Computer access control system and method
First Claim
1. An access control system, comprising:
- at least one protected system, each protected system including means for reading a password submitted by a user as part of a request for access to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system;
said digital computer means including;
means for storing at least one authentic password;
means for selecting any sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps;
means for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps;
means for challenging said user, via said information conveying means, to encrypt a previously defined password value with said selected sequence of encryption steps and to submit a password which is the result of said selected sequence of encryption steps; and
means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password;
said access control system further including at least one portable passward issuing device for issuing authentic passwords to the possessor thereof, including storage means for separately storing said previously defined password for each of one or more distinct protected systems or portions of protected systems.
10 Assignments
0 Petitions
Accused Products
Abstract
An access control system is disclosed in which protected systems and corresponding portable password issuing devices both generate new authentic passwords by successively encrypting a stored password with a selected sequence of predefined encryption steps. The protected system generates and displays one or more random digits, selects an encryption sequence by appending the random digits to the user'"'"'s personal identification number, and generates an authentic password by sequentially encrypting the user'"'"'s previous password with encryption steps corresponding to each of the digits in the selected encryption sequence. The user generates a purported password by entering his PIN and the displayed random number(s) on the keyboard of his password issuing device, which responds to encrypting a stored previous password value with encryption steps corresponding to the user'"'"'s keystrokes, and displaying a new password on its display. The user submits his purported new password to the protected system, and the protected system enables access to the protected system when the purported password matches the internally generated authentic password. Each password issuing device can store and generate passwords for a multiplicity of distinct protected host systems.
-
Citations
25 Claims
-
1. An access control system, comprising:
-
at least one protected system, each protected system including means for reading a password submitted by a user as part of a request for access to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system;
said digital computer means including;means for storing at least one authentic password; means for selecting any sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps; means for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps; means for challenging said user, via said information conveying means, to encrypt a previously defined password value with said selected sequence of encryption steps and to submit a password which is the result of said selected sequence of encryption steps; and means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password; said access control system further including at least one portable passward issuing device for issuing authentic passwords to the possessor thereof, including storage means for separately storing said previously defined password for each of one or more distinct protected systems or portions of protected systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In an access control system comprising at least one protected system having means for reading a password submitted as part of a request for access by a user to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system, said digital computer means including means for storing at least one authentic password;
- the improvement comprising;
software means in said digital computer means including; means for selecting a sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps, means for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps, means for challenging said user, via said information conveying means, to encrypt a previously defined password value with said selected sequence of encryption steps and to submit a password which is the result of said selected sequence of encryption steps; and means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password; and at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including storage means for separately storing said previously defined password for each of one or more distinct protected systems or portions of protected systems. - View Dependent Claims (10, 11, 12, 13)
- the improvement comprising;
-
14. A method of controlling access to at least one protected system, each protected system including means for reading a password submitted as part of a request for access to at least a specified portion of said protected system, and means for conveying information to said user;
- the steps of the method comprising;
storing at least one authentic password in a protected system, defining a multiplicity of distince encryption steps using distinct ciphers, selecting any sequency of one or more encryption steps from said multiplicity of defined encryption steps, generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps, conveying, via said information conveying means, indicia of said selected sequence of defined encryption steps, thereby challenging said user to submit a password generating using said selected sequence of encryption steps; comparing said new authentic password with said submitted password, and permitting access to said portion of said protected system when a submitted password matches said new authentic password; and providing at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including means for performing any selected sequence of said predefined encryption steps. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- the steps of the method comprising;
-
22. An access control system, comprising:
-
at least one protected system, each protected system including means for reading a password submitted by a user as part of a request for access to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system;
said digital computer means including;means for selecting any sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps; means for generating a new authentic password by encrypting a defined value with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps; means for challenging said user, via said information conveying means, to encrypt a previously defined value using said selected sequence of encryption steps and to submit a password which is the result of said sequence of encryption steps; means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password; and said access control system further including at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including means for performing any selected sequence of aid predefined encryption steps. - View Dependent Claims (23)
-
-
24. A method of controlling access to at least one protected system, each protected system including means for reading a password submitted as part of a request for access to at least a specified portion of said protected system, and means for conveying information to said user;
- the steps of the method comprising;
defining a multiplicity of distinct encryption steps using distinct ciphers, selecting any sequence of one or more encryption steps from said multiplicity of defined encryption steps, generating a new authentic password by encrypting a defined value with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps, conveying, via said information conveying means, indicia of said selected sequence of defined encryption steps, thereby challenging said user to submit a password generating using said selected sequence of encryption steps; comparing said new authentic password with said submitted password, and permitting access to said portion of said protected system when a submitted password matches said new authentic password; and providing at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including means for performing any selected sequence of asid predefined encryption steps. - View Dependent Claims (25)
- the steps of the method comprising;
Specification