The present invention relates to security during the access to a computer or computer information, particularly by the use of an agent, and the present invention relates to security in backing up information.
In general, an authentication vicarious execution system uses a secure device in the access of a computer or computer information.
There are many problems related to security with respect to authentication. Many services are offered on web sites of a WAN (Wide Area Network), for example, the Internet. The user who wants to receive these services will be registered at the web site, and at that time the user will decide upon or enter a previously decided upon user name and password, to log in. In many cases, the periodic modification of the password is not carried out because a password change is bothersome, although the password should be modified periodically.
To solve the problem of next bothersome repeated entry of a user name and password, the sign-on vicarious execution system was devised. Such a system provides considerably less complexity. In the use of the sign-on vicarious execution system, a person who wants to receive a service or other information over a network, discloses personal sign-on information. For example, the user discloses a name and password to an agent, for example a commercial company. The agent maintains registered records of its customer's unique user names and passwords. This company acts as an agent to consign the control of the sign-on information by having its sign-on vicarious execution control server provide the sign-on information to each site that the customer wishes to log on to, after the customer has once logged on to the sign-on vicarious execution control server. That is, having once signed on to the sign-on vicarious execution control server, the customer can access repeatedly web sites and have the sign-on information, user name and password, automatically provided by the agent without further complication or modification by the customer.
For security reasons, the sign-on information, or at least a portion of the sign-on information, should be changed periodically. Prior to the use of an agent, it was necessary for the user to contact each site in the network and change their sign-on information. With the use of an agent, the agent's customer needs to only once contact the agent, and thereafter the agent will automatically contact the sites that the customer has used and change the customer's sign-on information.
In addition to the specific sign-on information of a user name and password, there may be additional important personal information used to verify the authenticity, provide credit information, etc. of a particular user. It is understandable that users do not like to disclose this personal information to any individual of a company, for example the company managing the sign-on vicarious execution system, although the use of such a system to function as their agent is convenient. This hesitation is due to the risk that the personal information will leak outside of the sign-on execution company, for example through an attack from the outside, or through some human error or accident within the company, or by some other criminal type of behavior. Such a leakage is particularly dangerous, because the customer or user may not know the leakage has occurred, which is the usual case. There is a further risk involved with the entrusted personal information, in that the company may dissolve by bankruptcy or be purchased by another company, and in such cases the control of the information may pass to others not intended to obtain this information by the user.
That is, there is a general problem of securely storing information, without that information falling into unwanted hands.
There is a further problem involved in the leakage of such information, because once the personal information leakage has occurred and the information has gone to those to whom it is not intended, particularly with respect to a large-scale leakage, the correction of such a problem is voluminous in that the personal information of many people must be stripped from the sign-on vicarious execution system and possibly in addition stripped from other locations to where it has been sent.
There has been considerable interest in these problems and their solution, but problems still remain. It is the purpose of the present invention to address these problems.
U.S. Patent Application Publication US2002/0077992 A1, published Jun. 20, 2002, to Tobin, relates to a personal transaction device having a transaction privacy clearing house (TPCH), which authorizes a transaction based upon a device identifier and accessible data that includes account information of a user. If the secure device authenticates a user, then the secure device will execute a sign-on to each site requested by the user, that is it will act as the agent for the user. The user transaction device provides a device identifier when coupled to a transaction terminal. The secure device of the present invention may also be used as a sign-on agent and it supplies a device identifier when coupled to a transaction terminal.
In Tobin, the accessible data is stored in a public storage area of a memory storage device that can be communicatively coupled to the user transaction device. The user's personal transaction device is communicatively coupled to a detachable memory storage device. The detachable memory storage device includes both public and private storage areas. The encryption/decryption key for the private storage area is stored in the memory of the personal transaction device, that is the encryption/decryption key stays with the users personal transaction device, even if the detachable memory storage device is lost or stolen, and therefore the data within the private storage area that is encrypted would remain inaccessible within the personal transaction device that includes the key for the encrypted data. This patented system provides the user with good control over the personal information. Because the personal information and decryption codes are not concentrated, a large-scale information leakage cannot occur, that is, access is controlled and distributed by each user.
With the use of the Tobin sign-on agent, the authentication code, for example the password, may be long and complicated because it is sufficient for the user to remember only one password between the user and the secure device, and the secure device or agent provides the long and complicated authentication code.
U.S. Pat. No. 5,815,665, issued Sep. 29, 1998 to TEPER ET AL, relates to providing trusted brokering services over a distributed network, that is it relates to the use of an agent for providing sign-on information. The patented invention operates within an environment where the present invention is also usable. In such an environment, a Service Provider (SP) will host an accessible site on a distributed network, such as a WAN, for example the Internet, while relying upon a central on-line brokering service, the agent, to handle user authentication and billing matters. The user may employ or purchase the services or products of the SP, without repeatedly providing personal information, which personal information for sign-on is provided by the agent. With respect to purchasing, the personal information provided by the agent may include credit, billing and shipping information.
In TEPER et al, each user selects a password and is assigned a unique ID, which can be mapped to the user only by the agent, specifically in this case the online brokering service. The password and unique ID are stored in the brokering database, and there used to authenticate registered users.
The SP site sends a challenge message to the user's computer over the distributed network and the user computer responds by generating and returning a cryptographic response message. The cryptographic response message is preferably based on both the challenge message and the user's password, which is entered manually by the user. This response message is essentially meaningless to the SP site, but contains the information needed by the online brokering service to authenticate the user. The SP site forwards the response message to the online broker site along with the user's unique ID, which the SP site obtains from the user computer.
With the exception of the manual entry of the password by the user, this TEPER et al authentication sequence is transparent to the user. The user's computer temporarily caches the user password once it has been manually entered, allowing the user access to one SP site after another SP site without having to reenter the password.
The online brokering service also preferably stores and dynamically provides to the SP sites upon user authentication, user-specific customer data, which may include, for example, (1) user specified preferences for the display of certain types of data, (2) the geographic region (e.g., zip code) in which the user resides, or (3) the configuration of the user's computer.
An advantage mentioned by the TEPER et al patent is that the user can access the various SP sites and services using a single password and log on procedure, and can access one SP site after another without having to reenter the password. Another advantage is that the user is automatically provided with customized service, including customized access rights, at each registered SP site. These functions and advantages of TEPER et al are also provided by the present invention.
Prior to using the TEPER et al online brokering service, users and service providers must register with the online broker to establish a personal password that is known only by the user and the broker. Additionally, the broker assigns a unique ID that can be mapped to the user only by the broker. The system is suitable for use over a completely un-trusted public network, such as the Internet. The online broker maintains one or more databases that include the passwords, unique IDs, access rights and bills (charges) of the users during usage.
The response message of TEPER et al is a combination of the challenge message and the user password. Using a conventional one-way (that is non-reversible) hash algorithm, the challenge/password combination is converted into a hash code so that the service provider cannot extract the user's password. To authenticate the user, the online broker accesses the brokering database with the user's unique ID to look up the user's password and then determines whether the received response message corresponds to the user's password.
U.S. Patent Application Publication 2002/0112027 A1, published Aug. 15, 2002, to McHugh, et al, refers to difficulties that may arise for users who are conducting transactions on behalf of their employer or their company. In such cases, it is necessary for the individual user to have the requisite corporate information, including financial and billing information requested by a retailer or some other site. The present invention also addresses this security problem.
The McHugh et al patented system enables the user to store commonly requested data elements in a single location and to allow the user's device (for example a personal computer, mobile phone, PDA, or a web server of a trusted third party) to handle requests for data automatically, identifying and sending suitable information. This eliminates the time involved in repeatedly entering the same data into a number of different web sites or other data entry systems, and it also eliminates the potential for mistakes in typing or transcription of words or numbers, both of which are also advantages of the present invention.
As an example in McHugh, et al, a user operating from an un-secure device, for example a computer at an Internet Café, might direct the seller to a data server's web address for data to be supplied. The data server in response would send to the user, via the seller, a request for verification, for example to input a PIN, (Personal Identification Number), and only a successful response by the user to the seller (and from there to the data server) would enable the release of data. The present invention may operate in a similar environment.
Preferably, the McHugh, et al user interacts with the device at least partially by means of an ID device held by the user and an ID device reader connected to the un-secure device, for example at the Internet Café. The ID device may be selected from a magnetically readable data carrier, an optically readable data carrier, a carrier containing an integrated circuit on which identification is stored, a device operable to transmit electromagnetic signals to an ID device reader, and a mechanically readable data carrier. In paragraph 0107, the patent envisions the use of reversible encryption.
U.S. Pat. No. 6,378,075 B1, issued Apr. 23, 2002, to Goldstein, et al, relates to a trusted agent for electronic commerce. This patent involves leakage problems, through the agent and through the transmission of information between an agent and a web site, which problems are addressed by the present invention.
U.S. Patent Application Publication 2001/0044787 A1, published Nov. 22, 2001, to Shwartz, et al, relates to a secure private agent for electronic transactions. The published patent application addresses the security problem, and it appears to concentrate on the secure transmission of information between the agent and the requesting site.
U.S. Pat. No. 4,317,957, issued Mar. 2, 1982, to Sendrow, relates to a system for authenticating users and devices in online transaction networks, and is concerned with the encryption of private information in the central account and encrypted transmission of such data. Encrypting is used to authenticate the user. A remote terminal or computer employs multiple-encryption using a secret terminal master key stored in the terminal or computer to generate a working key that is used only to encipher the transaction request message that is generated within the terminal or computer. The account database is searched to find enciphered and other data corresponding to the account of the user and the device from which the message was received. It appears that the PIN is not stored at the user device or the retailer device. The terminal master key is never transmitted in any form.
The PCT application number WO 00/42540, published Jul. 20, 2000, to Markus, et al, further shows the environment of the present invention.
Therefore, there is a need for an improved security in the storage of information.