Personal computer access control system
First Claim
Patent Images
1. An access control system for a data processor, comprising:
- A) a challenge generator within the data processor adapted to generate a session-unique challenge signal;
B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal and the token further comprising conversion logic disposed to generate a session-unique password in response to the challenge signal;
C) an input device within the data processor disposed to receive the password;
D) verification logic within the data processor disposed to verify the password generated by the token; and
E) access control logic within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification logic.
3 Assignments
0 Petitions
Accused Products
Abstract
An access control system which uses a password token scheme for controlling user access to data within computer systems. The key component in the access control system is an optical token card that is capable of receiving optically encoded information directly from the CRT display of a standard personal computer and processing the information for use in identification and authentication procedures, cryptographic key management schemes, and administrative procedures such as maintaining audit trails. This design permits the use of much longer strings of challenge input data without the addition of peripheral readers to the system.
117 Citations
27 Claims
-
1. An access control system for a data processor, comprising:
-
A) a challenge generator within the data processor adapted to generate a session-unique challenge signal; B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal and the token further comprising conversion logic disposed to generate a session-unique password in response to the challenge signal; C) an input device within the data processor disposed to receive the password; D) verification logic within the data processor disposed to verify the password generated by the token; and E) access control logic within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification logic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for controlling access to a data processing system which stores computer applications and files, comprising:
-
A) generating a session-unique challenge signal in the data processing system; B) presenting the challenge signal in optical form; C) optically reading the challenge signal; D) processing the challenge signal according to an encryption algorithm; E) generating a session-unique password from the processed challenge signal; F) providing the password to the data processing system; G) verifying the password within the data processing system; H) allowing a user access to the data processing system if the password is positively verified; and I) denying a user access to the data processing system if the password is not positively verified. - View Dependent Claims (9, 10, 11, 12)
-
-
13. An access control system for a data processor, comprising:
-
A) a challenge generator within the data processor adapted to generate a session-unique challenge signal; B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal generated by the data processor and the token further comprising a conversion subsystem disposed to generate a session-unique password in response to the challenge signal; C) an input device within the data processor disposed to receive the password; and D) a verification subsystem within the data processor disposed to verify the password generated by the token; E) the data processor further comprising memory adapted to store computer applications and files, and an encryption/decryption subsystem disposed to encrypt and decrypt files stored in the memory if the password generated by the token is positively verified by the verification subsystem. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. An access control system for a data processor having memory adapted to store computer applications and files, comprising:
-
A) a challenge generator within the data processor adapted to generate a session-unique challenge signal; B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal generated by the data processor and the token further comprising a conversion subsystem disposed to generate a session-unique password in response to the challenge signal; C) an input device within the data processor disposed to receive the password; D) a verification subsystem within the data processor disposed to verify the password generated by the token; and E) an access control subsystem within the data processor disposed to allow a user access to one of said computer applications only if the password generated by the token is positively verified by the verification subsystem. - View Dependent Claims (21, 22, 23)
-
-
24. An access control system for a data processor having memory adapted to store computer applications and files, comprising:
-
A) a challenge generator within the data processor adapted to generate a session-unique challenge signal; B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal generated by the data processor and the token further comprising a conversion subsystem disposed to generate a session-unique password in response to the challenge signal; C) an input device within the data processor disposed to receive the password; D) a verification subsystem within the data processor disposed to verify the password generated by the token; and E) an access control subsystem within the data processor disposed to allow a user access to one of said files only if the password generated by the token is positively verified by the verification subsystem. - View Dependent Claims (25, 26, 27)
-
Specification