System and method providing secure access to a computer system

US 20070150743A1
Filed: 12/01/2006
Published: 06/28/2007
Est. Priority Date: 02/14/2001
Status: Active Grant

First Claim

Patent Images

1. A method of securely sending a multi-character password from an authorized access device to an authentication device having a plurality of assigned addresses, said method comprising:

in the access device;

dividing a multi-character password into a plurality of password data segments;

placing each of said password data segments in a different one of a plurality of password packets, wherein each of the password packets is addressed to a different one of the plurality of addresses assigned to the authentication device; and

sending the plurality of password packets from the access device to the plurality of addresses assigned to the authentication device;

in the authentication device;

receiving the plurality of password packets from the access device;

associating the plurality of password packets as related packets;

extracting the password data segments from the plurality of related password packets; and

assembling the multi-character password from the extracted password data segments.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques.

Citations

23 Claims

1. A method of securely sending a multi-character password from an authorized access device to an authentication device having a plurality of assigned addresses, said method comprising:
- in the access device;
  
  dividing a multi-character password into a plurality of password data segments;
  
  placing each of said password data segments in a different one of a plurality of password packets, wherein each of the password packets is addressed to a different one of the plurality of addresses assigned to the authentication device; and
  
  sending the plurality of password packets from the access device to the plurality of addresses assigned to the authentication device;
  
  in the authentication device;
  
  receiving the plurality of password packets from the access device;
  
  associating the plurality of password packets as related packets;
  
  extracting the password data segments from the plurality of related password packets; and
  
  assembling the multi-character password from the extracted password data segments.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of password division multiplexing according to claim 1, wherein the step of associating the plurality of password packets in the authentication device includes associating as related packets, packets that have the same source address.
  - 3. The method of password division multiplexing according to claim 1, wherein the step of sending the plurality of password packets from the access device to the plurality of addresses assigned to the authentication device includes:
    - transmitting a first password packet from the access device to a first address assigned to the authentication device; and
      
      individually transmitting each of the remaining password packets separated in time from a preceding password packet by a predefined time interval.
  - 4. The method of password division multiplexing according to claim 3, wherein the step of assembling the multi-character password in the authentication device includes assembling the extracted password data segments in the order in which they were received.
  - 5. The method of password division multiplexing according to claim 4, further comprising verifying in the authentication device that the assembled password matches a stored password for the access device.
  - 6. The method of password division multiplexing according to claim 5, wherein the step of verifying in the authentication device that the assembled password matches a stored password for the access device includes:
    - measuring time intervals separating the different password packets received from the access device; and
      
      verifying that the time intervals separating the different password packets match stored time intervals associated with the access device.
  - 7. The method of password division multiplexing according to claim 5, wherein the step of verifying in the authentication device that the assembled password matches a stored password for the access device also includes verifying that the assembled extracted data segments produce a string of characters matching a stored multi-character password for the access device.
  - 8. The method of password division multiplexing according to claim 5, wherein the step of verifying in the authentication device that the assembled password matches a stored password for the access device also includes verifying that the content of each extracted data segment matches a stored content for the extracted data segment.
  - 9. The method of password division multiplexing according to claim 5, wherein the step of verifying in the authentication device that the assembled password matches a stored password for the access device includes:
    - verifying that the assembled extracted data segments produce a string of characters matching a stored multi-character password for the access device;
      
      verifying that the content of each extracted data segment matches a stored content for the extracted data segment;
      
      measuring time intervals separating the different password packets received from the access device; and
      
      verifying that the time intervals separating the different password packets match stored time intervals for the access device.

10. A method of securely sending a password from an access device to an authentication device having a plurality of assigned addresses known to the access device, said method comprising:
- generating by the access device, at least three password packets containing the password of the access device, wherein each of the at least three password packets includes an identifier for the access device and a destination address matching a different one of the plurality of addresses assigned to the authentication device;
  
  sending the at least three password packets to the authentication device;
  
  utilizing the identifier by the authentication device to associate the at least three password packets;
  
  analyzing the at least three password packets at the authentication device to determine whether a predefined characteristic of the password packets is different in one of the password packets;
  
  if the predefined characteristic is different in one of the password packets;
  
  determining whether the password in the remaining packets matches a stored password for the access device identified by the identifier in the remaining packets; and
  
  if the password in the remaining packets matches the stored password for the access device identified by the identifier, sending an access authorization to the access device identified by the identifier in the remaining packets.
- View Dependent Claims (11, 12, 13)
- - 11. The method of securely sending a password according to claim 10, wherein the predefined characteristic of the password packets is a source address.
  - 12. The method of securely sending a password according to claim 10, wherein the at least three password packets are sent near-simultaneously, and the predefined characteristic of the password packets is a time of reception at the authentication device.
  - 13. The method of securely sending a password according to claim 10, wherein the at least three password packets are sent near-simultaneously, and the predefined characteristic of the password packets is a time stamp placed on each packet by the access device at the time of transmission.

14. A method in an authentication device of providing an access device with access to protected information, wherein the authentication device has a plurality of assigned addresses which are known to authorized access devices but not to others, said method comprising:
- receiving a password from the access device at a first assigned address;
  
  verifying the password;
  
  sending to the access device, an index value identifying a second address from the plurality of addresses; and
  
  providing the access device with access to the protected information only if the access device requests access through the second address.

15. A system for securely sending a password from an access device to an authentication device, said system comprising:
- an address pool comprising a plurality of addresses assigned to the authentication device;
  
  an indexed database in the access device populated with the plurality of addresses assigned to the authentication device; and
  
  means within the access device for sending at least a portion of a password to multiple addresses selected from the plurality of addresses assigned to the authentication device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 15, wherein the means within the access device for sending at least a portion of a password to multiple addresses includes:
    - means for dividing a multi-character password into a plurality of password data segments;
      
      means for placing each of said password data segments in a different one of a plurality of password packets, wherein each of the password packets is addressed to a different one of the plurality of addresses assigned to the authentication device; and
      
      means for sending the plurality of password packets from the access device to the plurality of addresses assigned to the authentication device.
  - 17. The system according to claim 16, wherein the authentication device includes:
    - means for receiving the plurality of password packets from the access device;
      
      means for associating the plurality of password packets as related packets;
      
      means for extracting the password data segments from the plurality of related password packets; and
      
      means for assembling the multi-character password from the extracted password data segments.
  - 18. The system according to claim 15, wherein the means within the access device for sending at least a portion of a password to multiple addresses includes:
    - means for generating at least three password packets containing the password of the access device, wherein each of the at least three password packets includes an identifier for the access device and a destination address matching a different one of the plurality of addresses assigned to the authentication device; and
      
      means for sending the at least three password packets to the authentication device.
  - 19. The system according to claim 18, wherein the authentication device includes:
    - means for utilizing the identifier to associate the at least three password packets as related packets;
      
      means for analyzing the at least three password packets to determine whether a predefined characteristic of the password packets is different in one of the password packets;
      
      means, responsive to a determination that the predefined characteristic is different in one of the password packets, for determining whether the password in the remaining packets matches a stored password for the access device identified by the identifier in the remaining packets; and
      
      means, responsive to a determination that the password in the remaining packets matches the stored password for the identified access device, for sending an access authorization to the access device identified by the identifier in the remaining packets.
  - 20. The system according to claim 18, wherein the authentication device includes:
    - means for receiving a password from the access device at a first assigned address;
      
      means for determining whether the received password matches a stored password for the access device;
      
      means, responsive to a determination that the received password matches a stored password for the access device, for sending to the access device, an index value identifying a second address from the plurality of addresses assigned to the authentication device; and
      
      means for providing the access device with access to protected information only if the access device requests access through the second address.

21. A system for securely sending a password from an access device to an authentication device, said system comprising:
- means for dividing a multi-character password into a plurality of password data segments;
  
  means for placing each of said password data segments in a different one of a plurality of password packets; and
  
  means for sending the plurality of password packets on a plurality of paths through a data network to the authentication device, said data sending means including means for forcing each of the plurality of password packets to follow a different path through the data network.
- View Dependent Claims (22, 23)
- - 22. The system according to claim 21, wherein the data network includes a plurality of intermediate nodes through which the plurality of paths pass, each of said nodes having a plurality of output ports, and the means for forcing each of the plurality of password packets to follow a different path through the data network includes:
    - a routing table in each node associating a destination address of the authentication device with an output port; and
      
      logic for determining that a packet received in the intermediate node includes the destination address of the authentication device, and in response thereto, for transmitting the packet through the output port indicated by the routing table.
  - 23. The system according to claim 21, wherein the data network includes a plurality of intermediate nodes through which the plurality of paths pass, and the means for forcing each of the plurality of password packets to follow a different path through the data network includes:
    - an encapsulation frame for encapsulating each password packet and the addresses of any intermediate nodes in the desired path for the packet;
      
      means within each intermediate node for stripping off a header of the encapsulation frame and reading the next destination address contained within the frame; and
      
      means for transmitting the packet to the next destination address until the packet arrives at the authentication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JSM Technologies LLC
Original Assignee
JSM Technologies LLC
Inventors
Smith, Steven, Weatherford, Sidney, Pritchard, James

Granted Patent

US 7,502,936 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/31   User authentication

G06F 21/606   by securing the transmissio...

H04K 1/00   Secret communication

H04L 63/0846   using time-dependent-passwo...

System and method providing secure access to a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method providing secure access to a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links