1. Field of the Invention
The present invention relates to a security control system for interactively identifying authorized users who seek to use remote terminals of a communications system, for establishing and maintaining a secure communications link between such terminals with assurance being provided that the terminals are being operated by authorized users, and for preventing unauthorized use of the equipment even if an unauthorized user succeeds in duplicating an authenticating signal that has been used previously by an authorized user to gain or maintain access to or use the equipment. More specifically, the present invention provides methods for interactively identifying and checking the authority of users of remotely located electronic communications equipment such as remote terminals of a computer network, and for assuring that one or more users of remote terminals of a communications network such as linked terminals of a computer equipment network are duly authorized and/or properly identified so that improper use of the equipment is prevented. Optionally, the system of the present invention provides methods and apparatus for interactively decoding and encrypting communications signals that are transmitted to and from a remote communications terminal, for chosing from among an array of stored algorithms for use in encrypting, decoding and/or updating authorization encryptions, and for effecting signalling and switching as may be desired to control system operation utilizing user-assigned devices that are carried by authorized users and duly safeguarded to maintain system security.
2. Prior Art
The problem of controlling access to and use of remote communications terminals such as communicating data terminal equipment that is linked to a host computer, or to selected programs and/or data stored by a host computer, so that communication can be established and maintained by duly authorized personnel only has become of increasing concern. Moreover, the problem of limiting communications equipment access to duly authorized users has two important objectives that must be taken into account in formulating a suitable solution. While one objective is to establish a system of barriers and obstacles that cannot be traversed or circumvented by unauthorized users, an equally important objective is to assure that such barriers and obstacles as are provided to safeguard against unauthorized access do not unduly hinder either the establishing or maintaining of appropriate access by duly authorized users.
As the number of communicating terminals including personal and business computers has proliferated to the point that communicating data terminal equipment is now readily available, there has been a corresponding increase in the number of persons who have sought to gain unauthorized access to computer equipment such as host computers. Persons who have attempted to gain unauthorized access to host computers have included (1) those who seek access for such illegal purposes as making use of the capabilities of such equipment or for gaining access to and/or manipulating confidential information and/or stored data, and (2) a substantial number of clever people who have taken up the challenge of breaking through computer security systems as something of a fashionable pastime or game wherein they pit their skills and mental acumen against such barriers and obstacles as have been set up by computer security specialists. As users of personal and business computers and other communicating data terminal equipment have become increasingly knowledgeable about such conventional security precautions as passwords and security oriented log-on sequences, the need has become even more paramount for improved methods and apparatus that will serve to properly limit host computer access to duly authorized users without unduly complicating efforts by authorized users to establish and maintain host computer access.
The approach that continues to be utilized most commonly in efforts to control access to such communicating computer equipment as host computers is to require that authorized users transmit a "password," i.e., a purportedly "secret" signal string that is known to the authorized user but not to others, and that is recognized by the host computer as constituting its authorization to permit a predetermined degree of access between the authorized user's terminal and the host computer's facilities and stored data. However, the approach of using one or more passwords as the principal barrier to block unauthorized access has been found to provide only a minimal degree of security inasmuch as authorized users sometimes share their "secret" passwords with colleagues, or the passwords are inadvertently disclosed, discovered, or "broken."
Another approach that has been taken to enhance security between communicating data terminal equipment and a host computer is to provide a "call-back" accessing sequence that must be executed in order for an authorized user to log onto a host computer. In accordance with this practice, the user first establishes communication with a host computer by calling a telephone number that connects with the host. Once the user has successfully completed a first phase of a prescribed log-on procedure, the host computer terminates the original communication link, and then re-establishes communication with the user by placing a separate telephone call to the user at a telephone number where the authorized user is thought to be accessible. The user who has been called by the host computer is then required to complete a second phase of the prescribed log-on procedure.
The call-back approach for logging onto a host computer is often cumbersome to execute, is subject to error that may delay or prevent an authorized user from successfully establishing a needed computer communications link, and requires that an authorized user be stationed at a predetermined location in order to receive the host computer's return call. The requirement of the call-back approach for the host to place a return call to a predetermined telephone number prevents an authorized user from establishing communication with a host computer from such communicating data terminal equipment as may be accessible to the authorized user at locations that are not served by the user's pre-assigned call-back telephone number; thus an authorized user must limit his communications with the host computer to occasions when his schedule brings him to one or a limited number of specific terminals and/or terminal locations. A further problem with the call-back approach is that it is not applicable for use with hard wired networks, or with switchboards, or with networks that include leased lines to which no telephone numbers are assigned. Still further, the security provided by the call-back approach can be defeated through the use of call-forwarding services that are now provided on many telephone exchanges in the United States.
Another proposal that has been made to enhance the security of terminal to host computer communications utilizes installations of hardware in the form of an "accessor" unit that is provided in association with a user's terminal, and a "controller" that is provided in association with a host computer. This proposal is presented in U.S. Pat. No. 4,475,175 issued Oct. 2, 1984, to James G. Smith, the disclosure of which is incorporated herein by reference for its illustration of a typical arrangement of commercially available electrical circuit components that can be utilized to monitor signals being transmitted along a communications link, to store signal string sequences, to transmit stored signal string sequences in response to query signals, to compare signal string sequences that have been transmitted along a communications link to check for propriety, and to take action such as terminating a communications link if a comparison of a received signal string sequence differs from what is deemed to comprise an authorized value.
While the proposal of the Smith patent provides for the use of a dialog between communications equipment at opposite ends of a communications link, with the character of the dialog being essentially transparent to (i.e., unobserved by) the users of the equipment, the proposal does not address the need to assure that the users of linked communications terminals are authorized persons. Rather, the proposal of the Smith patent continues to rely on the use of passwords and/or security oriented log-on sequences to identify users and verify their authority to use linked communications equipment. Rather than to free authorized users to access host computer equipment through the use of a large number of terminals, the Smith proposal is intended for "restricting the number of places from which access can be accomplished." Moreover, because the hardware utilized in implementing the Smith proposal remains in place in an entirely operable state once installed, there are no controlling or key elements that remain within the safeguarded custody of authorized users and that must be present for a terminal of the Smith proposal to be utilized, whereby, in the absence of an authorized user, terminals of the Smith system can be used quite readily by operators who are not authorized users.
While still other proposals have been made for various types of highly technical and expensive methods and apparatus for authenticating the authority of a user of various types of remote communications equipment that is networked or otherwise "linked," the need remains for a versatile, reliable system that will limit communications equipment access to authorized personnel, and that will serve to identify and/or verify the authorization of such persons as seek to use the equipment. While voice print, fingerprint and retinal pattern recognition systems have been proposed to enhance computer security, such proposals are unduly complex and expensive, and are impractical to implement for widespread day to day use by authorized users who need a capability to readily establish communications links with host computers through such data terminal equipment as may be available to them regardless of their locations.
Still another problem associated with establishing secure communications links between networked terminals of communications equipment has been the need to provide a secure but readily usable means for decoding and encrypting signals transmitted to and from each linked terminal. The problem of providing simple and inexpensive methods and apparatus that will effect not only decoding and encryption as well as identification and user authority verification has long eluded those skilled in the art.
3. The Referenced Concurrently-filed Application
The invention of the referenced concurrently filed application addresses and overcomes many of the foregoing and other drawbacks of the prior art by providing a novel and improved communications security system that enables authorized users of communications equipment to readily identify themselves and/or to establish their authority to use and/or access such equipment, and which provides optional means for decoding and encrypting signals transmitted to and from a remote terminal. The system of the referenced application can be utilized, for example, to enable authorized users to identify themselves to and/or to establish their authorization to access a host computer regardless of the location of the data terminal equipment they employ to establish such access. Moreover, the system of the referenced application provides an ever changing, constantly renewed means of identifying and authenticating a user's authorization so that an unauthorized user cannot establish his authorization or gain the access that is sought simply by duplicating a signal string that has been used previously by an authorized user. Still further, the system of the referenced application may be employed to prevent unauthorized users from gaining access to such communications equipment as host computers while, at the same time, doing practically nothing to encumber, complicate or interrupt efforts by authorized users to access and maintain authorized communications. Additionally, the system of the referenced application preferably operates in a manner that is "transparent" to the user, both in the sense that the user need not participate in its operation by remembering, entering and/or executing log-on sequences or passwords, and in the sense that the nature of the procedures that are executed by the system to check and recheck the user's identification and authorization is neither observable nor monitorable by the user.
The invention of the present application builds upon the system of the referenced application to include optional features that provide for additional security through encryption and decoding of communications, and various forms of interactive control that are achieved utilizing user-assigned encryption devices that are "intelligent" rather than totally passive in nature.