System and method providing secure access to a computer system
First Claim
1. A method of securely sending a multi-character password from an authorized access device to an authentication device having a plurality of assigned addresses, said method comprising:
- in the access device;
dividing a multi-character password into a plurality of password data segments;
placing each of said password data segments in a different one of a plurality of password packets, wherein each of the password packets is addressed to a different one of the plurality of addresses assigned to the authentication device; and
sending the plurality of password packets from the access device to the plurality of addresses assigned to the authentication device;
in the authentication device;
receiving the plurality of password packets from the access device;
associating the plurality of password packets as related packets;
extracting the password data segments from the plurality of related password packets; and
assembling the multi-character password from the extracted password data segments.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques.
-
Citations
23 Claims
-
1. A method of securely sending a multi-character password from an authorized access device to an authentication device having a plurality of assigned addresses, said method comprising:
-
in the access device;
dividing a multi-character password into a plurality of password data segments;
placing each of said password data segments in a different one of a plurality of password packets, wherein each of the password packets is addressed to a different one of the plurality of addresses assigned to the authentication device; and
sending the plurality of password packets from the access device to the plurality of addresses assigned to the authentication device;
in the authentication device;
receiving the plurality of password packets from the access device;
associating the plurality of password packets as related packets;
extracting the password data segments from the plurality of related password packets; and
assembling the multi-character password from the extracted password data segments. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of securely sending a password from an access device to an authentication device having a plurality of assigned addresses known to the access device, said method comprising:
-
generating by the access device, at least three password packets containing the password of the access device, wherein each of the at least three password packets includes an identifier for the access device and a destination address matching a different one of the plurality of addresses assigned to the authentication device;
sending the at least three password packets to the authentication device;
utilizing the identifier by the authentication device to associate the at least three password packets;
analyzing the at least three password packets at the authentication device to determine whether a predefined characteristic of the password packets is different in one of the password packets;
if the predefined characteristic is different in one of the password packets;
determining whether the password in the remaining packets matches a stored password for the access device identified by the identifier in the remaining packets; and
if the password in the remaining packets matches the stored password for the access device identified by the identifier, sending an access authorization to the access device identified by the identifier in the remaining packets. - View Dependent Claims (11, 12, 13)
-
-
14. A method in an authentication device of providing an access device with access to protected information, wherein the authentication device has a plurality of assigned addresses which are known to authorized access devices but not to others, said method comprising:
-
receiving a password from the access device at a first assigned address;
verifying the password;
sending to the access device, an index value identifying a second address from the plurality of addresses; and
providing the access device with access to the protected information only if the access device requests access through the second address.
-
-
15. A system for securely sending a password from an access device to an authentication device, said system comprising:
-
an address pool comprising a plurality of addresses assigned to the authentication device;
an indexed database in the access device populated with the plurality of addresses assigned to the authentication device; and
means within the access device for sending at least a portion of a password to multiple addresses selected from the plurality of addresses assigned to the authentication device. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system for securely sending a password from an access device to an authentication device, said system comprising:
-
means for dividing a multi-character password into a plurality of password data segments;
means for placing each of said password data segments in a different one of a plurality of password packets; and
means for sending the plurality of password packets on a plurality of paths through a data network to the authentication device, said data sending means including means for forcing each of the plurality of password packets to follow a different path through the data network. - View Dependent Claims (22, 23)
-
Specification