Two-factor computer password client device, system, and method

US 20060070125A1
Filed: 11/07/2005
Published: 03/30/2006
Est. Priority Date: 02/14/2001
Status: Active Grant

First Claim

Patent Images

1. A client device for constructing a two-factor password utilized by an authentication device to authenticate an accessing computer, said client device comprising:

an input/output (I/O) port for interfacing the client device with the accessing computer, said I/O port receiving a user identification (user ID) from the accessing computer, and sending the two-factor password to the accessing computer;

a database for storing a second factor; and

a client application connected to the I/O device and the database, said client application being adapted to;

retrieve the second factor from the database;

combine the user ID and the retrieved second factor to form the two-factor password; and

send the two-factor password to the I/O device for sending to the accessing computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client device, system, and method for constructing a two-factor password utilized by an authentication device to authenticate an accessing computer. The client device connects to the accessing computer through an input/output (I/O) port such as a USB connection. When a user desires to access a network, he enters a user ID, which is sent from the accessing computer to the client device. The client device includes a client application, which retrieves a second factor from an internal database, and combines the user ID and the retrieved second factor to form the two-factor password. The two-factor password is sent to the accessing computer, which transmits it to the authentication device. The accessing computer is authenticated only if both the user ID and the second factor match a user ID and second factor stored in the authentication device.

41 Citations

View as Search Results

23 Claims

1. A client device for constructing a two-factor password utilized by an authentication device to authenticate an accessing computer, said client device comprising:
- an input/output (I/O) port for interfacing the client device with the accessing computer, said I/O port receiving a user identification (user ID) from the accessing computer, and sending the two-factor password to the accessing computer;
  
  a database for storing a second factor; and
  
  a client application connected to the I/O device and the database, said client application being adapted to;
  
  retrieve the second factor from the database;
  
  combine the user ID and the retrieved second factor to form the two-factor password; and
  
  send the two-factor password to the I/O device for sending to the accessing computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The client device of claim 1, wherein the I/O port is a Universal Serial Bus (USB) interface.
  - 3. The client device of claim 1, wherein the I/O port is a wireless access link.
  - 4. The client device of claim 1, wherein the user ID includes a first plurality of predefined characters, and the second factor includes a second plurality of predefined characters, and the client application is adapted to combine the first plurality of predefined characters with the second plurality of predefined characters to form the two-factor password.
  - 5. The client device of claim 1, wherein the client application is adapted to interleave characters from the second plurality of predefined characters between the characters of the first plurality of predefined characters to form the two-factor password.
  - 6. The client device of claim 1, wherein the client application is adapted to append the second plurality of predefined characters to the first plurality of predefined characters to form the two-factor password.
  - 7. The client device of claim 1, wherein the user ID includes a plurality of predefined characters, and the second factor includes a plurality of predefined time intervals, and the client application is adapted to form the two-factor password by instructing the accessing computer to individually transmit each of the plurality of predefined characters to the server, wherein each character is separated from a previous character by a time interval drawn from the plurality of predefined time intervals.
  - 8. The client device of claim 1, further comprising a mechanical switch located between the client application and the second-factor database, wherein when the mechanical switch is open, the second-factor database is physically separated from the client application and the accessing computer.
  - 9. The client device of claim 8, wherein the mechanical switch is adapted to be physically closed by a user to begin construction of the two-factor password, and is adapted to be physically opened by the client application upon expiration of a predefined time period or occurrence of a predefined event.
  - 10. The client device of claim 9, wherein the mechanical switch is adapted to be physically opened by the client application when the two-factor password is sent to the accessing computer.
  - 11. The client device of claim 9, wherein the mechanical switch is adapted to be physically opened by the client application when an indication is received from the accessing computer indicating that the two-factor password has been positively authenticated by the authentication device.
  - 12. The client device of claim 1, further comprising a central processing unit identification (CPU ID) register for storing a CPU ID of the accessing computer, wherein the client application is adapted to compare the stored CPU ID with the CPU ID of any computer to which the plug-in client device is connected, and to enable access to the second-factor lookup table only if the CPU IDs match.
  - 13. The client device of claim 1, further comprising a mechanical switch located between the I/O port and the client application, wherein when the mechanical switch is open, the client application and the second-factor database are physically separated from the accessing computer.
  - 14. The client device of claim 13, wherein the mechanical switch opens and closes a data connection between the accessing computer and the client device while maintaining a power connection from the accessing computer to the client device.

15. A system for protecting a network against unauthorized access while enabling an authorized accessing computer to access the network, said system comprising:
- a client device that connects to the authorized accessing computer, said client device constructing a two-factor password utilized by an authentication server to authenticate the accessing computer, said client device comprising;
  
  an input/output (I/O) port for interfacing the client device with the accessing computer, said I/O port receiving a user identification (user ID) from the accessing computer, and sending the two-factor password to the accessing computer;
  
  a database for storing a second factor; and
  
  a client application connected to the I/O device and the database, said client application being adapted to;
  
  retrieve the second factor from the database;
  
  combine the user ID and the retrieved second factor to form the two-factor password; and
  
  send the two-factor password to the I/O device for sending to the accessing computer; and
  
  an authentication server connected to the network for receiving the two-factor password and authenticating the accessing computer, said authentication server comprising;
  
  means for receiving the two-factor password sent from the accessing computer;
  
  means for determining whether the received user ID matches a stored user ID associated with the accessing computer;
  
  means for determining whether the received second factor matches a stored second factor associated with the accessing computer; and
  
  means for positively authenticating the accessing computer only if the received user ID matches the stored user ID, and the received second factor matches the stored second factor.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the user ID includes a plurality of predefined characters, and the second factor includes a plurality of predefined time intervals, and the client application is adapted to form the two-factor password by instructing the accessing computer to individually transmit each of the plurality of predefined characters to the server, wherein each character is separated from a previous character by a time interval drawn from the plurality of predefined time intervals.
  - 17. The system of claim 16, wherein the means within the authentication server for determining whether the received second factor matches a stored second factor includes:
    - a timing apparatus for measuring time intervals between the received characters of the user ID; and
      
      means for determining whether the measured time intervals match stored time intervals associated with the accessing computer.

18. A method of protecting a network against unauthorized access while enabling an authorized accessing computer to access the network, said method comprising:
- receiving from a user, a user identification (user ID);
  
  automatically constructing by the accessing computer, without further input from the user, a two-factor password comprising the user ID and a second factor added by the accessing computer, said two-factor password being utilized by an authentication server to authenticate the accessing computer;
  
  sending the two-factor password to the authentication server;
  
  verifying by the authentication server that the two-factor password received from the accessing computer matches a stored two-factor password associated with the accessing computer; and
  
  granting the accessing computer access to the network only if the two-factor password received from the accessing computer matches the stored two-factor password associated with the accessing computer.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein the step of verifying by the authentication server that the two-factor password received from the accessing computer matches a stored two-factor password associated with the accessing computer includes:
    - verifying that the received user ID matches a stored user ID associated with the accessing computer; and
      
      verifying that the received second factor matches a stored second factor associated with the accessing computer.
  - 20. The method of claim 19, wherein the user ID includes a plurality of predefined characters, and the second factor includes a plurality of predefined time intervals, and the step of automatically constructing the two-factor password includes individually transmitting each of the plurality of predefined characters to the authentication server, wherein each character is separated from a previous character by a time interval drawn from the plurality of predefined time intervals.
  - 21. The method of claim 20, further comprising, prior to sending the two-factor password to the authentication server:
    - individually transmitting a plurality of test packets to the server, wherein the test packets are separated by known time intervals;
      
      measuring by the server, actual time intervals between the received test packets; and
      
      determining a tolerance value for the predefined time intervals utilized in the two-factor password based on the differences between the actual time intervals measured by the server and the known time intervals between the test packets.
  - 22. The method of claim 19, wherein the step of verifying that the received second factor matches a stored second factor associated with the accessing computer includes:
    - measuring by the authentication server, time intervals between the received characters of the user ID; and
      
      determining by the authentication server, whether the measured time intervals match stored time intervals associated with the accessing computer.
  - 23. The method of claim 18, wherein the step of automatically constructing the two-factor password includes:
    - connecting a client device to the accessing computer;
      
      automatically constructing the two-factor password by the client device; and
      
      passing the two-factor password to the accessing computer for transmission to the authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JSM Technologies LLC
Original Assignee
JSM Technologies LLC
Inventors
Smith, Steven W., Pritchard, James B., Weatherford, Sidney L.

Granted Patent

US 7,600,128 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/18
CPC Class Codes

G06F 21/31 User authentication

H04L 63/0846 using time-dependent-passwo...

Two-factor computer password client device, system, and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Two-factor computer password client device, system, and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links