David Kovar writes:
> > From what I've been told from Secure Dynamics, they are using their own
> > proprietary algorythm. That is one of the aspects of the cards that several
> > people are leery (sp?!) of. Who's to say that the algorythm is any good? I'ts
> > kinda like CLIPPER in the sense that they say it's secure, but w/o the algo.
> > how can anyone into cryptography BELIEVE it? What is their idea of 'secure'?
> I believe you can buy a source license for the code and examine it
> yourself if you're curious. It costs a lot of money, but people who
> are integrating the SecureID cards into their products must make
Many SecurID/Aceserver implementations use only the library that
is included with Aceserver. Proprietary boxes such as ciscos
authenticate users indirectly via an authentication server that
is linked with the Security Dynamics library.
> this purchase.
> I've seen the code and am convinced that it is secure. Of course,
> you have no reason to trust me, either!
The authentication scheme is patented. In order to be granted a
patent, the inventor must disclose the invention to the public.
This is the main difference between a patent and a trade secret.
The algorithm should be discussed in the disclosure of the
patent. Sometimes the disclosures aren't very clear, but the
disclosure should have much less legalese than the claims.
The following abstract seems to describe the algorithm being
discussed on this list (there are three other Security Dynamics
patents). The full text of patents aren't on-line, so someone
would have to order the patent to get more information.
Michael Platoff email: map @
Siemens Corporate Research phone: (609) 734-3354
755 College Road East fax: (609) 734-6565
Princeton, NJ 08540-6668
E/METHOD AND APPARATUS FOR POSITIVELY IDENTIFYING AN INDIVIDUAL
Document Type: UTILITY
Inventors: WEISS KENNETH P (US)
Assignee: SECURITY DYNAMICS TECH INC
Patent Issue Applic Applic
Number Date Number Date
---------- ------ --------- ------
Patent: US 4720860 880119 US 676626 841130
(Cited in 013 later patents)
Priority Applic: US 676626 841130
An apparatus for the electronic generation and comparision of
non-predictable codes. The appartus of the invention comprises a first
mechanism for calculating a first non-predictable code according to a
predetermined algorithm, the first mechanism for calculating including a
first mechanism for inputting a unique static variable into the
predetermined algorithm; a first mechanism for automatically defining a
first dynamic variable according to the interval of time in which the first
mechanism for inputting is activated, the first mechanism for automatically
defining including a mechanism for automatically making the first dynamic
variable available to the predetermined algorithm of the first mechanism
for calculating; a second mechanism for calculating a second
non-predictable code according to the predetermined algorithm, the second
mechanism for calculating including a second mechanism for inputting the
unique static variable into the predetermined algorithm; a second mechanism
for automatically defining a second dynamic variable according to the
interval of time in which the second mechanism for inputting is activated,
the second mechanism for automatically defining including a mechanism for
automatically making the second dynamic variable available to the
predetermined algorithm of the second mechanism for calculating; and a
mechanism for comparing the first non-predicatable code with the second