Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm

US 5,949,882 A
Filed: 12/13/1996
Issued: 09/07/1999
Est. Priority Date: 12/13/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for enabling or disabling power in a computer system incorporating circuitry for communicating with an external token that includes a cryptographic algorithm and an encryption key, the computer system further incorporating a secure power-on process or other secure operating mode and a power supply providing at least one power supply voltage to computer system components, the method comprising the steps of:

providing a user password to the computer system;

communicatively coupling the external token to the computer system;

providing the user password to the cryptographic algorithm stored in the token;

encrypting the user password with the cryptographic algorithm and the encryption key to produce a system password;

comparing the system password with a stored value; and

enabling or disabling at least one power supply voltage in response to the result of said step of comparing the system password with a value stored in the computer system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for permitting access to secured computer resources based upon a two-piece user verification process. In one embodiment of the invention, the user verification process is carried out during a secure power-up procedure. At some point during the secure power-up procedure, the computer user is required to provide an external token or smart card that is coupled to the computer through specialized hardware. The token or smart card is used to store an encryption algorithm furnished with an encryption key that is unique or of limited production. The computer user is then required to enter a plain text user password. Once entered, the user password is encrypted using the encryption algorithm contained in the external token to create a peripheral password. The peripheral password is compared to a value stored in either secure system memory or in memory contained within a secured resource itself. If the two values match, access to the secured resource is permitted. In an alternate embodiment of the invention, the two-piece authentication process is conducted during normal computer operation outside of the secure power-on sequence. In this embodiment of the invention, the user password is entered by means of a secure keyboard communications channel. In either embodiment, the two-piece nature of the authorization process requires the presence of both the user password and the external token in order to generate the peripheral password.

219 Citations

19 Claims

1. A method for enabling or disabling power in a computer system incorporating circuitry for communicating with an external token that includes a cryptographic algorithm and an encryption key, the computer system further incorporating a secure power-on process or other secure operating mode and a power supply providing at least one power supply voltage to computer system components, the method comprising the steps of:
- providing a user password to the computer system;
  
  communicatively coupling the external token to the computer system;
  
  providing the user password to the cryptographic algorithm stored in the token;
  
  encrypting the user password with the cryptographic algorithm and the encryption key to produce a system password;
  
  comparing the system password with a stored value; and
  
  enabling or disabling at least one power supply voltage in response to the result of said step of comparing the system password with a value stored in the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein said step of providing a user password to the computer system is performed while the computer system is in a secure period of operation.
  - 3. The method of claim 2, wherein the secure period of operation includes a secure power-up procedure.
  - 4. The method of claim 1, wherein said step of comparing the peripheral password with a stored value occurs in secure computer memory.
  - 5. The method of claim 1, wherein said step of comparing the peripheral password with a stored value occurs in the secured computer resource.
  - 6. The method of claim 1, wherein said step of encrypting the user password with the cryptographic algorithm and the encryption key occurs in the token.
  - 7. The method of claim 6, further comprising the step of communicating the peripheral password from the token to the computer system.
  - 8. The method of claim 1, wherein said step of providing the user password to the cryptographic algorithm comprises downloading both the cryptographic algorithm and the user password to secure computer memory, and wherein said step of encrypting the user password with the cryptographic algorithm and the encryption key occurs in secure computer memory.
  - 9. The method of claim 1, wherein the token is a smart card.
  - 10. The method of claim 1, wherein the token is a memory device.
  - 11. The method of claim 1, wherein the encryption key is unique or of limited production.

12. A computer system having security capabilities that operate in conjunction with an external token containing a cryptographic algorithm and an encryption key, comprising:
- a system bus;
  
  a processor coupled to said system bus;
  
  communication circuitry coupled to said processor for communicating with the external token;
  
  a power supply providing at least one power supply voltage to computer system components;
  
  security code stored in a processor readable medium such that, upon execution, the processor performs the steps of;
  
  receiving a user password;
  
  providing the user password to the external token;
  
  receiving a system password from the external token, wherein the system password is an encrypted version of the user password;
  
  comparing the system password with a stored value; and
  
  enabling or disabling at least one power supply voltage from said power supply in response to the result of said step of comparing the system password with a value stored in the computer system.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer system of claim 12, wherein said security code is executed while the computer system is in a secure operating mode.
  - 14. The computer system of claim 13, wherein said secure operating mode is a secure power-on procedure.
  - 15. The computer system of claim 12, wherein said security code step of comparing the peripheral password with a stored value occurs in computer system memory.
  - 16. The computer system of claim 12, wherein said security code step of comparing the peripheral password with a stored value occurs in said secured computer resource.
  - 17. The computer system of claim 12, wherein the external token is a smart card.
  - 18. The computer system of claim 12, wherein the external token is a memory device.
  - 19. The computer system of claim 12, wherein the encryption key is unique or of limited production.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Angelo, Michael F.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/766,721
Time in Patent Office

998 Days
Field of Search

380/23, 380/25, 380/4, 380/24, 380/49, 380/50, 380/21, 380/9, 340/825.31, 340/825.34, 395/186, 395/187.01, 395/188.01, 235/379, 235/380
US Class Current

713/185
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/1097   Boot, Start, Initialise, Power

Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

219 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links