Method and apparatus for utilizing a token for resource access

US 5,657,388 A
Filed: 03/16/1994
Issued: 08/12/1997
Est. Priority Date: 05/25/1993
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing secure access by an authorized user to a selected resource comprising:

a token in the possession of the user which stores a secret user code for the system, said code being stored in a machine readable form;

a token processor having a reader for said token, a time-varying value element, a code input device, means for receiving the secret user code read from the token and the time-varying value and for generating a one-time nonpredictable code in response thereto, and a transmitter for transmitting the generated nonpredictable code; and

a host processor having a receiver for the transmitted nonpredictable code, and means responsive to a received nonpredictable code for authorizing access to said selected resource.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for utilizing a token which is preferably a "dumb token" to provide secure access by authorized users to a selected resource. The token stores a secret user code in machine readable form, which code is read by a token processor. The token processor also receives a time-varying value and an algorithm, both of which may be stored or generated at either the token or the token processor and preferably a secret personal identification code which may be inputted at the token, but is preferably inputted at the token processor. The secret user code, time-varying value and secret personal identification code are then algorithmically combined by the algorithm, preferably in the token processor, to generate a one-time nonpredictable code which is transmitted to a host processor. The host processor utilizes the received one-time nonpredictable code to determine if the user is authorized access to the resource and grants access to the resource if the user is determined to be authorized. The system may be modified to operate in query/response mode. The token processor may be any of a variety of available portable remote processors or may be a device such as a telephone which is equipped with card or other token reader and with processing capability.

637 Citations

19 Claims

1. A system for providing secure access by an authorized user to a selected resource comprising:
- a token in the possession of the user which stores a secret user code for the system, said code being stored in a machine readable form;
  
  a token processor having a reader for said token, a time-varying value element, a code input device, means for receiving the secret user code read from the token and the time-varying value and for generating a one-time nonpredictable code in response thereto, and a transmitter for transmitting the generated nonpredictable code; and
  
  a host processor having a receiver for the transmitted nonpredictable code, and means responsive to a received nonpredictable code for authorizing access to said selected resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A system as claimed in claim 1 wherein said token also stores a public code in machine readable form, wherein the token reader of said token processor reads said public code and said means for transmitting transmits the read public code to the host processor, wherein the host processor generates a selected query in response to the received public code, which query is transmitted to the portable processor, and wherein the nonpredictable code is a response to the query which is a function of at least the query and the secret code read from the token.
  - 3. A system as claimed in claim 2 wherein the response is also a function of a secret personal identification code inputted by user.
  - 4. A system as claimed in claim 1 wherein the time-varying value element is a clock.
  - 5. A system as claimed in claim 1 wherein the time-varying value element varies the value each time a token is used with the portable processor.
  - 6. A system as claimed in claim 5 including means for storing at least one of each generated nonpredictable code, an intermediate value used in generating each nonpredictable code and another value related to the nonpredictable code as the secret user code in the token in place of the code previously stored.
  - 7. A system as claimed in claim 1 wherein said token also stores an algorithm usable by the token processor to generate the nonpredictable code, said algorithm being read into the token processor by the token reader and utilized by the means for receiving and generating to generate the nonpredictable code.
  - 8. A system as claimed in claim 1 wherein the means for generating a nonpredictable code also receives and utilizes a secret personal identification code inputted by the user.
  - 9. A system as claimed in claim 8 wherein the secret personal identification code is inputted by the user on the code input device of the token processor.
  - 10. A system as claimed in claim 8 wherein the token includes a code input device, the secret personal identification code being inputted to the token by the user on said code input device, and wherein the secret personal identification code is read by the means for receiving.
  - 11. A system as claimed in claim 10 wherein said token includes means for algorithmically combining said secret user code and said secret personal identification code;
    - and wherein said means for receiving reads the output from said means for algorithmically combining.
  - 12. A system as claimed in claim 1 wherein said transmitter and said receiver are modems interconnected by a telephone line.
  - 13. A system as claimed in claim 1 wherein said transmitter and said receiver are elements of a radio network.
  - 14. A system as claimed in claim 1 wherein said transmitter and receiver are elements of a network interface.
  - 15. A system as claimed in claim 1 wherein said token also includes a one-time code generator and a means responsive to the secret user code stored thereon and to a current one-time code for generating a readable nonpredictable code.
  - 16. A system as claimed in claim 1 wherein the token processor is a telephone having a token reader and a processor associated therewith.

17. A system for providing secure access by an authorized user to a selected resource comprising:
- a token in the possession of the user which stores a secret user code for the system, said code being stored in a machine readable form; and
  
  a token processor having a reader for said token, a time-varying value element, a code input device, means for receiving the secret user code read from the token, a secret personal identification code inputted on the input device by the user and the time-varying value and for generating a one-time nonpredictable code in response thereto, and means responsive to the generated one-time nonpredictable code for causing the acceptability of the code to be determined and for authorizing access to said selected resource in response to a determination that the nonpredictable code is acceptable.

18. A method for providing secure access by an authorized user to a selected resource comprising the steps of:
- a) reading a secret user code from a token into a token processor;
  
  b) obtaining a time-varying value and an algorithm at the token processor;
  
  c) the token processor receiving a user inputted secret personal identification code;
  
  d) the token processor utilizing the secret user code, time-varying value and secret personal identification code in the algorithm to obtain a one-time nonpredictable code;
  
  e) the token processor transmitting the generated one-time nonpredictable code to a host processor;
  
  f) the host processor utilizing the received nonpredictable code to determine if the user is authorized for access to the resource; and
  
  g) the host processor granting the user access to the resource in response to a determination that the user is authorized.
- View Dependent Claims (19)
- - 19. A method as claimed in claim 18 including the steps of:
    - h) the token processor reading a public code from the token and transmitting the public code to the host processor;
      
      i) the host processor utilizing the public code to generate a query and transmitting the query to the token processor; and
      
      j) the token processor utilizing the query during step (d) in generating a one-time nonpredictable code which is also a response to the query;
      
      k) step (f) including the step of verifying that the correct response is received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
Security Dynamics Technologies, Inc. (Symphony Technology Group LLC)
Inventors
Weiss, Kenneth P.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/213,951
Time in Patent Office

1,245 Days
Field of Search

380/4, 380/23, 380/24, 380/25, 380/30, 380/49, 380/50, 235/379, 235/380, 235/382, 340/825.31-825.34
US Class Current

713/185
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

G06F 2221/2151   Time stamp

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/385   using an alias or single-us...

G06Q 20/4093   Monitoring of device authen...

G07C 9/215   the system having a variabl...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

H04L 2209/80   Wireless network architectu...

H04L 2209/88   Medical equipments

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Method and apparatus for utilizing a token for resource access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

637 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for utilizing a token for resource access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

637 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links