When sensitive information is exchanged between transceiving stations, the information can be intercepted by an unauthorized party as the information travels over a communication medium between the stations, can inadvertently be received by an unauthorized station, or can come into the possession of an unauthorized person even though the information was received at the intended destination.
Another scenario occurs when a user requests access to sensitive data files stored in a computer system which may be in near proximity or at a remote station. In order to protect the files from unauthorized disclosure, the computer system must have the capacity to authenticate the user, verify that the user is authorized to receive the files, and protect the files from unauthorized access when they are electronically transferred to the user.
The most widely accepted method of information protection over networks is the use of encryption, where the sending and receiving parties must share an encryption key to encrypt and decrypt the information being exchanged. In such systems, authentication is typically performed through cleartext exchanges, and the encryption keys that are used are changed infrequently as person-to-person exchanges are the only means to ensure that the encryption key can be shared without risking public exposure. As a result, valuable information and time is made available to an attacker who desires to discover the encryption key and gain access to all encrypted information which is exchanged over the networks.
Prior authentication and encryption systems are disclosed in U.S. Pat. Nos. 5,060,263; 5,065,429; 5,068,894; 5,153,919; 5,355,413; 5,361,062; 5,474,758; and 5,495,533. U.S. Pat. No. 5,060,263 employs a reversible encryption algorithm, conducts all exchanges between the host and client in cleartext, and provides only unilateral authentication. U.S. Pat. No. 5,065,429 provides only unilateral authentication, and stores its encryption keys on the storage medium where they would be accessible to any attacker reading the medium. U.S. Pat. No. 5,068,894 employs a reversible encryption algorithm, uses an encryption key that is never changed, and makes both cleartext challenges and encrypted responses available to an attacker. U.S. Pat. No. 5,153,919 provides useful cleartext information for an attacker in exchanges between stations, uses weak encryption algorithms to avoid latency problems, and does not provide for secure activation of the token as anyone who possesses it may use it. U.S. Pat. No. 5,355,413 encrypts a random challenge, but does not encrypt information exchanged between host and client. U.S. Pat. No. 5,361,062 exchanges information between host and client in cleartext, uses a reversible encryption algorithm, provides only unilateral authentication, triggers encryption iterations as a function of time which contributes to computer overhead and system latency, and requires a resynchronization protocol to keep token and host in sync. U.S. Pat. No. 5,474,758 provides only unilateral authentication, and depends upon the users ability to hide the storage of his certificate of authenticity. U.S. Pat. No. 5,495,533 provides only unilateral authentication, incurs a high network overhead contributing to latency, and depends upon a key directory which is susceptible to attacker intrusions.
Additional prior authentication systems are disclosed in U.S. Pat. Nos. 5,233,655; 5,367,572; 5,421,006; and 5,481,611. U.S. Pat. No. 5,233,655 provides only unilateral authentication, and does not provide any encryption of information that is being exchanged. U.S. Pat. No. 5,367,572 provides only unilateral authentication, requires a resynchronization protocol to keep the host and client in sync, and transmits all information exchanges in cleartext. U.S. Pat. No. 5,421,006 provides only unilateral authentication, and operates in a multiprocessing environment which contributes substantially to CPU overhead and thus system latency. U.S. Pat. No. 5,481,611 provides only unilateral authentication, and conducts all information exchanges in cleartext. U.S. Pat. No. 5,309,516 requires that a key directory be stored.
None of the above prior art references disclose the use of dual many-to-few bit mapping in generating a deterministic, non-predictable, and symmetric encryption key as used in the present invention.
In addition to the above disclosures, the use of secure hash algorithms (SHA) is disclosed in FIPS Pub. 180-1, Secure Hash Standard (Apr. 17, 1995); and token system security requirements are described in FIPS Pub. 140-1, Security Requirements For Cryptographic Modules (Jan. 11, 1994).
Further, there are three known variations of the token system which are commercially available, but which were not selected for use in the preferred embodiment of the present invention because each uses a reversible DES algorithm: the SecurID Card from Security Dynamics Technologies, Inc. of Cambridge, Mass.; the SafeWord DES Card from Enigma Logic, Inc. of Concord, Calif.; and the Secure Net Key Card from Digital Pathways of Mountain View, Calif. None of the above token systems have digital interfaces. Although each requires PIN activation, they are limited to 8 digit displays.
The present invention provides a combination of authentication and encryption in which parameters including system passwords, encryption keys, and change values which are used to produce new, pseudo-random system passwords and encryption keys, are used during only a single system connection before being replaced with new parameters having no known relationship with their previous counterparts, and both the originating system and the answering system in a network exchange independently generated passwords through use of an encryption key generator which employs bit-shuffling, many-to-few bit mapping and secure hash processing to produce such parameters in a manner which is highly resistant to any attempt to discover the secret inputs to the encryption key generator through cryptographic analysis or brute force trial-and-error attacks. Further, the hand shake protocol between the originating system and the answering system requires that only system identifiers be exchanged over a network in cleartext, and protects the static and dynamic secret encryption key generator inputs, and the system password, encryption key, and change value outputs from exposure. A tamper-resistant security module or token system is used with either or both the originating system and the answering system to provide additional security. That is, all authentication, password generation, and encryption key generation functions for the originating system are performed within the token for greater security. A further layer of security may be provided by altering the token and system IDs upon completion of a system connection between the originating system and the answering system. Susceptibility to playback impersonations thereby is significantly reduced.