Data protection system and method

摘要

An authentication system to authorize access to data to be protected, including a token having a memory that stores: an array containing alphanumeric information and random data; and a seal scheme vector containing information to enable access to each of the information items in their respective positions in the array. The authentication system is configured to: subject access to the token to the insertion of a password; decrypt the seal scheme vector; acquire the arrangement information and the size information of each random data from the seal scheme vector; check correspondence between the acquired arrangement information and the effective arrangement of the information in the array, and between the acquired size information and the effective size of the random data; authorize or deny access to the data to be protected on the basis of a result of the previous check.

主权项

1. An authentication system for authorizing an access to information to be protected, comprising:
a hardware token having a memory including a private memory area accessible by a personal identification number and storing: a plurality of first information items of at least one of numeric, alphanumeric and alphabetic type; and a plurality of first random data items of at least one of numeric, alphanumeric and alphabetic type, each having a respective size, wherein said first information items and said first random data items are arranged in an array having at least one reading order and such that each one of said first information items is separated from a successive one of said first information items, in said reading order, by one of said first random data items, wherein the private memory area stores a first seal scheme vector of encrypted type containing first relative arrangement information of the first information items in the array and first size information of each one of said first random data items so as to allow access to each of the first information items in the array, said authentication system being further configured to: subject access to the private memory area to the insertion of said personal identification number; decrypt the first seal scheme vector and acquire said first relative arrangement information of the first information items and said first size information of each one of said first random data items in the array; check correspondence between said acquired first relative arrangement information and the arrangement of the first information items in the array and between said acquired first size information and the size of the first random data items in the array; authorize or deny access to said information items to be protected on the basis of a result of said correspondence check between said acquired first relative arrangement information and the arrangement of the first information items in the array and between said acquired first size information and the respective sizes of said first random data items, wherein the first relative arrangement information of the first information items follow each other in a random order in said first seal scheme vector, wherein said random order in which the first relative arrangement information items of the first information items follow each other is obtained by a random number of permutations of said first relative arrangement information of the first information items, and wherein performing said permutations comprises: (i) swapping the position of one initial information item chosen among the first information items with the position of another of the first information items; (ii) swapping the position of two or more information items chosen among said first information items, these positions being after the position in the array in which said initial information item was allocated prior to the swap operation (i).