EP1040616A1 - System and method of authenticating a key and transmitting secure data - Google Patents
System and method of authenticating a key and transmitting secure dataInfo
- Publication number
- EP1040616A1 EP1040616A1 EP99970527A EP99970527A EP1040616A1 EP 1040616 A1 EP1040616 A1 EP 1040616A1 EP 99970527 A EP99970527 A EP 99970527A EP 99970527 A EP99970527 A EP 99970527A EP 1040616 A1 EP1040616 A1 EP 1040616A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- key
- data file
- biometric
- enciypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/009—Trust
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Definitions
- the present invention relates generally to computer security and more specifically to allow the authentication of a key for the transmission of secure data between computers using the key.
- One way of securely transferring data over the Internet includes the use of a public key/private key system.
- a public key is provided by some designated authority as a key that, combined with a private key derived from the public key, can be used to effectively encrypt and decrypt messages and digital signatures.
- a public and private key are created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority.
- the private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access.
- the private key is never shared with anyone or sent across the Internet.
- the private key is used to decrypt text that has been enciypted with the public key counterpart by someone else who has the public key.
- the private key is vital key to a user. If the private key is copied or stolen from the user, then secured data can be compromised as well as causing problems in properly authenticating the private key and the user using the private key. Thus, it would be desirable to provide a system and method of authenticating a key so that the transmission of secure data using the key can be reliably originating from an authenticated key and/or an identifiable user.
- a system and method for authenticating a key of a user by decrypting an encrypted data file provided by the user with a password provided by the user into the authenticated key of the user.
- the encrypted data file can be stored on a RF smart card and can contain enciypted biometric data identifying the user, such as a fingerprint.
- An additional security measure can be used by taking a digitized biometric fingerprint scan of the user and probabilistically comparing the digitized fingerprint scan of the user with the authenticated key of the user. The user's key can then be used to securely encrypt and transmit data accordingly knowing that the key has been authenticated.
- FIG. 1 is a schematic diagram illustrating a user's key being authenticated prior to transmitting secure data over the Internet, in accordance with the present invention
- FIG. 2 is a block diagram of the client computer shown in FIG. 1 , in accordance with the present invention.
- FIG. 3 is a block diagram of one embodiment of the non-volatile memory module located within the client computer of FIG. 2;
- FIG. 4 is a flowchart of a method illustrating the authentication of a key at a client computer, according to the invention.
- FIG. 1 a schematic diagram illustrates a web server 100 and a client computer 102 connected to the Internet 110.
- the client computer 102 has a RF reader (radio frequency reader) 104 for reading a RF smart card 106 having a user's private key.
- the private key on the RF smart card 106 can be very long (i.e. 1000 bytes) and could include any type of biometric data, such as a digitized fingerprint of the user.
- the private key could be very long and any data that is enciypted using this private key would be virtually impossible to decrypt by a hacker, since this private key can be much longer than a typical private key (64 bytes) used in a private /public key system.
- the client 102 also has a fingerprint scanner 108 for helping to authenticate the private key of the user. Biometric readings employed by this invention are not limited to fingerprints. Other types of biometric readings can also be used, such as the reading from the eye and analysis of the face.
- FIG. 2 is a block diagram of the client computer 102 shown in FIG. 1.
- Computer 102 includes a CPU 202, a RAM 204, a non-volatile memory 206, an input device 208, a display 210, an Internet interface 212 for providing access to the Internet, a RF reader interface 214, and a fingerprint scanner interface 216.
- FIG. 3 is a block diagram of one embodiment of the non-volatile memory module 206 located within the client computer 102 of FIG. 2.
- the non-volatile memory 206 includes an encrypt/ decrypt engine 302 for encrypting and decrypting data.
- the encrypt/ decrypt engine 302 is programmed to encrypt and decrypt data using a password or a key. Excellent results can be obtained when using the blowfish algorithm for encryption and decryption.
- Other types of symmetric key encryption/ decryption algorithms can also be employed within the encrypt/ decrypt engine 302.
- FIG. 4 is a flowchart of a method illustrating the authentication of a key at a client computer in accordance with the invention.
- the authentication process begins at step 400.
- the authentication process includes three security levels, however, not every level of security is required to authenticate the key of the user. Depending on the type of application, only one or two of the security levels may be employed.
- Security level I 402 begins at step 404 where the user scans his user's RF key card 106 with the RF reader 104.
- Security level II 406 then begins at step 408 where the user enters his password at the client computer 102.
- the data scanned from the user's RF key card is decrypted with the encrypt/ decrypt engine 302 using the user's password.
- security level III 412 begins and a digitized fingerprint scan is taken from the user.
- the digitized fingerprint scan is compared with the data decrypted from the RF key card.
- the authentication of the user's key fails and is rejected. If at step 418 it is determined that there is a match, then at step 422 the user's key is authenticated.
- the decrypted data from the RF key card can then be used as an authenticated encryption key for sending data to a server over and unsecure network, such as the Internet.
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10427098P | 1998-10-14 | 1998-10-14 | |
US104270P | 1998-10-14 | ||
PCT/US1999/024157 WO2000022774A1 (en) | 1998-10-14 | 1999-10-14 | System and method of authenticating a key and transmitting secure data |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1040616A1 true EP1040616A1 (en) | 2000-10-04 |
EP1040616A4 EP1040616A4 (en) | 2000-12-27 |
Family
ID=22299551
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99970527A Ceased EP1040616A4 (en) | 1998-10-14 | 1999-10-14 | System and method of authenticating a key and transmitting secure data |
EP99956566A Withdrawn EP1038217A1 (en) | 1998-10-14 | 1999-10-14 | System and method of securing a computer from unauthorized access |
EP99970526A Expired - Lifetime EP1125393B1 (en) | 1998-10-14 | 1999-10-14 | Method of sending and receiving secure data with a shared key |
EP99960133A Withdrawn EP1038369A2 (en) | 1998-10-14 | 1999-10-14 | System and method of sending and receiving secure data using anonymous keys |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99956566A Withdrawn EP1038217A1 (en) | 1998-10-14 | 1999-10-14 | System and method of securing a computer from unauthorized access |
EP99970526A Expired - Lifetime EP1125393B1 (en) | 1998-10-14 | 1999-10-14 | Method of sending and receiving secure data with a shared key |
EP99960133A Withdrawn EP1038369A2 (en) | 1998-10-14 | 1999-10-14 | System and method of sending and receiving secure data using anonymous keys |
Country Status (7)
Country | Link |
---|---|
EP (4) | EP1040616A4 (en) |
AT (1) | ATE456103T1 (en) |
AU (4) | AU1207600A (en) |
CA (4) | CA2312980A1 (en) |
DE (1) | DE69941958D1 (en) |
IL (4) | IL136746A0 (en) |
WO (4) | WO2000022510A1 (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100380250B1 (en) | 2000-02-21 | 2003-04-18 | 트렉 2000 인터네셔널 엘티디. | A Portable Data Storage Device |
US9767167B2 (en) * | 2000-04-27 | 2017-09-19 | Proquest Llc | Method and system for retrieving search results from multiple disparate databases |
WO2001086480A2 (en) * | 2000-05-11 | 2001-11-15 | Sun Microsystems, Inc. | Network library service |
ATE335236T1 (en) | 2001-06-28 | 2006-08-15 | Trek 2000 Int Ltd | DATA TRANSFER PROCEDURES AND FACILITIES |
GB2386518A (en) * | 2002-02-08 | 2003-09-17 | Microbar Security Ltd | Associative encryption and decryption |
TW588243B (en) | 2002-07-31 | 2004-05-21 | Trek 2000 Int Ltd | System and method for authentication |
JP4102290B2 (en) * | 2003-11-11 | 2008-06-18 | 株式会社東芝 | Information processing device |
CN100370460C (en) * | 2005-07-21 | 2008-02-20 | 曾致中 | Database cryptogram search method |
DE102005045119A1 (en) * | 2005-09-21 | 2007-02-15 | Siemens Ag | Identification code generating method for bio-bank, involves providing biometric information, and associating or combining deoxyribonucleic acid information and biometric information of person into identification code according to algorithm |
US20130283060A1 (en) * | 2012-04-23 | 2013-10-24 | Raghavendra Kulkarni | Seamless Remote Synchronization and Sharing of Uniformly Encrypted Data for Diverse Platforms and Devices |
US9264221B2 (en) | 2014-01-31 | 2016-02-16 | Google Inc. | Systems and methods for faster public key encryption using the associated private key portion |
CN106790412A (en) * | 2016-11-30 | 2017-05-31 | 深圳市吉祥腾达科技有限公司 | A kind of Telnet simulates the method and system of consoled equipment |
US11282071B2 (en) | 2018-11-30 | 2022-03-22 | Rb Global Mobile Solutions, Llc | Digital identity management device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5590199A (en) * | 1993-10-12 | 1996-12-31 | The Mitre Corporation | Electronic information network user authentication and authorization system |
US5719941A (en) * | 1996-01-12 | 1998-02-17 | Microsoft Corporation | Method for changing passwords on a remote computer |
WO1998012670A1 (en) * | 1996-09-18 | 1998-03-26 | Dew Engineering And Development Limited | Biometric identification system for providing secure access |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4193131A (en) * | 1977-12-05 | 1980-03-11 | International Business Machines Corporation | Cryptographic verification of operational keys used in communication networks |
EP0085130A1 (en) * | 1982-02-02 | 1983-08-10 | Omnet Associates | Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission |
US4802217A (en) * | 1985-06-07 | 1989-01-31 | Siemens Corporate Research & Support, Inc. | Method and apparatus for securing access to a computer facility |
US5148479A (en) * | 1991-03-20 | 1992-09-15 | International Business Machines Corp. | Authentication protocols in communication networks |
US5596718A (en) * | 1992-07-10 | 1997-01-21 | Secure Computing Corporation | Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor |
JP2519390B2 (en) * | 1992-09-11 | 1996-07-31 | インターナショナル・ビジネス・マシーンズ・コーポレイション | DATA COMMUNICATION METHOD AND DEVICE |
US5649118A (en) * | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
US5544246A (en) * | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
DE69431306T2 (en) * | 1993-12-16 | 2003-05-15 | Open Market Inc | NETWORK-BASED PAYMENT SYSTEM AND METHOD FOR USING SUCH A SYSTEM |
US5475757A (en) * | 1994-06-07 | 1995-12-12 | At&T Corp. | Secure data transmission method |
US5864683A (en) * | 1994-10-12 | 1999-01-26 | Secure Computing Corporartion | System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights |
US5790668A (en) * | 1995-12-19 | 1998-08-04 | Mytec Technologies Inc. | Method and apparatus for securely handling data in a database of biometrics and associated data |
US5872847A (en) * | 1996-07-30 | 1999-02-16 | Itt Industries, Inc. | Using trusted associations to establish trust in a computer network |
US5949882A (en) * | 1996-12-13 | 1999-09-07 | Compaq Computer Corporation | Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm |
US5887131A (en) * | 1996-12-31 | 1999-03-23 | Compaq Computer Corporation | Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password |
-
1999
- 1999-10-14 AT AT99970526T patent/ATE456103T1/en not_active IP Right Cessation
- 1999-10-14 AU AU12076/00A patent/AU1207600A/en not_active Abandoned
- 1999-10-14 DE DE69941958T patent/DE69941958D1/en not_active Expired - Lifetime
- 1999-10-14 CA CA002312980A patent/CA2312980A1/en not_active Abandoned
- 1999-10-14 WO PCT/US1999/024088 patent/WO2000022510A1/en not_active Application Discontinuation
- 1999-10-14 IL IL13647699A patent/IL136746A0/en unknown
- 1999-10-14 EP EP99970527A patent/EP1040616A4/en not_active Ceased
- 1999-10-14 WO PCT/US1999/024191 patent/WO2000022496A2/en not_active Application Discontinuation
- 1999-10-14 CA CA002312967A patent/CA2312967C/en not_active Expired - Lifetime
- 1999-10-14 AU AU12072/00A patent/AU1207200A/en not_active Abandoned
- 1999-10-14 WO PCT/US1999/024142 patent/WO2000022773A1/en active Search and Examination
- 1999-10-14 IL IL13674799A patent/IL136747A0/en unknown
- 1999-10-14 IL IL13674899A patent/IL136748A0/en unknown
- 1999-10-14 CA CA002313081A patent/CA2313081A1/en not_active Abandoned
- 1999-10-14 AU AU13151/00A patent/AU1315100A/en not_active Abandoned
- 1999-10-14 IL IL13674599A patent/IL136745A0/en unknown
- 1999-10-14 WO PCT/US1999/024157 patent/WO2000022774A1/en active Search and Examination
- 1999-10-14 CA CA002312981A patent/CA2312981A1/en not_active Abandoned
- 1999-10-14 EP EP99956566A patent/EP1038217A1/en not_active Withdrawn
- 1999-10-14 EP EP99970526A patent/EP1125393B1/en not_active Expired - Lifetime
- 1999-10-14 AU AU17067/00A patent/AU1706700A/en not_active Abandoned
- 1999-10-14 EP EP99960133A patent/EP1038369A2/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5590199A (en) * | 1993-10-12 | 1996-12-31 | The Mitre Corporation | Electronic information network user authentication and authorization system |
US5719941A (en) * | 1996-01-12 | 1998-02-17 | Microsoft Corporation | Method for changing passwords on a remote computer |
WO1998012670A1 (en) * | 1996-09-18 | 1998-03-26 | Dew Engineering And Development Limited | Biometric identification system for providing secure access |
Non-Patent Citations (1)
Title |
---|
See also references of WO0022774A1 * |
Also Published As
Publication number | Publication date |
---|---|
AU1706700A (en) | 2000-05-01 |
AU1207600A (en) | 2000-05-01 |
WO2000022774A1 (en) | 2000-04-20 |
IL136746A0 (en) | 2001-06-14 |
CA2312981A1 (en) | 2000-04-20 |
ATE456103T1 (en) | 2010-02-15 |
EP1038217A1 (en) | 2000-09-27 |
WO2000022510A1 (en) | 2000-04-20 |
WO2000022496A3 (en) | 2000-07-06 |
CA2312967C (en) | 2008-02-05 |
CA2313081A1 (en) | 2000-04-20 |
AU1315100A (en) | 2000-05-01 |
AU1207200A (en) | 2000-05-01 |
CA2312980A1 (en) | 2000-04-20 |
WO2000022496A2 (en) | 2000-04-20 |
DE69941958D1 (en) | 2010-03-11 |
IL136745A0 (en) | 2001-06-14 |
EP1038369A2 (en) | 2000-09-27 |
EP1125393B1 (en) | 2010-01-20 |
IL136748A0 (en) | 2001-06-14 |
EP1125393A1 (en) | 2001-08-22 |
EP1040616A4 (en) | 2000-12-27 |
IL136747A0 (en) | 2001-06-14 |
WO2000022773A1 (en) | 2000-04-20 |
CA2312967A1 (en) | 2000-04-20 |
EP1125393A4 (en) | 2001-12-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7698565B1 (en) | Crypto-proxy server and method of using the same | |
US6553494B1 (en) | Method and apparatus for applying and verifying a biometric-based digital signature to an electronic document | |
CA2341784C (en) | Method to deploy a pki transaction in a web browser | |
US9654468B2 (en) | System and method for secure remote biometric authentication | |
US6950523B1 (en) | Secure storage of private keys | |
JP4460763B2 (en) | Encryption key generation method using biometric data | |
US20020176583A1 (en) | Method and token for registering users of a public-key infrastructure and registration system | |
US6941454B1 (en) | System and method of sending and receiving secure data with a shared key | |
US20020038420A1 (en) | Method for efficient public key based certification for mobile and desktop environments | |
KR102514429B1 (en) | Update of biometric data template | |
KR102477000B1 (en) | Trusted Key Server | |
US7266705B2 (en) | Secure transmission of data within a distributed computer system | |
US7076062B1 (en) | Methods and arrangements for using a signature generating device for encryption-based authentication | |
KR100315387B1 (en) | Private Key, Certificate Administration System and Method Thereof | |
KR20180069669A (en) | System for non-password secure biometric digital signagure | |
EP1040616A1 (en) | System and method of authenticating a key and transmitting secure data | |
US20020018570A1 (en) | System and method for secure comparison of a common secret of communicating devices | |
US20030145200A1 (en) | System and method for authenticating data transmissions from a digital scanner | |
JPH11353280A (en) | Identity confirmation method and system by means of encipherment of secret data | |
EP1263164A1 (en) | Method and token for registering users of a public-key infrastuture and registration system | |
KR20040105064A (en) | Key-exchange protocol method for mobile communication system | |
JP4034946B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND RECORDING MEDIUM | |
KR20020086030A (en) | User Authentication Method and System on Public Key Certificate including Personal Identification Information | |
CN108243156B (en) | Method and system for network authentication based on fingerprint key | |
Ranganath | Cloud Data Security through Hybrid Verification Technique Based on Cryptographic Hash Function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
17P | Request for examination filed |
Effective date: 20001011 |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20001110 |
|
AK | Designated contracting states |
Kind code of ref document: A4 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
RIC1 | Information provided on ipc code assigned before grant |
Free format text: 7H 04L 9/00 A, 7G 06F 1/00 B |
|
17Q | First examination report despatched |
Effective date: 20061023 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20081023 |