine proceeds to step 512 where an error message is displayed to the user that entered the password. The routine then returns to step 504 to redisplay the user names in case an incorrect password was inadvertently entered. Not shown are conventional is steps that would be taken if incorrect passwords are repeatedly entered.
If, in step 510, the hashed password matches one of the hashed passwords retrieved from table 208 in the header 202 of the file, then ' processing proceeds to step 51fi where a second hashed value of the password concatenated with the salt value is computed using the second 3D hashing function (HASH2 [PW ~~ SALT).
SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' PCT/US96/20487 Next, in processing step 518, a check is made to determine whether a quorum of authorized users has been obtained. This step is performed by comparing the password numbers (based on the table order in table 208) already received with the valid combinations of passwords stored in the first s field (216) of table 214.
If the set of password numbers already entered so far does not match one of the valid combinations for a quorum, then the computed hashed values and the password number are stored and processing continues to step 514 where the user name corresponding to the entered password is deleted from the displayed list.
The routine then proceeds back to step 504 where the adjusted list of user names~is redisplayed. Processing continues by repeating steps 504, 506, 508, 510, 516, 518 and 514 until a quorum is obtained as indicated by the numbers of entered passwords matching one of the password number s combinations stored in the first entry of table 214.
If, in step 520, it is determined that a quorum exists, then the stored hashed password values are concatenated in the order determined by table 208 and hashed using the second hash function to generate the password key as indicated in step 520. Since the concatenation is done by the ao ordering in table 208, rather than the actual entry order, the passwords to form a quorum can be entered in any order. Finally in step 522, the password key is used to decrypt the file key. In the illustrative example, step 522 is performed by exclusive-ORing the password key computed in step 520 with the value in the second field 218 in table 214 for the entry whose Zs list (in the first field) matched the list of entered passwords. The routine then fiinishes in step 524.
Referring now to Figure 6, an illustrative routine to add or remove users or change quorum members is disclosed. The routine starts in step 600 and proceeds to step 602 in which the encrypted portion of the file is ao decrypted using the file key obtained using the procedure described above SUBSTITUTE SHEET (RULE 26) WO 97!24675 ' ' PC~'/US96120487 in conjunction with Figure 5. After the encrypted portion of the file is decrypted, the hashed passwords in table 220 (Figure 2) are read info memory. These hashed passwords will be used to rebuild the table 214.
Processing then continues to step 606 where a decision is made s whether a new user will be added to the group of authorized users. If a new user is to be added, then an additional entry must be made in tables 208 and 220 for that user. tn this case, processing continues to step 608 where the user is instructed to enter a new password. The newly entered password is concatenated with the salt value and then hashed using the first and the second hash function as indicated in step 610.
The new hashed values are then entered into the appropriate tables 208 (field 212) and table 220 as illustrated in step 612. In addition, the new hashed passwords are stored in memory for later rebuilding of the password combination file 214. In the case where more than one new user was being ~ s added to the group of authorized users, steps 608 and 610 would be repeated for each new user and all of the new user information would be entered into the appropriate tables in step 612.
The routine then proceeds to step 614. If, in decision box 606, a decision is made that no new users are being entered, the routine aiso 2o proceeds to step 614. In step 614, using any new users and any new quorum rules the table 214 can be rebuilt. Since the table 220 is changed by the addition or deletion of users, the data portion of the file is re-encrypted using the same key or a new key, also as indicated in step 614.
It should be noted that the hashed passwords read from table 220 in step as 604 and the new hashed passwords are sufficient to rebuild the table 214 without knowledge of any of the actual passwords.
The inventive arrangement provides the following features. Since table 208 contains a list of user names and the associated hashed passwords, there is no necessity for users to enter first a user name and so then a password. Any users whose name appears on the fist can enter a SUBSTITUTE S9iEET (93ULE 26) password, without a corresponding namE and in any order and the routine will recognize valid passwords. Further, the routine will recognize a valid combination of passwords regardless of t'~e order in which the passwords are entered.
s Further, it should be noted that actual passwords do not appear in either-#he-e4ear<e~ beadef of~he-fi~e~~+~~he-e+~c~~pted-p~;~ion3f-tt~e fi;e.
Since only passwords passed through a one-way function are found in the file, it is practically impossible to recover the passwords from the file alone.
Thus, even if users do, in fact, use the same password in different files, with the inventive arrangement, the files will not be compromised. While it is possible to rebuild the file key decryption table 214 from the information in the encrypted portion of the file, the table 214 cannot be rebuilt from the second field of table 208 because the hashing functions in the two tables are different.
~s Although only one embodiment of the invention has been disclosed, it will be apparent to those skilled in the art that various changes and modifications can be made which will achieve some of the advantages of the invention without departing from the spirit and scope of the invention. For example, various well-known encryption techniques can be substituted fo.r Zo those disclosed above to achieve the same results. These and other obvious modifications are intended to be covered by the appended claims.
What is claimed is:
~ > , ~ . , , METHOD AND APPARATUS FOR CONTROLLING ACCESS TO
ENCRYPTED DATA FILES IN A COMPUTER SYSTEM
s FIELD OF THE INVENTION
This invention relates to computer security and, in particular, to systems in which encrypted information can be protected and maintained by multiple users using passwords in concert.
~o BACKGROUND OF THE INVENTION
Many computer systems utilize some type of security to prevent unauthorized use. In the vast majority of systems this security takes the form of a single password per user for a particular company. The password is conventionally an arbitrary combination of characters known only to the user. The combination of characters is generally encoded in the system as _ a combination of bits and may be used to control ~login to the system as well as access to secure information in selected files.
For example, a solution for controlling single user access to encrypted multimedia files is illustrated in U.S. patent No. 5,319,705. The solution discloses a cryptographic means for protecting software distributed over an open channel or via a high density media such as a CD ROM and is based on a use of encryption keys issued to the user by the centralized softv~rare distribution center. To accomplish this, a multimedia file is encrypted with a secret data key (KD), the encrypted file is then distributed is over an open channel or by some other means to a user to be stored and used on that user's computer. A customer key is also produced using a customer number, a counter value equal to zero and a secret key generating key (KGK), known only to a software distribution center. A special function is used with the customer key to derive a variant customer key. The secret so data key (KD) associated with the multimedia file is then encrypted with this variant customer key. The resulting encrypted data key and the customer , , . ;
~ - , " , key are provided to the customer, in many instances by being recorded on the shrink wrap license which accompanies the software. When the software is installed on the user's process or computer a file recovery program associated with the multimedia file, uses the two keys known to the s user to decrypt and recover multimedia file. In this regard, only the specific customer possessing the specific customer number and encrypted data key can decrypt and use multimedia file. This solution is vulnerable to unauthorized users getting and copying the hardcopy customer key and encrypted data key printed on the license and obtaining the multimedia files ~o through intercetpion, if transmitted over an open channel, or by copying if resident on a computer or if a media itself is obtained. Also, once the multimedia file is decrypted, which it must be for the customer to make use of it, access to' it is no longer controlled.
A different method and device for controlling single user access to a s personal computer (PC) by requiring authentication of a human user on the PC is disclosed in U.S. Patent Application 5,210,795. The solution requires encryption of a user's private key with the user's password to create a secret key. The user also has a public key which may be shared and known by others. The secret key and two trusted log-in programs are stored on a zo writable floppy disk. The user boots his computer from the floppy disk. The first trusted login program prompts the user to input his password. Once the user has done so, the second trusted log-in program one-way hashes the password in the background. Meanwhile, the first trusted log-in program determines whether the disk is writeable. If it is writeable, the first trusted 25 login program verifies whether the computer clock is accurate and, if so, sets the "time of last log in" value associated with the trusted login program to the current time. Next, the program authenticates the PC's operating system by comparing it to an accepted operating system digest on the floppy disk, ensuring that the operating system has not been corrupted. Assuming the so second trusted login program has completed hashing password, the first 1a . .;
trusted login program attempts to decrypt the user's secret private key with the hashed password. If successful, the user has been "authenticated".
Next, the trusted login program creates a session key from the user's public-v private key pair and creates and signs a "delegation certificate" using the s decrypted secret key. The trusted log-in program erases the private key '' from PC memory and leaves the session key and the delegation certificate on the PC then runs PCs operating system and the user proceeds to use his PC as desired. Therefore, the user's private key could not later be retained by someone with access to that PC. Once the operating system is booted, it ~ o uses the session key and delegation certificate to prove to remote users that it has been authorized by a human user. In this way, private access to a single PC is controlled. However, once access is gained in a PC, no additional protection is provided to prevent unauthorized access to protect data files. Furthermore, the extra security gained from requiring a quorum of ~ s users to login in one session in order for any one user to gain access is not realized. So, a disgruntled user retains single handed access to any files either on or accessible by the PC.
A solution for providing a secure method of communications over workstation-server network is described in U.S. Patent No. 5,373,559. The zo solution requires a user at a workstation to input his user name or password and a "token" {continually generated by a passive token generator). The computer then hashes the user name or password with a token producing a transmission code. The transmission code is transmitted across a network to a server. The server, which has access to disk storage containing a fist of zs all user passwords or user names, recreates several tokens generated in small intervals of time before and after the transmission code was received by the server. The server then performs the same hashing scheme using those tokens and its list of passwords or user names and produces a set of transmission codes. The server compares the received transmission code 3o to those it produced. If they do not match, the user is not allowed entry to 1b the system through the server. If they do match, the server performs different hashing on the password and token and produces a session code.
The server then sends a message, encrypted using the session code, across the network back to the work station. Once the messeage is s received, the workstation produces a session code and uses it to decrypt the message. As a result, the user is allowed access to the network. Once the user has gained access to the network he has apparent access to a wide variety of files. A detriment of this solution is that it requires that unencrypted user passwords or user names be stored for access by the computer, making them vulnerable to access by intruders. Also, the solution does not provide for encryption of data files. Therefore, if an intruder does gain access to the workstation or the server, stored data files are vulnerable to being accessed. Furthermore, the solution allows one user to gain access to the system, so it does not provide the level of security realized by s a system which requires a quorum of authorized users to access the system at the same time for any user to gain access.
In some systems, additional security is provided by requiring two or more users to act in concert in order to access secure information in files.
In such systems, a group of users must all enter correct passwords in a single zo session in order to access the information. This type of operation is similar to the well-known protocols for the launching of nuclear weapons or financial documents which require two signatures (perhaps an employee and the employee's manager) to be valid.
A problem with such multiple user systems is that, if concerted action zs is needed for access to some information, there is a danger that one of the users required for concerted access to the file will forget his password or leave the company without telling anyone the password and thereby prevent the other remaining users from accessing the secured information. In many systems, it is possible to override the security system and obtain access to ao the information even if all users needed to access the information are not 1c available. However, in cryptographic systems where the information is secured by encrypting it, it may not be possible to decrypt the information without all of the passwords. In addition, resources which require several users acting in concert are often cumbersome to use simply because it is s often difficult to get all of the required users together in order to access the file.
One mechanism for avoiding these problems is to allow access to the secured information by a subset, or quorum, of the total group of users. For example, if there are five users, any two of the five users can concurrently enter passwords to access the secured data. Therefore, if one user forgets his password, leaves the company or is simply not available, a quorum can still be formed of the remaining users in order to access the data. This method works well with cryptographic systems because no special precautions need to be taken for lost or forgotten passwords.
In such a system, when a user name is entered, a password prompt would appear but two or more passwords would be required. Once the passwords were entered, one or more users could leave and let the remaining users work, or if the security constraints mandated, all users might be (administratively) required to remain present until the work was , zo done and the passwords "cleared". In either case, a user who left the company in possession of a valid password would find the password useless unless he could get the cooperation of other authorized users.
One problem with such quorum systems is that entry of the passwords can be cumbersome. Generally each user must enter his name zs and password. The passwords are then combined and the combination is checked against authorized combinations stored in an access file. However, if several users must enter passwords arrd the last person makes a mistake entering his password, then often all users must reenter their passwords.
Quorum systems also have problems with maintainability. For ao example, in order to change the size or composition of the possible groups, 1d ..~y~ . ., . - ... .: . . ~ '. , ;
some method must be provided to obtain combinations of the passwords to form the quorum password comf~inations.. Typically, all authorized users must reenter their passwords if ~ change is made to the size and ~:
composition of the quorum groups or if users are added or deleted.
s Accordingly, there is a need for a security system which is useful for cryptographic systems, but can easily be maintained and can recover if passwords are forgotten. There is also a need for a security system in which the entry of passwords is simplified.
,o SUMMARY OF THE INVENT10N
A secure system is achieved in accordance with the principles of the invention by utilizing both an unencrypted header file and an encrypted data file. The data file contains a list of cryptographically hashed passwords in addition to the data to be secured. Thus, the passwords cannot be s examined by persons examining the file.
The data file contents are encrypted with a single file key. The unencrypted header file contains two tables. The first table is a list of authorized user names and corresponding hashed passwords where the passwords are hashed using a second, different hashing technique than the ao hashed passwords in the data file. The second table is a list of hashed combinations of hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data file. Each hashed combination on the list is also used as a password key to encrypt the file is key.
During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum. If there is a quorum, then 3o passwords of the users in the quorum are hashed with the hashing 1e technique used on passwords in tf a data file, combined and hashed again to form a password key. The file kny can then be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists without requiring all users to reenter their passwords.
Anyone gaining access to the unencrypted file cannot obtain the passwords themselves. Similarly, anyone gaining access to the encrypted file can obtain the hashed passwords, but again cannot directly obtain the passwords. Since it is fairly common for users to utilize the same password for several files, the inventive arrangement prevents users from obtaining any password and possibly using it to improperly gain access to other files.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of a personal computer system suitable ~ a for use with the present invention.
Figure 2 is a schematic diagram illustrating the some of the contents of a data file secured in accordance with the principles of the invention.
Figure 3 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values.
2o Figure 4 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values different from that hashing mechanism shown in Figure 3.
Figure 5 is a flowchart illustrating an illustrative method for obtaining the file key used to encrypt the data file illustrated in Figure 2 by the action is of a quorum of users.
Figure 6 is a filowchart representing an illustrative method for maintaining the data file of Figure 2. ' 3o Figure 1 illustrates the system architecture for a conventional 1f WO 97!24675 ' ' ' PCT/US96/20487 available. However, in cryptographic systems where the information is secured by encrypting it, it may not be possible to decrypt the information without all of the passwords. In addition, resources which require several users acting in concert are often cumbersome to use simply because it is s often difficult to get all of the required users together in order to access the ' file.
One mechanism for avoiding these problems is to allow access to the secured information by a subset, or quorum, of the total group of users. For example, if there are five users, any two of the five users can concurrently enter passwords to access the secured data. Therefore, if one user forgets his password, leaves the company or is simply not available, a quorum can still be formed of the remaining users in order to access the data. This method works well with cryptographic systems because no special precautions need to be taken far lost or forgotten passwords.
~s In such a system, when a user name is entered, a password prompt would appear but two or more passwords would be required. Once the passwords were entered, one or more users could leave and let the remaining users work, or if the security constraints mandated, all users might be {administratively) required to remain present unfit the work was zo done and the passwords "cleared". in either case, a user who left the company in possession of a valid password would find the password useless unless he could get the cooperation of other authorized users.
One problem with such quorum systems is that entry of the passwords can be cumbersome. Generally each user must enter his name zs and password. The passwords are then combined and the combination is checked against authorized combinations stored in an access file. However, if several users must enter passwords and the last person makes a mistake entering his password, then often all users must reenter their passwords.
Quorum systems also have problems with maintainability. For ao example, in order to change the size or composition of the possible groups, SUBSTITUTE SHEET (RULE 2~) some method must be provided to obtain combinations of the passwords to form the quorum password combinations. Typically, all authorized users must reenter their passwords if a change is made to the size and composition of the quorum groups or if users are added or deleted.
Accordingly, there is a need for a security system which is useful for cryptographic systems, but can easily be maintained and can recover if passwords are forgotten. There is also a need for a security system in which the entry of passwords is simplified.
SUMMARY OF THE INVENTION
A secure system is achieved in accordance with the principles of the invention by utilizing both an unencrypted header file and an encrypted data file. The data file contains a list of cryptographically hashed passwords in addition to the data to be secured. Thus, the passwords cannot be examined by persons examining the file.
The data file contents are encrypted with a single file key. The unencrypted header file contains two tables. The first table is a list of authorized user names and corresponding hashed passwords where the passwords are hashed using a second, different hashing technique than the 2o hashed passwords in the data file. The second table is a list of hashed combinations of hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data file. Each hashed combination on the list is also used as a password key to encrypt the file key.
During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum. If there is a quorum, then so passwords of the users in the quorum are hashed with the hashing technique used on passwords in the data file, combined and hashed again to form a password key. The file key can then be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists without requiring all users to reenter their passwords.
Anyone gaining access to the unencrypted file cannot obtain the.
passwords themselves. Similarly, anyone gaining access to the encrypted file can obtain the hashed passwords, but again cannot directly obtain the passwords.
Since it is fairly common for users to utilize the same password for several files, ~o the inventive arrangement prevents users from obtaining any password and possibly using it to improperly gain access to other files.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of a personal computer system suitable for ~s use with the present invention.
Figure 2 is a schematic diagram illustrating the some of the contents of a data file secured in accordance with the principles of the invention.
Figure 3 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values.
2o Figure 4 is a schematic diagram illustrating apparatus for performing a cryptographic hash of input values different from that hashing mechanism shown in Figure 3.
Figure 5 is a flowchart illustrating an illustrative method for obtaining the file key used to encrypt the data file illustrated in Figure 2 by the action of a 25 quorum of users.
Figure 6 is a flowchart representing an illustrative method for maintaining the data file of Figure 2.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
3o Figure 1 illustrates the system architecture for a conventional computer system, such as an IBM PS/2~ computer on which the inventive WO 97/2467,5 ', ~ ' PCT/US96/20487 security system can operate. The exemplary computer system of Figure 1 is for descriptive purposes only. Though the description below may refer to terms commonly used in describing particular computer systems, such as an IBM PS/2 computer, the description and concepts equally apply to other s systems, including systems having architectures dissimilar to Figure 1.
The exemplary computer 100 includes a central processing unit ("CPU") 105, which may include a conventional microprocessor; a system random access memory ("RAM") 110 for temporary storage of information and a read only memory ("ROM") 115 for permanent storage of information.
A memory controller 120 is provided for controlling system RAM 110; a bus controller 125 is provided for controlling bus 130; and an interrupt controller 135 is used for receiving and processing various interrupt signals.
Mass storage may be provided by a diskette 142, a CD-ROM disk 147 or a hard disk 152. The diskette 142 can be inserted into a diskette drive 141, which is, in turn, connected to bus 130 by a controller 140.
Similarly, the CD-ROM disk 147 can be inserted info a CD-ROM drive 146, which is also connected by a controller 145 to bus 130. Finally, hard disks 152 are part of a fixed disk drive 151, which is connected to bus 130 by controller 150.
2o Input and output to computer system 100 are provided by a number of devices. For example, a keyboard and mouse controller 155 connects to bus 130 for controlling a keyboard input device 156 and a mouse input device 157. A DMA controller 160 is provided for performing direct memory access to system RAM 110. A visual display is generated by a video 25 controller 165, which controls a video output display 170. The computer also includes a communications adapter 190 which allows the system to be interconnected to a local area network (LAN) or a wide area network (WAN) which is schematically illustrated by bus 191.
The computer 100 is generally controlled and coordinated by ao operating system software, such as the OS/2~ operating system, available SUBSTITUTE SHEET (RULE 26) from the International Business Machves Corporation ("IBM"), Boca Raton, Florida. Conventional operating systems control and schedule computer processes for execution, perform memory management, provide file system, ':
networking, and I/O services, and provide a user interface, such as a s graphical user interface ("GUI"), among other things. User applications, such as editors and spread sheets, directly or indirectly, rely on these and other capabilities of the operating system.
Figure 2 illustrates the structure of a data file 200 constructed in accordance with the principles of the present invention. The file consists of ,o two main sections, although other sections may exist. These other sections are not necessary for an understanding of the invention and are omitted from the figure for clarity. In particular, the file consists of an unencrypted or "cleartext" header 202 and an encrypted data part 204. Although the unencrypted portion and the data portion are shown as two parts of a single s file, separate unencrypted and encrypted files could be used without departing from the invention. Similarly, although table 220 and data portion 222 are shown as part of the encrypted portion 204, they could also be placed in separate files.
The cleartext data in the encrypted data portion 204 of the file 200.is Zo encrypted using a single file key in a well-known manner. There are several conventional, single key encrypting techniques which could be used to encrypt the file including, but not limited to the DES encoding scheme, the RC2 encoding scheme, the RC4 encoding scheme or the IDEA technique.
This same encoding technique can also be used to encrypt the secured data zs portion 222 either as part of the data portion 204 of ale 200 or as a separate file.
The single file key used to encrypt the data portion of file 200 is then itself encrypted using the inventive multi-password scheme described in detail below.
ao The clear text header 202 includes several tables and a randomly-5 ' ' ' . PCT/US96/20487 chosen value 206 referred to herein as "salt" stored therein. The salt value 206 is typically provided as a randomly- selected value which may be selected using a random number generator of a computer, for example. The actual value is not critical, but the salt number should have a sufficient ~ s number of bits that the selection of duplicate salt numbers for different files is extremely unlikely. Illustratively, a salt value 206 having 64 bits can be used.
Also included in unencrypted header 202 is a first table 208 which consists of a plurality of entries with two fields for every entry. In particular, ~o each entry has a first field 210 containing a user name and a second field 212 containing a cryptographic hash of the password corresponding to the user name in field 210.
In an illustrative embodiment, a password corresponding to a user name is hashed using a one-way cryptographic "hash" of the actual ~ s password combined with the salt value. In particular, the password can be simply conoatenated with the salt value or combined in another manner and then hashed.
An illustrative apparatus for generating a cryptographic "hash" of input values is illustrated in Figure 3, but other, similar arrangements well-Zo known to those in the art can also be used without departing from the scope of the invention. in particular, as shown in Figure 3, the salt value on input 300 and the password on input 304 are provided to a concatenator 302.
Concatenator 302 simply concatenates the bits forming the salt value with the bits comprising the password and provides the resulting series of bits to z5 a one-way function 306.
A one-way function 306 is a well-known function which accepts a ~ series of bits and performs a series of mathematical operations on the bits such that it is substantially impossible, given only the output of the one-way n function, to reconstruct the input. There are several such functions well-ao known to those skilled in the art. One such function, suitable for use with SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' ' PCTIUS96/20487 the illustrative embodiment, is a one-way function called "MD2" which is described in detail in a book entitled Network Security, C. Kaufman, R.
Perlman and M. Speciner, Prentice Hall 1996. A cryptographic hash is _ distinct from a key encryption scheme in that the encrypted data can be s decrypted with the key. However, hashed data cannot be "unhashed." ' The hashed value generated at the output of function 306 is fed to a second MD2 hash function 308 which implements a second MD2 hash function and provides a second hashed value at an output port thereof. It is this second hashed value which is stored in the second field 212 of table ~ 0 208.
The hashing function represented by the two MD2 functions 306 and 308 (Figure 3) is denoted in Figure 2 by HASH1[ ... ]. The concatenation of two values is indicated by separating the values by two vertical fines ("~~") The mechanism shown in Figure 3 could be preferably implemented by a software routine but could also be implemented in hardware. In any case, the routine is part of the permanent file security program.
It should be noted that the order of the entries in table 208 establishes an implied order for the passwords. For example, the first entry corresponds to password 1, the second entry to password two, etc. This ao order is important because it determines the ordering of the entries in the other tables as will hereinafter be explained.
Unencrypted header 202 also includes a second table 214 which also includes a plurality of entries, each of which has two fields 216 and 218.
There is an entry for each combination of passwords which can be used to 25 form the quorum necessary for decrypting the encrypted portion of the file.
For example, assume that there are five authorized administrators and two are required for a quorum. Further assume that the five passwords ' are PW1, PW2, PW3, PW4, and PW6 (the password numbers here refer to the entry orders in table 208 and not the actual order in which the ao passwords are entered by the users.) Then, since the order of entry does SUBSTITUTE SHEET (RULE 26) WO 97124675 ~ ' ' PCT/US96J20487 not matter and a password cannot be paired with itself, there are ten possible combinations of two passwords, each of which defines a value combination for a quorum:
(1 ) PW1, PW2 s (2) PW1, PW3 (3) PW1, PW4 (4) PW1, PW5 (5) PW2, PW3 (6) PW2, PW4 ~ o (7) PW2, PW5 (8) PW3, PW4 (9) PW3,' (10) PW4, PW5 Each of these ten combination would have an entry in table 214. The first field 216 of each entry is a set of numbers indicating which passwords are in the combination. This field consists of the entry numbers for the entries in table 208. Thus, for example, if a particular quorum consisted of users with USER NAME1 and USER NAME2 (and corresponding passwords PW1 and 2o PW2, then the entry in the first field of table 214 would be 1,2.
The second field 218 of table 214 consists of the file key encrypted using hashed passwords in the combination. In particular, a cryptographic hash for each password in the combination for the entry is generated by concatenating if with the salt value and hashing the concatenation. It is as important that the hashing technique used in the second operation is different than the hashing technique used in forming table 208 for reasons ' that will be explained hereinafter.
An apparatus for performing the second cryptographic hash is illustrated in Figure 4, although other well-known techniques could also be so used. As shown in Figure 4, the procedure involves applying the salt value SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' ' PCT/LJS9G/20487 on input 400 and a password on input 404 to a concatenation function 406 which concatenates the bits from the two values. The output of the concatenator 402 is provided to a one-way function 406. As with the , previous hashing function, the MD2 hashing function can be used as the s one-way function. Here the MD2 function is only applied once to make the hashing function different from that used to construct table 208.
Alternatively, the hashed output could be made different by concatenating the salt/password concatenation with another predetermined constant before passing it through the one-way function or by simply using a one-way function different than MD2.
As with table 208, this second hashing function is represented in table 214 by HASH2[ ... J and concatenation is represented by vertical lines ("II")~ Each hashed concatenation of a password and salt is also represented by a combination number (C1 ... Cn). Therefore C1 = HASH2 Ts [PW1 II SALT]; C2 = HASH2 [PW2 II SALT], etc.
A password key is then formed of the combination values by concatenating the combination values and hashing the concatenated values with the second hashing function. For example, if an entry comprises passwords PW1 and PW2 the cryptographic key would be generated by ~o forming HASH2 [HASH2 [PW1 II SALT] II HASH2 [PW2 II SALT]] or HASH2 [C1 II C2]. The entries are concatenated in an order based on their ordering in table 208, not on the actual entry order. In addition, although the illustrative embodiment uses the hash function HASH2 to has the password combinations another hashing function could also be used.
as This password key is then used to encrypt the file key. Ideally, the encryption process used to encrypt the i'<le key is such that the file key can be easily recovered. in accordance with a preferred embodiment, the password key is simply exclusive-ORed with the file key. The result of the exclusive-OR operation is then stored in the second field 218 of the table ao 214. When this exclusive-OR function is used the file key can be easily SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' ' PCT/US96120487 recovered later by generating the password key from combination of entered passwords and exclusive=ORing the generated key with the value stored in the field 218 of the table 214.
In order to maintain the password files, it is possible to put the ~ s passwords into the encrypted data portion 204 of the file 200. However, if this were done, a user may legitimately obtain access to the passwords, but use them improperly in accessing other files, if, as previously mentioned, users use the same passwords in several contexts. Consequently, the encrypted data portion 204 of file 200 includes a series of hashed values 220 which are used to maintain the table 214 as will hereinafter be described. In particular, the entries in table 220 are the combination values C1 ... Cn described above. Thus, the passwords themselves do not appear in the file.
Figure 5 is a illustrative flowchart illustrating a method for obtaining ~s the fie key of an encrypted file which contains the tables illustrated in Figure 2 by a quorum of users. The rectangular elements (typified by element 500), herein denoted "processing blocks," represent computer software instructions or groups of instructions. The diamond-shaped elements (typifed by element 506), herein denoted "decision blocks," represent 2o computer software instructions or groups of instructions which effect the execution of the computer software instructions represented by the processing blocks. The flow diagram does not depict syntax of any particular computer programming language. Rather, the flow diagram illustrates the functional information which one of ordinary skill in the art as would require to generate computer software to perform the processing required to decrypt an encrypted file structure. It should be noted that many routine program elements, such as initialization of loops and variables and the use of temporary variables, are not shown.
Turning now to Figure 5, the program flow starts at 500 and proceeds so to processing block 502 where the file header (or header file) is read to SUBSTITUTE SHEET (RULE 26) WO 97124675 ' ' ' PCT/LJS96/20487 extract a list of authorized user names, the "salt" value and hashed passwords. The salt value, the user names and hashed passwords are typically extracted from tables such as tables 208 and 214 in the cfeartext .
file header 202 (Figure 2) and temporarily stored in memory. Next, in processing step 504, a list of the extracted user names is displayed, ' generally on a visual display screen. Decision block 506 implements a wait loop which waits for a password to be entered. In particular, the routine checks an input/output device such as a keyboard buffer to detect when a password has been entered. Alternatively, information may be entered by another equivalent method such as a magnetic stripe reader or other entry device. Although the following description describes entry by a keyboard, it is obvious that similar equivalent methods could be used. If no password has been entered, then the routine repeats step 506.
When a user enters a password, the routine proceeds to processing ~s step 508. In step 508, the entered password is concatenated with the retrieved salt value and hashed with the first hashing function to generate HASH1 [PW ~~ SALT, as shown in step 508.
Decision block 510 checks to see if the hashed password just computed matches any of the hashed passwords retrieved from the file 2o header 202 in step 502. if a match is not found, then the password has been entered incorrectly and the routine proceeds to step 512 where an error message is displayed to the user that entered the password. The routine then returns to step 504 to redisplay the user names in case an incorrect password was inadvertently entered. Not shown are conventional is steps that would be taken if incorrect passwords are repeatedly entered.
If, in step 510, the hashed password matches one of the hashed passwords retrieved from table 208 in the header 202 of the file, then ' processing proceeds to step 51fi where a second hashed value of the password concatenated with the salt value is computed using the second 3D hashing function (HASH2 [PW ~~ SALT).
SUBSTITUTE SHEET (RULE 26) WO 97/24675 ' ' PCT/US96/20487 Next, in processing step 518, a check is made to determine whether a quorum of authorized users has been obtained. This step is performed by comparing the password numbers (based on the table order in table 208) already received with the valid combinations of passwords stored in the first s field (216) of table 214.
If the set of password numbers already entered so far does not match one of the valid combinations for a quorum, then the computed hashed values and the password number are stored and processing continues to step 514 where the user name corresponding to the entered password is deleted from the displayed list.
The routine then proceeds back to step 504 where the adjusted list of user names~is redisplayed. Processing continues by repeating steps 504, 506, 508, 510, 516, 518 and 514 until a quorum is obtained as indicated by the numbers of entered passwords matching one of the password number s combinations stored in the first entry of table 214.
If, in step 520, it is determined that a quorum exists, then the stored hashed password values are concatenated in the order determined by table 208 and hashed using the second hash function to generate the password key as indicated in step 520. Since the concatenation is done by the ao ordering in table 208, rather than the actual entry order, the passwords to form a quorum can be entered in any order. Finally in step 522, the password key is used to decrypt the file key. In the illustrative example, step 522 is performed by exclusive-ORing the password key computed in step 520 with the value in the second field 218 in table 214 for the entry whose Zs list (in the first field) matched the list of entered passwords. The routine then fiinishes in step 524.
Referring now to Figure 6, an illustrative routine to add or remove users or change quorum members is disclosed. The routine starts in step 600 and proceeds to step 602 in which the encrypted portion of the file is ao decrypted using the file key obtained using the procedure described above SUBSTITUTE SHEET (RULE 26) WO 97!24675 ' ' PC~'/US96120487 in conjunction with Figure 5. After the encrypted portion of the file is decrypted, the hashed passwords in table 220 (Figure 2) are read info memory. These hashed passwords will be used to rebuild the table 214.
Processing then continues to step 606 where a decision is made s whether a new user will be added to the group of authorized users. If a new user is to be added, then an additional entry must be made in tables 208 and 220 for that user. tn this case, processing continues to step 608 where the user is instructed to enter a new password. The newly entered password is concatenated with the salt value and then hashed using the first and the second hash function as indicated in step 610.
The new hashed values are then entered into the appropriate tables 208 (field 212) and table 220 as illustrated in step 612. In addition, the new hashed passwords are stored in memory for later rebuilding of the password combination file 214. In the case where more than one new user was being ~ s added to the group of authorized users, steps 608 and 610 would be repeated for each new user and all of the new user information would be entered into the appropriate tables in step 612.
The routine then proceeds to step 614. If, in decision box 606, a decision is made that no new users are being entered, the routine aiso 2o proceeds to step 614. In step 614, using any new users and any new quorum rules the table 214 can be rebuilt. Since the table 220 is changed by the addition or deletion of users, the data portion of the file is re-encrypted using the same key or a new key, also as indicated in step 614.
It should be noted that the hashed passwords read from table 220 in step as 604 and the new hashed passwords are sufficient to rebuild the table 214 without knowledge of any of the actual passwords.
The inventive arrangement provides the following features. Since table 208 contains a list of user names and the associated hashed passwords, there is no necessity for users to enter first a user name and so then a password. Any users whose name appears on the fist can enter a SUBSTITUTE S9iEET (93ULE 26) password, without a corresponding namE and in any order and the routine will recognize valid passwords. Further, the routine will recognize a valid combination of passwords regardless of t'~e order in which the passwords are entered.
s Further, it should be noted that actual passwords do not appear in either-#he-e4ear<e~ beadef of~he-fi~e~~+~~he-e+~c~~pted-p~;~ion3f-tt~e fi;e.
Since only passwords passed through a one-way function are found in the file, it is practically impossible to recover the passwords from the file alone.
Thus, even if users do, in fact, use the same password in different files, with the inventive arrangement, the files will not be compromised. While it is possible to rebuild the file key decryption table 214 from the information in the encrypted portion of the file, the table 214 cannot be rebuilt from the second field of table 208 because the hashing functions in the two tables are different.
~s Although only one embodiment of the invention has been disclosed, it will be apparent to those skilled in the art that various changes and modifications can be made which will achieve some of the advantages of the invention without departing from the spirit and scope of the invention. For example, various well-known encryption techniques can be substituted fo.r Zo those disclosed above to achieve the same results. These and other obvious modifications are intended to be covered by the appended claims.
What is claimed is:
Claims (30)
1. Apparatus for controlling access secured data (222) stored in a memory (110) by a plurality of authorized users, the apparatus comprising means (404) for receiving a password (PW1, ..., PWn) from one of the authorized users, a means (406) for encrypting the received password (PW1, ..., PWn) and means (208) for creating in the memory for each authorized user an entry (212) having an encrypted password, and CHARACTERIZED IN THAT
the encrypting means (406) uses a one-way cryptographic hashing function (HASH1[PW¦¦SALT]), the entry (212) in the memory is a cryptographically hashed password and a means (208) is responsive to the cryptographically hashed password for permitting the one user to access the secured data (222) only when the cryptographically hashed password received from the user (HASH1[PW¦¦SALT]) matches any of the entries (212) in the memory (110).
the encrypting means (406) uses a one-way cryptographic hashing function (HASH1[PW¦¦SALT]), the entry (212) in the memory is a cryptographically hashed password and a means (208) is responsive to the cryptographically hashed password for permitting the one user to access the secured data (222) only when the cryptographically hashed password received from the user (HASH1[PW¦¦SALT]) matches any of the entries (212) in the memory (110).
2. Apparatus according to claim 1 wherein the means (406) for cryptographically hashing the password (404) comprises means (402) for combining each password (404) with a predetermined salt value (400) and means (406) for cryptographically hashing the combination of the salt value (400) and the password (404).
3. Apparatus according to claim 2 wherein the means (406) for hashing the combination of the salt value (400) and the password (404) comprises means (402) for concatenating the salt value (400) and the password (404).
4. Apparatus according to claim 2 wherein the means for cryptographically hashing the combination of the salt value (400) and the password (404) comprises means for passing the combination through a one-way function (406).
5. Apparatus according to claim 1 wherein the secured data (222) is encrypted before being stored in the memory (110) and wherein a means (step 516) is provided responsive to passwords received from a group of authorized users whose cryptographically hashed password matches any of the cryptographically hashed passwords (212) in the memory (110), for determining whether the group of authorized users constitutes a valid quorum (216), and a means (steps 520, 522) is provided for decrypting the secured data (222) when the group of authorized users constitutes a valid quorum (216).
6. Apparatus according to claim 1 wherein the secured data (222) is encrypted with a file key (ID FILE KEY) and stored in the memory (110) and wherein a means (step 518) is provided responsive to the plurality of passwords (PW1, ..., PWn) received from a group of authorized users for determining whether the group of users constitutes a valid quorum (216), a means (steps 520, 522) is provided for computing the file key (ID FILE KEY) from a plurality of second entries (C1, C2, ...., Cn) corresponding to supplied passwords (PW'I, ....PWn), and a means (step (~14) is provided for encrypting the second entries (C1, C2, ..., Cn) with the file key (ID FILE KEY).
7. Apparatus according to claim 6 wherein the determining means comprises means (steps 520, 522) for generating the file key (ID FILE
KEY) when the group of users constitutes a valid quorum (216).
KEY) when the group of users constitutes a valid quorum (216).
8. Apparatus according to claim 7 wherein a means (step 602) is provided cooperating with the determining means (step 518) for decrypting the second entries (C1, C2, ..., Cn) with the generated file key (ID FILE KEY) and a means (step 614) is provided responsive to the decrypted second entries (C1, C2, ..., Cn) for recreating the table (214) in the memory (110).
9. Apparatus according to claim 6 wherein a means is provided for creating in the memory a table (208) having a first entry (PW ¦¦ SALT) for each of the plurality of authorized users, the table (208) including a cryptographic hash (HASH1) of the each user's first entry (PW ¦¦
SALT), a means is provided for creating in the memory for each group of users constituting a valid quorum (216), a second entry (218) comprising a combination of user passwords (1, 2, ...k) for users in each group and the file key (ID FILE KEY) encrypted with a password key (HASH2[C1 ¦¦ C2 ¦¦ C3 ... ¦¦ Ck]) comprised of a cryptographic hash (HASH2) of the first entries (PW ¦¦ SALT) for each of the users in each group, a means is provided for checking (518) the plurality of received passwords (PW1, ..., PWn) against the password combinations (1,2, ..., k) in each of the second entries (218) and for generating (step 520) a password key (HASH2[C1 ¦¦ C2 ¦¦ C3 ... ¦¦ Ck]) from the plurality of received passwords (PW1, ..., PWn), and a means (step 522) is provided responsive to the generated password key (HASH2[C1 ¦¦ C2 ¦¦ C3 ... ¦¦ Ck]) for decrypting the file key (ID FILE KEY).
SALT), a means is provided for creating in the memory for each group of users constituting a valid quorum (216), a second entry (218) comprising a combination of user passwords (1, 2, ...k) for users in each group and the file key (ID FILE KEY) encrypted with a password key (HASH2[C1 ¦¦ C2 ¦¦ C3 ... ¦¦ Ck]) comprised of a cryptographic hash (HASH2) of the first entries (PW ¦¦ SALT) for each of the users in each group, a means is provided for checking (518) the plurality of received passwords (PW1, ..., PWn) against the password combinations (1,2, ..., k) in each of the second entries (218) and for generating (step 520) a password key (HASH2[C1 ¦¦ C2 ¦¦ C3 ... ¦¦ Ck]) from the plurality of received passwords (PW1, ..., PWn), and a means (step 522) is provided responsive to the generated password key (HASH2[C1 ¦¦ C2 ¦¦ C3 ... ¦¦ Ck]) for decrypting the file key (ID FILE KEY).
10. Apparatus according to claim 1 wherein the secured data (222) is encrypted with a file key (ID FILE KEY) and stored in a memory (110) and wherein a means (step 518) is provided responsive to the plurality of received passwords (PW1, ..., PWn) and to the cryptographic hashes (HASH1[PW¦¦SALT]) created in the memory (110) for determining whether the group of uses constitutes a valid quorum of authorized users, a means is provided for creating in the memory (110) for each authorized user, a second entry (HASH2[PW¦¦SALT]) comprising a password (PW1, ..., PWn) for the each authorized user cryptographically hashed with a technique (HASH2) different from a cryptographic technique (HASH1) used to cryptographically hash passwords in the entries (212), and a means is provided for encrypting each of the second entries (HASH2[PW¦¦SALT]) with the file key (ID FILE KEY).
11. Apparatus according to claim 10 wherein the means (step 508) for creating the first entries (212) comprises means (402) for combining each password (404) with a predetermined salt value (400) and means (406) for cryptographically hashing the combination of the salt value (400) and the password (404).
12. Apparatus according to claim 10 wherein the means (step 518) for .
determining whether the group of users constitutes a valid quorum of authorized users comprises means for creating in the memory (110) for each quorum of authorized users, a third entry (216) comprising a combination of passwords (1,2, ..., k) in each quorum and the file key (ID FILE KEY) encrypted with a password key (HASH2[C1 ¦¦C2¦¦C3 ...
¦¦Ck]) comprised of a cryptographically hashed combination (C1 ¦¦C2¦¦C3 ... ¦¦Ck) of cryptographically hashed passwords (HASH2[PW¦¦SALT]) of the users in each quorum.
determining whether the group of users constitutes a valid quorum of authorized users comprises means for creating in the memory (110) for each quorum of authorized users, a third entry (216) comprising a combination of passwords (1,2, ..., k) in each quorum and the file key (ID FILE KEY) encrypted with a password key (HASH2[C1 ¦¦C2¦¦C3 ...
¦¦Ck]) comprised of a cryptographically hashed combination (C1 ¦¦C2¦¦C3 ... ¦¦Ck) of cryptographically hashed passwords (HASH2[PW¦¦SALT]) of the users in each quorum.
13. Apparatus according to claim 12 wherein in each of the plurality of third entries (216), the hashed passwords are cryptographically hashed using the same technique (HASH2) as that used to cryptographically hash passwords in the second entry (HASH2[PW¦¦SALT]).
14. Apparatus according to claim 11 wherein the means (406) for cryptographically hashing the combination of the salt value (400) and the password (404) comprises means (402) for concatenating the salt value (400) and the password (404).
15. Apparatus according to claim 11 wherein the means (406) for cryptographically hashing the combination of the salt value (400) and the password (404) comprises means for passing the combination through a one-way function (406).
16. Apparatus according to claim 15 wherein the one-way function (406) is an MD2 function.
17. Apparatus according to claim 12 wherein the means for creating the third entries (216) comprises a means {302) for combining each password (304) with a predetermined salt value (300) and a means for cryptographically hashing (306, 308) the combination of the salt value (300) and the password (304) and wherein a means (step 520) is provided for forming a combination (C1¦¦C2¦¦C3 ... ¦¦Ck) of cryptographically hashed passwords in the each quorum and a means (step 520) for cryptographically hashing {HASH2[C1¦¦C2¦¦C3 ... ¦¦Ck]) the combination of cryptographically hashed passwords.
18. Apparatus according to claim 17 wherein the means (302) for combining each password (304) with the predetermined salt value (300) comprises means for concatenating (302) each password (304) and the salt value (300).
19. Apparatus according to claim 17 wherein the means (306, 308) for cryptographically hashing the combination of the salt value (300) and the password (304) comprises means for passing the combination of the salt value (300) and the password (304) through a one-way function (306, 308).
20. Apparatus according to claim 19 wherein the one-way function (306, 308) comprises means for passing the combination through a ,first MD2 function (306) and the result therefrom through a second MD2 function (308).
21. Apparatus according to claim 12 wherein the file key (ID FILE KEY) is encrypted with the password key (HASH2[C1 ¦¦C2¦¦C3 ... ¦¦Ck]) by exclusive-ORing the file key (ID FILE KEY) and the password key (HASH2[C1¦¦C2¦¦C3 ... ¦¦Ck]).
22. A method for controlling access to secured data (222) by quorums of authorized users, the secured data (222) being encrypted with a file key and stored in a memory (110), the method using a table (200) in the memory having a first entry for each authorized user, the first entry having the name (210) of the each authorized user and a corresponding encrypted password (212) CHARACTERIZED IN THAT
a second table (214) is generated in the memory (110) with a second entry comprising a combination of passwords in each quorum (216) and the file key encrypted with a password key (218) comprised of a cryptographically hashed combination of cryptographically hashed passwords of the users in the each.quorum (HASH2[C1;¦C2¦¦C3¦¦ ...
¦¦Ck]), wherein a second cryptographic hashing technique (HASH2) used to create the second entry (218) difFers from a first cryptographic hashing technique (HASH1) to create the first entry and wherein an entered password (404) is hashed (508) using the first cryptographic hashing technique (HASH1) and is then compared (510) to a plurality of first entries (HASH1[PW¦¦SALT]) of cryptographically hashed passwords, and when a match is detected, indicating an authorized user, the entered password is cryptographically hashed (516) with the second hashing technique(HASH2), then checked (518) to determine whether a quorum of entered passwords has been obtained, and, if so, a password key (HASH2[C1¦¦C2¦¦C3¦¦... ¦¦Ck]) is computed (520) by combining passwords hashed with the second cryptographic hashing technique (HASH2) and cryptographically hashing the combination (C1¦¦C2¦¦C3¦¦ ... ¦¦Ck) with the second hashing technique (HASH2) and using the password key (HASH2[C1¦¦C2¦¦C3¦¦... ¦¦Ck]) to decrypt (522) the file key (ID FILE KEY) when a quorum has been obtained, and if a quorum has not been obtained removing (514) the authorized user name from the list (210) and then repeating the method until a valid quorum is achieved.
a second table (214) is generated in the memory (110) with a second entry comprising a combination of passwords in each quorum (216) and the file key encrypted with a password key (218) comprised of a cryptographically hashed combination of cryptographically hashed passwords of the users in the each.quorum (HASH2[C1;¦C2¦¦C3¦¦ ...
¦¦Ck]), wherein a second cryptographic hashing technique (HASH2) used to create the second entry (218) difFers from a first cryptographic hashing technique (HASH1) to create the first entry and wherein an entered password (404) is hashed (508) using the first cryptographic hashing technique (HASH1) and is then compared (510) to a plurality of first entries (HASH1[PW¦¦SALT]) of cryptographically hashed passwords, and when a match is detected, indicating an authorized user, the entered password is cryptographically hashed (516) with the second hashing technique(HASH2), then checked (518) to determine whether a quorum of entered passwords has been obtained, and, if so, a password key (HASH2[C1¦¦C2¦¦C3¦¦... ¦¦Ck]) is computed (520) by combining passwords hashed with the second cryptographic hashing technique (HASH2) and cryptographically hashing the combination (C1¦¦C2¦¦C3¦¦ ... ¦¦Ck) with the second hashing technique (HASH2) and using the password key (HASH2[C1¦¦C2¦¦C3¦¦... ¦¦Ck]) to decrypt (522) the file key (ID FILE KEY) when a quorum has been obtained, and if a quorum has not been obtained removing (514) the authorized user name from the list (210) and then repeating the method until a valid quorum is achieved.
23. A method according to claim 22 wherein the memory (110) includes for each authorized user, a third entry. (C1 ... Cn) comprising a password (PW1 ... PWn) for each authorized user hashed with the same cryptographic hashing technique (HASH2) used to hash passwords in the second entry (218) and where new quorum rules are received (606) and, based on the new quorum rules, new second entries (218) are computed using the third entries (HASH2[PW¦¦SALT]).
24. A method according to claim 22 wherein the hashing step (508) comprises the steps of concatenating (402) the password (404) with a predetermined salt value (400) and passing the concatenation through a one-way function (406).
25. A method according to claim 24 wherein the one-way funtion is an MD2 function (406).
26. A method according to claim 22 wherein the hashing step (516) comprises the steps of concatenating (302) the password (304) with a predetermined salt value (300) and passing the concatenation through a one-way function (306, 308).
27. A method according to claim 26 wherein the one-way function is comprised of two MD2 functions (306, 308).
28. A method according to claim 22 wherein the file key is decrypted (522) by exclusive-ORing it with the password key (HASH2[C1 ¦¦C2¦¦C3 ... ¦¦Ck]).
29. A method according to claim 22 wherein the second cryptographic hashing technique (HASH2) of the computing step (520) further comprises the steps of concatenating (302) passwords in the quorum subset (C1¦¦C2¦¦ ... Ck) and cryptographically hashing the computed concatenation.
30. A method according to claim 29 wherein the concatenation (C1¦¦C2¦¦C3 ... ¦¦Ck) is passed through two MD2 functions (306, 308).
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US08/579,812 US5787169A (en) | 1995-12-28 | 1995-12-28 | Method and apparatus for controlling access to encrypted data files in a computer system |
| US08/579,812 | 1995-12-28 | ||
| PCT/US1996/020487 WO1997024675A1 (en) | 1995-12-28 | 1996-12-27 | Method and apparatus for controlling access to encrypted data files in a computer system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2241745A1 CA2241745A1 (en) | 1997-07-10 |
| CA2241745C true CA2241745C (en) | 2003-04-29 |
Family
ID=24318456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002241745A Expired - Fee Related CA2241745C (en) | 1995-12-28 | 1996-12-27 | Method and apparatus for controlling access to encrypted data files in a computer system |
Country Status (7)
| Country | Link |
|---|---|
| US (2) | US5787169A (en) |
| EP (1) | EP0976049B1 (en) |
| JP (1) | JP3807747B2 (en) |
| AT (1) | ATE298436T1 (en) |
| CA (1) | CA2241745C (en) |
| DE (1) | DE69634880T2 (en) |
| WO (1) | WO1997024675A1 (en) |
Families Citing this family (167)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6023506A (en) * | 1995-10-26 | 2000-02-08 | Hitachi, Ltd. | Data encryption control apparatus and method |
| JP3060996B2 (en) * | 1997-05-30 | 2000-07-10 | 日本電気株式会社 | Wireless data communication device |
| US6079021A (en) * | 1997-06-02 | 2000-06-20 | Digital Equipment Corporation | Method and apparatus for strengthening passwords for protection of computer systems |
| US6064736A (en) * | 1997-09-15 | 2000-05-16 | International Business Machines Corporation | Systems, methods and computer program products that use an encrypted session for additional password verification |
| US6230269B1 (en) * | 1998-03-04 | 2001-05-08 | Microsoft Corporation | Distributed authentication system and method |
| JP4169822B2 (en) * | 1998-03-18 | 2008-10-22 | 富士通株式会社 | Data protection method for storage medium, apparatus therefor, and storage medium therefor |
| US7096358B2 (en) * | 1998-05-07 | 2006-08-22 | Maz Technologies, Inc. | Encrypting file system |
| WO1999066383A2 (en) * | 1998-06-15 | 1999-12-23 | Dmw Worldwide, Inc. | Method and apparatus for assessing the security of a computer system |
| WO2000025474A1 (en) * | 1998-10-26 | 2000-05-04 | Bradley Madison Company Doing Business As Evolv Adaptive Technology | Cryptographic protocol for financial transactions |
| US6957330B1 (en) | 1999-03-01 | 2005-10-18 | Storage Technology Corporation | Method and system for secure information handling |
| US6668323B1 (en) * | 1999-03-03 | 2003-12-23 | International Business Machines Corporation | Method and system for password protection of a data processing system that permit a user-selected password to be recovered |
| US6292692B1 (en) | 1999-04-30 | 2001-09-18 | Medical Research Laboratories, Inc. | Medical treatment device with functions, operated under passcode control |
| US6708272B1 (en) | 1999-05-20 | 2004-03-16 | Storage Technology Corporation | Information encryption system and method |
| US6367010B1 (en) * | 1999-07-02 | 2002-04-02 | Postx Corporation | Method for generating secure symmetric encryption and decryption |
| US7151832B1 (en) | 1999-11-18 | 2006-12-19 | International Business Machines Corporation | Dynamic encryption and decryption of a stream of data |
| KR100380250B1 (en) * | 2000-02-21 | 2003-04-18 | 트렉 2000 인터네셔널 엘티디. | A Portable Data Storage Device |
| US7178021B1 (en) * | 2000-03-02 | 2007-02-13 | Sun Microsystems, Inc. | Method and apparatus for using non-secure file servers for secure information storage |
| US6826686B1 (en) * | 2000-04-14 | 2004-11-30 | International Business Machines Corporation | Method and apparatus for secure password transmission and password changes |
| US7278023B1 (en) * | 2000-06-09 | 2007-10-02 | Northrop Grumman Corporation | System and method for distributed network acess and control enabling high availability, security and survivability |
| CA2351291A1 (en) * | 2000-06-26 | 2001-12-26 | Nadine Smolarski-Koff | Data exchange method and communication protocol used during same |
| US7020773B1 (en) * | 2000-07-17 | 2006-03-28 | Citrix Systems, Inc. | Strong mutual authentication of devices |
| US6947556B1 (en) | 2000-08-21 | 2005-09-20 | International Business Machines Corporation | Secure data storage and retrieval with key management and user authentication |
| US7010689B1 (en) | 2000-08-21 | 2006-03-07 | International Business Machines Corporation | Secure data storage and retrieval in a client-server environment |
| US6775668B1 (en) * | 2000-09-11 | 2004-08-10 | Novell, Inc. | Method and system for enhancing quorum based access control to a database |
| US6986040B1 (en) | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
| WO2002037728A1 (en) * | 2000-11-03 | 2002-05-10 | Fusionone, Inc. | Updating security schemes for remote client access |
| US7197765B2 (en) * | 2000-12-29 | 2007-03-27 | Intel Corporation | Method for securely using a single password for multiple purposes |
| US20020122553A1 (en) * | 2001-03-01 | 2002-09-05 | International Business Machines Corporation | Method and apparatus for lightweight rekeying of a master key in a single sign-on system |
| US7350078B1 (en) | 2001-04-26 | 2008-03-25 | Gary Odom | User selection of computer login |
| ATE335236T1 (en) * | 2001-06-28 | 2006-08-15 | Trek 2000 Int Ltd | DATA TRANSFER PROCEDURES AND FACILITIES |
| WO2003003295A1 (en) * | 2001-06-28 | 2003-01-09 | Trek 2000 International Ltd. | A portable device having biometrics-based authentication capabilities |
| WO2003003278A1 (en) * | 2001-06-28 | 2003-01-09 | Trek 2000 International Ltd. | A portable device having biometrics-based authentication capabilities |
| US7421411B2 (en) | 2001-07-06 | 2008-09-02 | Nokia Corporation | Digital rights management in a mobile communications environment |
| US8117450B2 (en) * | 2001-10-11 | 2012-02-14 | Hewlett-Packard Development Company, L.P. | System and method for secure data transmission |
| US7203317B2 (en) * | 2001-10-31 | 2007-04-10 | Hewlett-Packard Development Company, L.P. | System for enabling lazy-revocation through recursive key generation |
| US20030093381A1 (en) * | 2001-11-09 | 2003-05-15 | David Hohl | Systems and methods for authorization of data strings |
| US7370366B2 (en) * | 2001-11-16 | 2008-05-06 | International Business Machines Corporation | Data management system and method |
| US8006280B1 (en) | 2001-12-12 | 2011-08-23 | Hildebrand Hal S | Security system for generating keys from access rules in a decentralized manner and methods therefor |
| US10033700B2 (en) * | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
| US7930756B1 (en) | 2001-12-12 | 2011-04-19 | Crocker Steven Toye | Multi-level cryptographic transformations for securing digital assets |
| US7562232B2 (en) | 2001-12-12 | 2009-07-14 | Patrick Zuili | System and method for providing manageability to security information for secured items |
| US7921450B1 (en) | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
| US7921284B1 (en) | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
| US7921288B1 (en) | 2001-12-12 | 2011-04-05 | Hildebrand Hal S | System and method for providing different levels of key security for controlling access to secured items |
| US7178033B1 (en) | 2001-12-12 | 2007-02-13 | Pss Systems, Inc. | Method and apparatus for securing digital assets |
| US7631184B2 (en) | 2002-05-14 | 2009-12-08 | Nicholas Ryan | System and method for imposing security on copies of secured items |
| US7380120B1 (en) | 2001-12-12 | 2008-05-27 | Guardian Data Storage, Llc | Secured data format for access control |
| US8065713B1 (en) | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
| USRE41546E1 (en) | 2001-12-12 | 2010-08-17 | Klimenty Vainstein | Method and system for managing security tiers |
| US10360545B2 (en) | 2001-12-12 | 2019-07-23 | Guardian Data Storage, Llc | Method and apparatus for accessing secured electronic data off-line |
| US7478418B2 (en) | 2001-12-12 | 2009-01-13 | Guardian Data Storage, Llc | Guaranteed delivery of changes to security policies in a distributed system |
| US7260555B2 (en) | 2001-12-12 | 2007-08-21 | Guardian Data Storage, Llc | Method and architecture for providing pervasive security to digital assets |
| US7565683B1 (en) | 2001-12-12 | 2009-07-21 | Weiqing Huang | Method and system for implementing changes to security policies in a distributed security system |
| US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
| US7783765B2 (en) * | 2001-12-12 | 2010-08-24 | Hildebrand Hal S | System and method for providing distributed access control to secured documents |
| US7143113B2 (en) * | 2001-12-21 | 2006-11-28 | Cybersoft, Inc. | Apparatus, methods and articles of manufacture for securing and maintaining computer systems and storage media |
| US7950066B1 (en) | 2001-12-21 | 2011-05-24 | Guardian Data Storage, Llc | Method and system for restricting use of a clipboard application |
| US7249379B2 (en) * | 2002-02-01 | 2007-07-24 | Systems Advisory Group Enterprises, Inc. | Method and apparatus for implementing process-based security in a computer system |
| CN100520935C (en) * | 2002-02-07 | 2009-07-29 | 特科2000国际有限公司 | Portable data storage and image recording device capable of directy connecting to computer USB port |
| US8176334B2 (en) | 2002-09-30 | 2012-05-08 | Guardian Data Storage, Llc | Document security system that permits external users to gain access to secured files |
| KR100450953B1 (en) * | 2002-03-05 | 2004-10-02 | 삼성전자주식회사 | User authentication method using password |
| ATE345530T1 (en) * | 2002-03-12 | 2006-12-15 | Trek 2000 Int Ltd | SYSTEM AND APPARATUS FOR ACCESSING AND TRANSPORTING ELECTRONIC TRANSMISSIONS USING A PORTABLE STORAGE DEVICE |
| US8613102B2 (en) | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
| EP1454240B1 (en) * | 2002-05-13 | 2006-02-08 | Trek 2000 International Ltd | System and apparatus for compressing and decompressing data stored to a portable data storage device |
| US20030212911A1 (en) * | 2002-05-13 | 2003-11-13 | International Business Machines Corporation | Secure control of access to data stored on a storage device of a computer system |
| US7167980B2 (en) * | 2002-05-30 | 2007-01-23 | Intel Corporation | Data comparison process |
| US20030226040A1 (en) * | 2002-06-03 | 2003-12-04 | International Business Machines Corporation | Controlling access to data stored on a storage device of a trusted computing platform system |
| TW588243B (en) * | 2002-07-31 | 2004-05-21 | Trek 2000 Int Ltd | System and method for authentication |
| WO2004034184A2 (en) * | 2002-08-23 | 2004-04-22 | Exit-Cube, Inc. | Encrypting operating system |
| JP4553565B2 (en) * | 2002-08-26 | 2010-09-29 | パナソニック株式会社 | Electronic value authentication method, authentication system and device |
| US7512810B1 (en) | 2002-09-11 | 2009-03-31 | Guardian Data Storage Llc | Method and system for protecting encrypted files transmitted over a network |
| KR20040031463A (en) * | 2002-10-07 | 2004-04-13 | (주)메트로디알엠 | System for packaging a digital contents file and method thereof |
| US8447990B2 (en) * | 2002-10-25 | 2013-05-21 | Cambridge Interactive Development Corp. | Password encryption key |
| US7836310B1 (en) | 2002-11-01 | 2010-11-16 | Yevgeniy Gutnik | Security system that uses indirect password-based encryption |
| US20040111610A1 (en) * | 2002-12-05 | 2004-06-10 | Canon Kabushiki Kaisha | Secure file format |
| US20050235145A1 (en) * | 2002-12-05 | 2005-10-20 | Canon Kabushiki Kaisha | Secure file format |
| US7577838B1 (en) | 2002-12-20 | 2009-08-18 | Alain Rossmann | Hybrid systems for securing digital assets |
| US7890990B1 (en) | 2002-12-20 | 2011-02-15 | Klimenty Vainstein | Security system with staging capabilities |
| GB2402234A (en) * | 2003-04-29 | 2004-12-01 | Little Cat Z Ltd | Authorising a user who has forgotten their computer password |
| US8707034B1 (en) | 2003-05-30 | 2014-04-22 | Intellectual Ventures I Llc | Method and system for using remote headers to secure electronic files |
| US7730543B1 (en) | 2003-06-30 | 2010-06-01 | Satyajit Nath | Method and system for enabling users of a group shared across multiple file security systems to access secured files |
| WO2005003938A1 (en) * | 2003-07-04 | 2005-01-13 | Nokia Corporation | Key storage administration |
| US7555558B1 (en) | 2003-08-15 | 2009-06-30 | Michael Frederick Kenrich | Method and system for fault-tolerant transfer of files across a network |
| JP5058600B2 (en) * | 2003-09-12 | 2012-10-24 | イーエムシー コーポレイション | System and method for providing contactless authentication |
| US7222312B2 (en) * | 2003-09-26 | 2007-05-22 | Ferguson John G | Secure exchange of information in electronic design automation |
| US7353468B2 (en) * | 2003-09-26 | 2008-04-01 | Ferguson John G | Secure exchange of information in electronic design automation |
| US7703140B2 (en) | 2003-09-30 | 2010-04-20 | Guardian Data Storage, Llc | Method and system for securing digital assets using process-driven security policies |
| US8127366B2 (en) | 2003-09-30 | 2012-02-28 | Guardian Data Storage, Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
| US7565702B2 (en) * | 2003-11-03 | 2009-07-21 | Microsoft Corporation | Password-based key management |
| JP4587158B2 (en) * | 2004-01-30 | 2010-11-24 | キヤノン株式会社 | Secure communication method, terminal device, authentication service device, computer program, and computer-readable recording medium |
| US9589117B2 (en) * | 2004-02-17 | 2017-03-07 | Hewlett-Packard Development Company, L.P. | Computer security system and method |
| US20050204174A1 (en) * | 2004-03-11 | 2005-09-15 | International Business Machines Corporation | Password protection mechanism |
| US20050210259A1 (en) * | 2004-03-22 | 2005-09-22 | Sharp Laboratories Of America, Inc. | Scan to confidential print job communications |
| JP2005327235A (en) * | 2004-04-13 | 2005-11-24 | Hitachi Ltd | Method for encryption backup and method for decryption restoration |
| US7707427B1 (en) | 2004-07-19 | 2010-04-27 | Michael Frederick Kenrich | Multi-level file digests |
| US7784088B2 (en) * | 2004-07-30 | 2010-08-24 | Research In Motion Limited | Method and system for managing delayed user authentication |
| TWI245223B (en) * | 2004-07-30 | 2005-12-11 | Transcend Information Inc | Embedded software operating method and hardware architecture for portable disc drive |
| CA2575288C (en) | 2004-07-30 | 2017-10-31 | Research In Motion Limited | Method and system for coordinating client and host security modules |
| KR100609701B1 (en) * | 2004-08-05 | 2006-08-09 | 한국전자통신연구원 | An transaction certification method and system to protect privacy on electronic transaction details |
| US7941671B2 (en) * | 2004-10-14 | 2011-05-10 | Oracle International Corporation | Method and apparatus for accommodating multiple verifier types with limited storage space |
| US7802096B1 (en) * | 2004-10-19 | 2010-09-21 | Cisco Technology, Inc. | Fallback key retrieval |
| US7814317B1 (en) * | 2004-10-19 | 2010-10-12 | Cisco Technology, Inc. | Multiple password documents |
| US8789195B2 (en) | 2004-12-22 | 2014-07-22 | Telecom Italia S.P.A. | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor |
| US8219823B2 (en) * | 2005-03-04 | 2012-07-10 | Carter Ernst B | System for and method of managing access to a system using combinations of user information |
| US20060206919A1 (en) * | 2005-03-10 | 2006-09-14 | Axalto Sa | System and method of secure login on insecure systems |
| EP1715404A1 (en) * | 2005-04-22 | 2006-10-25 | Siemens Aktiengesellschaft | System for the storage and recovery of confidential information |
| US8272058B2 (en) | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
| US7895651B2 (en) | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
| US20070028291A1 (en) * | 2005-07-29 | 2007-02-01 | Bit 9, Inc. | Parametric content control in a network security system |
| US8984636B2 (en) | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
| US20070079143A1 (en) * | 2005-09-29 | 2007-04-05 | Avaya Technology Corp. | Secure recoverable passwords |
| US20070143601A1 (en) * | 2005-12-15 | 2007-06-21 | Arroyo Diana J | System and method for authorizing information flows |
| US7512792B2 (en) * | 2005-12-15 | 2009-03-31 | International Business Machines Corporation | Reference monitor method for enforcing information flow policies |
| US7647630B2 (en) | 2005-12-15 | 2010-01-12 | International Business Machines Corporation | Associating security information with information objects in a data processing system |
| KR100823631B1 (en) | 2006-01-03 | 2008-04-21 | 노키아 코포레이션 | Key storage administration |
| JP4829654B2 (en) * | 2006-03-27 | 2011-12-07 | 富士通株式会社 | Data concealment method, concealed data restoration method, data concealment program, concealed data restoration program, computer |
| US20090222927A1 (en) * | 2006-04-30 | 2009-09-03 | Pikus Fedor G | Concealment of Information in Electronic Design Automation |
| US8775820B1 (en) * | 2006-06-02 | 2014-07-08 | Sprint Communications Company L.P. | System and method of enterprise administrative password generation and control |
| US20080126808A1 (en) * | 2006-07-05 | 2008-05-29 | Cms Products, Inc. | Encrypted dataset access by custodians |
| JP4642725B2 (en) * | 2006-09-29 | 2011-03-02 | Necパーソナルプロダクツ株式会社 | Determination apparatus, determination method, and program |
| US8769637B2 (en) * | 2007-03-23 | 2014-07-01 | Sap Ag | Iterated password hash systems and methods for preserving password entropy |
| US8744076B2 (en) * | 2007-04-04 | 2014-06-03 | Oracle International Corporation | Method and apparatus for encrypting data to facilitate resource savings and tamper detection |
| US7996885B2 (en) * | 2007-04-19 | 2011-08-09 | International Business Machines Corporation | Password application |
| US7822935B2 (en) * | 2007-05-03 | 2010-10-26 | Sandisk Il Ltd. | Methods for data-smuggling |
| US8156332B2 (en) * | 2007-05-29 | 2012-04-10 | Apple Inc. | Peer-to-peer security authentication protocol |
| EP2163030A2 (en) * | 2007-06-27 | 2010-03-17 | France Telecom | Access management method |
| US20090158299A1 (en) * | 2007-10-31 | 2009-06-18 | Carter Ernst B | System for and method of uniform synchronization between multiple kernels running on single computer systems with multiple CPUs installed |
| US20090168994A1 (en) * | 2007-12-26 | 2009-07-02 | Heuss Michael R | Method for providing stronger encryption using conventional ciphers |
| TWI372340B (en) * | 2008-08-29 | 2012-09-11 | Phison Electronics Corp | Storage system, controller and data protecting method thereof |
| WO2010071843A1 (en) * | 2008-12-19 | 2010-06-24 | Privatetree, Llc. | Systems and methods for facilitating relationship management |
| JP5504635B2 (en) * | 2009-01-29 | 2014-05-28 | カシオ計算機株式会社 | Display device, image display method, and program |
| KR101150415B1 (en) * | 2009-08-22 | 2012-06-01 | (주)엠더블유스토리 | Method of managing for security universal serial bus, and program recording media for managing security universal serial bus |
| US8566952B1 (en) * | 2009-12-24 | 2013-10-22 | Intuit Inc. | System and method for encrypting data and providing controlled access to encrypted data with limited additional access |
| CN102200948A (en) * | 2010-03-23 | 2011-09-28 | 北京爱国者信息技术有限公司 | Multi-partition memory device and access method thereof |
| US8788842B2 (en) | 2010-04-07 | 2014-07-22 | Apple Inc. | System and method for content protection based on a combination of a user PIN and a device specific identifier |
| US8510552B2 (en) * | 2010-04-07 | 2013-08-13 | Apple Inc. | System and method for file-level data protection |
| US8549314B2 (en) | 2010-04-29 | 2013-10-01 | King Saud University | Password generation methods and systems |
| KR20110128567A (en) * | 2010-05-24 | 2011-11-30 | 삼성전자주식회사 | Method for controlling objects of user interface and apparatus of enabling the method |
| US9225520B2 (en) * | 2010-05-28 | 2015-12-29 | Adobe Systems Incorporated | System and method for deterministic generation of a common content encryption key on distinct encryption units |
| US8484482B1 (en) | 2011-03-07 | 2013-07-09 | Sprint Communications Company L.P. | Password generation and validation system and method |
| US20120284534A1 (en) * | 2011-05-04 | 2012-11-08 | Chien-Kang Yang | Memory Device and Method for Accessing the Same |
| US9146881B2 (en) * | 2011-06-03 | 2015-09-29 | Commandhub, Inc. | Mobile data vault |
| US9596244B1 (en) | 2011-06-16 | 2017-03-14 | Amazon Technologies, Inc. | Securing services and intra-service communications |
| US9419841B1 (en) | 2011-06-29 | 2016-08-16 | Amazon Technologies, Inc. | Token-based secure data management |
| JP6328058B2 (en) * | 2012-01-19 | 2018-05-23 | インテリジェント エナジー リミテッドIntelligent Energy Limited | Remote authentication of replaceable fuel cartridges |
| US9271110B1 (en) | 2012-07-09 | 2016-02-23 | Sprint Communications Company L.P. | Location awareness session management and cross application session management |
| KR102017828B1 (en) * | 2012-10-19 | 2019-09-03 | 삼성전자 주식회사 | Security management unit, host controller interface including the same, method for operating the host controller interface, and devices including the host controller interface |
| WO2014070134A2 (en) * | 2012-10-29 | 2014-05-08 | Empire Technology Development Llc | Quorum-based virtual machine security |
| US9294267B2 (en) * | 2012-11-16 | 2016-03-22 | Deepak Kamath | Method, system and program product for secure storage of content |
| US20140230028A1 (en) * | 2013-02-10 | 2014-08-14 | Stephen Oscar Petty | Auxiliary password |
| US9355233B1 (en) | 2014-01-27 | 2016-05-31 | Sprint Communications Company L.P. | Password reset using hash functions |
| KR102182894B1 (en) * | 2014-02-28 | 2020-11-26 | 삼성전자주식회사 | USER DEVICE PERFORMING PASSWROD BASED AUTHENTICATION AND PASSWORD Registration AND AUTHENTICATION METHOD THEREOF |
| US9639687B2 (en) | 2014-11-18 | 2017-05-02 | Cloudfare, Inc. | Multiply-encrypting data requiring multiple keys for decryption |
| EP3702946B1 (en) | 2014-12-31 | 2021-10-20 | Citrix Systems Inc. | Shared secret vault for applications with single sign on |
| US20160261412A1 (en) * | 2015-03-04 | 2016-09-08 | Avaya Inc. | Two-Step Authentication And Activation of Quad Small Form Factor Pluggable (QFSP+) Transceivers |
| WO2016193962A1 (en) * | 2015-06-02 | 2016-12-08 | K2View Ltd | Encryption directed database management system and method |
| US9736122B2 (en) | 2015-09-02 | 2017-08-15 | International Business Machines Corporation | Bluesalt security |
| CN106549920B (en) * | 2015-09-21 | 2021-06-01 | 华为终端有限公司 | Login information input method, login information storage method and related device |
| US10476672B2 (en) | 2016-03-14 | 2019-11-12 | Callware Technologies, Inc | Fragmented encryption of a secret |
| US11190505B2 (en) * | 2016-07-12 | 2021-11-30 | Patrick Tardif | Password card hinting system |
| KR102296742B1 (en) * | 2016-11-18 | 2021-09-03 | 삼성전자 주식회사 | Component for provisioning of security data and product including the same |
| US11210678B2 (en) * | 2016-11-18 | 2021-12-28 | Samsung Electronics Co., Ltd. | Component for provisioning security data and product including the same |
| US10592685B2 (en) * | 2017-04-27 | 2020-03-17 | Google Llc | Encrypted search cloud service with cryptographic sharing |
| JP2022545809A (en) * | 2019-08-23 | 2022-10-31 | コモンウェルス サイエンティフィック アンド インダストリアル リサーチ オーガナイゼーション | Secure environment for cryptographic key generation |
| US11328080B2 (en) * | 2019-11-18 | 2022-05-10 | Frostbyte, Llc | Cryptographic key management |
| DE102019135380A1 (en) * | 2019-12-20 | 2021-06-24 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Method and data processing device for processing genetic data |
| CN111654362B (en) * | 2020-06-04 | 2023-08-08 | 浙江传媒学院 | Improved method of WEP (web-defined Power-Endoctrine) encryption algorithm |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5052040A (en) * | 1990-05-25 | 1991-09-24 | Micronyx, Inc. | Multiple user stored data cryptographic labeling system and method |
| US5210795A (en) * | 1992-01-10 | 1993-05-11 | Digital Equipment Corporation | Secure user authentication from personal computer |
| US5315658B1 (en) * | 1992-04-20 | 1995-09-12 | Silvio Micali | Fair cryptosystems and methods of use |
| US5276737B1 (en) * | 1992-04-20 | 1995-09-12 | Silvio Micali | Fair cryptosystems and methods of use |
| US5418854A (en) * | 1992-04-28 | 1995-05-23 | Digital Equipment Corporation | Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system |
| US5421006A (en) * | 1992-05-07 | 1995-05-30 | Compaq Computer Corp. | Method and apparatus for assessing integrity of computer system software |
| US5319705A (en) * | 1992-10-21 | 1994-06-07 | International Business Machines Corporation | Method and system for multimedia access control enablement |
| US5369707A (en) * | 1993-01-27 | 1994-11-29 | Tecsec Incorporated | Secure network method and apparatus |
| WO1995005712A2 (en) * | 1993-08-13 | 1995-02-23 | Frank Thomson Leighton | Secret key exchange |
| US5394471A (en) * | 1993-09-17 | 1995-02-28 | Bell Atlantic Network Services, Inc. | Method and system for proactive password validation |
| US5517569A (en) * | 1994-03-18 | 1996-05-14 | Clark; Dereck B. | Methods and apparatus for interfacing an encryption module with a personal computer |
| WO1996005674A1 (en) * | 1994-08-12 | 1996-02-22 | Frank Thomson Leighton | Failsafe key escrow system |
| US5666415A (en) * | 1995-07-28 | 1997-09-09 | Digital Equipment Corporation | Method and apparatus for cryptographic authentication |
-
1995
- 1995-12-28 US US08/579,812 patent/US5787169A/en not_active Expired - Lifetime
-
1996
- 1996-12-27 AT AT96945639T patent/ATE298436T1/en not_active IP Right Cessation
- 1996-12-27 JP JP52449797A patent/JP3807747B2/en not_active Expired - Fee Related
- 1996-12-27 CA CA002241745A patent/CA2241745C/en not_active Expired - Fee Related
- 1996-12-27 WO PCT/US1996/020487 patent/WO1997024675A1/en active IP Right Grant
- 1996-12-27 DE DE69634880T patent/DE69634880T2/en not_active Expired - Lifetime
- 1996-12-27 EP EP96945639A patent/EP0976049B1/en not_active Expired - Lifetime
-
1998
- 1998-02-26 US US09/031,150 patent/US6178508B1/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| US5787169A (en) | 1998-07-28 |
| JP3807747B2 (en) | 2006-08-09 |
| ATE298436T1 (en) | 2005-07-15 |
| JP2000502827A (en) | 2000-03-07 |
| EP0976049A1 (en) | 2000-02-02 |
| WO1997024675A1 (en) | 1997-07-10 |
| CA2241745A1 (en) | 1997-07-10 |
| DE69634880T2 (en) | 2006-05-11 |
| US6178508B1 (en) | 2001-01-23 |
| DE69634880D1 (en) | 2005-07-28 |
| EP0976049B1 (en) | 2005-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2241745C (en) | Method and apparatus for controlling access to encrypted data files in a computer system | |
| WO1997024675A9 (en) | Method and apparatus for controlling access to encrypted data files in a computer system | |
| US5664099A (en) | Method and apparatus for establishing a protected channel between a user and a computer system | |
| US6598161B1 (en) | Methods, systems and computer program products for multi-level encryption | |
| US9003177B2 (en) | Data security for digital data storage | |
| DE69635209T2 (en) | PARAMETERABLE HASH FUNCTIONS FOR ACCESS CONTROL | |
| US6389535B1 (en) | Cryptographic protection of core data secrets | |
| US5991406A (en) | System and method for data recovery | |
| CA2253539C (en) | A method for providing a secure non-reusable one-time password | |
| US6044155A (en) | Method and system for securely archiving core data secrets | |
| US5907621A (en) | System and method for session management | |
| US6549626B1 (en) | Method and apparatus for encoding keys | |
| US6160891A (en) | Methods and apparatus for recovering keys | |
| US6408389B2 (en) | System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record | |
| US5237614A (en) | Integrated network security system | |
| US20220141014A1 (en) | Storing secret data on a blockchain | |
| EP0912011A2 (en) | Method and apparatus for encoding and recovering keys | |
| US20060143477A1 (en) | User identification and data fingerprinting/authentication | |
| JP4612951B2 (en) | Method and apparatus for securely distributing authentication credentials to roaming users | |
| Banothu et al. | Performance evaluation of cloud database security algorithms | |
| Longley et al. | Complementarity attacks and control vectors | |
| JP2003122722A (en) | Generation/storage system of complex infinite one-time password by using file synchronization, and authentication system thereof | |
| Tahaoğlu | A Turkish password cracker for UNIX based operating systems | |
| Denning | The Science of Computing 1992-2 (March-April) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |
Effective date: 20121227 |
|
| MKLA | Lapsed |
Effective date: 20121227 |