DATA PROTECTION SYSTEM AND METHOD

摘要

An authentication system to authorize access to data to be protected, including a token having a memory that stores: an array containing alphanumeric information and random data; and a seal scheme vector containing information to enable access to each of the information items in their respective positions in the array. The authentication system is configured to: subject access to the token to the insertion of a password; decrypt the seal scheme vector; acquire the arrangement information and the size information of each random data from the seal scheme vector; check correspondence between the acquired arrangement information and the effective arrangement of the information in the array, and between the acquired size information and the effective size of the random data; authorize or deny access to the data to be protected on the basis of a result of the previous check.

主权项

1. An authentication system for authorizing an access to information to be protected, comprising a hardware token (1) having a memory (4) including a private memory area (4a), accessible by means of a personal identification number and storing:
a plurality of first information items (I1-IN) of numeric and/or alphanumeric and/or alphabetic type; a plurality of first random data items (RBx,y) of numeric and/or alphanumeric and/or alphabetic type, each having a respective size, said first information items (I1-IN) and said first random data items (RBx,y) being arranged in an array (100), having at least one reading order and such that each first information item (I1-IN) is separated from a successive first information item (I1-IN), in said reading order, by one of said first random data items (RBx,y), the private memory area (4a) further storing a first seal scheme vector (SS), of encrypted type, containing first relative arrangement information of the first information items (I1-IN) in the array (100) and first size information of each first random data item (RBx,y), so as to allow access to each of the first information items (I1-IN) in the array (100), said authentication system being further configured to: subject access to the private memory area (4a) to the insertion of said personal identification number; decrypt the first seal scheme vector and acquire said first relative arrangement information of the first information items (I1-IN) and said first size information of each first random data item (RBx,y) in the array (100); check correspondence between said acquired first relative arrangement information and the arrangement of the first information items (I1-IN) in the array (100), and between said acquired first size information and the size of the first random data items in the array (100); authorize or deny access to said information items to be protected on the basis of a result of said correspondence check between said acquired first relative arrangement information and the arrangement of the first information items (I1-IN) in the array (100), and between said acquired first size information and the respective sizes of said first random data items (RBx,y).