Method and apparatus for establishing a protected channel between a user and a computer system

US 5,664,099 A
Filed: 12/28/1995
Issued: 09/02/1997
Est. Priority Date: 12/28/1995
Status: Expired due to Fees

First Claim

Patent Images

1. Apparatus for establishing a protected channel between a user and a computer system in response to a user request, the computer system having a memory, a display device and an input device, the apparatus comprising:

means responsive to the user request for generating an entry screen display which requests information to be entered by the user on the input device;

means for storing information unique to the user in the memory in a manner in which the unique information cannot be obtained by persons other than the user; and

means responsive to the information stored in the memory for generating an identifying graphic display which is distinct for the user along with the entry screen display.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to establish a protected channel between a user and a software program running on a computer system, a graphic display unique to the user is displayed along with the normal information entry graphics. A foreign program which might duplicate the overall appearance of the entry graphics cannot display the unique visual display which would appear on the legitimate entry screen of a particular user. Thus, a user looking at his entry screen can tell by the visual display whether the entry screen has been generated by a legitimate program or by a foreign impostor program. Further, since it might be possible for an unauthorized person to surreptitiously observe the unique display pattern on the entry screen of an authorized user, to increase security, a program constructed according to the principles of the invention, changes the visual display as information is entered based on the partially entered information. Thus, even if an unauthorized person should oversee the entry of the information by an authorized user, memorize the display and incorporate the display in an impostor program, the impostor program would be unable to duplicate the sequence of visual displays which occurs during the entry of the information because the information itself is unknown.

119 Citations

21 Claims

1. Apparatus for establishing a protected channel between a user and a computer system in response to a user request, the computer system having a memory, a display device and an input device, the apparatus comprising:
- means responsive to the user request for generating an entry screen display which requests information to be entered by the user on the input device;
  
  means for storing information unique to the user in the memory in a manner in which the unique information cannot be obtained by persons other than the user; and
  
  means responsive to the information stored in the memory for generating an identifying graphic display which is distinct for the user along with the entry screen display.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. Apparatus according to claim 1 further comprising:
    - means responsive to information entered on the input device by the user for modifying the identifying graphic display based on the entered information.
  - 3. Apparatus according to claim 2 wherein the modifying means comprises means for delaying the modification of the graphic display until a predetermined minimum amount of information has been entered.
  - 4. Apparatus according to claim 2 wherein the modifying means comprises means responsive to the information entered on the input device for generating a cryptographic hash of the entered information and means responsive to the cryptographic hash for modifying the identifying graphic display.
  - 5. Apparatus according to claim 1 wherein the identifying graphic display generating means comprises:
    - a plurality of icon graphics;
      
      means responsive to the information stored in the memory for selecting a subset of the plurality of icon graphics; and
      
      means for displaying the subset of the plurality of icon graphics in a predetermined pattern.
  - 6. Apparatus according to claim 1 wherein the identifying graphic display generating means comprises means for generating a cryptographic hash based on the information stored in the memory and means responsive to the cryptographic hash for generating the identifying graphic display.

7. Apparatus for establishing a protected channel between a user and a computer system during the entry of a password by a user, the computer system having a memory, an application program running in the memory, a display device and an input device, the apparatus comprising:
- means controlled by the application program for generating an entry screen display which requests password characters to be entered by the user on the input device;
  
  means for storing an ID code unique to the user in the memory in a manner in which the ID code cannot be obtained by persons other than the user; and
  
  means responsive to the ID code for generating a graphic display pattern which is distinct for the user as part of the entry screen display.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. Apparatus according to claim 7 further comprising:
    - means responsive to a string of characters entered on the input device by the user for modifying the identifying graphic display based on all of the entered characters.
  - 9. Apparatus according to claim 8 wherein the modifying means modifies the display after each character is entered.
  - 10. Apparatus according to claim 8 wherein the modifying means comprises means for delaying the modification of the graphic display until a predetermined minimum number of characters have been entered.
  - 11. Apparatus according to claim 8 wherein the modifying means comprises means responsive to a string of characters entered on the input device for generating a cryptographic hash of the string of characters and means responsive to the cryptographic hash for modifying the identifying graphic display.
  - 12. Apparatus according to claim 11 wherein the means for generating a cryptographic hash comprises means responsive to each entered character for generating the parity of the each entered character and means for generating a cryptographic hash of the parities of the entered characters.
  - 13. Apparatus according to claim 11 wherein the identifying graphic display generating means comprises:
    - a plurality of icon graphics;
      
      means responsive to the ID code for selecting a subset of the plurality of icon graphics; and
      
      means for displaying the subset of the plurality of icon graphics in a predetermined pattern.
  - 14. Apparatus according to claim 13 wherein the identifying graphic display generating means further comprises means for generating a cryptographic hash based on the ID code and means responsive to the cryptographic hash for selecting a subset of the plurality of icon graphics.

15. A method for establishing a protected channel between a user and a computer system in response to a user request, the computer system having a memory, a display device and an input device, the method comprising the steps of:
- A. generating an entry screen display which requests information to be entered by the user on the input device;
  
  B. storing information unique to the user in the memory in a manner in which the unique information cannot be obtained by persons other than the user; and
  
  C. generating an identifying graphic display based on the unique information which identifying graphic display is distinct for the user along with the entry screen display.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A method according to claim 15 further comprising the steps of:
    - D. modifying the identifying graphic display based on information entered by the user on the input device.
  - 17. A method according to claim 16 wherein step D comprises the steps of:
    - D1. delaying the modification of the graphic display until a predetermined minimum amount of information has been entered.
  - 18. A method according to claim 16 wherein step D comprises the steps of:
    - D2. generating a cryptographic hash of the entered information in response to the information entered on the input device; and
      
      D3. modifying the identifying graphic display based on the cryptographic hash.
  - 19. A method according to claim 15 wherein step C comprises the steps of:
    - C1. storing a plurality of icon graphics in the memory;
      
      C2. selecting a subset of the plurality of icon graphics based on the information stored in the memory; and
      
      C3. displaying the subset of the plurality of icon graphics in a predetermined pattern.
  - 20. A method according to claim 15 wherein step C further comprises the steps of:
    - C4. generating a cryptographic hash based on the information stored in the memory; and
      
      C5. generating the identifying graphic display based on the cryptographic hash.

21. A computer program product for establishing a protected channel between a user and a computer system in response to a user request, the computer system having a memory, a display device and an input device, the computer program product comprising:
- a computer useable medium comprising;
  
  means responsive to the user request for generating an entry screen display which requests information to be entered by the user on the input device;
  
  means for storing information unique to the user in the memory in a manner in which the unique information cannot be obtained by persons other than the user; and
  
  means responsive to the information stored in the memory for generating an identifying graphic display which is distinct for the user along with the entry screen display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Lotus Development Corporation (International Business Machines Corporation)
Inventors
Ozzie, Raymond E., Patey, Eric M., Kaufman, Charles W., Beckhardt, Steven R.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
HUA, LY

Application Number

US08/579,744
Time in Patent Office

614 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/340, 380/23, 380/25, 380/4, 380/30, 340/825.31
US Class Current

726/29
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/44   Program or device authentic...

G06F 21/82   Protecting input, output or...

G06F 2211/007   Encryption, En-/decode, En-...

Method and apparatus for establishing a protected channel between a user and a computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for establishing a protected channel between a user and a computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links