The present invention relates to a security and/or access restriction system and, in one embodiment, to a security and/or access restriction system which is adapted to grant only authorized users access to a computer system and/or to certain data which may be resident within the computer system and/or resident within a communications channel and/or other communications medium.
In recent years, computers have proliferated in all parts of worldwide society, including but not limited to, banking, financial services, business, education, and various governmental entities. For instance and without limitation, these computer systems allow individuals to consummate financial transactions, to exchange confidential scientific and/or medical data, and to exchange highly proprietary business planning data. Hence, these computer systems require and/or allow very sensitive and confidential data to be stored and transmitted over great geographic distances.
Moreover, the rise of multinational communications networks, such as the publicly available Internet communications system, has truly made the world a smaller place by allowing these computers, separated by great geographic distances, to very easily communicate and exchange data. In essence, these worldwide communications channels/networks; sometimes collectively. referred to as xe2x80x9cthe Information Superhighwayxe2x80x9d have electronically connected the peoples of the worldxe2x80x94both the good and the very bad.
That is, while these computer systems have increased efficiency and greatly changed the manner in which we work and interact, they have been especially prone to unauthorized xe2x80x9cbreak-insxe2x80x9d, viral destruction, and/or unauthorized data modifications. Accordingly, the rather sensitive and confidential data which is stored and used within these computer systems and transmitted between these computer systems has been the target of attack by people known as xe2x80x9chackersxe2x80x9d and by high level and very sophisticated espionage and industrial spies. Computer access security and data transmission security has recently come to the forefront of importance and represents one of the great needs of our times.
Many attempts have been made to create and utilize various techniques (hereinafter the term xe2x80x9ctechniquexe2x80x9d as used and/or employed in this Application refers to any combination of software, hardware, and/or firmware which comprise an apparatus and a methodology whose components cooperatively achieve an overall security objective) to xe2x80x9censurexe2x80x9d that only authorized users are allowed to gain access to these respective computer systems. These prior techniques, while somewhat effective, suffer from various drawbacks.
For example, one such prior computer system security technique comprises the use of predetermined xe2x80x9cpasswordsxe2x80x9d. That is, according to this security technique, each computer system has a list of authorized passwords which must be communicated to it before access is given or allowed. In theory, one or more xe2x80x9ctrustedxe2x80x9d system administrators distribute these xe2x80x9csecretxe2x80x9d passwords to a group of authorized users of a computer system. The xe2x80x9csecretxe2x80x9d nature of the passwords, in theory, prevents unauthorized users from accessing the computer system (since presumably these unauthorized users do not have the correct passwords). This technique is not very effective since oftentimes those authorized individuals mistakenly and unwittingly expose their password to an unauthorized user. Moreover, this technique of data security may be easily xe2x80x9cbrokenxe2x80x9d by a xe2x80x9chacker""sxe2x80x9d deliberate and concentrated attempt at automatically inputting, to the targeted computer, hundreds and perhaps thousands of passwords until an authorized password is created.
In addition to the prior password technique other, more sophisticated access techniques are known and used. For example, there are known techniques which require the possession of a physical object or feature, such as xe2x80x9caccess cardsxe2x80x9d which are xe2x80x9creadxe2x80x9d by a card reading device and biometric authentication techniques (e.g. requiring the initial input of such authorized user physical characteristics as fingerprints and eye patterns and the later comparison of these input patterns to those of a xe2x80x9cwould-bexe2x80x9d user). Both of these prior techniques are relatively complicated, are relatively costly, and are prone to error, such as and without limitation, mistaken unauthorized entry due to their complexity. These techniques are also prone to unauthorized entry by use of counterfeit and/or stolen cards, objects, and fingerprint readers. Other prior data security techniques, such as encryption, attempt to prevent unauthorized use of transmitted data or unauthorized access to a computer system by modifying and/or changing the transmitted data in a certain manner, and/or requiring the transmission and receipt of modified data before access is granted. While somewhat effective, these prior encryption techniques are relatively costly and complicated and require one or more known xe2x80x9cencryption keysxe2x80x9d which are in constant exchange between users and which are themselves susceptible to theft and/or inadvertent disclosure. Furthermore, the best-known and perhaps. strongest encryption algorithm is proprietary and cannot be used without a costly license. Moreover, since the encrypted message still provides all of the transmitted data, in some form, it is still possible for one to gain access to the entire data stream by xe2x80x9cbreaking the encryption codexe2x80x9d. Since no encryption algorithm is ever considered xe2x80x9cunbreakablexe2x80x9d, encryption is not considered to be a xe2x80x9cfoolproofxe2x80x9d security solution.
There is therefore a need to provide a technique to substantially prevent the unauthorized access to one or more computer systems and which overcomes the various drawbacks of these afore-described prior techniques. There is also a need to provide a technique to substantially prevent the unauthorized interception and use of transmitted data and which overcomes the various drawbacks of the prior art. Applicant""s invention(s) seek and do meet these needs. Applicant""s invention, in one embodiment, achieves these objectives by splitting the data into a plurality of separate communication channels, each of which must be xe2x80x9cbrokenxe2x80x9d for the entire data stream to be obtained. In essence, in this embodiment of Applicant""s invention, cooperatively form the entire message. The splitting of the data in this manner may also xe2x80x9cfoolxe2x80x9d the would be data thief into believing that he or she has obtained all of the data when, in fact, only several communication channels are obtained.
While a number of xe2x80x9cobjects of the inventionxe2x80x9d are set forth below, it should be realized by one of ordinary skill in the art that the invention(s) are not to be limited, in any manner, by these recited objects. Rather, the recited xe2x80x9cobjects of the inventionxe2x80x9d are to be used to place Applicant""s various inventions in proper overall perspective and to enable the reader to better understand the manner in which Applicant""s inventions are to be made and used, especially in the preferred embodiment of Applicant""s invention. Accordingly, the various xe2x80x9cobjects of the inventionxe2x80x9d are set forth below:
It is a first object of the present invention to provide a technique to substantially ensure that only authorized users gain access to a computer system.
It is a second object of the invention to provide a technique to substantially ensure that only authorized users gain access to a computer system and which overcomes the various previously delineated drawbacks of the prior computer system security techniques.
It is a third object of the invention to provide a technique to substantially ensure that only authorized users have access and use of certain transmitted data appearing, for example, within a data stream.
It is a fourth object of the invention to provide a technique to substantially ensure that only authorized users have access and use of certain transmitted data and/or certain hardware, software, and/or firmware which cooperatively form and/or comprise a computer system, and that this technique overcomes the various previously delineated drawbacks of the prior techniques.
According to a first aspect of the present invention, a security system is provided. Particularly, the security system is adapted to be used in combination with a computer and to only grant an authorized individual access to the computer. The security system comprises, in one embodiment, password means for receiving a password by use of a first communications channel; and code generation means, coupled to said password means, for generating a code by use of a second communications channel, and to allow that individual access to the computer system only if that individual generates and communicates the code to the code generation means.
According to a third aspect of the present invention, a method is provided for use with a computer and effective to substantially prevent an unauthorized user from accessing the computer. The method comprises, in one embodiment, the steps of assigning a password to the user; receiving, the password by use of a first communications channel; generating a code in response to the received password; transmitting the code by use of a second communications channel to the user; transmitting the code to the computer; and allowing access to the computer only after the code is transmitted to the computer.
According to a fourth aspect of the present invention, a security system is provided to grant an authorized individual access to a secured stream of data bits. In one embodiment, the data security system comprises a data stream dividing means for receiving said stream of data bits and dividing said stream of data bits into a plurality of sub-streams; transmitting means for transmitting said sub-streams in a predetermined order over a communication channel; and a decoding means for receiving said sub-streams and for recombining said received sub-streams to create said secured stream of data bits.
Further objects, features, and advantages of the present invention will become apparent from a consideration of the following description, the appended claims, and/or the appended drawings. It should further be realized by one of ordinary skill in the art that the previously delineated objects and aspects of the invention are for illustration purposes only and are not to be construed so as to limit the generality of the inventions and/or to limit the interpretation to be given to the various appended claims. Moreover, it should also be realized by those of ordinary skill in the art that the term xe2x80x9ccommunications channelxe2x80x9d as used throughout this, Application refers to any physical and/or electromagnetic means or method of transferring and/or communicating information from one or more sources to one or more receivers. Moreover, the term xe2x80x9ccommunications channelxe2x80x9d should be given the broadest known interpretation covering any method and/or medium which facilitates the transfer of information and/or over which such information is transferred.