WO1990012464A1 - Method and apparatus for protecting material on storage media - Google Patents

Method and apparatus for protecting material on storage media Download PDF

Info

Publication number
WO1990012464A1
WO1990012464A1 PCT/US1990/001634 US9001634W WO9012464A1 WO 1990012464 A1 WO1990012464 A1 WO 1990012464A1 US 9001634 W US9001634 W US 9001634W WO 9012464 A1 WO9012464 A1 WO 9012464A1
Authority
WO
WIPO (PCT)
Prior art keywords
personal
information processing
user
storage medium
security
Prior art date
Application number
PCT/US1990/001634
Other languages
French (fr)
Inventor
Gerald S. Lang
Original Assignee
Lang Gerald S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lang Gerald S filed Critical Lang Gerald S
Priority to EP19900905961 priority Critical patent/EP0465571A4/en
Publication of WO1990012464A1 publication Critical patent/WO1990012464A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • the storage media is relatively small in size and, due to the need for allowing access to the material provided on this storage media to various authorized personnel remote from one another, it is important that a system be developed in which the storage media can be sent to various locations without the security of the material on the media being compromised.
  • the sto ⁇ rage media provided with software program information thereon, is used to allow access to only a portion of the program information, or one or more programs from a plurality of programs.
  • the deficiencies of the prior art are overcome by the present invention which is directed to a method and system for granting complete or limited access to information stored in a storage medium or media utilizing information physically stored in the storage medium or media.
  • the particular storage medium or media are included in an appropriate reader which is connected to a standard personal computer, minicomputer, or a mainframe computer having a means for entering personal and system access data therein, such as a keyboard.
  • the storage medium can be any permanent or erasable item such as an optical disk, a CD ROM, a WORM, a floppy disk, a disk pack, a smart card, an integrated circuit card, an optical card, as well as special items such as a BERNOULLI box disk, or any other type of storage medium.
  • a storage accessing device (used interchangeably herein with the following terms- personal accessing device and smart card) provided with an encrypted or non-encrypted personal security key as well as personal identification code is included to allow an individual access to the storage medium or media.
  • a storage accessing device used interchangeably herein with the following terms- personal accessing device and smart card
  • an encrypted or non-encrypted personal security key as well as personal identification code is included to allow an individual access to the storage medium or media.
  • SMART card that does not require an electronic, optical, capacitive or magnetic reader to receive or transmit personal and system data.
  • the information storage portion of the CD ROM is broken up according to a predetermined classification system and stored in various logical zones , each of which contains a discrete set of databases or other material therein. There may be one or more logical zones recorded on the CD ROM. Users, based on their need to know, as well as the sensitivity of the material to be stored on the CD ROM, are accorded access privileges that correspond to previously designated logical zones. Based on an organization's or person's storage classification system, material are categorized and stored in the corresponding logical zones when the CD ROM is manufactured. Therefore, for each user being granted access privileges, a determination is made as to which logical zones each particular user would be allowed access.
  • each user is assigned a particular zone access code (ZAC) which is translated into corresponding logical zones using an index table stored in the CD ROM.
  • ZAC zone access code
  • SK personal security key
  • Each authorized user is assigned a ZAC and a unique system identification code.
  • the intended user's bio etric coded information can be paired with the personal security key.
  • the ZAC, the system identification code, the personal security key code, plus the possible use of biometric coded information, as well as the logical zones assigned to the ZAC for each user or class of user, is included on the CD ROM in the form of an index table when it is manufactured.
  • the user When an individual wishes to gain access to the CD ROM, the user would correctly enter his particular personal identification code in the aforementioned smart card which would then display both the ZAC as well as the system identification code in either encrypted or non-encrypted form.
  • the user utilizing a keyboard, would enter this code into the computer which then compares the decrypted or encrypted codes obtained from both the smart card and CD ROM and if a match is obtained, would then verify that this particular system ID code is proper and that material this accessor seeks access to is stored on the storage medium or media.
  • the computer retrieves the paired personal security key (SK) .
  • the computer would then generate a random number which is displayed upon its screen to serve as a challenge to the personal accessing device (smart card) .
  • the user would input this random number into the smart card via its keypad.
  • the smart card as well as the computer are provided with a particular encryption/decryption algorithm (alternately a security microprocessor chip) .
  • Both the computer and the smart card would simultaneously compute a response to the challenge code (random number) and this response is displayed on the smart card screen.
  • This displayed response is then entered into the computer through its keyboard to determine whether there is a match. If a match is shown to have occurred, the computer will then display all the logical zones and material names therein to which access privileges have been granted and allow the user access to these logical zones provided in the storage media.
  • system security key SSK
  • RAM volatile random access memory
  • security microprocessor chip board installed in the information processing device.
  • the system security key is used to decrypt all the encrypted material transferred from the CD ROM.
  • the information processing device's copy of the system security key is destroyed when the information processing device loses its power or if said device concludes its CD ROM activities and is then used for other applications.
  • Each CD ROM has its own system security key recorded on it which would be retrieved by the information processing device for use during search and retrieval activities when authorized user access is established.
  • the CD ROM search and retrieval program can be stored either on items such as floppy disks to be used at the time of CD ROM operation, on the information processing device's permanent memory, or on the CD ROM.
  • the personal identification code can be entered via the computer keyboard or via a keypad on the card reader. The entry of the correct personal identification code enables the smart card to start transmission and the paired ZAC and system identification codes which are stored in the smart card microcomputer's EPROM or EEPROM are transmitted to the computer. Based on the transmitted ZAC, the index table on the storage media is searched to determine if there is a match. If the corresponding ZAC is not stored in the index table of the storage medium or media, a message is displayed on the computer screen that access will not be granted.
  • the associated system identification codes stored on the storage medium or media are accessed until an exact match is found. If no match is found, the accessor will not be granted access. If an exact match is found, the personal security key paired with the user's system identification code is retrieved by the computer and is used to operate upon a randomly computer generated number. At the same time, the random number is also transmitted to the smart card reader which inputs the number to the smart card.
  • the authorized user's smart card has both an identical encryption/decryption algorithm or microprocessor chip and personal security key to that of the information processing device and the CD ROM. The smart card operates on the random number using its internally stored personal security key and transmits the result through the card reader to the computer (information processing device) .
  • the information processing device uses an encryption/decryption algorithm or microprocessor chip to compare the results of both operations upon the random number. If a match occurs, the accessor's authorized status is ascertained and the predetermined access privileges are granted.
  • prior art devices include verification routines provided on the storage media to protect access to the entire program, no prior art device, however, limits access to only a portion of this program, or access to one program from two or more stored programs. Additionally, access can be provided to one or more programs from a plurality of programs. To prevent unauthorized access , the storage accessing device can be programmed to permit only one download or a specific number of downloads of the portion of the program or one or more programs from a plurality of programs on the media allowed access by the user.
  • Fig. 1 is a block diagram of the system of the present invention
  • Fig. 2 is a diagram of a typical personal accessing device
  • Fig. 3 is a flow diagram of a method of granting access to the storage media based upon the present invention
  • Fig. 4 is a diagram showing a single entry in the index table of a storage medium.
  • the present invention is directed to a method and apparatus for granting access to information such as data and databases, messages and other textual information, graphs, tables, maps, facsimiles (FAX) of all manner of transmitted materials, audio such as speech and music, video, images, photographs, or the like provided on a storage medium or media such as a CD ROM or the like.
  • a storage medium or media such as a CD ROM or the like.
  • the present invention grants access to the storage media itself or a portion thereof based upon an indexed table included directly on the storage medium or media.
  • the storage media hereinafter a CD ROM, can be, if desired, divided into a plurality of logical zones.
  • access can be granted to all of the logical zones or a particular combination of logical zones.
  • the user is assigned a zone access code, along with a system identification code, and a personal security key.
  • biometric coded information can also be assigned as part of the personal identifier. This information for each of the users is stored on the CD ROM along with the translation of each zone access code into its corresponding logical zone(s) .
  • each of the users is assigned a personal identification code for use with the smart card to corroborate the user's identity and thereafter enable the smart card to initiate the challenge-response dialogue with the storage medium or media.
  • a user can gain access utilizing the system 10 illustrated with respect to FIG. 1.
  • access to the storage media CD ROM is nrovided utilizing a personal accessing device 12.
  • This device 12 can be various configurations of devices.
  • a smart card it can be of types of smart card which would automatically interface with an automatic reader 16 connected to a computer or information processing device 20, or through the intervention of a human reader 14 with a keyboard 18.
  • the computer or information processing device would run the gamut from microcomputers, minicomputers to mainframe computers.
  • a smart card 24 shown in Fig. 2 with a keypad and light crystal display.
  • An ON/OFF key 26 of the smart card 24 is depressed and the smart card is turned on.
  • the smart card may use an encryption/decryption algorithm or microprocessor chip or any other encryption device if a security key device is employed with the CD ROM.
  • the integrated circuit or microprocessor chip provided in the smart card contains the system identification code that will let the computer or information processing device know the identity of the authorized user.
  • Typical system identification codes 34 are shown in the illustrative storage medium index table with respect to FIG. 4.
  • the authorized user's security identification code consists of a two-digit zone access code, and a six-digit system identification code, the exact number of digits employed, as well as the use of alphanumerics can be modified based, upon system needs and preference.
  • the code is displayed at 30 of the smart card. Once the security identification code is displayed on the smart card 24, the accessor enters it into the computer or information processing device 20 via keyboard 18.
  • the corresponding zone access code is searched for in the index table to find out if the storage medium or media contains stored material for that zone's access privileges. If the corresponding zone access code is missing from the storage medium or media index table, then a message will be displayed on the computer or information processing device screen 20 indicating that access is denied. If the zone access codes match, then the computer or information processing device verifies that the accessor may have privileges to material stored on the CD ROM(s) and will look up the paired personal security key 38 stored on the CD ROM. To ensure that the security aspect of the present invention is as inclusive as possible, the personal security key can be encrypted directly in the CD ROM.
  • the zone access code 32 corresponds to the particular logical zones assigned to one or more authorized users. For example, as shown in FIG.
  • a zone access code of 33 corresponds to the logical zone 36 portion of the index table indicating that logical zones 10 and 11 will be allowed access.
  • Any one of the logical zones on the CD ROM can contain one or more databases or other material. Therefore, as shown, any one of the zone access codes can be assigned to a user, who in turn, can be assigned an individualized system identification code associated with that zone access code from the total of up to 1,000,000 unique code numbers available. Certainly, if more user codes are required, alphanumeric characters can be used or the number of characters of the system identification codes 34 can be increased.
  • a special logical zone can be set aside to control the downloading of data from the storage medium or media.
  • the zone access code 32 value of 01 corresponds to logical zone access privileges 1, 9, 26.
  • Zone access code 02 gives authorized users access to the same three logical zones of 1, 9 and 26, but the addition of logical zone 99 enables the authorized user to download the stored material. Without logical zone 99 privileges, an authorized user could not perform downloading.
  • the personal security key code paired with this system identification code is utilized to verify the proper identification of the accessor.
  • a random number generator provided within the computer or information processing device 20 generates a random number, such as a four-digit number which is displayed by the computer or information processing device and serves as a challenge to the smart card 24.
  • the user depresses the challenge key 38 and enters the random number into a smart card 24 using the keypad 28 and then depresses the enter key 40.
  • An identical encryption/decryption algorithm or microprocessor chip and personal security key provided in both the computer or information processing device 20 as well as the smart card 24 performs an operation on the random number.
  • the response to the challenge by the smart card is displayed and this number is entered into the keyboard 18.
  • the computer or information processing device then compares this result with the result that it generated utilizing the CD ROM transmitted personal security key which is paired to the system identification code. If these two results are identical, access to the particular logical zones corresponding to the zone access code 32 would be allowed to that particular user.
  • This type of accessing system would allow the CD ROM to be circulated among a number of authorized users, allowing each user access potentially to all or only a discrete portion of the information included in the CD ROM, according to each person's access privileges.
  • the CD ROM or any type of storage media which is uti ⁇ lized would operate in conjunction with retrieval software stored in a number of ways such as on the CD ROM or on the computer or information processing device non-volatile memory. If it is stored on floppy disks or other reusable media, such as the computer's hard disk, it can be updated as necessary to detect and deactivate outdated, duplicated or lost personal accessing devices, such as smart cards, which are presented for system access. An added feature could be that if a reported lost smart card 12 was used to gain access, and the computer or information processing device 20 determined it was a lost smart card, a "killer" challenge code could be displayed, which when entered into the smart card would deactivate the device.
  • an automatic reader 16 can be employed instead of manually inputting the information onto the smart card 12 or the computer keyboard by the human reader.
  • the smart card 12 and the computer or information processing device 20 would after the correct personal identification code is given, engage in its dialogue automatically to determine whether access by the accessor would be allowed.

Abstract

A method and apparatus for granting selected access to information encoded in the storage media included in one or more reading devices associated with a computer (20). A storage accessing device (12) is used in conjunction with the computer to determine whether access to a particular user to specific storage media is granted. The storage media may be subdivided into a plurality of logical zones and access to all or a portion of the material on the storage media is granted based upon the logical zones to which the user is allowed access. Information provided on the storage media includes an index table listing the security identification code, the logical zones to which a particular user is assigned, and a personal security key used in conjunction with a personal security key provided in the accessing device (12). The interaction between the accessing device (12) and the index table provided on the storage media determines access and privileges accorded to the user.

Description

METHOD AND APPARATUS FOR PROTECTING MATERIAL ON STORAGE MEDIA
BACKGROUND OF THE INVENTION In the approximately 45 years since the development of the first crude computer, our society has seen a virtual explo- sion of information storage as well as information processing machines. With the advent of the personal computer, this information explosion has permeated virtually every facet of our daily lives. In the business community, personal computers are used to store and process a large amount of material which was previously maintained in paper files. Similarly, many homes now include a personal computer for the storage of personal data as well as the processing of other types of information.
During the infancy of the computer industry, when only very large companies or the government were able to afford to purchase and maintain relatively large mainframe computers provided with bulky storage media, security for access to this storage media was generally maintained by limiting access to the area in which the computer was stored as well as access to the computer itself. Typically, an authorized user was issued either a computer password or security card allowing access to the computer and any files included in the storage media utilized with the company. In other words, the person attempting to gain access to the computer must possess the knowledge and/or the tools of the authorized user. However, used in the context of today's smaller personal computers and the utilization of relatively small, portable storage media, this type of security program has proven to be inadequate. For example, if the password or security card would be stolen from the authorized personnel, computer access to an authorized person would be granted. Additionally, since the storage media is relatively small in size and, due to the need for allowing access to the material provided on this storage media to various authorized personnel remote from one another, it is important that a system be developed in which the storage media can be sent to various locations without the security of the material on the media being compromised.
In this context, several methods have been developed for protecting access to software programs stored on storage media such as read-only-memory (ROM) . Examples of these devices are discussed in U.S. Patents 4,757,468 issued to Domenik et al and 4,740,890 issued to William. Both of these patents describe apparatuses for protecting software programs which will be distributed on a magnetic disk or similar storage media. Verification routines provided directly on the storage media are utilized to protect access to the entire program. However, no device has been developed in which storage media itself is utilized to protect non-program information, such as textual material, data, graphs, or other digitally stored material. Furthermore, since various personnel may be granted access to only selective material which would be on the storage disk, the scenarios described with respect to the Domenik et al and William patents would not be applicable to an instance in which various personnel would be granted access to only a limited portion of the material provided on the storage media. This is important since only a single master print of any entire file may be manufactured and distributed to various personnel with limited access of material granted to each of the personnel. If limiting access was not possible, various storage devices and quite possibly many more storage devices, must be manufactured and given to each of the personnel, based upon the section of the material to which each individual has been granted access .
Similarly, no device was discovered in which the sto¬ rage media, provided with software program information thereon, is used to allow access to only a portion of the program information, or one or more programs from a plurality of programs.
SUMMARY OF THE INVENTION
The deficiencies of the prior art are overcome by the present invention which is directed to a method and system for granting complete or limited access to information stored in a storage medium or media utilizing information physically stored in the storage medium or media. The particular storage medium or media are included in an appropriate reader which is connected to a standard personal computer, minicomputer, or a mainframe computer having a means for entering personal and system access data therein, such as a keyboard. The storage medium can be any permanent or erasable item such as an optical disk, a CD ROM, a WORM, a floppy disk, a disk pack, a smart card, an integrated circuit card, an optical card, as well as special items such as a BERNOULLI box disk, or any other type of storage medium. However, for simplicity sake, we shall describe the present invention with respect to a CD ROM storage medium. Additionally, a storage accessing device (used interchangeably herein with the following terms- personal accessing device and smart card) provided with an encrypted or non-encrypted personal security key as well as personal identification code is included to allow an individual access to the storage medium or media. Furthermore, for ease of understanding the present invention, we shall describe the storage accessing device with respect to a SMART card that does not require an electronic, optical, capacitive or magnetic reader to receive or transmit personal and system data.
Initially, when the CD ROM is mastered, the information storage portion of the CD ROM is broken up according to a predetermined classification system and stored in various logical zones , each of which contains a discrete set of databases or other material therein. There may be one or more logical zones recorded on the CD ROM. Users, based on their need to know, as well as the sensitivity of the material to be stored on the CD ROM, are accorded access privileges that correspond to previously designated logical zones. Based on an organization's or person's storage classification system, material are categorized and stored in the corresponding logical zones when the CD ROM is manufactured. Therefore, for each user being granted access privileges, a determination is made as to which logical zones each particular user would be allowed access. Based upon this determination, each user is assigned a particular zone access code (ZAC) which is translated into corresponding logical zones using an index table stored in the CD ROM. At the same time, paired to the ZAC, is a list of authorized system identification codes, each with its assigned unique personal security key (SK) . Each authorized user is assigned a ZAC and a unique system identification code. For extremely secure applications, the intended user's bio etric coded information can be paired with the personal security key. The ZAC, the system identification code, the personal security key code, plus the possible use of biometric coded information, as well as the logical zones assigned to the ZAC for each user or class of user, is included on the CD ROM in the form of an index table when it is manufactured.
When an individual wishes to gain access to the CD ROM, the user would correctly enter his particular personal identification code in the aforementioned smart card which would then display both the ZAC as well as the system identification code in either encrypted or non-encrypted form. The user, utilizing a keyboard, would enter this code into the computer which then compares the decrypted or encrypted codes obtained from both the smart card and CD ROM and if a match is obtained, would then verify that this particular system ID code is proper and that material this accessor seeks access to is stored on the storage medium or media. The computer then retrieves the paired personal security key (SK) . The computer would then generate a random number which is displayed upon its screen to serve as a challenge to the personal accessing device (smart card) . The user would input this random number into the smart card via its keypad. The smart card as well as the computer are provided with a particular encryption/decryption algorithm (alternately a security microprocessor chip) . Both the computer and the smart card would simultaneously compute a response to the challenge code (random number) and this response is displayed on the smart card screen. This displayed response is then entered into the computer through its keyboard to determine whether there is a match. If a match is shown to have occurred, the computer will then display all the logical zones and material names therein to which access privileges have been granted and allow the user access to these logical zones provided in the storage media.
Further, the system then releases the system security key (SSK) which is transferred to the information processing device's volatile random access memory (RAM) or to the security microprocessor chip board installed in the information processing device. The system security key is used to decrypt all the encrypted material transferred from the CD ROM. The information processing device's copy of the system security key is destroyed when the information processing device loses its power or if said device concludes its CD ROM activities and is then used for other applications. Each CD ROM has its own system security key recorded on it which would be retrieved by the information processing device for use during search and retrieval activities when authorized user access is established. The CD ROM search and retrieval program can be stored either on items such as floppy disks to be used at the time of CD ROM operation, on the information processing device's permanent memory, or on the CD ROM.
If a type of contact or contactless smart card is used which requires a non-human reader, the operation is very similar to the activities described above. The personal identification code can be entered via the computer keyboard or via a keypad on the card reader. The entry of the correct personal identification code enables the smart card to start transmission and the paired ZAC and system identification codes which are stored in the smart card microcomputer's EPROM or EEPROM are transmitted to the computer. Based on the transmitted ZAC, the index table on the storage media is searched to determine if there is a match. If the corresponding ZAC is not stored in the index table of the storage medium or media, a message is displayed on the computer screen that access will not be granted. If there is a match of the ZAC' s, then the associated system identification codes stored on the storage medium or media are accessed until an exact match is found. If no match is found, the accessor will not be granted access. If an exact match is found, the personal security key paired with the user's system identification code is retrieved by the computer and is used to operate upon a randomly computer generated number. At the same time, the random number is also transmitted to the smart card reader which inputs the number to the smart card. The authorized user's smart card has both an identical encryption/decryption algorithm or microprocessor chip and personal security key to that of the information processing device and the CD ROM. The smart card operates on the random number using its internally stored personal security key and transmits the result through the card reader to the computer (information processing device) . The information processing device uses an encryption/decryption algorithm or microprocessor chip to compare the results of both operations upon the random number. If a match occurs, the accessor's authorized status is ascertained and the predetermined access privileges are granted. With respect to software program application, while prior art devices include verification routines provided on the storage media to protect access to the entire program, no prior art device, however, limits access to only a portion of this program, or access to one program from two or more stored programs. Additionally, access can be provided to one or more programs from a plurality of programs. To prevent unauthorized access , the storage accessing device can be programmed to permit only one download or a specific number of downloads of the portion of the program or one or more programs from a plurality of programs on the media allowed access by the user.
BRIEF DESCRIPTION OF THE DRAWINGS These and other advantages of the objects of the inven¬ tion can be understood from the following detailed description of a preferred embodiment of the invention described in conjunction with the drawings wherein:
Fig. 1 is a block diagram of the system of the present invention;
Fig. 2 is a diagram of a typical personal accessing device; Fig. 3 is a flow diagram of a method of granting access to the storage media based upon the present invention; and Fig. 4 is a diagram showing a single entry in the index table of a storage medium.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention is directed to a method and apparatus for granting access to information such as data and databases, messages and other textual information, graphs, tables, maps, facsimiles (FAX) of all manner of transmitted materials, audio such as speech and music, video, images, photographs, or the like provided on a storage medium or media such as a CD ROM or the like. Contrary to most methods and devices for allowing access to the material provided on a storage medium or media, wherein access is granted to a computer included a storage media file, the present invention grants access to the storage media itself or a portion thereof based upon an indexed table included directly on the storage medium or media. The storage media, hereinafter a CD ROM, can be, if desired, divided into a plurality of logical zones. Based upon a user's need to know, access can be granted to all of the logical zones or a particular combination of logical zones. Based upon these logical zones, the user is assigned a zone access code, along with a system identification code, and a personal security key. For a more secure system, biometric coded information can also be assigned as part of the personal identifier. This information for each of the users is stored on the CD ROM along with the translation of each zone access code into its corresponding logical zone(s) . Additionally, each of the users is assigned a personal identification code for use with the smart card to corroborate the user's identity and thereafter enable the smart card to initiate the challenge-response dialogue with the storage medium or media.
Once all of the relevant information is directly pro¬ vided for a user within the CD ROM as well as a personal accessing device such as a smart card, a user can gain access utilizing the system 10 illustrated with respect to FIG. 1. As shown therein, access to the storage media CD ROM is nrovided utilizing a personal accessing device 12. This device 12 can be various configurations of devices. As a smart card, it can be of types of smart card which would automatically interface with an automatic reader 16 connected to a computer or information processing device 20, or through the intervention of a human reader 14 with a keyboard 18. The computer or information processing device would run the gamut from microcomputers, minicomputers to mainframe computers. For illustrative purposes only, we shall discuss the present invention with respect to a smart card 24 shown in Fig. 2 with a keypad and light crystal display. An ON/OFF key 26 of the smart card 24 is depressed and the smart card is turned on. Additionally, it is noted that the smart card may use an encryption/decryption algorithm or microprocessor chip or any other encryption device if a security key device is employed with the CD ROM. Once the smart card is turned on and the correct personal identification code is entered into the smart card, and the CD ROM is inserted into a storage media reader 22, the challenge-resp.onse process is ready to begin. Initially, the user would input a four digit or charac¬ ter personal identification code (PIC) into the smart card 24. It is noted that the exact number of digits of the PIC is not important and could consist of alphanumeric characters. The integrated circuit or microprocessor chip provided in the smart card contains the system identification code that will let the computer or information processing device know the identity of the authorized user. Typical system identification codes 34 are shown in the illustrative storage medium index table with respect to FIG. 4. Although the authorized user's security identification code consists of a two-digit zone access code, and a six-digit system identification code, the exact number of digits employed, as well as the use of alphanumerics can be modified based, upon system needs and preference. The code is displayed at 30 of the smart card. Once the security identification code is displayed on the smart card 24, the accessor enters it into the computer or information processing device 20 via keyboard 18. At this point, the corresponding zone access code is searched for in the index table to find out if the storage medium or media contains stored material for that zone's access privileges. If the corresponding zone access code is missing from the storage medium or media index table, then a message will be displayed on the computer or information processing device screen 20 indicating that access is denied. If the zone access codes match, then the computer or information processing device verifies that the accessor may have privileges to material stored on the CD ROM(s) and will look up the paired personal security key 38 stored on the CD ROM. To ensure that the security aspect of the present invention is as inclusive as possible, the personal security key can be encrypted directly in the CD ROM. The zone access code 32 corresponds to the particular logical zones assigned to one or more authorized users. For example, as shown in FIG. 4, a zone access code of 33 corresponds to the logical zone 36 portion of the index table indicating that logical zones 10 and 11 will be allowed access. Any one of the logical zones on the CD ROM can contain one or more databases or other material. Therefore, as shown, any one of the zone access codes can be assigned to a user, who in turn, can be assigned an individualized system identification code associated with that zone access code from the total of up to 1,000,000 unique code numbers available. Certainly, if more user codes are required, alphanumeric characters can be used or the number of characters of the system identification codes 34 can be increased.
A special logical zone can be set aside to control the downloading of data from the storage medium or media. As shown in FIG. 4, the zone access code 32 value of 01 corresponds to logical zone access privileges 1, 9, 26. Zone access code 02 gives authorized users access to the same three logical zones of 1, 9 and 26, but the addition of logical zone 99 enables the authorized user to download the stored material. Without logical zone 99 privileges, an authorized user could not perform downloading. Once the zone access code and system identification code are entered and accessed and matches confirmed, the personal security key code paired with this system identification code is utilized to verify the proper identification of the accessor.
A random number generator provided within the computer or information processing device 20 generates a random number, such as a four-digit number which is displayed by the computer or information processing device and serves as a challenge to the smart card 24. The user depresses the challenge key 38 and enters the random number into a smart card 24 using the keypad 28 and then depresses the enter key 40. An identical encryption/decryption algorithm or microprocessor chip and personal security key provided in both the computer or information processing device 20 as well as the smart card 24 performs an operation on the random number. The response to the challenge by the smart card is displayed and this number is entered into the keyboard 18. The computer or information processing device then compares this result with the result that it generated utilizing the CD ROM transmitted personal security key which is paired to the system identification code. If these two results are identical, access to the particular logical zones corresponding to the zone access code 32 would be allowed to that particular user.
This type of accessing system would allow the CD ROM to be circulated among a number of authorized users, allowing each user access potentially to all or only a discrete portion of the information included in the CD ROM, according to each person's access privileges.
The CD ROM or any type of storage media which is uti¬ lized would operate in conjunction with retrieval software stored in a number of ways such as on the CD ROM or on the computer or information processing device non-volatile memory. If it is stored on floppy disks or other reusable media, such as the computer's hard disk, it can be updated as necessary to detect and deactivate outdated, duplicated or lost personal accessing devices, such as smart cards, which are presented for system access. An added feature could be that if a reported lost smart card 12 was used to gain access, and the computer or information processing device 20 determined it was a lost smart card, a "killer" challenge code could be displayed, which when entered into the smart card would deactivate the device.
As illustrated in FIG. 1, an automatic reader 16 can be employed instead of manually inputting the information onto the smart card 12 or the computer keyboard by the human reader. In this instance, the smart card 12 and the computer or information processing device 20 would after the correct personal identification code is given, engage in its dialogue automatically to determine whether access by the accessor would be allowed. While the invention has been illustrated in some detail, according to the preferred embodiments shown in the accompanying drawings, there is no intention to limit the invention to such detail. On the contrary, it is intended to cover all modification, alterations and equivalents falling with the spirit and scope of the appended claims.

Claims

1. A security system for granting user access to digitized materials provided on a storage medium or media, said system comprising: a storage medium subdivided into a plurality of logical zones, each of said logical zones provided with particular material therein, said storage medium further provided with an index table indicating which of said logical zones the user will be allowed to access based upon accessing information provided to the system by the user; a reader for reading the digitized material provided in said plurality of logical zones as well as said index table of said storage medium; an information processing device connected to said reader, said information processing device including a display screen; a personal accessing device containing a security iden¬ tification code, to enable said personal accessing device to be in communication with said information processing device for transmitting said security identification code to said information processing device; wherein, said security identification code is compared to said index table provided on said storage medium to determine the particular logical zone or zones to which the user is allowed access utilizing said display screen of said information processing device.
2. The security system in accordance with claim 1, wherein said personal accessing device is initiated by a correct personal identification code entered by the user.
3. The security system in accordance with claim 1 wherein said index table and said personal accessing device are further provided with a particular personal security key code associated with said security identification code for each authorized user, and said information processing device is further provided with a random number generator, both said information processing device or alternately said storage medium and said personal accessing device further provided with identical encryption/decryption algorithm for utilizing a number generated by said random number generator for determining whether user access is granted to one or more particular logical zones associated with the user's security identification code.
4. The security system in accordance with claim 3 wherein said security identification code consists of a zone access code portion corresponding to logical zone access assigned to a particular user and a system identification code corresponding uniquely to the user and paired to said personal security key code.
5. The security system in accordance with claim 1 wherein said personal accessing device is provided with a series of input keys and a display for displaying a user's security identification code based upon a correct personal identification code entered into said personal accessing device by the user to enable the said personal accessing device, and wherein said information processing device includes a keyboard for entering the security identification code displayed on said personal accessing device.
6. The security system in accordance with claim 1, wherein access is granted to a plurality of storage media.
7. A security system for granting user access to non-software programs provided on a storage medium, said system comprising: a storage medium provided with non-software programmed material therein, said storage medium further provided with an index table indicating whether the user will be allowed access to said storage medium or media accessing information provided to the system by the user; a reader for reading the non-software programmed mate¬ rial provided on said storage media; an information processing device connected to said reader, said information processing device including a display screen; a personal accessing device containing a security iden¬ tification code, said personal accessing device in communication with said information processing device for transmitting said security identification code to said information processing device; wherein said security identification code is compared to said index table provided on said storage medium to be used in the process of determining whether an user will be allowed access to the storage medium utilizing said display screen of said information processing device.
8. The security system in accordance with claim 7 wherein personal accessing device is initiated by a personal iden- tification code entered by the user.
9. The security system in accordance with claim 7 wherein said index table and said personal accessing device are further provided with a particular personal security key code associated with said security identification code, said information processing device further provided with a random number generator, both said information processing device and said personal accessing device further provided with identical encryption/decryption algorithms for utilizing a number generated by said random number generator and operated upon independently using the respective personal security key codes, for determining whether user access shall be granted to specific portions or all of the storage medium.
10. The security system in accordance with claim 7 wherein said personal accessing device is provided with a series of input keys and a display for displaying a user's security identification code based upon a correct personal identification code entered into said personal accessing device by the user, and wherein said information processing device includes a keyboard for entering the security identification code displayed on said personal accessing device.
11. The security system in accordance with claim 7, wherein access is granted to a plurality of storage media.
12. A method of granting user access to material provided on a storage medium, adapted to be read by a reader in communication with an information processing device, said storage media containing one or a plurality of logical zones, comprising the steps of: assigning security identification codes to all users allowed access to the storage medium or media; preparing an index table indicating to which of said logical zones a particular user is allowed access corresponding to said security identification codes; providing said index table directly on the storage medium or media; presenting a security identification code personalized for each user to the information processing device utilizing a personal accessing device; comparing, in the information processing device said security identification code to said index table containing security identification codes included in the storage medium to determine whether the accessor is a potential authorized user of the storage medium.
13. The method of granting user access to a storage medium in accordance with claim 12 further including the step of determining the logical zones to which a particular user is granted access and whether the authorized user can have downloading privileges, based upon said comparing step.
14. The method of granting user access to a storage medium in accordance with claim 13, further including the step of determining whether the authorized user has been assigned downloading privileges, based upon said comparing step.
15. The method of granting user access to a storage medium in accordance with claim 12 further including the steps of: including personal security key codes associated with each of said security identification codes in said index table and further including functionally matching personal security key code associated with a particular user of the personal accessing device; generating a random number in said information process¬ ing device; displaying said random number and said personal secu¬ rity key code associated with a particular security identification code to produce an output code based upon an encryption/decryption algorithm provided in said computer or information processing device; utilizing said random number and said personal security key code included in the said personal accessing device to produce an output code based upon the encryption/decryption algorithm provided in the personal accessing device identical to the computer's or information processing device's encryption/decryption algorithm; decrypting and examining the output codes produced in said utilizing step to verify that the user possesses the knowledge and tool of the authorized user to determine whether access is granted to whole or portions of the storage medium or media; and retrieving the system security key stored in the storage medium or media and transferring to a secure volatile portion of the information processing device's random access memory or encryption/decryption microprocessor chip.
16. The method of granting user access to a storage medium or media in accordance with claim 13 further including the steps of: including personal security key codes associated with each of said security identification codes in said index table and further including a personal security key code associated with a particular user in the personal accessing device; generating a random number in said information process¬ ing device; displaying said random number on said information pro- cessing device; utilizing said random number and said personal security key code associated with a particular security identification code to produce an output code based upon an encryption/decryption algorithm provided in said information processing device; utilizing said random number and said personal security key code included in the personal accessing device to produce an output code based upon an encryption/decryption algorithm provided in the personal accessing device identical to the information processing device's encryption/decryption algorithm; and examining the output codes produced in said utilizing step to determine whether access is granted to the storage medium or media.
17. The method of granting user access to a storage medium in accordance with claim 15 further including the steps of: entering the correct personal identification code in the personal accessing device which would release the stored security identification code for display or trans ittal; entering or transmitting the security identification code generated in said previous step into the information processing device.
18. The method of granting user access to a storage medium in accordance with claim 16 further including the steps of: entering a correct personal identification code in the personal accessing device which would release the stored security identification code; and entering or transmitting the security identification code generated in said previous step into the information processing device.
19. The method of granting user access to a storage medium or media in accordance with claim 17 including the steps of: entering or transmitting the random number generated by the information processing device directly into the personal accessing device; displaying the output code generated by the personal accessing device; and entering and transmitting the output code generated by said previous step in the information processing device.
20. The method of granting user access to a storage medium in accordance with claim 18 including the steps of: entering or transmitting the random number generated by the information processing device directly into the personal accessing device; displaying the output code generated by the personal accessing device; entering or transmitting the output code generated by said previous step in the information processing device; and retrieving by said information processing device of the system security key code stored on each storage medium.
PCT/US1990/001634 1989-04-03 1990-03-30 Method and apparatus for protecting material on storage media WO1990012464A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP19900905961 EP0465571A4 (en) 1989-04-03 1990-03-30 Method and apparatus for protecting material on storage media

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US33180089A 1989-04-03 1989-04-03
US331,800 1989-04-03
US35826389A 1989-05-30 1989-05-30
US358,263 1989-05-30

Publications (1)

Publication Number Publication Date
WO1990012464A1 true WO1990012464A1 (en) 1990-10-18

Family

ID=26987930

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1990/001634 WO1990012464A1 (en) 1989-04-03 1990-03-30 Method and apparatus for protecting material on storage media

Country Status (3)

Country Link
EP (1) EP0465571A4 (en)
CA (1) CA1329657C (en)
WO (1) WO1990012464A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2678124A1 (en) * 1991-06-24 1992-12-24 Widmer Michel METHOD FOR TRANSMITTING DOCUMENTS THROUGH AN ELECTRIC SIGNAL TRANSMISSION LINE AND SYSTEM FOR CARRYING OUT SAID METHOD.
EP0668578A2 (en) * 1994-02-16 1995-08-23 Bayer Ag System for storing and selectively transferring of personal data
WO1996008755A1 (en) * 1994-09-13 1996-03-21 Irmgard Rost Personal data archive system
WO1996015486A1 (en) * 1994-11-09 1996-05-23 Ybm Technologies, Inc. Personal computer hard disk protection system
EP0737907A3 (en) * 1992-04-17 1997-03-26 Secure Computing Corp Cryptographic data security in a secured computer system
WO1997015878A1 (en) * 1995-10-24 1997-05-01 Ybm Technologies, Inc. Personal computer hard disk protection system
WO1999018489A1 (en) * 1997-10-07 1999-04-15 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Encoding and decoding multimedia data
EP1158448A1 (en) * 2000-05-22 2001-11-28 Paul-Henri Descat Medical information server
FR2817640A1 (en) * 2000-12-04 2002-06-07 Pharma Reference System for managing patient medial and pharmacological data based on storage of data on chip cards with patient access codes, has improved data management and confidentiality
WO2002073455A1 (en) * 2001-03-14 2002-09-19 C.R. Group Pty Limited Method and system for secure information
WO2002073456A1 (en) * 2001-03-14 2002-09-19 The Pharmacy Guild Of Australia, An Organisation Of Employers Registered Under The Workplace Relations Act (Commonwealth) Of Pharmacy Guild House Method and system for sharing personal health data
EP1257949A1 (en) * 2000-01-11 2002-11-20 Tso, Inc. Method and system for protection of trade secrets
WO2007039674A1 (en) * 2005-10-03 2007-04-12 Decroix Gregoire Removable cartridge for storing digital data and removable cartridge reader

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4677434A (en) * 1984-10-17 1987-06-30 Lotus Information Network Corp. Access control system for transmitting data from a central station to a plurality of receiving stations and method therefor
US4731841A (en) * 1986-06-16 1988-03-15 Applied Information Technologies Research Center Field initialized authentication system for protective security of electronic information networks
US4785361A (en) * 1982-11-08 1988-11-15 Vault Corporation Method and apparatus for frustrating the unauthorized copying of recorded data
US4864616A (en) * 1987-10-15 1989-09-05 Micronyx, Inc. Cryptographic labeling of electronically stored data
US4930073A (en) * 1987-06-26 1990-05-29 International Business Machines Corporation Method to prevent use of incorrect program version in a computer system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4785361A (en) * 1982-11-08 1988-11-15 Vault Corporation Method and apparatus for frustrating the unauthorized copying of recorded data
US4677434A (en) * 1984-10-17 1987-06-30 Lotus Information Network Corp. Access control system for transmitting data from a central station to a plurality of receiving stations and method therefor
US4731841A (en) * 1986-06-16 1988-03-15 Applied Information Technologies Research Center Field initialized authentication system for protective security of electronic information networks
US4930073A (en) * 1987-06-26 1990-05-29 International Business Machines Corporation Method to prevent use of incorrect program version in a computer system
US4864616A (en) * 1987-10-15 1989-09-05 Micronyx, Inc. Cryptographic labeling of electronically stored data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP0465571A4 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993000764A1 (en) * 1991-06-24 1993-01-07 Widmer Michel J F M Method and system for two-way transmission of documents with the transmission of additional information
FR2678124A1 (en) * 1991-06-24 1992-12-24 Widmer Michel METHOD FOR TRANSMITTING DOCUMENTS THROUGH AN ELECTRIC SIGNAL TRANSMISSION LINE AND SYSTEM FOR CARRYING OUT SAID METHOD.
EP0737907A3 (en) * 1992-04-17 1997-03-26 Secure Computing Corp Cryptographic data security in a secured computer system
EP0668578A2 (en) * 1994-02-16 1995-08-23 Bayer Ag System for storing and selectively transferring of personal data
EP0668578A3 (en) * 1994-02-16 2002-06-05 Bayer Ag System for storing and selectively transferring of personal data
US6725200B1 (en) 1994-09-13 2004-04-20 Irmgard Rost Personal data archive system
WO1996008755A1 (en) * 1994-09-13 1996-03-21 Irmgard Rost Personal data archive system
US5657470A (en) * 1994-11-09 1997-08-12 Ybm Technologies, Inc. Personal computer hard disk protection system
US5586301A (en) * 1994-11-09 1996-12-17 Ybm Technologies, Inc. Personal computer hard disk protection system
WO1996015486A1 (en) * 1994-11-09 1996-05-23 Ybm Technologies, Inc. Personal computer hard disk protection system
WO1997015878A1 (en) * 1995-10-24 1997-05-01 Ybm Technologies, Inc. Personal computer hard disk protection system
WO1999018489A1 (en) * 1997-10-07 1999-04-15 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Encoding and decoding multimedia data
EP1257949A1 (en) * 2000-01-11 2002-11-20 Tso, Inc. Method and system for protection of trade secrets
EP1257949A4 (en) * 2000-01-11 2005-05-11 Tso Inc Method and system for protection of trade secrets
EP1158448A1 (en) * 2000-05-22 2001-11-28 Paul-Henri Descat Medical information server
FR2817640A1 (en) * 2000-12-04 2002-06-07 Pharma Reference System for managing patient medial and pharmacological data based on storage of data on chip cards with patient access codes, has improved data management and confidentiality
WO2002073456A1 (en) * 2001-03-14 2002-09-19 The Pharmacy Guild Of Australia, An Organisation Of Employers Registered Under The Workplace Relations Act (Commonwealth) Of Pharmacy Guild House Method and system for sharing personal health data
GB2390457A (en) * 2001-03-14 2004-01-07 Pharmacy Gulid Of Australia Lt Method and system for sharing personal health data
GB2392524A (en) * 2001-03-14 2004-03-03 C R Group Pty Ltd Method and system for secure information
WO2002073455A1 (en) * 2001-03-14 2002-09-19 C.R. Group Pty Limited Method and system for secure information
GB2392524B (en) * 2001-03-14 2005-06-15 C R Group Pty Ltd Method and system for secure information
AU2002240703B2 (en) * 2001-03-14 2009-01-29 Kalenda Pty Ltd Method and system for secure information
AU2002240703C1 (en) * 2001-03-14 2009-09-17 Kalenda Pty Ltd Method and system for secure information
US8543410B2 (en) 2001-03-14 2013-09-24 Svx Group Pty Limited Method and system providing advice and services to consumers
WO2007039674A1 (en) * 2005-10-03 2007-04-12 Decroix Gregoire Removable cartridge for storing digital data and removable cartridge reader

Also Published As

Publication number Publication date
CA1329657C (en) 1994-05-17
EP0465571A1 (en) 1992-01-15
EP0465571A4 (en) 1994-11-17

Similar Documents

Publication Publication Date Title
US5065429A (en) Method and apparatus for protecting material on storage media
US5191611A (en) Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
US6470449B1 (en) Time-stamped tamper-proof data storage
US5097504A (en) Method and device for qualitative saving of digitized data
AU674560B2 (en) A method for premitting digital secret information to be recovered.
US6351813B1 (en) Access control/crypto system
US5058162A (en) Method of distributing computer data files
US6957338B1 (en) Individual authentication system performing authentication in multiple steps
TWI291109B (en) Method and apparatus for storing data records on a database system
US20070136593A1 (en) Secure information storage apparatus
CA1329657C (en) Method and apparatus for protecting material on storage media
JPH02135938A (en) Information communication system
CN100385434C (en) Portable terminal, servecx, system and their program recording medium
AU742717B2 (en) Digital signature generating server and digital signature generating method
CN1263324A (en) Fingerprint identification keyboard device and its identification method
GB2204971A (en) Transportable security system
US20030014636A1 (en) Physical identification and computer security apparatus and method
WO1994000936A1 (en) Method and apparatus for protecting material on a storage media and transfering material of the media
AU2005308697A1 (en) Method for identifying a user by means of modified biometric characteristics and a database for carrying out said method
JP4137468B2 (en) Program usage authentication method
JPH05134863A (en) Method and apparatus for protecting data on recording medium
JP2008033805A (en) Personal information protection system, personal information protection method and personal information protection program
WO1994004972A1 (en) Method and device for preventing unauthorised access to a computer system
US20040221164A1 (en) Method for the encryption and decryption of data by various users
JPH0833819B2 (en) Program protector

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB IT LU NL SE

WWE Wipo information: entry into national phase

Ref document number: 1990905961

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1990905961

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1990905961

Country of ref document: EP