1. Field of the Invention
The invention relates generally to the field of securing stored digital data from access by unauthorized users.
The invention relates more specifically to the problem of providing password-based, secured file access to users who work on any one of a plurality of computers.
The invention relates even more particularly to the problem of providing user log-in records (passport records) and allowing the same to be securely used across a plurality of computer workstations for user authentication and for other user-specific needs.
2. Cross Reference to U.S. Patents
The following U.S. patents are assigned to the assignee of the present application, and their disclosures are incorporated herein by reference:
(A) U.S. Pat. No. 5,768,373, issued Jun. 16, 1998 by S. Lohstroh et al and entitled, A METHOD FOR PROVIDING A SECURE NON-REUSABLE ONE-TIME PASSWORD;
(B) U.S. Pat. No. 5,953,419, issued Sep. 14, 1999 by S. Lohstroh et al and entitled, CRYPTOGRAPHIC FILE LABELING SYSTEM FOR SUPPORTING SECURED ACCESS BY MULTIPLE USERS; and
(C) U.S. Pat. No. 5,699,428, issued Dec. 16, 1997 by W. McDonnal et al and entitled, SYSTEM FOR AUTOMATIC DECRYPTION OF FILE DATA ON A PER-USE BASIS AND AUTOMATIC RE-ENCRYPTION WITHIN CONTEXT OF MULTITHREADED OPERATING SYSTEM UNDER WHICH APPLICATIONS RUN IN REAL TIME.
3. Description of the Related Art
As knowledge of computers proliferates throughout society; and as use of computers and of digital data also spreads, the threat grows that unauthorized persons will gain useful (intelligent) access to confidential, digitized information.
As such, it is advisable to take security measures to limit the number of persons who can intelligibly access various stored or transmitted forms of digital data. It is sometimes further advisable to limit the physical locations from which such intelligent access can take place.
A wide variety of materials may be stored or transmitted in the form of digitized signals. By way of example, proprietary digital data may represent financial and engineering documents of a start-up engineering company. The latter documents may be nonvolatily stored as encrypted digital data in the company""s central database computer or they may be similarly stored repeatedly across a plurality of networked workstations or even among non-networked portable computers or even further among portable media devices such as floppy diskettes that are carried about by company workers from place to place.
The company may wish to have certain of its proprietary documents kept more confidential than others. More specifically, the company may want to restrict intelligible access to some stored documents such that only very specific groups of people can do so and perhaps only when those people are accessing the information from very specific locations.
At the same time, the company may wish to permit other stored documents to be intelligibly accessible to any company worker from any location while blocking the general public from having similar access.
The company may further desire to have a wide variety of other security options picked out from a spectrum that has at one end, only one specifically authorized person accessing a certain piece of information through only one specific machine, and which spectrum has at an opposed end, all authorized persons being able to intelligibly -access all pieces of information through any machine located anywhere.
As a more concrete example, the company may possess critical financial records and may wish to limit intelligible access to these records to certain, high level officers of the company provided further that these people log-in through any of a limited number of specific machines located in certain specially-secured offices of the company""s.
At the same time, the company may have an ongoing engineering program that a select group of engineers are to be allowed access to by means of logging-in from any workstation they happen to be on. For example, a remotely located, company engineer may need to quickly access, by way of communications carried over a local area or a wide area or another communications network (LAN or WAN or Internet), a particular, confidential engineering file that is needed for a rush engineering job.
The security of the so-requested information needs to be safeguarded while it is in-transit. This can be done by transmitting an encrypted copy of the requested file over the communications network. The transmitted copy has to be decrypted at the receiving end to make its information intelligible.
However, before intelligible access is granted at the receiving end, the local computer on which the alleged requestor is working, should verity that the requestor is indeed whom he or she claims to be rather than a spoofer.
The local computer will typically display a demand for a user identification (e.g., the user""s publicly-known name such as xe2x80x98John E. Doexe2x80x99 or his initials xe2x80x98JEDxe2x80x99) and for a user-memorized password (which password should be known only to the user).
If the requester fails to authenticate his or her identity with a valid identification and matching password, access should be denied.
Often times, the memorized password and user ID are not enough by themselves to provide a desired level of security. After all, the user""s identification (his or her name) is known to too many people and thus does not act as a significant safeguard.
The user""s password can be compromised through trickery or inadvertence. For example, a first user may trust a xe2x80x98friendxe2x80x99 and reveal the password to the friend over the telephone because the friend legitimately needs a particular file. The friend may write the password and the first user""s name on a slip of paper so as not to forget. The same friend may later neglectfully drop the paper in a trash bin or other unsecured area where it is acquired by a third person. That third person can then try to penetrate the secured system from any of a large number of portals using the so-compromised password and first user""s identification.
In some systems, the physical location of the log-in portal is used as an additional safeguard to reduce the risk of compromise from scenarios such as the one above. Each authorized user is asked to remember a different password for each of plural computer terminals or workstations that the user will work from. If an unauthorized third party gets a hold of one of the many passwords, that third party still has to determine through trial and error which machine will accept the password and matching user""s name. This may take significant time and expose the third party to risk of being detected as he or she tries to log-in into the various different machines.
As additional security, some of the differently-located machines may not be permitted to receive or decipher all of the company""s encrypted files. This helps to decrease the amount of possibly compromised data in the event that the third party successfully determines which machine will accept a compromised password and matching user""s name.
Such dependence on different passwords for different machines is an annoyance however.
Few people want to remember a large number of unique passwords each for a different machine, unless of course, there is a very powerful reason for doing so. Authorized users generally want to be able to roam freely from one workstation to another, and to be able to enjoy quick and easy access to all the information they have authorization for with a single password.
However there is still the danger that the single password of a particular user may leak out inadvertently or through trickery.
If each user wants to rely on just a single, personal password, it is prudent to have one or more additional layers of security.
One such further layer of security is that of requiring authorized users to present a computer-readable identification badge or card (such as a smart card or a magnetic strip card) to the computer at the time of log-in. The computer-readable identification badge should carry a password-word related, long digital key, where the latter key is too long to memorize and ties somehow to the password.
Physical possession of the computer-readable identification badge can be deemed as additional proof that the user is whom he or she claims to be rather than an imposter.
There are problems with the badge approach however. A first problem is the inconvenience of having to physically carry the computer-readable identification badge about. A second problem is the possibility of losing it. If the badge is lost, the user is not only blocked from immediately logging-in but is also blocked from immediately changing his or her password when he or she realizes the badge is lost. This creates a window of opportunity for an unauthorized third party to acquire the old password and the lost badge, and break into the system.
A user should be able to change his or her password at any authorized workstation at any time as desired. Such user-initiated, arbitrary change of the password at any time and any authorized place is a generally desirable thing because it reduces the likelihood of security breaches. Such arbitrary change of password may even be deemed necessary in instances where the user suspects that his/her prior password and identification badge have been compromised.
It would be advantageous to have a secure system that is simple and convenient to use, and in addition is flexible.
The above-mentioned, flexible characteristic implies that each authorized user will be allowed to utilize one or more user-specified passwords to access data either on all or a specified subset of plural machines as that user or a system administrator see fit for the given circumstances. The flexibility characteristic further implies that each authorized user will be able to arbitrarily change his or her password at any time and authorized place either for a specified single machine or for all machines or for a unique subset of machines as seen fit for the specific circumstances.
The above-mentioned convenience characteristic implies that password-associated authorizing codes (such as the long digital key mentioned above) can be moved around in a confidential and effortless manner despite their use over a plurality of machines, without requiring a physical identification badge.
An improved, machine-implemented security method and apparatus are disclosed herein for providing flexible and convenient secured access to encryption-covered information on a per-user basis across a plurality of machines.
In accordance with the invention, when a user creates a password for the first time or changes his or her password, an associated key (K) is generated in the computer workstation that first receives the new/changed password. A user log-in record (also referred to herein as a xe2x80x98passport recordxe2x80x99) is also generated in that workstation for securely storing the password-associated key (K) and other authorizing codes.
The password-associated key is typically a long stream of say 128 or more randomly-generated bits that cannot be easily memorized, and as such must be recorded into and held within some form of storage media. The user log-in record (passport record) is the data structure that is recorded into the storage media and is used for carrying the key along with other information. The log-in record can. be transferred from machine to machine either by signal transmission (e.g. by wire) or by physical conveyance of a storage device (e.g. a smart card) as desired.
Further in accordance with the invention, log-in records have at least two different formats. (1) one which is used when the storage media of t he log-in record is xe2x80x98physically securedxe2x80x99; and (2) another which is used when the log-in record is xe2x80x98in-transitxe2x80x99.
Examples of the in-transit mode include instances when the log-in record is held in an easily transported storage media such as in a magnetic strip card or in a floppy diskette and instances when the log-in record is being transmitted through an unsecured transmission means (where the latter could be cable or radio broadcast).
When a user next tries to log into the computer system through any portal, after the initial password and log-in record have been created, the user must not only generally present the same password, but the user""s log-in record must also be presented to or must be already present in the local computer (workstation) to further validate that the user is whom he or she claims to be. (An exception to this rule may occur if the user forgets his/her password and the user instead uses a backdoor entry mechanism referred to as OTP {One Time Password} which mechanism is detailed in the above-cited U.S. Pat. No. 5,768,373.
In essence, the user""s log-in record acts as a sort of passport document that is generally required to be presented in untampered-with form at the local workstation in addition to the password. In one embodiment, the combination of password and log-in record is demanded even before the operating system is allowed to fully boot-up.
For security-reasons, a log-in record in accordance with the invention stores an encrypted version (K*) of the password-associated, key (K). Both the correct password and an untampered version of the user""s log-in record bearing the correct encrypted key (K*) are generally needed for successful logging-in the next time the user wants to log into the system.
When a user""s log-in record is in transit, it takes on a split-key format wherein two independent keys are needed to permit log-in. One of those keys however (e.g., the PriWK1 key described below) is not included in the in-transit log-in record and must be separately provided by, for example, a local administrator at the time of import of the in-transit log-in record into the workstation through which log-in by the user is desired.
The other key (e.g., the KS0 key described below) that is needed for successful log-in is included in the in-transit log-in record, but in encrypted form (KS0*). The data of the in-transit log-in record is protected by a digital signature, thereby making undetected tampering with the data of the in-transit record unlikely.
One embodiment of a user""s log-in record in accordance with the invention is covered by a digital signature signed by the user""s private key. The record includes the following fields: (a) an encrypted version (KS(0/1)*) of either: (a.1) a password-associated, outside key (KS0) that was generated outside the local workstation or (a.2) a password-associated, internal key (KS1), where the internal key was independently generated by the local workstation and is therefore usually different from the outside key (KS0); (b) a flag field that specifies whether (a.1) or (a.2) is true; (c) an encrypted version (PriUK*) of a private user key where the encrypted version is formed using KS(0/1) as an encrypting key; (d) a private key-holding field that is: (d.1) blank when the record is in-transit, or (d.2) holds an encrypted version (PriWK1*) of a private workstation key when the record is physically-secured within a corresponding workstation, where the physically secured encrypted version is formed using a private key generated within and belonging to the corresponding local workstation; (e) a user""s local key-holding field that is: (e.1) blank when the record is in-transit, or (e.2) holds an encrypted version (KS1*) of a user-specific local key when the record is physically-secured within a workstation, where the physically secured encrypted version is formed using a user-specific key generated within and belonging to the combination of the local workstation and the specific user; and (f) a pre-OS validating field that holds an encrypted version (DOS.txt*) of validating string covered by KS(0/1). When the record is in-transit between workstations, KS(0/1) does not equal KS1, the private key-holding field is blank, and the user""s local key-holding field is blank.
During log-in, the user is asked to supply his or her memorized password. Before OS-bootup completes, the supplied password is tested for its ability to extract from the user""s log-in record, a plaintext version of the validating string (DOS.txt). After OS-bootup completes, the supplied password is tested again for its ability to extract from the user""s log-in record, a plaintext version of the local workstation""s private key (PriWK1) and a plaintext version of the user""s private key (PriUK). Failure at any of these test points results in denial of log-in.
The digital signature on the user""s log-in record provides pre-log-in authentication, meaning that presentation of an untampered-with log-in record can be verified by digital signature technique. The user""s log-in record therefor acts as a sort of tamper-proof passport document that must be presented in untampered with form in addition to the password.
A central server is not needed for dispensing or validating log-in records, although one could be used if desired.
Other features and aspects of the invention will become apparent from the below detailed description.