Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
1998-07-14
2001-08-28
Barron, Jr., Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
C713S166000, C713S185000, C705S071000, C380S277000
Reexamination Certificate
active
06282649
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to the control of access to stored data and/or electronically provided services.
BACKGROUND OF THE INVENTION
An example of such a service is the dispensing of cash by an automatic teller machine (ATM). Access to facilities provided by the ATM are typically controlled by requiring a user to present a personalised plastic card carrying data on a magnetic stripe to a card reader associated with the ATM. The user is required to key in a personal identification number (PIN) which is used by the system to access data in the card which together with data held in the system relating to the user enables the system to determine whether the requested transaction should be authorised.
The principle has been considerably extended to many types of transactions including the purchase of goods in retail outlets, access to processes on computer networks and the provision of stockbroking services. As the sophistication of the services has increased so has the need for increased flexibility and security in the control of access. For example, it is important that providers of services through retail tills/terminals or ATM's are assured that such services may only be accessed by authorised end-users with a valid access card, at a valid till and, where appropriate, under the control of an authorised sales assistant or other operator. Applications providing services may be held on the system in an encrypted form requiring a decryption key to access them, and the decryption key is then only provided to identified authorised users when they present a valid access card. It is also desirable to provide an audit trail for each transaction to facilitate the detection of fraud and the settlement of any dispute that may arise from the transaction.
An improved form of plastic card, called the Smart Card, has been developed which by incorporating within it active data processing and storage facilities provides enhanced security and flexibility. Data and application programs can be made inaccessible until an authorised person (as identified by personal information input by that person) presents their SmartCard. The present invention is suitable for use with SmartCards but is not limited thereto.
A problem arises when seeking to control access to application program modules where a number of different users are required to be allowed to access different sets of application modules. For example, in a retail environment, it may be desirable for all till operators to run certain applets associated with sales whereas only the store manager can access other applets associated with stock control or payroll. The conventional approach to this problem is for a computer LOG ON procedure to include identification of the user from user input data (and optionally additional data held on a token such as a SmartCard). A table lookup process then scans a static list to determine the access authority of the user, and the user is given access to certain applications according to their determined authority level.
Such conventional systems relying on lookup tables of user authorities are vulnerable to breaches of security even if the applications themselves are held in a protected (e.g. encrypted) form if the list can be tampered with. An unauthorised person may seek to add themselves to the list or to change their authority level within the list.
SUMMARY OF THE INVENTION
In a first aspect, the invention provides a data processing system including means for controlling user access to data or services, wherein data or application modules for providing the service are stored in a form which is inaccessible without an access key. Users are each allocated a specific ‘user key’ which is appropriate for their level of access authority. When a user requests access to stored data or requests a service for which stored software modules must be accessed, the data or modules are interrogated to identify their stored security access level. If the user key represents the required level of access authority an access key is generated from the user key for accessing that data or service.
Since user keys include the data for generating access keys once a stored module has been interrogated, the user key directly determines the user's authority level and so there is no need to rely on separate lists of user authorities. This represents a significant security advantage.
The generated user keys are preferably hierarchical keys which include data for generating an access key for each of a plurality of different access levels (that is, where the owner of the user key is authorised for more than one level). The access key is generated from the hierarchical user key after interrogating the requested data or software module to determine which of the possible access keys is required.
The access keys according to a preferred embodiment of the invention are decryption keys for accessing data or application modules stored in an encrypted form.
The user key may be dynamically generated when the user logs on to the system or it may be pregenerated and, for example, stored on a token such as a SmartCard. In a preferred embodiment of the invention, a user key is dynamically generated when a user presents a token and inputs personal data (for example a personal identification number or PIN, input via a keypad), combining these separate data portions to produce the key.
In a second aspect of the invention, there is provided a method for controlling user access to data or services via a computer system, including the steps of:
storing said data or services in a form accessible only under the control of one or more access keys;
providing users with a user key representing their authority level for accessing specific data or services; and
in response to a user request for access to said stored data or services, determining the access level of the requested data or services and, if the user's authority level as represented by the user key matches the determined access level, generating from said user key an access key for accessing said data or services.
In a third aspect of the invention, there is provided a security interface for a computer system for controlling user access to data or services stored on said system in a form accessible only under the control of one or more access keys, the security interface including:
means for generating a user key representing a user's authority level for accessing specific data or services; and
means, responsive to a user request for access to stored data or services, for determining the security access level of the requested data or services; and
means for generating from said user key an access key for accessing said data or services if the user's authority level as represented by the user key matches the determined access level.
The invention may be implemented as a computer program product comprising computer readable program code stored on a computer readable storage medium, the computer program code providing the functions for controlling access to stored data or services.
In a typical system the personal data relating to the user will be a personal identification (PIN) number and the data receiving means will be a simple keypad. However in a more advanced system the data may be developed from biometric data read by a reader adapted to recognise particular facial or other characteristics of the user such as fingerprint or hand geometry.
In order to provide an audit trail there may also be developed, at the same time as the generation of the access key, data identifying the end user, the token used and any operator involved, together with the date of the transaction and any other information required to establish an audit trail.
The system is preferably organised to operate under the control of an object orientated (OO) programming language and the services are stored in the form of encrypted object oriented “applets”.
In a number of applications, particularly where transactions are performed in association with an operator or operators, it is
Lambert Howard Shelton
Orchard James Ronald Lewis
Barron Jr. Gilberto
Herzberg Louis P.
International Business Machines - Corporation
LandOfFree
Method for controlling access to electronically provided... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for controlling access to electronically provided..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for controlling access to electronically provided... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2509548