Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-02-22
2004-11-23
Morse, Gregory (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S300000, C713S310000
Reexamination Certificate
active
06823459
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATION
This application claims priority from Japanese Patent Application 11-056963, filed Mar. 4, 1999 (MM/DD/YY), which is commonly assigned with the present application and is hereby incorporated by reference. The contents of the present application are not necessarily identical to the contents of the priority document.
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates generally to providing an improved system of security in data processing systems and in particular to a method for prohibiting unauthorized access to data processing systems using a non-contacting (hereafter “wireless”) data carrier system. Still more particularly, the present invention relates to reducing the degradation in data processing system performance inherent in effectively denying access to an unauthorized user by means of a wireless data carrier system.
2. Description of the Related Art
The current state of the art includes an RFID (Radio Frequency Identification) technique that uses a radio frequency signal to exchange ID (Identification) data. When this RFID technique is used for a PDA (Personal Data Assistant), a notebook data processing system (PC), or other data processing system, unauthorized access to specific data processing systems can be prohibited.
Discussion of the current art logically begins with a system according to which the RFID technique is used for a data processing system, such as a PDA or a notebook PC. Such a PDA or notebook PC, for which the RFID technique is used, is called an “RFID data processing system.”
An RFID data processing system includes an incorporated EEPROM (Electrically Erasable and Programmable Read Only Memory) storing a variety of data, including an ID, and using a radio frequency signal when transmitting data stored in the EEPROM to an external device. Upon receiving such a radio frequency signal, the external device, in turn, uses a radio frequency signal to respond to the data received from the RFID data processing system. For this, the external device determines, for example, whether the ID contained in the received data is available in its database. When the ID is available, the external device transmits a permission response to the RFID data processing system; while when the ID is not present, the external device transmits an inhibition response to the RFID data processing system.
Assuming that a LAN (Local Area Network) is constructed in a specific area, and that use of the LAN is limited to specific users while unauthorized users are denied access, an RFID data processing system such as a PDA or a notebook PC carried by a user can be conveniently used in such an area (hereinafter referred to as an “unauthorized data access protection area”). In this case, a function for the exchange of radio frequency signals with an RFID data processing system is provided at the entrance to the unauthorized data access protection area, and a function for processing the exchanged data can be provided for a data processing system that is connected to the LAN. The entrance to the unauthorized data access protection area is called a portal gate.
To enter the unauthorized data access protection area, a user must input a supervisor password (e.g., a privileged-access password, hereinafter referred to as a PAP) at his or her RFID data processing system before being permitted to pass the portal gate. Thereafter, the portal gate transmits a command for setting a tamper bit, provided in the EEPROM of the RFID data processing system, to “1”. The tamper bit, a specific bit used to prohibit the unauthorized reading and writing of data in the EEPROM, is normally set to “0,” and is set to “1” only when an RFID data processing system has been passed through the portal gate. When the tamper bit is set to “0.1,” the EEPROM prohibits reading and writing of data, so that unauthorized access to the EEPROM can be prevented.
The flowchart in
FIG. 8
explains the operation performed when an RFID data processing system located in the unauthorized data access protection area toggles from the power-OFF state to the power-on state. When the RFID data processing system is powered on (step S
1
), the POST (Power On Self Test) program examines the state of an 194 error flag, a portal gate passing error, in the EEPROM (step S
2
). If the 194 error flag is set to “0,” program control advances to step S
3
, while when the flag is set to “1,” program control goes to step S
5
. When the PAP has not entered, the 194 error flag is set to 111.11 At step S
3
, the POST determines whether the tamper bit in the EEPROM has been set to “1.” When the tamper bit=“0” (No), program control advances to step S
4
. When the tamper bit=“1” (Yes), program control moves to step S
5
. At step S
4
, the OS boot is performed and the operating system is activated. Thereafter, the RFID data processing system can be used without any constraint. That is, the RFID data processing system can be connected to the LAN in the unauthorized data access protection area, and can legally access other data processing systems connected to the LAN. Since as is described above the OS is booted when the 194 error flag=“0” and the tamper bit=“0,” no protective response occurs and the RFID data processing system is permitted to access the LAN freely. This occurs because the presence of the 194 error flag in the “0” state and the tamper bit in the “0” state imply that the PAP was entered while the RFID data processing system was on and the RFID data processing system was then passed through the portal gate (i.e., it obtained access authority).
At step S
5
, the POST sets the 194 error flag in the EEPROM to “1.” Program control then moves to step S
6
, where the POST displays an “194 error” message, and program control advances to step S
7
. At step S
7
, the POST displays a prompt requesting the entry of the PAP. Program control thereafter advances to step S
8
. At step S
8
, the POST determines whether the PAP has been entered. If the decision is negative, program control goes to step S
9
. If the decision is positive, program control advances to step S
10
. At step S
9
, the POST continues to display the “194 error” (“ERROR
194
”) message, and operation of the RFID data processing system by the user is thereafter prohibited. At step S
10
, the POST clears the 194 error flag and the tamper bit in the EEPROM. Program control then advances to step S
11
, where a cold boot of the system is performed. During the cold boot, the POST is again executed from the beginning.
A conventional RFID data processing system has a problem in that, when an RFID data processing system is passed through the portal gate while it is in the power-ON state, the user can continue to use the RFID data processing system until he or she turns it off manually. As a result, while in the unauthorized data access protection area the user can connect his or her RFID data processing system to the LAN and can access files stored in other data processing systems connected to the LAN, even though he or she has not been granted this authority.
The above problem will be clarified by referring to
FIG. 9
, wherein is shown the state transition of an RFID data processing system. In
FIG. 9
, the area above the time axis
15
represents a power-ON area
16
, while the area below the time axis
15
represents a power-OFF area
17
. At the beginning, the RFID data processing system is in the power-ON state (state
18
), and in this state is passed through the portal gate (state
19
). At this time, the portal gate transmits a command to set to “1” the tamper bit in the EEPROM of the RFID data processing system, and upon receiving this command, the RFID data processing system sets the tamper bit in the EEPROM to “1” (state
20
). Thereafter, however, the conventional RFID data processing system permits the user to continue to operate the RFID data processing system (state
21
). Thus, while operating in the 1:0 unauthorized data access protection area, the user can connect the RFID data processing sys
Abe Naoki
Horikoshi Hideto
Maruichi Tomoki
Tanaka Jun
Dillon & Yudell LLP
Heneghan Matthew
Morse Gregory
Munoz-Bustamante Carlos
LandOfFree
Method for prohibiting unauthorized access in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for prohibiting unauthorized access in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for prohibiting unauthorized access in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3277695