Personal computer access control system

US 5,432,851 A
Filed: 10/21/1993
Issued: 07/11/1995
Est. Priority Date: 10/21/1993
Status: Expired due to Term

First Claim

Patent Images

1. An access control system for a data processor, comprising:

A) a challenge generator within the data processor adapted to generate a session-unique challenge signal;

B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal and the token further comprising conversion logic disposed to generate a session-unique password in response to the challenge signal;

C) an input device within the data processor disposed to receive the password;

D) verification logic within the data processor disposed to verify the password generated by the token; and

E) access control logic within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification logic.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system which uses a password token scheme for controlling user access to data within computer systems. The key component in the access control system is an optical token card that is capable of receiving optically encoded information directly from the CRT display of a standard personal computer and processing the information for use in identification and authentication procedures, cryptographic key management schemes, and administrative procedures such as maintaining audit trails. This design permits the use of much longer strings of challenge input data without the addition of peripheral readers to the system.

117 Citations

27 Claims

1. An access control system for a data processor, comprising:
- A) a challenge generator within the data processor adapted to generate a session-unique challenge signal;
  
  B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal and the token further comprising conversion logic disposed to generate a session-unique password in response to the challenge signal;
  
  C) an input device within the data processor disposed to receive the password;
  
  D) verification logic within the data processor disposed to verify the password generated by the token; and
  
  E) access control logic within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification logic.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The access control system of claim 1, wherein the data processor further comprises memory adapted to store computer applications and files and wherein the access control logic is disposed to allow a user access to one of said computer applications only if the password generated by the token is positively verified by the verification logic.
  - 3. The access control system of claim 2, wherein the data processor further comprises memory adapted to store computer applications and files and wherein the access control logic is disposed to allow a user access to one of said files only if the password generated by the token is positively verified by the verification logic.
  - 4. The access control system of claim 3, further comprising encryption/decryption logic disposed to encrypt and decrypt files stored in the memory if the password generated by the token is positively verified by the verification logic.
  - 5. The access control system of claim 1, wherein:
    - A) the data processor further comprises a display disposed to present output signals, including the challenge signal, generated by the data processor; and
      
      B) the token input port comprises an optical detector disposed to receive the challenge signal presented on the display.
  - 6. The access control system of claim 4, wherein:
    - A) the token further comprises token memory disposed to store data including a cryptographic algorithm;
      
      B) the conversion logic comprises a microprocessor disposed to generate the password in response to the challenge signal according to the cryptographic algorithm; and
      
      C) the token further comprises a token display disposed to present the password to the user.
  - 7. The access control system of claim 1, wherein the input device comprises a keyboard.

8. A method for controlling access to a data processing system which stores computer applications and files, comprising:
- A) generating a session-unique challenge signal in the data processing system;
  
  B) presenting the challenge signal in optical form;
  
  C) optically reading the challenge signal;
  
  D) processing the challenge signal according to an encryption algorithm;
  
  E) generating a session-unique password from the processed challenge signal;
  
  F) providing the password to the data processing system;
  
  G) verifying the password within the data processing system;
  
  H) allowing a user access to the data processing system if the password is positively verified; and
  
  I) denying a user access to the data processing system if the password is not positively verified.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, further comprising allowing a user access to one of said computer applications only if the password is positively verified.
  - 10. The method of claim 8, further comprising allowing a user access to one of said files only if the password is positively verified.
  - 11. The method of claim 8, further comprising encrypting a plain text file stored in the data processing system using the password, if the password is positively verified.
  - 12. The method of claim 8, further comprising decrypting an encrypted file stored in the data processing system using the password, if the password is positively verified.

13. An access control system for a data processor, comprising:
- A) a challenge generator within the data processor adapted to generate a session-unique challenge signal;
  
  B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal generated by the data processor and the token further comprising a conversion subsystem disposed to generate a session-unique password in response to the challenge signal;
  
  C) an input device within the data processor disposed to receive the password; and
  
  D) a verification subsystem within the data processor disposed to verify the password generated by the token;
  
  E) the data processor further comprising memory adapted to store computer applications and files, and an encryption/decryption subsystem disposed to encrypt and decrypt files stored in the memory if the password generated by the token is positively verified by the verification subsystem.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The access control system of claim 13, further comprising an access control subsystem within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification subsystem.
  - 15. The access control system of claim 14, further comprising an access control subsystem within the data processor disposed to allow a user access to one of said computer applications only if the password generated by the token is positively verified by the verification subsystem.
  - 16. The access control system of claim 14, further comprising an access control subsystem within the data processor disposed to allow a user access to one of said files only if the password generated by the token is positively verified by the verification subsystem.
  - 17. The access control system of claim 13, wherein:
    - A) the data processor further comprises a display disposed to present output signals, including the challenge signal, generated by the data processor; and
      
      B) the token input port comprises an optical detector disposed to receive the challenge signal presented on the display.
  - 18. The access control system of claim 13, wherein:
    - A) the token further comprises token memory connected to the conversion subsystem and adapted to store data including a cryptographic algorithm;
      
      B) the conversion subsystem comprises a microprocessor adapted to generate a password in response to the challenge signal according to the cryptographic algorithm; and
      
      C) the token further comprises a token display connected to the microprocessor and adapted to present the password to the user.
  - 19. The access control system of claim 13, wherein the input device comprises a keyboard.

20. An access control system for a data processor having memory adapted to store computer applications and files, comprising:
- A) a challenge generator within the data processor adapted to generate a session-unique challenge signal;
  
  B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal generated by the data processor and the token further comprising a conversion subsystem disposed to generate a session-unique password in response to the challenge signal;
  
  C) an input device within the data processor disposed to receive the password;
  
  D) a verification subsystem within the data processor disposed to verify the password generated by the token; and
  
  E) an access control subsystem within the data processor disposed to allow a user access to one of said computer applications only if the password generated by the token is positively verified by the verification subsystem.
- View Dependent Claims (21, 22, 23)
- - 21. The access control system of claim 20, further comprising an access control subsystem within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification subsystem.
  - 22. The access control system of claim 20, further comprising an access control subsystem within the data processor disposed to allow a user access to one of said files only if the password generated by the token is positively verified by the verification subsystem.
  - 23. The access control system of claim 20, further comprising an encryption/decryption subsystem disposed in the data processor to encrypt and decrypt files stored in the memory if the password generated by the token is positively verified by the verification subsystem.

24. An access control system for a data processor having memory adapted to store computer applications and files, comprising:
- A) a challenge generator within the data processor adapted to generate a session-unique challenge signal;
  
  B) a token, separate from the data processor, the token comprising a token input port disposed to receive the challenge signal generated by the data processor and the token further comprising a conversion subsystem disposed to generate a session-unique password in response to the challenge signal;
  
  C) an input device within the data processor disposed to receive the password;
  
  D) a verification subsystem within the data processor disposed to verify the password generated by the token; and
  
  E) an access control subsystem within the data processor disposed to allow a user access to one of said files only if the password generated by the token is positively verified by the verification subsystem.
- View Dependent Claims (25, 26, 27)
- - 25. The access control system of claim 24, further comprising an access control subsystem within the data processor disposed to allow a user access to the data processor only if the password generated by the token is positively verified by the verification subsystem.
  - 26. The access control system of claim 24, further comprising an encryption/decryption subsystem disposed in the data processor to encrypt and decrypt files stored in the memory if the password generated by the token is positively verified by the verification subsystem.
  - 27. The access control system of claim 26, further comprising an access control subsystem within the data processor disposed to allow a user access to one of said computer applications only if the password generated by the token is positively verified by the verification subsystem.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TecSec, Incorporated
Original Assignee
TecSec, Incorporated
Inventors
McCullough, Charles E., Wack, C. Jay, Scheidt, Edward M.
Primary Examiner(s)
Cain, David C.

Application Number

US08/139,136
Time in Patent Office

628 Days
Field of Search

380/3, 380/4, 380/23, 380/24, 380/25
US Class Current

713/184
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07C 9/23   by means of a password

G07F 7/1008   Active credit-cards provide...

Personal computer access control system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Personal computer access control system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links