REMOVE ALL OR SELECTED PORTION OF
CLI ENT ACCESS DEPENDING ON CODE
SEND SELECTED ENCRYPTED DIRECTORIES
AND/OR FILES TO SERVER AND ZEROIZE
AT CLIENT
80.
^ZEROIZE ENCRYPT KEY AND STORED CODE I
=T—
LOCK CLIENT |
FIG. 3
STORE ENCRYPTED DIRECTORIES AND /OR Fl LES
1 2
work. Similarly, a PIN, even in encrypted form, should
INTEGRATED NETWORK SECURITY SYSTEM not be stored at a client when a client has been discourteously disconnected (removed from the network in an
FIELD OF THE INVENTION unauthorized fashion) or when the client is not in use.
This invention relates to a computer security system 5 Such systems should also provide the capability of as
and more particularly to a system for assuring secure suring that the client is not usable in any way, either
access both to a computer network and to each individ- itself or t0 access any resource on the network, when
ual client computer on the network. the client is to be locked (i.e. before a proper log on
procedure has been completed and after a log off has
BACKGROUND OF THE INVENTION io occurred, while affording a capability of permitting
As the use of local area networks (LAN's) and other limited use of the client at such time at the option of a
computer networks proliferate, the problems of provid- network administrator.
ing adequate security for the various resources available All transmissions of sensitive information over the on the network become increasingly important. Such network should also be in encrypted form and access to security includes protection against unauthorized use of 15 various resources on the network, including servers and the network by both individuals internal to an organiza- other clients, should be prevented until a proper log on tion and those outside the organization, as well as pre- has been completed at the client and should be fully venting unauthorized use of various network resources controllable thereafter, by individuals granted only limited access to the network and/or to selected resources thereon. Thus, an 20 SUMMARY OF THE INVENTION individual may have the right to obtain information In accordance with the above, this invention provides from one server on a network, but not from another an integrated security system for a network which has server, or may be granted access to selected classes of at ieast one server and at least one client. Each client is information at a given server, for example, engineering normally locked so that the client cannot be used except data, but not other classes of data, for example, person- 25 tQ fce logged ontQj or can on]y be used for
nel records, limited functions, and so that the client cannot be used
While various network security systems are available, to in access to the network. Log on is accomplished
they have suffered from a variety of limitations. The b the uger idin at least one coded m t t0 the
simpler systems provide security, generally by use of a cljent The coded ^ from Ae usef mdude &
numeric or alphanumeric personal identification num- 30 numeric or al hanumeric PIN ^ should ^ include a
ber or code (PIN), to an individual machine or other . /, , r ..
\. '' Ait. T>txt ,.m non-predictable number, preferably a time varying or
resource on the system. An alphanumeric PIN (AN J • « v • J- * i-i \.
PIN) is sometimes also referred to as a password. In other dynamically changing non-predictable number,
some instances, such PIN is passed in clear text over the generated by a device in the possession of the user. The
network, making it vulnerable to unauthorized detec- 35 code el\te!ed bvLthe user may 3X50 be a coded r<*Ponse
tion and misappropriation. Such systems also store the obtained from the server m response to an initial query
PIN at a user or client machine on the network (herein- provided by the user.
after client), meaning that someone misappropriating ^ codes gutted by the user are preferably en
the client also gains access to the PIN, and thus access coded or encrypted, for example, by combining various
to the network. Such systems also frequently transmit 40 elements of the coded mput m a predetermined way. To
sensitive data over the network in clear text form, mak- assure that the user PIN cannot be determined m any
ing such data susceptible to unauthorized interception. way from transmitted information, it is preferable that
While more sophisticated systems exist which en- °nly a portion of such input, encoded as indicated
crypt PINs for transmission and possibly for storage, above, be transmitted to the server for authentication,
and which also permit at least a selective encryption of 45 The remainder of the coded input may be discarded, but
data being transmitted on the line, such systems are is preferably saved to be used in a manner to be de
frequently complicated to use. Even sophisticated sys- scribed later.
terns such as the Kerberos authentication system devel- The transmitted representation of the coded input is oped at MIT, while normally requiring only a single utilized at the server, which server is maintained at a log-on by a user, involve substantial amounts of data 50 high security facility, to authenticate the user logging processing for all transactions, and basically require a on at the client. Where only a single user has access to server dedicated to the security function; and even the client, this may be accomplished by utilizing the sophisticated systems such as Kerberos are vulnerable if client ID to retrieve the user code appropriate at the an intruder can successfully obtain a legitimate user's current time in encrypted form and performing a cornlog in name and PIN. 55 parison of the received and retrieved encrypted coded Thus, a need exists for an improved integrated net- representations. Preferably, authentication is accomwork security system which, while being easy to use, plished by retrieving the appropriate code in decrypted requiring only a single log-in by the user, while provid- form and decrypting the received coded representation ing security utilizing at least two security factors. The before performing the comparison. Where there are three security factors generally utilized are something 60 two or more users permitted at a given client, the curthe user has (i.e. a card or token), something the user rent codes available for all such users are retrieved and knows (i.e. a PIN) and something the user is (i.e. voice compared in suitable form against the received input to recognition, fingerprint, etc). The first two are the fac- both identify and authenticate the user, tors most commonly utilized. The system should also Either before or after authentication, appropriate provide complete security for any numeric or alphanu- 65 unlock inputs for the client are retrieved at the server meric PIN used. Such security should preferably pre- and, after authentication, these unlock inputs are transvent the detection of the PIN through decryption of an mitted to the client. For some embodiments of the inencrypted PIN surreptitiously intercepted on the net- vention, at least selected files and directories required
5,237,614
for the use of the client are encrypted when locking occurs, the unlock inputs being a decryption code or key for such material which may be utilized at the client. It is also possible for critical directories or other material to be transmitted in encrypted form or other- 5 wise securely transmitted and stored at the server when a client is locked and for such critical material to be retransmitted to the client after authentication. Since the decryption key is used immediately and is of no value after use, it may be sent in unencrypted form if 10 desired or may be encrypted. For preferred embodiments, a full or partial encryption key to be used the next time the client is to be locked is also transmitted in encrypted form after authentication.
Locking of a client may occur in response to selected 15 conditions such as a discourteous disconnect or other prohibited activity by the user at the client, an end of session input from the user, a log-off signal from the server, or a selected period of time passing since the last use of the client by the user. When a client is to be 20 locked, the encryption code previously transmitted from the server is utilized to encrypt at least selected directories and/or files at the client and any representation of the original coded input from the user is zeroized (i.e., erased, written over with zeros, discarded, or oth- 25 erwise permanently obliterated). Preferably, before being zeroized, a portion of the coded input from the user which was previously saved is combined with the encryption key from the server to form the encryption key used at the client. This assures that the encryption 30 used at the client never appears in any form in its entirety on a network line. If desired, to secure a longer encryption key, the device employed by the user to produce the non-predictable code may have a means thereon which causes a second dynamic non-predicta- 35 ble code to also be produced, which second code may be inputted into the client and saved. This second non predictable code may be added to or otherwise combined with the previously described encryption key to form a longer and thus much more secure encryption 40 key for the client. Alternatively, some or all of the coded factors used to generate the encryption key may be combined in a one-way function with non-secret factors such as the client serial number, time of day or the like to obtain the longer encryption code. To even 45 further enhance security at the client, when the client is to be locked, selected directories or other critical material at the client may be transmitted in encrypted form to the server, zeroized at the client and stored at the server until the next time there is an authentication of a 50 user at the server. Network security may also be enhanced by utilizing at least a portion of the stored encryption code to encrypt at least selected transmissions over the network to and from the client (i.e. end-to-end encryption). 55
It is also possible for the server, under control, for example, of a network administrator, to store a release code at the server and/or at the client to inhibit the full locking of the client in response to the occurrence of a selected condition which would normally cause lock- 60 ing. For example, a release code may permit continued use of the client, but lock the client from access to the network. Other possibilities include permitting only restricted use of the client, for example, not permitting access by the client to selected directories or files which 65 may be encrypted, and/or permitting selected access by the client to various resources on the network while inhibiting access to other resources.
Where the client may receive selected protected files from the server, or may itself generate files having a protected status, a protection flag may be included with such files, and a suitable means may be provided in response to the detection of a protection flag for preventing use of the protected file at the client after a selected locking condition has occurred. Use of the file may be inhibited by reducing or eliminating the release code for the client, but is preferably accomplished by assuring that such file is at least encrypted, and preferably erased or zeroized, when a locking condition occurs. Where such a file to be zeroized is a file which may be written into by the client, the file is encrypted and transmitted to the server for storage before being zeroized.
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular description of a preferred embodiment of the invention as illustrated in the accompanying drawings.
IN THE DRAWINGS
FIG. 1 is a block diagram of an exemplary network in which the teachings of this invention may be utilized.
FIG. 2 is a flow diagram of the steps performed at a client and at the server when a client is to be unlocked.
FIG. 3 is a flow diagram of the steps performed at the client and at the server when a client is to be locked.
DETAILED DESCRIPTION
FIG. 1 is a block diagram of an examplary network 10 in which the teachings of this invention might be utilized. The network includes a main or control server 12 which is utilized in providing network security, a plurality of clients 14.1-14.N and at least one additional server 16. Servers 12 and 16 are computers adapted for performing the server function and include a processor for running appropriate programs for performing the server function as well as appropriate file storage and other appropriate hardware. Each client 14 might be a personal computer (PC), work station, or other computer typically found on a network. A client may also be a remote lap top or other computer connected to the network through modems. As indicated by dotted box 18, server 12 is located at a secure location so that physical access to server 12 cannot be obtained except by authorized personnel such as a network administrator. As illustrated for client 2 and client N, each client, in addition to being on network 10, may also be connected by a suitable line 20 to additional systems or networks.
In operation, each client 14 may obtain files or other information or material from a server 12 or 16 or from other clients 14 and may access a server or client on the network for other services available on the network. For purposes of the current discussion, it will be assumed that a standard technique is utilized for controlling communications on the network. One such technique would be for all requests for services to be routed to server 12 which first assures that the request is authorized for the client and/or user and then either provides required files or other resources or routes the request to the appropriate server 16 or client 14 for the requested resource. In such a system, the server would maintain an audit trail of all transactions on the network. In other networks, each request for a resource includes an address or tag causing the request to be routed to the appropriate resource on the network. The exact manner
5 6
in which such network routing is accomplished does with a device such as that disclosed in U.S. Pat. No. not form part of the present invention. 5,023,908 which is to issue on Jun. 11, 1991 in the name As previously discussed, one problem with networks of Kenneth W. Weiss. This device, which preferably is such as the network 10 shown in FIG. 1 is that an unau- in the general shape of a credit card, contains circuitry thorized user at a client 14 may obtain access to sensi- 5 for generating a time varying non-predictable number tive system resources. It is also possible for an unautho- which is unique to the user. The number may, for examrized individual, through the use of a modem, to gain pie, change every minute. The card may alternatively access to the network. As previously indicated, current be utilized to generate other dynamically varying nonsystems typically control access to the network primar- predictable numbers. The card may also have pressureily by controlling access to each client by use of appro- 10 sensitive areas or pads representing the various digits priate log-on procedures, typically involving some type which may be utilized for entering a numeric PIN. With of log-in name accompanied by a numeric or alphanu- this log in procedure, the user enters his PIN on the meric PIN. Such systems are easily compromised by an pressure sensitive areas of the card. This PIN may then intruder gaining access to a user log-in and PIN by be combined, for example by addition without carry, surreptitiously listening in on the network or by other 15 with the non predictable number being generated by the means. Hackers and other unauthorized users are also device, the combined number being displayed. During becoming increasingly sophisticated at breaking into step 38, the user would then enter the number appearing such networks. on the card, which number includes the user's numeric
More sophisticated systems involve more compli- PIN in an encrypted form, into the client, cated procedures, including systems such as the Ker- 20 Instead of combining the PIN with the non-predictaberos system which requires a server virtually dedi- ble code as described above, the user card could be cated to performing the security function. However, programmed to recognize the user PIN, for example, by the complexity of such systems slow down operations a match operation. If the device determines that the on the network and may require a substantial amount of wrong PIN has been entered, it either produces no software both at the authentication server and at the 25 number or produces an incorrect number which will various clients and servers on the network. not be accepted by the server. In order to protect the In accordance with the teachings of this invention, PIN, the PIN is stored on the card after being run security for the system is controlled at log-on and at through a one way function, and the inputted PIN is run log-off for each client 14 with selected software or through the same function before comparison, computer programming being located at server 12 and 30 The limitation of the procedure described above is selected software being located at each client 14. Once that it results in a relatively small number of code bits a user has logged onto the system at a given client 14, for later encryption use. Therefore, to obtain a larger and until the client is locked in a manner to be described number of code bits, log-on may be accomplished in later, the user has access to at least a selected portion of accordance with step 34 by entering an alphanumeric the resources on network 10 in accordance with stan- 35 PIN directly into the client, either before or after perdard network security procedures. For example, if all forming step 38. The larger number of bits results from requests for service are routed through server 12, and, the fact that an alphanumeric character has more bits as will be indicated later, the server knows the user than a numeric character. With this procedure, the located at each client 14, the server, in accordance with number entered during step 38 would normally be just security procedures programmed into the server by a 40 the non-predictable number generated by the device network administrator, can control resources made and not this number combined with a user numeric PIN. available to a given user/client. For example, if a given However, there is no reason why step 32 could not be user does not have clearance to receive personnel re- performed in conjunction with step 34. cords, this fact would be recorded in an appropriate A third standard technique for logging onto a system field of an entry for a given user/client at the server, 45 is by use of a query/response, a one-time pad or a smart and any request from the client for personnel records card. These techniques are lumped together since they would be denied. The mechanism for accomplishing differ primarily only in that with standard query/rethis does not form part of the present invention. sponse, the user enters a response received from the Referring to FIG. 2, a flow diagram is provided of server into the device and, after manipulation (i.e. enthe procedure in accordance with the teachings of this 50 cryption), the resulting number on the device is manuinvention for logging on at a given client 14. It is as- ally entered, while with the smart card, entry of the sumed that the client is initially locked as indicated by response is automatically performed. A one time pad block 30. When the client is locked, the client is nor- has a cache of encoded numbers which are used for mally not permitted access to network 10. For the pre- successive log-ons in a predetermined sequence. With ferred embodiment, a user is also unable to use the client 55 either method, the user initially enters a value into the 14 when it is locked for anything other than logging system which is typically a non confidential log-on onto the system. However, it is possible for the system identifier. The server then sends a response which is to be utilized for performing other limited functions normally combined with a user PIN input, either nuwhen locked, which functions normally do not involve meric or alphanumeric, and returned to the server, access to critical or secure files. 60 Without a smart card, the user must also input the rein order to unlock the system, it is necessary that a sponse. Where step 38 is performed, the user also inputs user authorized to use the client log onto the client the number appearing on his card, which number, if step utilizing a selected log-on procedure. FIG. 2 illustrates 32 is performed, may be combined with the PIN rather several possible log-on procedures; however, the inven- than combining the PIN with the server response, tion is not to be construed as being limited to the use of 65 While a variety of log-on procedures have been illussuch procedures. trated in FIG. 2, it is apparent that all of these proceIn particular, log-on procedures 32, 34 and 36 are dures would not normally be utilized in a single system, shown. With log-on procedure 32, the user is provided although as discussed above, it might in some situations
5,237,614
7 8
be desirable to combine step 32 with one of the other server knows what the untransmitted portion of the
log-in procedures. As indicated above, log in proce- user's code should have been. However, if the user
dures other than those discussed above might also be properly enters the transmitted portion of his code, but
utilized. makes an error in inputting the untransmitted portion,
Step 40 illustrates another optional step which may 5 the server will authenticate the user, but on log-off be performed during log-in to produce a larger number when encryption occurs, it will be done using an imfor subsequent encryption. In particular, the user device proper encryption key which will then be erased, and may contain a pressure-sensitive area which, when there will be no way to reconstruct the improper enpressed by the user, causes a second non-predictable cryption key to permit the client to be unlocked, number to be displayed. This number may be generated 10 One way to avoid this problem is to run the entire using a different algorithm than that for the number inputted code from the user through a one-way function displayed, but is preferably, in order to simplify the card with either all or a selected portion of the output from circuitry, the next number which would normally be such one-way function being transmitted to the server, generated. As will be discussed later, this additional Thus, even though all characters outputted from the number may be stored at the client and utilized at log- 15 one-way function are not transmitted, the characters off for encryption purposes to provide a longer and thus transmitted serve as a check-sum to assure that the more secure encryption key. original coded input was correct, and thus to avoid the
Once a log-in code has been entered at client 14, permanent lockout problem discussed above without
regardless of the form in which this code is entered, the requiring that all characters necessary to reconstruct
operation proceeds to step 42. During step 42, a portion 20 the original coded input be transmitted. This alternate
of the code which was inputted into client 14 is saved at procedure is illustrated by box 45 in FIG. 2.
the client. During step 44, the next-step in the operation, Another possibility, instead of step 40, to provide
another portion of the code which was inputted, prefer- additional characters for subsequent encryption is to
ably the remaining portion, is encrypted in a selected utilize all or a selected portion of the original coded
way and transmitted to the server. For purposes of the 25 input characters, as well as other non-secret static or
following discussion, it will be assumed that only steps dynamic information available to the client such as the
34 and 38 were performed during log-on so that the serial number of the client, the time of day, the user's
code inputted to the client is, for example, a six charac- social security number, or the like as inputs to a one
ter alphanumeric code from step 34 and an eight charac- way function, the output from which is a long encryp
ter numeric code from step 38. Some portion of each of 30 tion character sequence.
these codes, for example, the least significant charac- One advantage of having a large encryption characters, most significant characters, or alternate characters ter sequence is that part of this character sequence can from each code, are then stored at an appropriate loca- be used for encrypting all or selected communications tion in client 14 during step 42. Selected characters between the client and the server or other resources on which are not stored, and preferably the remaining 35 network 10 (i.e. end-to-end encryption), while a remaincharacters which were not stored during step 42, are ing portion of the encryption code, which may include then combined in a preselected way (for example, by some but not all of the code used for the end-to-end addition without carry) or otherwise encrypted during encryption, is utilized for encrypting files, directories step 44 and sent to server 12 along with an ID for the and other material at the client when the client is to be client, which ID may be sent in clear text. This proce- 40 locked. Thus, full end-to-end encryption of commumcadure has the advantage that not only is no portion of the tions in and out of the client is possible without there user's PIN or of the non-predictable code generated by being any danger of the encrypted key utilized to enthe user device transmitted in clear text on a network crypt client material when the client is locked being line, but a substantial portion of this information is miss- compromised by surreptitious interception on the neting when transmitted on the line so that, even if the 45 work.
transmitted material were intercepted and sophisticated When server 12 receives the transmitted information,
deencryption techniques were utilized thereon, it would it utilizes the client ID to retrieve the code which is
still not be possible to reconstruct the user PIN since appropriate for the client at the given point in time,
data for a substantial portion of this PIN is missing from Where two or more users are authorized to use a given
the transmission. 50 client, codes appropriate to both users are retrieved and
However, while for the reason indicated, the saving the code received from the client is compared against and transmission of different portions of the code is the retrieved codes for all users authorized to use the preferred, this is not a limitation on the invention. Thus, client. With only a single user at a client, a match beall of the inputted code could, if desired, be encrypted tween a transmitted and a retrieved code is used to and transmitted to the server, with some of such code 55 indicate authentication. Where there are two or more also being saved, or no code being saved. Other combi- users, the code matched on is utilized both to identify nations of saving code portions and transmitting code the user at the client and to authenticate the user, portions are also within the contemplation of the inven- Matching may be accomplished by storing and retrievtion. ing the coded information at the server in the same
One problem with the technique described above 60 combined or encrypted form in which such coded inforwhere only a portion of the code inputted by the user is mation is transmitted, by storing the information in transmitted to the server arises from the fact that the normal form and then combining or encrypting it before portion of such code which is saved at the client may, as comparison or by deencrypting the received transmiswill be discussed in greater detail later, be utilized as sion from the client before doing the match. The procepart of or in generating the subsequent encryption key 65 dures discussed above constitute step 46 of the operaused at the client when the client is to be locked. The tion.
next time the client is to be unlocked, the server is able Where a code inputted by the user is a time varying
to send the proper complete decryption key because the code, it is necessary that the clock at the device in the
|
