The present invention relates to security systems that regulate access to secure areas, and more particularly, to an improved method for providing access based on a key system that is attached to the authorized person.
To simplify the following discussion, the present invention will be explained in terms of security systems for use in accessing computers and the like; however, it will be apparent from the following discussion that the present invention may be utilized in other security systems.
Computer systems having access to a network typically utilize some form of access control to assure that unauthorized individuals do not gain access to confidential information or do damage to the network and/or computers connected thereto. The secure access protocols often require a user to memorize multiple passwords and protocols. For example, the user may need a first password to log onto a terminal in the network, a set of different passwords corresponding to the various servers in the networks or secure directories within a server, and yet another set of passwords relating to various software programs and related files.
Electronic identification cards have been used to automate the logon and access control processes. Such systems sense a personal identification presented by the user. The card can be in the form of a radio frequency identification (RFID) card which is sensed remotely by the computer terminal or a card that is passed through a reader by the user.
While such cards can be used to automate the logon process, they do not provide sufficient security to satisfy the needs of many systems. The authenticity of the card can, in principle, be verified by the system that queries the card; however, the system cannot necessarily identify the person presenting the card. An unauthorized person who has gained control of such a card can still access the system.
In principle, the computer terminal can be equipped with hardware that also allows it to authenticate the person presenting the card. In fact, if the person can be identified directly, then an identification card is not needed. Identification systems based on retinal scans, voice prints, and finger prints are well known in the art. This hardware would need to be present at each of the terminals. The cost of providing such hardware at each terminal is often prohibitive.
Even in those situations in which identification hardware is provided at each terminal, the system must still deal with interruptions that occur when the user leaves the terminal for a brief period of time. Consider the case of a user who has logged onto a terminal using some form of personal identification system. If the user leaves the terminal without logging off, an unauthorized user can gain access to the system through the open terminal. Hence, the terminal must have some method for determining that the authorized user remains present at the terminal after the logon. For example, an RFID card worn by the user can be queried periodically to determine that the user is still at the terminal.
If the authorized user breaks contact with the terminal, either because the user left the terminal for a short period of time or because the monitoring system failed to detect the person on one of the periodic queries, the terminal needs to disable itself. When the user again makes contact with the terminal, the logon process must be repeated. A logon process that verifies the identity of the user through fingerprints, retinal scans, etc. requires a relatively long procedure. Hence, such systems are frustrating to use, since a user who turns away from the computer or crosses the room to get a document can be forced to repeat the entire logon protocol.
Broadly, it is the object of the present invention to provide an improved security system.
It is a further object of the present invention to provide a security system that can authenticate a user without requiring expensive personal identification hardware at each work station.
It is a still further object of the present invention to provide a security system that can detect that a user has left the terminal and re-login that user without the need to repeat a lengthy personal identification protocol.
These and other objects of the present invention will become apparent to those skilled in the art from the following detailed description of the invention and the accompanying drawings.
The present invention is a security system based on a tamper resistant badge that becomes deactivated if the badge is removed from the person authorized to wear the badge. The badge has a data processor with a non-volatile memory, a volatile memory, a transceiver for sending signals generated by the processor and receiving signals specifying operations to be carried out by the badge; and an attachment sensor. The attachment sensor detects the removal of the badge from the person wearing the badge and causes information stored in the volatile memory to be rendered unreadable when the attachment sensor detects the removal. The information stored in the volatile memory stores information that determines the security clearance associated with the person wearing the badge. The badge may also include a tamper sensor for detecting unauthorized alterations in the badge, such as opening the badge. The tamper sensor likewise renders data in the badge unreadable upon detecting such an alteration. The badge may include a random number generator that includes a sensor for sensing an environmental variable that is used to generate an unpredictable random number sequence. The random numbers generated by this generator can be utilized in providing a secure communication channel between the badge and various computers in a data processing system. In one embodiment of a badge according to the present invention, the badge has a low power mode in which the badge monitors the transceiver for incoming signals while curtailing other activities that would utilize power until a predetermined incoming signal is detected.
A secure data processing system utilizing the badges of the present invention includes an administrative computer, A, and a client computer, C. An authorized individual is given access to C by being provided a badge according to the present invention that is secured to that individual. Computer A has a transceiver for communicating with the badge and an identity verification system for authenticating the identity of individuals having badges attached thereto. Computer A loads information in the volatile memory of the badge attached to that individual in response to the identity verification system authenticating that individual. The information specifies the level of access to the computer system to which that authorized individual is entitled. The information is preferably loaded over a secure communication channel that is established between A and the badge utilizing data encryption based on a public key encryption system. Once the access data is loaded into the badge, any attempt to remove the badge or tamper with the badge leads to the loss of the access information and renders the badge incapable of providing access to C. The C computers and the badges establish a preferably secure communication channel when a person wearing a badge approaches a C computer. The C computer and the badge then authenticate one another prior to the C computer being given access to the information in the badge""s volatile memory. The C computer then provides access to the person wearing the badge at the access level specified in the volatile memory. During the time the badge wearer is accessing information through the C computer, C periodically verifies the presence of the badge by sending, and receiving, coded transactions to, and from, the badge.