Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password
First Claim
1. A method for permitting access to secured resources in a computer system incorporating circuitry for communicating with an external token that includes an authentication value, the computer system further incorporating a secure power-up procedure or other secure operating mode, the method comprising the steps of:
- providing a plain text user password to the computer system while the computer system is in a secure period of operation, the secure period of operation being independent of the external token;
performing a one-way hash function on the plain text user password to produce a hash value;
communicatively coupling the external token to the computer system;
comparing the hash value with the authentication value stored in the external token, the comparison occurring in the computer system; and
enabling access to a secured internal computer resource in response to the result of said step of comparing the hash value with the authentication value stored in the external token.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for permitting access to secured computer resources based upon a two-piece user verification process. In the disclosed embodiment, the user verification process is carried out during a secure power-up procedure. At some point during the secure power-up procedure, the computer user is required to provide an external token or smart card to the computer system. The token or smart card is used to store an authentication value(s) required to enable secured resources. The computer user is then required to enter a plain text user password. Separate passwords can be used to enable various portions of the computer system. Once entered, a one-way hash function is performed on the user password. The resulting hash value is compared to an authentication value (token value) downloaded from the token. If the two values match, the power-on sequence is completed and access to the computer system and/or secured computer resources is permitted. If the two values do not match, power to the entire computer system and/or secured computer resources are disabled. The two-piece nature of the authorization process requires the presence of both the user password and the external token in order to access protected computer resources.
260 Citations
20 Claims
-
1. A method for permitting access to secured resources in a computer system incorporating circuitry for communicating with an external token that includes an authentication value, the computer system further incorporating a secure power-up procedure or other secure operating mode, the method comprising the steps of:
-
providing a plain text user password to the computer system while the computer system is in a secure period of operation, the secure period of operation being independent of the external token; performing a one-way hash function on the plain text user password to produce a hash value; communicatively coupling the external token to the computer system; comparing the hash value with the authentication value stored in the external token, the comparison occurring in the computer system; and enabling access to a secured internal computer resource in response to the result of said step of comparing the hash value with the authentication value stored in the external token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for enabling or disabling power in a computer system incorporating circuitry for communicating with an external token that includes an authentication value, the computer system further incorporating a secure power-on process or other secure operating mode and a power supply providing at least one power supply voltage to computer system components, the method comprising the steps of:
-
providing a plain text user password to the computer system while the computer system is in a secure period of operation, the secure period of operation being independent of the external token; performing a one-way hash function on the plain text user password to produce a hash value; communicatively coupling the external token to the computer system; comparing the hash value with the authentication value stored in the external token; and enabling or disabling at least one power supply voltage in response to the result of said step of comparing the hash value with the authentication value stored in the external token. - View Dependent Claims (10, 11, 12)
-
-
13. A computer system having security capabilities that operate in conjunction with an external token containing an authentication value, the computer system further having system memory and a secure power-on process or other secure operating mode, comprising:
-
a system bus; a processor coupled to said system bus; communication circuitry coupled to said processor for communicating with the external token; a secured internal computer resource coupled to said processor; security code stored in a processor readable medium for causing the processor to perform the steps of; receiving a plain text user password while the computer system is in the secure operating mode, the secure operating mode being independent of the external token; performing a one-way hash function on the plain text user password to produce a hash value; receiving the authentication value from the external token; comparing, in the computer system, the hash value with the authentication value stored in the external token; and enabling or disabling said secured computer resource in response to the result of said step of comparing the hash value with the authentication value stored in the external token. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer system having security capabilities that operate in conjunction with an external token containing an authentication value, the computer system further having system memory and a secure power-on process or other secure operating mode, comprising:
-
a system bus; a processor coupled to said system bus; communication circuitry coupled to said processor for communicating with the external token; a power supply providing at least one power supply voltage to computer system components; power-on code stored in a processor readable medium for causing the processor to perform the steps of; receiving a plain text user password while the computer system is in the secure operating mode, the secure operating mode being independent of the external token; performing a one-way hash function on the plain text user password to produce a hash value; receiving the authentication value from the external token; comparing, in the computer system, the hash value with the authentication value stored in the external token; and enabling or disabling at least one power supply voltage from said power supply in response to the result of said step of comparing the hash value with the authentication value stored in the external token. - View Dependent Claims (19, 20)
-
Specification