`
`I(19)
`
`⼀-⼀-⼀-⼀-
`(11) E P 0 844 551 A2
`(12) E U R O P E A N PATENT APPLICATION
`
`Europaisches Patentamt
`European Patent Office
`Office europeen des brevets
`
`(43) Date of publication:
`27.05.1998 Bulletin 1998/22
`
`(21) Application number: 97890210.4
`
`(22) Date of filing: 22.10.1997
`
`(84)
`
`Designated Contracting States:
`AT BE CH DE DK ES Fl FR GB GR IE IT LI LU MC
`NL PT SE
`Designated Extension States:
`AL LT LV RO SI
`
`(30) Priority: 28.10.1996 U S 738897
`
`(71) Applicant: Veneklase, Brian J.
`San Antonio, TX 78249 (US)
`
`(72) Inventor: Veneklase, Brian J.
`San Antonio, TX 78249 (US)
`
`(54)
`
`Computer security system
`
`(51) Int CI.6: G 0 6 F 1 / 0 0
`
`(74)
`
`Representative: Matschnig, Franz, Dip⼀⼀⼀⼀ng.
`Siebensterngasse 54
`1070 Wien (AT)
`
`Remarks:
`A request for correction (exchanging the contents of
`figure 1 with figure 2 and vice versa) has been filed
`pursuant to Rule 88 EPC. A decision on the request
`will be taken during the proceedings before the
`Examining Division (Guidelines for Examination in
`the EPO, A-V, 3.).
`
`(57) S e v e r a l embodiments o f computer security
`systems are described and which are adapted to grant
`an authorized individual access to a secured domain,
`such as a computer or data stream. In one embodiment,
`the security system comprises: an analyzing means for
`receiving first and second passwords, each of said
`passwords being transmitted over a first communication
`channel,analyzing said first password, transmitting a
`first signal output only if said first password is author-
`
`ized, and granting access to said secured domain only
`if said second password is substantially identical to a
`code; and a random code generating means for gener-
`ating said code, transmitting said code over a second
`communication channel upon receipt of first signal out-
`put, and transmitting said code to said analyzing means;
`and a notification means for receiving said code and for
`notifying said authorized individual of the identity of said
`code.
`
`408)r
`
`MODEM
`
`412)
`
`COMPUTER
`
`404)r
`
`USER/
`SUBSCRIBER
`
`400
`
`4〉⼫
`
`MODEM
`
`AGER
`
`420
`
`406
`
`HOST COMPUTER
`USER
`USER/
`TABLE \ 」 4 0 2
`PASSWORD
`CHECK
`⼊\%』,414
`
`41 步 \-
`
`CODE
`GEN.
`
`422
`
`FIG.6
`
`AUTO 材耵℃
`PHONE/
`⼀\⼀418
`PAGER DIALER
`
`Printed by Jouve, 75001 PARIS (FR)
`
`UNIFIED PATENTS EXHIBIT 1005
`Page 1 of 13
`
`JPMORGAN EXHIBIT 1005
`
`
`
`1
`
`EP 0 844 551 A 2
`
`2
`
`Description
`
`1. Field of the Invention
`
`The present invention relates to a security and/or
`access restriction system and, in one embodiment, to a
`security and/or access restriction system which i s
`adapted to grant only authorized users access to a com-
`puter system and/or to certain data which may be resi-
`dent within the computer system and/or resident within
`a communications channel and/or other communica-
`tions medium.
`
`2. Background of the Invention
`
`In recent years, computers have proliferated in all
`parts of worldwide society, including but not limited to,
`banking, financial services, business, education, and
`various governmental entities. For instance and without
`limitation, these computer systems allow individuals to
`consummate financial transactions, to exchange confi-
`dential scientific and/or medical data, and to exchange
`highly proprietary business planning data. Hence, these
`computer systems require and/or allow very sensitive
`and confidential data to be stored and transmitted over
`great geographic distances.
`Moreover, the rise of multinational communications
`networks, such as the publicly available Internet com-
`munications system, has truly made the world a smaller
`place by allowing these computers, separated by great
`geographic distances, to very easily communicate and
`exchange data. In essence, these worldwide communi-
`cations channels/networks, sometimes collectively re-
`ferred to as "the Information Superhighway" have elec-
`tronically connected the peoples of the world - both the
`good and the very bad.
`That is, while these computer systems have in-
`creased efficiency and greatly changed the manner in
`which we work and interact, they have been especially
`prone t o unauthorized "break-ins", viral destruction,
`and/or unauthorized data modifications. Accordingly,
`the rather sensitive and confidential data which is stored
`and used within these computer systems and transmit-
`ted between these computer systems has been the tar-
`get of attack by people known as "hackers" and by high
`level and very sophisticated espionage and industrial
`spies. Computer access security and data transmission
`security has recently come to the forefront of importance
`and represents one of the great needs of our times.
`Many attempts have been made to create and uti-
`lize various techniques (hereinafter the term "technique"
`as used and/or employed in this Application refers to any
`combination of software, hardware, and/or firmware
`which comprise a n apparatus and a methodology
`whose components cooperatively achieve an overall se-
`curity objective) to "ensure" that only authorized users
`are allowed to gain access to these respective computer
`systems. These prior techniques, while somewhat ef-
`
`fective, suffer from various drawbacks.
`For example, one such prior computer system se-
`curity technique comprises the use of predetermined
`"passwords". That is, according to this security tech-
`5 n i q u e , each computer system has a list of authorized
`passwords which must be communicated to it before ac-
`cess is given or allowed. In theory, one or more "trusted"
`system administrators distribute these "secret" pass-
`words to a group of authorized users of a computer sys-
`10 t e m . The "secret" nature of the passwords, in theory,
`prevents unauthorized users from accessing the com-
`puter system (since presumably these unauthorized us-
`ers do not have the correct passwords). This technique
`is not very effective since oftentimes those authorized
`15 individuals mistakenly and unwittingly expose their
`password to an unauthorized user Moreover, this tech-
`nique of data security may be easily "broken" by a "hack-
`er's" deliberate and concentrated attempt at automati-
`cally inputting, to the targeted computer, hundreds and
`20 perhaps thousands of passwords until an authorized
`password is created.
`In addition to the prior password technique other,
`more sophisticated access techniques are known and
`used. For example, there are known techniques which
`25 require the possession of a physical object or feature,
`such as "access cards" which are "read" by a card read-
`ing device and biometric authentication techniques (e.
`g. requiring the initial input of such authorized user phys-
`ical characteristics as fingerprints and eye patterns and
`30 t h e later comparison of these input patterns to those of
`a "would-be" user). Both of these prior techniques are
`relatively complicated, are relatively costly, and are
`prone to error, such as and without limitation, mistaken
`unauthorized entry due to their complexity. These tech-
`35 niques are also prone to unauthorized entry by use of
`counterfeit and/or stolen cards, objects, and fingerprint
`readers. Other prior data security techniques, such as
`encryption, attempt to prevent unauthorized use of
`transmitted data or unauthorized access to a computer
`40 system by modifying and/or changing the transmitted
`data in a certain manner, and/or requiring the transmis-
`sion and receipt of modified data before access is grant-
`ed. While somewhat effective, these prior encryption
`techniques are relatively costly and complicated and re-
`45 q u i r e one or more known "encryption keys" which are in
`constant exchange between users and which are them-
`selves susceptible to theft and/or inadvertent disclo-
`sure. Furthermore, the best-known and perhaps strong-
`est encryption algorithm is proprietary and cannot be
`50 u s e d without a costly license. Moreover, since the en-
`crypted message still provides all of the transmitted da-
`ta ,in some form, it is st⼀I⼀possible for one to gain access
`to the entire data stream by "breaking the encryption
`code". Since no encryption algorithm is ever considered
`55 "unbreakable", encryption is not considered to be a
`"foolproof' security solution.
`There is therefore a need to provide a technique to
`substantially prevent the unauthorized access to one or
`
`2
`
`UNIFIED PATENTS EXHIBIT 1005
`Page 2 of 13
`
`JPMORGAN EXHIBIT 1005
`
`
`
`3
`
`EP 0 844 551 A 2
`
`4
`
`more computer systems and which overcomes the var-
`ious drawbacks of these afore-described prior tech-
`niques. There is also a need to provide a technique to
`substantially prevent the unauthorized interception and
`use of transmitted data and which overcomes the vari-
`ous drawbacks of the prior art. Applicant's invention(s)
`seek and do meet these needs. Applicant's invention, in
`one embodiment, achieves these objectives by splitting
`the data into a plurality of separate communication
`channels, each of which must be "broken" for the entire
`data stream to be obtained. In essence, in this embod-
`iment of Applicant's invention, cooperatively form the
`entire message. The splitting of the data in this manner
`may also "fool" the would be data thief into believing that
`he or she has obtained all of the data when, in fact, only
`several communication channels are obtained.
`
`SUMMARY OF THE INVENTION
`
`While a number of "objects of the invention" are set
`forth below, it should be realized by one of ordinary skill
`in the art that the invention(s) are not to be limited, in
`any manner, by these recited objects. Rather, the recited
`"objects of the invention" are to be used to place Appli-
`cant's various inventions in proper overall perspective
`and to enable the reader to better understand the man-
`ner in which Applicant's inventions are to be made and
`used, especially in the preferred embodiment of Appli-
`cant's invention. Accordingly, the various "objects of the
`invention" are set forth below:
`It is a first object of the present invention to provide
`a technique to substantially ensure that only authorized
`users gain access to a computer system.
`It is a second object of the invention to provide a
`technique to substantially ensure that only authorized
`users gain access to a computer system and which
`overcomes the various previously delineated draw-
`backs of the prior computer system security techniques.
`It is a third object of the invention to provide a tech-
`nique to substantially ensure that only authorized users
`have access and use of certain transmitted data appear-
`ing, for example, within a data stream.
`It is a fourth object of the invention to provide a tech-
`nique to substantially ensure that only authorized users
`have access and use of certain transmitted data and/or
`certain hardware, software, and/or firmware which co-
`operatively form and/or comprise a computer system,
`and that this technique overcomes the various previous-
`ly delineated drawbacks of the prior techniques.
`According to a first aspect of the present invention,
`a security system is provided. Particularly, the security
`system is adapted to be used in combination with a com-
`puter and to only grant an authorized individual access
`to the computer. The security system comprises, in one
`embodiment, password means for receiving a password
`by use of a first communications channel; and code gen-
`eration means, coupled to said password means, for
`generating a code by use of a second communications
`
`channel, and to allow that individual access to the com-
`puter system only if that individual generates and com-
`municates the code to the code generation means.
`According to a third aspect of the present invention,
`5 a method is provided for use with a computer and effec-
`tive to substantially prevent an unauthorized user from
`accessing the computer. The method comprises, in one
`embodiment, the steps of assigning a password to the
`user; receiving the password by use of a first comm uni-
`/0 cations channel; generating a code in response to the
`received password; transmitting the code by use of a
`second communications channel to the user; transmit-
`ting the code to the computer; and allowing access to
`the computer only after the code is transmitted to the
`15 computer.
`According to a fourth aspect of the present inven-
`tion, a security system is provided to grant an authorized
`individual access to a secured stream of data bits. In
`one embodiment, the data security system comprises a
`20 d a t a stream dividing means for receiving said stream of
`data bits and dividing said stream of data b its into a plu-
`rality of sub-streams; transmitting means for transmit-
`ting said sub-streams in a predetermined order over a
`communication channel; and a decoding means for re-
`25 ceiving said sub-streams and for recombining said re-
`ceived sub-streams to create said secured stream of da-
`ta bits.
`Further objects, features, and advantages of the
`present invention w⼀I⼀become apparent from a consid-
`30 eration o f the following description, the appended
`claims, and/or the appended drawings. It should further
`be realized by one of ordinary skill in the art that the
`previously delineated objects and aspects of the inven-
`tion are for illustration purposes only and are not to be
`35 construed so as to limit the generality of the inventions
`and/or to limit the interpretation to be given to the vari-
`ous appended claims. Moreover, it should also be real-
`ized by those of ordinary skill in the art that the term
`"communications channel" as used throughout this Ap-
`40 plication refers to any physical and/or electromagnetic
`means or method of transferring and/or communicating
`information from one or more sources to one or more
`receivers. Moreover, the term "communications chan-
`nel" should be given the broadest known interpretation
`45 covering any method and/or medium which facilitates
`the transfer of information and/or over which such infor-
`mation is transferred.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`For a fuller and more complete understanding of the
`nature and objects of the present invention, reference
`should be had to the following drawings wherein:
`
`FIG⼀1念 a block diagram of a computer security sys-
`tem made in accordance with the teachings of the
`preferred embodiment having the preferred security
`techniques of the invention;
`
`50
`
`55
`
`3
`
`UNIFIED PATENTS EXHIBIT 1005
`Page 3 of 13
`
`JPMORGAN EXHIBIT 1005
`
`
`
`5
`
`EP 0 844 551 A 2
`
`6
`
`FIG. 2 is a block diagram of another embodiment of
`a computer security system made in accordance
`with the teachings of the preferred embodiment
`having the preferred techniques of the invention;
`FIG. 3 is a block diagram of yet another embodi-
`ment of a security system made in accordance with
`the teachings of the preferred embodiment having
`the preferred techniques of the invention;
`FIG. 4 is a block diagram of another embodiment of
`a computer security system made in accordance
`with the teachings of the preferred embodiment
`having the preferred techniques of the invention;
`FIG. 5 is a schematic diagram of a password table
`used by the computer security systems shown in
`Figures 1 and 2; and
`FIG. 6 is a block diagram of one embodiment of the
`preferred embodiment of the invention.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`Referring now to Figure 1, there is shown a block
`diagram of a computer security system 10, made in ac-
`cordance with the principles of the preferred embodi-
`ment of the invention and adapted for use in combina-
`tion with computer 80. More particularly, computer se-
`curity system 10 selectively allows communication and/
`or data processing access to computer 80 in a manner
`which is technically described throughout the remainder
`of this Application. As shown, security system 10 in-
`cludes an "analyzing means" 12 and a "random code
`generating means" 14.
`In one embodiment of the preferred embodiment of
`the invention, analyzing means 12 comprises one or
`more software subroutines which are adapted to exe-
`cute upon and/or within computer 80. Alternatively, an-
`alyzing means 12 may comprise a microprocessor and/
`or similar type of computer which is adapted to operate
`under stored program control in the manner set forth in
`this Application. One example of another type of com-
`puter operating under stored program control and which
`may be used by the preferred embodiment of the inven-
`tion is shown and described within chapter eight of the
`text entitled Advanced Computer Architecture: Parallel-
`ism Scalability, Programmability, which was authored by
`Kai Hwang, which is published by McGraw-H 川,Inc.,
`which h a s a library reference number o f ISBN
`0-07-031622-8, and the entire text of all of the chapters
`of which are fully and completely incorporated herein by
`reference, word for word and paragraph for paragraph.
`In either embodiment, analyzing means 12 receives and
`compares at least two "sets" or streams of data. Should
`the individually received "sets" match, analyzing means
`12 generates and communicates an "access granted"
`command to computer 80, allowing individual 18 access
`to the computer 80 Moreover, random code generating
`means 14 may similarly comprise a conventional pseu-
`do-random number generator which may be construct-
`ed or developed on one or more software subroutines
`
`5
`
`which reside and operate/execute upon and/or within
`computer 80 or may comprise a microprocessor and/or
`similar type of computer which operates under stored
`program control.
` individual 18, desiring access to and
`I n operation,
`within computer 80 utilizes a first communication chan-
`nel 82 (e.g. a first telephone line, radio channel, and/or
`satellite channel ) and communicates, by use of his or
`her voice or by use of a computer 19 a first password to
`/0 analyzing means 12. Analyzing means 12 then checks
`and/or compares this first received password with a
`master password list which contains all of the authorized
`passwords associated with authorized entry and/or ac-
`cess to computer 80.
`15 A s shown in Figure 5, in the preferred embodiment
`of the invention, analyzing means 12 contains a master
`password list 200 having a first column of entries corre-
`sponding to authorized passwords necessary to gain
`access to computer 80. Moreover, as further shown in
`20 Figure 5, each authorized password 202, contained in
`this master password list 200, has a unique first entry
`204 associated with it and which identifies the name of
`the authorized user who has been assigned that corre-
`sponding password and at least one telephone number
`25 2 0 6 and/or network address associated with the identi-
`fied user.
`If the received password matches an entry of the
`master password list, analyzing means 12 generates a
`command, by means of connecting bus 17 or software
`30 message or function call to random code generating
`means 14 and causes the random code generation
`means 14 to generate a substantially random and/or
`pseudo-random number o r code, o f programmable
`length, and to transmit the number and/or code, by
`35 m e a n s of a second communications channel 84, to the
`individual 85 associated with the received password 202
`in the master password list. That is, as should be appar-
`ent to one of ordinary skill in the art, code generation
`means 14 includes both a random number generator
`40 a n d a conventional and commercially available commu-
`nications interface (e.g. modem and/or telephone/pager
`interface), allowing the generated pseudo-random code
`to be generated or communicated over a wide variety of
`mediums.
`45 F u r t h e r , it should be apparent that individual 85 may
`or may not be the same person as individual 18 . If in-
`dividual 18 was the individual identified in the master
`password list (e.g. "was authorized"), that individual 18
`receives the pseudo-random number and transmits the
`50 number to the analyzing means 12, by means of com-
`munications channel 82. Once the pseudo-random
`number is received by the analyzing means 12, from
`channel 82, it is compared with the number generated
`by generation means 14. If the two codes are substan-
`55 tially the same, entry to computer 80 and/or to a certain
`part of computer 80 such as, without limitation, the hard-
`ware, software, and/or firmware portions of computer 80
`is granted to individual 18. For instance, in another em-
`
`4
`
`UNIFIED PATENTS EXHIBIT 1005
`Page 4 of 13
`
`JPMORGAN EXHIBIT 1005
`
`
`
`7
`
`EP 0 844 551 A 2
`
`8
`
`bodiment, table 200 of Figure 5 could contain yet anoth-
`er set of entries specifying the directories or portions of
`computer 80 that the individual 18 was allowed to have
`access to. In this manner, allowed access to computer
`80 would be further restricted to those computer por-
`tions which are specified within table 200. It should be
`apparent to one of ordinary skill in the art that these por-
`tions may be different for different users and that each
`authorized user may have a different portion that may
`be accessed in an authorized manner.
`It should be apparent to one of ordinary skill in the
`art that Applicant's foregoing computer security tech-
`nique is a relatively low-cost, but effective technique, for
`properly ensuring that only authorized users gain ac-
`cess to a computer system, such as computer system
`80. That is, Applicant's foregoing computer security em-
`bodiment, utilizes two distinct communications chan-
`nels and a random number generator in order to ensure
`that an authorized user of a computer system is notified
`that someone or something is seeking access to the
`computer system with his or her password. Moreover,
`Applicant's foregoing invention is very cost effective as
`it employs substantially "off the shelf' and readily avail-
`able components. Further, the use of a "secret" pass-
`word, a "secret" substantially random number, and a
`"secret" second channel allows for multiple levels of se-
`curity before access to the computer system is achieved
`and provides enhanced security over the prior art.
`Referring now to Figure 6 there is shown a compu-
`ter system 400 made in accordance with the teachings
`of the preferred embodiment of the invention and repre-
`senting one example and/or implementation which is
`made in accordance with the various teachings of the
`preferred embodiment of the invention As shown, com-
`puter system 400 includes a host computer 402 (corre-
`sponding to computer 80 of the system shown in Figure
`1) to which a user or other individual 404 (corresponding
`to individual 18 of Figure 1) desires access to. As further
`shown in Figure 6. As shown, individual 404,⼀n this im-
`plementation example, utilizes a commercially available
`and conventional computer 406 and a commercially
`available and conventional modem 408 to communicate
`with a commercially available and conventional modem
`410 by means of a typical communications channel (e.
`g. a conventional "dial-up" telephone line) 412. Hence,
`the user 404, in this embodiment, only requires conven-
`tional computer equipment. Host computer 402, in this
`embodiment, requires a conventional and commercially
`available automatic dialer which is altered ,in a known
`manner, to receive and pass one or more passwords
`and/or codes as data.
`In operation, user 404 dials through and/or by
`means of his or her computer 406 and modem 408 in
`the usual and conventional manner to connect and ac-
`cess host computer 402. The host computer 402, using
`the principles of the preferred embodiment of this inven-
`tion, answers the requester's call, which occurs over
`channel 412, and requests and receives the user's iden-
`
`tification code. host computer 402 checks the received
`identification code and cross references the received
`password code against a pager phone number list res-
`ident within the user table 414 which is stored within
`5 computer 402. This comparison, is a match is made,
`causes the "code generator" software subroutine 415,
`resident within computer 402, to generate a pseudo-ran-
`dom number code and passes the received code along
`with the authorized user's pager number to the commer-
`10 cially available and conventional automatic dialer 418.
`The automatic dialer 418 telephones the conventional
`and commercially available pager 420 by means of con-
`ventional and commercially available communication
`channel 422 (e.g. voice line) and transmits the code to
`15 t h e user's pager. As this happens, the host computer
`402 awaits the reply from the user attempting to gain
`access to the computer.
`The user 404 now enters the code he or she has
`received from the pager 420 and any timing instructions
`20 which, in yet another embodiment of the invention may
`also be transmitted from computer 402, and sends this
`password or pseudo-random code back to computer
`402 where it is compared within the software subroutine
`module denoted as "code compare" 416 in Figure 6. If
`25 t h e comparison yields a match, the user 404 is allowed
`access to computer 402 and/or to a portion of computer
`402.
`
`Referring now to Figure 2, there is shown a second
`embodiment of a computer security system made in ac-
`30 cordance with the teachings of the preferred embodi-
`ment of the invention. This second embodiment 20 is
`substantially similar to system 10 but also includes a tim-
`er or "timing means" 40 which may comprise one or
`more software subroutines which are adapted to oper-
`35 a t e and/or execute within and/or upon computer 80 or
`may comprise a microprocessor which operates under
`stored program control. In one embodiment, timing
`means 40 comprises a conventional "watchdog timer"
`as w⼀I⼀be apparent to those of ordinary skill in the art.
`I n operation,
` timing means 40 records the time at
`which the first and second passwords are received by
`analyzing means 12. Timing means 40, in one embodi-
`ment which is coupled to analyzing means 12 and code
`generation means 14 by bus 42 and in another embod-
`45 i m e n t which is in software communication with means
`12 and 14, then compares the times to determine wheth-
`er the second password was received within a prede-
`termined period or predetermined "window" of time after
`the first password was received. In the preferred em-
`bodiment of the invention, the predetermined period of
`time is programmable. The predetermined period of
`time, w⼀I⼀typically need to vary according to the nature
`or the communications medium used by means 14 to
`notify individual 85 of the value of the generated code.
`55 F o r example, the predetermined period of time would
`be shorter when communications channel 84 comprises
`a pager or cellular phone, since the owner has immedi-
`ate access to the code upon transmission; and longer
`
`40
`
`5
`
`UNIFIED PATENTS EXHIBIT 1005
`Page 5 of 13
`
`JPMORGAN EXHIBIT 1005
`
`
`
`9
`
`EP 0 844 551 A 2
`
`1
`
`0
`
`when communications channel 84 comprises a voice-
`mail system which the owner has to affirmatively access
`to receive the code. If the second password was not re-
`ceived within the predetermined period of time, analyz-
`ing means 12 denies entry to the secured domain (e.g.
`computer 80). If the second password was received
`within the predetermined period of time, analyzing
`means 12 compares it to the code which was previously
`generated. If the second password is not substantially
`identical to the previously generated code, analyzing
`means 12 denies individual 18 entry to the secured do-
`main (e.g. computer 80). If the received password is
`substantially identical to the code, analyzing means 12
`grants individual 18 entry into the secured domain. As
`will be readily apparent to those of ordinary skill in the
`art, timing means 40 provides yet a third level of security
`to computer system 80. Moreover, it should also be ap-
`parent to one of ordinary skill in the art that this "prede-
`termined time" may be as short or as small as several
`milli-seconds or micro-seconds. This is particularly true
`if, in yet another embodiment of Applicant's invention,
`the password generated by communication means 14
`is received by a computerized device which is adapted
`to received the password and to generate a new pass-
`word code in a substantially automatic manner.
`Referring now to Figure 3, there is shown a block
`diagram of a third embodiment of a computer security
`system made in accordance with the principles of the
`preferred embodiment of the invention As shown, com-
`puter security system 70 is adapted to receive an input
`data stream 72, comprising in a first embodiment, a plu-
`rality of digital data bits 73, which are to be securely
`transmitted to a distant site. System 70, as further
`shown, includes a data stream dividing means 74 which
`in one embodiment comprises a commercially available
`one input and two channel output time division or statis-
`tical multiplexor which samples the bits of received data
`and places, in a certain predetermined manner (e.g. al-
`ternately) some of the received data bits onto the first
`communications channel 76 and some of the received
`data bits onto the second communications channel 78.
`In this manner, one attempting to wrongfu⼀ly⼀ntercept
`and/or access the data stream 72 would need access
`to both communications channels 76, 78 and would
`need to know the dividing algorithm that dividing means
`74 utilizes to divide the received data for placement onto
`channels 76,78. Applicant's third embodiment therefore
`provides a very high level of data transmission security.
`As further shown in Figure 3, in this third embodi-
`ment of the invention, security system 70 further in-
`cludes a decoding means 88 which may comprise a
`commercially available microprocessor operating under
`stored algorithmic program control and which contains
`"mirror image" of the algorithm used to divide the data
`stream transmitted to it by means 74. In this manner, the
`data from each of the channels 76,78 is reconstituted
`onto single channel 89, in substantially the exact same
`manner that it was received by means 74. In essence,
`
`this third embodiment of Applicant's invention allows
`and/or provides for the "splitting"of a data stream into
`a plurality of channels in a predetermined manner and
`the concomitant reconstitution of the data stream once
`5 t h e data has traversed the communications medium.
`Hence, the embodiment in Figure 3 splits the data
`stream so that anyone getting access to one of the chan-
`nels 76, 78 can't reconstruct the data stream because
`they're missing half or more of the information. If more
`/0 channels are used, each channel carries far less than
`one-half the information.
`Referring now to Figure 4 there is shown a fourth
`embodiment of a computer security and/or data trans-
`mission system 100 which is made in accordance with
`15 t h e teachings of the preferred embodiment of the inven-
`tion As shown, system 100 is adapted to receive a plu-
`rality of data bits 103 contained in a first communications
`channel 102. It should be noted that the data contained
`within this channel 102 is interspersed with a plurality of
`20 "non-data" or filler data bits or "material" 104 according
`to some predetermined and/or randomly varying algo-
`rithm (e.g. every third bit space is filler data) by a micro-
`processor system 106 which is operating under stored
`program control. The filler data 104 is binary data and
`25 cannot be deciphered as "filler" by an unauthorized user.
`Therefore, even if one were to intercept the transmitted
`data, one could not decipher or decode the data. System
`100 further includes a decoder 110 for the data reception
`and decodes 202 for the algorithm reception which, in
`30 o n e embodiment, comprises a microprocessor acting
`under stored program control and which is adapted to
`"strip off" the "f⼀I⼀er" bits and to allow the originally trans-
`mitted data to be reconstituted. In this manner, data may
`be safely transmitted and received in an authorized
`35 manner. In yet another embodiment of the invention
`which is shown in Figure 4, the algorithm which controls
`the filler pattern and/or the way that the filler data is in-
`terspersed within the "regular" data pattern may be pe-
`riodically changed in a known and predetermined man-
`40 n e r In this embodiment, the filler data is interspersed
`within the "regular" data according to a varying filler al-
`gorithm (e.g. every three bits for the first 99 bits and then
`every four bits thereafter). In this embodiment, decoder
`110 is adapted to "strip" off these filler bits by having
`45 p r i o r knowledge (e.g. embedded within a computer pro-
`gram resident within and controlling the decoder) of the
`varying algorithms which are ut⼀I⼀zed by system 100.
`Here, in the embodiment shown in Figure 4, unlike that
`shown and described with respect to Figure 3, all the
`50 d a t a is transmitted on a single channel but is "muddied."
`In yet another embodiment of the invention, as
`shown in Figure 4, a varying data key is transmitted to
`decoder 110 and/or decoder 202 by microprocessor
`system 106 by use of a second channel 200. In this man-
`ner, a second channel is need