Computer access control system and method

US 5,060,263 A
Filed: 03/09/1988
Issued: 10/22/1991
Est. Priority Date: 03/09/1988
Status: Expired due to Term

First Claim

Patent Images

1. An access control system, comprising:

at least one protected system, each protected system including means for reading a password submitted by a user as part of a request for access to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system;

said digital computer means including;

means for storing at least one authentic password;

means for selecting any sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps;

means for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps;

means for challenging said user, via said information conveying means, to encrypt a previously defined password value with said selected sequence of encryption steps and to submit a password which is the result of said selected sequence of encryption steps; and

means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password;

said access control system further including at least one portable passward issuing device for issuing authentic passwords to the possessor thereof, including storage means for separately storing said previously defined password for each of one or more distinct protected systems or portions of protected systems.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system is disclosed in which protected systems and corresponding portable password issuing devices both generate new authentic passwords by successively encrypting a stored password with a selected sequence of predefined encryption steps. The protected system generates and displays one or more random digits, selects an encryption sequence by appending the random digits to the user'"'"'s personal identification number, and generates an authentic password by sequentially encrypting the user'"'"'s previous password with encryption steps corresponding to each of the digits in the selected encryption sequence. The user generates a purported password by entering his PIN and the displayed random number(s) on the keyboard of his password issuing device, which responds to encrypting a stored previous password value with encryption steps corresponding to the user'"'"'s keystrokes, and displaying a new password on its display. The user submits his purported new password to the protected system, and the protected system enables access to the protected system when the purported password matches the internally generated authentic password. Each password issuing device can store and generate passwords for a multiplicity of distinct protected host systems.

Citations

25 Claims

1. An access control system, comprising:
- at least one protected system, each protected system including means for reading a password submitted by a user as part of a request for access to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system;
  
  said digital computer means including;
  
  means for storing at least one authentic password;
  
  means for selecting any sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps;
  
  means for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps;
  
  means for challenging said user, via said information conveying means, to encrypt a previously defined password value with said selected sequence of encryption steps and to submit a password which is the result of said selected sequence of encryption steps; and
  
  means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password;
  
  said access control system further including at least one portable passward issuing device for issuing authentic passwords to the possessor thereof, including storage means for separately storing said previously defined password for each of one or more distinct protected systems or portions of protected systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An access control system as in claim 1, wherein said at least one portable password issuing device includesmeans for selecting a sequence of one or more encryption steps from said multiplicity of distinct predefined encryption steps, andmeans for generating a new authentic password by encrypting a stored password with the first of said selected sequence of one or more predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps.
  - 3. An access control system as in claim 2, wherein said at least one portable password issuing device includes backup buffer means coupled to said generating means of said portable password issuing device for storing the results of at least one encryption step prior to the last encryption step performed by said generating means, backup key means for generating a backup signal, and backup means coupled to said generating means of said portable password issuing device for responding to said backup signal generated by transmitting an entry in said backup buffer means to said generating means for use in the next encryption step by said generating means.
  - 4. An access control system as in claim 1, wherein said at least one portable password issuing device includes means for selecting one of said passwords stored in said device for use by said means for generating a new authentic password;
    - said means for generating including means for replacing said selected password in said storage means with said new authentic password generated by said generating means.
  - 5. An access control system as in claim 4, wherein said means for conveying includes means for prompting said user to select one of said passwords stored in said portable password issuing device.
  - 6. An access control system as in claim 1, whereinsaid means for storing includes means for storing an authentic password and a personal identification number for a plurality of user identification values, each user identification number and value corresponding to a user of said system;
    - said reading means includes means for reading a user identification value; and
      
      said means for selecting a sequence of one or more encryption steps includes means for generating a challenge value comprising at least one digit, and means for selecting a sequence of encryption steps corresponding to a predefined combination of said challenge value and a stored personal identification number in said storing means corresponding to said user identification value read by said reading means.
  - 7. An access control system as in claim 6, said means for generating a challenge value comprising means for generating a random number having at least one randomly generated digit.
  - 8. An access control system as in claim 1, including means for resynchronization of said digital computer means of a protected system with said at least one portable issuing device, including means in said computer means for resetting said authentic password stored by storing a predefined resynchronization password in said storing means, and means for conveying, via said information conveying means, that said stored password has been reset;
    - andmeans in said at least one portable password issuing device includes resynchronization key means for generating a resynchronization signal, and means coupled to said generating means of sid portable password issuing device for responding to said resynchronization signal by storing said predefined resynchronization password in said storage means of said portable password issuing device.

9. In an access control system comprising at least one protected system having means for reading a password submitted as part of a request for access by a user to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system, said digital computer means including means for storing at least one authentic password;
- the improvement comprising;
  
  software means in said digital computer means including;
  
  means for selecting a sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps,means for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps,means for challenging said user, via said information conveying means, to encrypt a previously defined password value with said selected sequence of encryption steps and to submit a password which is the result of said selected sequence of encryption steps; and
  
  means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password;
  
  and at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including storage means for separately storing said previously defined password for each of one or more distinct protected systems or portions of protected systems.
- View Dependent Claims (10, 11, 12, 13)
- - 10. An access control system as in claim 9, wherein said at least one portable password issuing device includesmeans for selecting a sequence of one or more encryption steps from said multiplicity of distinct predefined encryption steps, andmeans for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps.
  - 11. An access control system as in claim 10, wherein said at least one portable password issuing device includes backup buffer means coupled to said generating means of said portable password issuing device for storing the results of at least one encryption step prior to the last encryption step performed by said generating means, backup key means for generating a backup signal, and backup means coupled to said generating means of said portable password issuing device for responding to said backup signal generated by transmitting an entry in said backup buffer means to said generating means for use in the next encryption step by said generating means.
  - 12. An access control system as in claim 9, wherein said at least one portable password issuing device includes means for selecting one of said passwords stored in said device for use by said means for generating a new authentic password;
    - said means for generating including means for replacing said selected password in said storage means with said new authentic password generated by said generating means.
  - 13. An access control system as in claim 12, wherein said means for conveying includes means for prompting said user to select one of said passwords stored in said portable password issuing device.

14. A method of controlling access to at least one protected system, each protected system including means for reading a password submitted as part of a request for access to at least a specified portion of said protected system, and means for conveying information to said user;
- the steps of the method comprising;
  
  storing at least one authentic password in a protected system,defining a multiplicity of distince encryption steps using distinct ciphers,selecting any sequency of one or more encryption steps from said multiplicity of defined encryption steps,generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps,conveying, via said information conveying means, indicia of said selected sequence of defined encryption steps, thereby challenging said user to submit a password generating using said selected sequence of encryption steps;
  
  comparing said new authentic password with said submitted password, andpermitting access to said portion of said protected system when a submitted password matches said new authentic password; and
  
  providing at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including means for performing any selected sequence of said predefined encryption steps.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. An access control method as in claim 14, wherein said at least one portable password issuing device includesmeans for selecting a sequence of one or more encryption steps from asid multiplicity of distinct predefined encryption steps, andmeans for generating a new authentic password by encrypting a stored password with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps.
  - 16. An access control method as in claim 15, further including the step of securely receiving a personal identification number specified by said user, including the steps of:
    - after permitting access to said portion of said protected system when a submitted password matches said new authentic password, requesting the submission of a personal identification number by requesting the user to submit a password corresponding to each digit of the personal identification number;
      
      responding to each password submitted via said reading means by separately encrypting said authentic password with each of said defined encryption steps until a password is generated that matches said submitted password, storing as part of said user'"'"'s personal identification number a numeric value corresponding to the encryption step which generates said matching password, and replacing said authentic password with said matching password.
  - 17. An access control method as in claim 16, whereinsaid step of selecting a sequence of one or more encryption steps includes the step of generating a challenge value comprising at least one digit, and selecting a sequence of encryption steps corresponding to a predefined combination of said challenge value and said stored personal identification number.
  - 18. An access control method as in claim 16, wherein said conveying step includes prompting said user to use said user'"'"'s personal identification number when generating a password.
  - 19. An access control method as in claim 14, wherein said step of selecting a sequence of one or more encryption steps includes the steps of generating a challenge value comprising at least one digit, and selecting a sequence of encryption steps corresponding to a predefined combination of said challenge value and a stored personal identification number.
  - 20. An access control method as in claim 19, wherein said conveying step includes prompting said user to use the user'"'"'s personal identification number when generating a password.
  - 21. An access control method as in claim 19, wherein said step of generating a challenge value includes the step of generating a random number having at least one randomly generated digit.

22. An access control system, comprising:
- at least one protected system, each protected system including means for reading a password submitted by a user as part of a request for access to at least a specified portion of said protected system, means for conveying information to said user, and digital computer means coupled to said reading means and said information conveying means for determining whether to permit access to said protected system;
  
  said digital computer means including;
  
  means for selecting any sequence of one or more encryption steps from a multiplicity of distinct predefined encryption steps;
  
  means for generating a new authentic password by encrypting a defined value with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps;
  
  means for challenging said user, via said information conveying means, to encrypt a previously defined value using said selected sequence of encryption steps and to submit a password which is the result of said sequence of encryption steps;
  
  means for comparing said new authentic password with said submitted password, and for permitting access to said portion of said protected system when a submitted password matches said new authentic password; and
  
  said access control system further including at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including means for performing any selected sequence of aid predefined encryption steps.
- View Dependent Claims (23)
- - 23. The access control system of claim 22, wherein said selecting means randomly selects said sequence of encryption steps.

24. A method of controlling access to at least one protected system, each protected system including means for reading a password submitted as part of a request for access to at least a specified portion of said protected system, and means for conveying information to said user;
- the steps of the method comprising;
  
  defining a multiplicity of distinct encryption steps using distinct ciphers,selecting any sequence of one or more encryption steps from said multiplicity of defined encryption steps,generating a new authentic password by encrypting a defined value with the first of said selected sequence of predefined encryption steps and, when said sequence contains more than one encryption step, successively encrypting the result of each previous encryption step with the next of said selected sequence of predefined encryption steps,conveying, via said information conveying means, indicia of said selected sequence of defined encryption steps, thereby challenging said user to submit a password generating using said selected sequence of encryption steps;
  
  comparing said new authentic password with said submitted password, andpermitting access to said portion of said protected system when a submitted password matches said new authentic password; and
  
  providing at least one portable password issuing device for issuing authentic passwords to the possessor thereof, including means for performing any selected sequence of asid predefined encryption steps.
- View Dependent Claims (25)
- - 25. An access control method as in claim 24, said selecting step randomly selecting said sequence of encryption steps.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Enigma Logic, Inc., Aladdin Knowledge Systems (Thales SA)
Original Assignee
Enigma Logic, Inc.
Inventors
Muir, John R., Bosen, Robert J.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
Cain, David

Application Number

US07/165,868
Time in Patent Office

1,322 Days
Field of Search

364/918.7, 364/943.7, 364/949.7, 364/922.5, 364/222.5, 364/260.6, 364/225.2, 340/825.31, 340/825.34, 340/825.56, 340/825.3, 235/382, 235/382.5, 235/380, 380/23, 380/24, 380/25
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07C 9/21   having a variable access code

G07C 9/33   by means of a password

G07F 7/1008   Active credit-cards provide...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Computer access control system and method

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Computer access control system and method

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links