Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-04-14
2001-04-10
Voeltz, Emanuel Todd (Department: 2766)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S080000, C705S013000, C705S054000, C713S156000, C713S158000, C713S169000, C713S175000, C713S176000
Reexamination Certificate
active
06216116
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to systems for handling permits. More particularly, the invention relates to such systems with means for issuing permits and using permits to conditionally allow entry to restricted areas or the performance of specific activities, using encrypted digital messages, or declarative permits.
BACKGROUND OF THE INVENTION
At present, various systems are used to control access to restricted areas. One type of access control system uses hardcopy, printed entry passes, issued by a body authorized to do so.
One problem with these entry passes is the coordination between the various departments of a large organization, as to which body has the authority to approve the issuance of the pass, and which body actually issues it.
As circumstances change, passes have to be changed or canceled. In present systems, there may be difficulty in responding to these needs.
Another problem with existing systems is the use of one digital document to include both the identification of the user, and their permits. The identification for a particular person is fixed, whereas their permits change as new permits are added and old permits are canceled. Thus, the use of one document to hold both the identification and permits information may prove cumbersome or not suitable to real life requirements. The issuer of a permit may be required to identify the recipient, which may be difficult sometimes, for example when the permit is issued to a remote user like in Internet.
Moreover, since the identification and the various permits are issued by distinct, separate authorities, changing the document may be difficult or impractical.
One has to accept that, in real life, there may be permits being issued without the required authority. There is a need to have the capability to trace each permit to its source, to ascertain that the permit issuance was legitimate.
Still another problem in present systems is the possible disclosure of the existence and/or contents of a confidential permit in a certificate, in case the permit holder is challenged by an impostor or someone who has no authorization to ask for that permit. For example, an ATM machine which was tampered with, to deliver the details of credit cards with the PIN to their non-legitimate operator.
The use of certificates issued by a center was disclosed in my prior patent applications, No. 113259 (Israel), No. 08/626,571 (U.S.A.) and 96105258.6 (E.P.O.). The certificates there were used by each party to prove their identity and to exchange encryption keys, prior to a secure communication session.
At present, when E-mail or other electronic document is received, one cannot tell whether it originated at a specific firm.
This feature was available with paper documents, since these documents carried a letterhead with the details of the firm where the letter originated.
Prior art patents apparently do not solve the abovedetailed problems.
Thus, Fischer U.S. Pat. No. 5,412,717 discloses a computer security method and apparatus having program authorization information data structures.
The system includes a monitor which limits the ability of a program about to be executed to the use of predefined resources. The monitor processes a data structure including a set of authorities defining that which a program is permitted to do. The program authorization information in Fischer refers to a situation wherein programs are obtained from untrustworthy sources, and its purpose is to protect a user from any program to be executed. Fischer includes means to protect from computer viruses. An interpreter verifies that the functions encountered in a program are in fact permissible.
Bisbee et al., U.S. Pat. No. 5,615,268 discloses a system and method for electronic transmission, storage and retrieval of authenticated documents. Bisbee provides means for achieving a verifiable chain of evidence for digital documents, that cannot be repudiated. The system ensures the authenticity of digital documents. The digital document can be transmitted electronically to another party, whereby the system ensures the integrity of the document and the non-repudiation of the document. Moreover, Bisbee verifies the authority of the party requesting the authenticated electronic document. The electronic document is signed with a digital signature.
It is an objective of the present invention to address the problems of the issuance and use of permits.
SUMMARY OF THE INVENTION
According to the present invention, there is provided a system and method for issuing permits and for using these permits to conditionally allow entry to restricted areas or the performance of specific activities, using encrypted digital messages. The permits are handled separately from certificates, in a modular system.
The issuer of a permit may issue a permit without identifying the recipient, since the separate certificate held by a user is used to identify him/her for the purpose of that permit.
In accordance with the invention, the object is basically accomplished using a system for handling permits which includes (1) means for reading a certificate, (2) means for reading a permit, and (3) decision means for performing a predefined activity based on the results of the combined verification of the certificate and the permit. The decision means may include storage means for the various parameters and routines to be used in the system.
It is another object of the present invention to grant access to users based on a dual check—the certificate to identify the pass holder, and the permit to allow a specific activity to that certificate holder. The certificates and permits are issued by an authority after performing the checks on each persons and according to routines specific to each location and circumstances. Thus, the security level of the permit and/or certificate are adapted to suit the requirements of each issuer of these digital documents.
Still another feature of the present invention is the traceability to source of each permit. Each permit includes as attachment the authorization to issue that permit, from a higher authority. The authorization includes the digital signature of that authority, to attest to the legitimacy of that permit issuance. The method facilitates the coordination between the various departments of an organization, with regard to permits issuance and handling thereof. All the permits in an organization may be based on an established final authority there, whose digital signature and/or identity is recognized by all those involved with permits in that organization or entity.
The gatekeeper to which a permit (entry pass) is to be presented, is optionally issued their own permit, a permit to ask for the entry pass permit.
This novel method addresses the danger of disclosing the existence of the permit, in case the permit holder is challenged by an impostor.
Permits may be used not only to gain entry to restricted areas, but also to perform specific activities. These permits may then include details relating to the permit holder and their permitted activities.
Permit technology as disclosed in the present invention may be used to provide “electronic stationery” or “electronic paper”, to indicate in electronic form where the E-mail or other electronic document originated. A possible problem related to the use of permits is their use in a way exceeding the limitations set up by the issuing authority. Assuming that a user B is given an authorization to issue 100 entry permits to a laboratory, how can one verify that user B did not exceed his mandate limit by issuing more than 100 entry permits? Accordingly, the present invention discloses a method for supervising the users who were given a permit, to ensure that the limitations of that authorization are not exceeded.
Further objects, advantages and other features of the present invention will become obvious to those skilled in the art upon reading the disclosure set forth hereinafter.
REFERENCES:
patent: 4816655 (1989-03-01), Musyck et al.
patent: 4868877 (1989-09-01), Fischer
patent: 5214702 (1993-05-
Barkan Moromay
Barkan Yuval
Dinesh Agarwal, P.C.
Diversinet Corp.
Hayes John W.
Todd Voeltz Emanuel
LandOfFree
System and method for handling permits does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for handling permits, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for handling permits will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2516714