Challenge/response security architecture with fuzzy recognition of long passwords

US 6,026,491 A
Filed: 09/30/1997
Issued: 02/15/2000
Est. Priority Date: 09/30/1997
Status: Expired due to Term

First Claim

Patent Images

1. A security method for controlling user access to a complex electronic system, comprising the actions of:

(a.) when a user requests access, prompting the user with a customized challenge string which is specific to that user, and waiting for the user to input a user password;

(b.) checking said user password for similarity to a pre-defined response string which includes more than 20 alphanumeric characters; and

(c.) allowing access to said system if said user password is substantially similar to said pre-defined password, even if said user password is not identical to said pre-defined password.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password-phrasing security mechanism utilizing personalized challenge phrasing to prompt the user into remembering a pre-defined personalized coded phrase to gain access to a secured system.

Citations

48 Claims

1. A security method for controlling user access to a complex electronic system, comprising the actions of:
- (a.) when a user requests access, prompting the user with a customized challenge string which is specific to that user, and waiting for the user to input a user password;
  
  (b.) checking said user password for similarity to a pre-defined response string which includes more than 20 alphanumeric characters; and
  
  (c.) allowing access to said system if said user password is substantially similar to said pre-defined password, even if said user password is not identical to said pre-defined password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said challenge string and said response string are both stored in flash memory.
  - 3. The method of claim 1, wherein said response string includes more than 40 alphanumeric characters.
  - 4. The method of claim 1, wherein said prompting action consists of displaying characters on a video display.
  - 5. The method of claim 1, wherein said actions (b.) and (c.) are repeated at least twice during each login, using a further customized challenge string and a further response string.
  - 6. The method of claim 1, further comprising:
    - d.) if said user password is not substantially similar to said pre-defined password, re-presenting said challenge phrase a predetermined number of times.
  - 7. The method of claim 1, further comprising:
    - d.) if said user password is not substantially similar to said pre-defined password, repeating action (b.) with a different challenge phrase.
  - 8. The method of claim 1, wherein said challenge phrase is randomly chosen from a pool of possible challenge phrases for that specific user.

9. A security method for controlling user access to a computer system, comprising the actions of:
- (a.) when said system is powered up, automatically executing a start-up procedure stored in a non-volatile memory;
  
  (b.) during execution of said start-up procedure, prompting a user with a customized challenge phrase which is specific to that user, and waiting for the user to input a user password;
  
  (c.) checking said user password for similarity to a pre-defined password which includes more than 20 alphanumeric characters; and
  
  (d.) allowing access to said system if said user password is substantially similar to said pre-defined password, even if said user password is not identical to said pre-defined password.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein said challenge string and said pre-defined password are both stored in flash memory.
  - 11. The method of claim 9, wherein said pre-defined password includes more than 40 alphanumeric characters.
  - 12. The method of claim 9, wherein said prompting action consists of displaying characters on a video display.
  - 13. The method of claim 9, wherein said actions (b.), (c.), and (d.) are repeated at least twice during each login.
  - 14. The method of claim 9, further comprising:
    - d.) if said user password is not substantially similar to said pre-defined password, re-presenting said challenge phrase a predetermined number of times.
  - 15. The method of claim 9, further comprising:
    - d.) if said user password is not substantially similar to said pre-defined password, repeating action (b.) with a different challenge phrase.
  - 16. The method of claim 9, wherein said challenge phrase is randomly chosen from a pool of possible challenge phrases for that specific user.

17. A method for starting up a computer system, comprising the actions of:
- (a.) when said system is powered up, automatically executing a start-up procedure stored in a non-volatile memory;
  
  (b.) during execution of said start-up procedure, waiting for a user identification, and accordingly displaying a customized challenge phrase, which is specific to that user, on a video display with and waiting for the user to input a user password;
  
  (c.) checking said user password for similarity to a pre-defined password which includes more than 30 alphanumeric characters;
  
  (d.) continuing the start-up procedure if said user password is substantially similar to said pre-defined password, even if said user password is not identical to said pre-defined password; and
  
  (e.) otherwise halting the start-up procedure.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein said challenge string and said pre-defined password are both stored in flash memory.
  - 19. The method of claim 17, wherein said pre-defined password includes more than 40 alphanumeric characters.
  - 20. The method of claim 17, wherein said prompting action consists of displaying characters on a video display.
  - 21. The method of claim 17, wherein said actions (b.), (c.), and (d.) are repeated at least twice during each login.
  - 22. The method of claim 17, further comprising:
    - d.) if said user password is not substantially similar to said pre-defined password, re-presenting said challenge phrase a predetermined number of times.
  - 23. The method of claim 17, further comprising:
    - d.) if said user password is not substantially similar to said pre-defined password, repeating action (b.) with a different challenge phrase.
  - 24. The method of claim 17, wherein said challenge phrase is randomly chosen from a pool of possible challenge phrases for that specific user.

25. A computer system, comprising:
- memory, and a microprocessor operatively connected to read and write said memory;
  
  one or more non-volatile memories storing a start-up procedure, at least one stored user-specific challenge string, and at least one stored user-specific response string which includes more than 20 alphanumeric characters;
  
  wherein, when a user attempts to log in, said start-up procedure presents said challenge string, and checks a user response string against said stored response string, and permits access to the computer if the user response substantially matches said stored response string, even if the user response is not identical to said stored response string; and
  
  a graphics controller connected to said microprocessor; and
  
  a video display connected to said graphics controller.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The computer system of claim 25, wherein said challenge string and said stored response string are both stored in flash memory.
  - 27. The computer system of claim 25, wherein said stored response string includes more than 40 alphanumeric characters.
  - 28. The computer system of claim 25, wherein said challenge string is presented on a video display.
  - 29. The computer system of claim 25, further comprising the step:
    - if said user password is not substantially similar to said pre-defined password, re-presenting said challenge phrase a predetermined number of times.
  - 30. The computer system of claim 25, further comprising the step:
    - if said user password is not substantially similar to said pre-defined password, said start-up procedure presents a different challenge string, checks a second user response string against said stored response string, and permits access to the computer if said second user response string substantially matches said stored response string even if said second user response string is not identical to said stored response string.
  - 31. The computer system of claim 25, wherein said challenge phrase is randomly chosen from a pool of possible challenge phrases for that specific user.
  - 32. The computer system of claim 25, wherein said start-up procedure presents at least two different challenge phrases during said start-up procedure.

33. A computer system, comprising:
- memory, and a microprocessor operatively connected to read and write said memory;
  
  a graphics controller connected to said microprocessor;
  
  a video display connected to said graphics controller;
  
  a user input device connected to said microprocessor;
  
  wherein, when a user requests access, said microprocessorprompts the user with a customized challenge string which is specific to that user,waits for the user to input a user password,checks said user password for similarity to a pre-defined response string which includes more than 20 alphanumeric characters, andallows access to said system if said user password is substantially similar to said pre-defined response string, even if said user password is not identical to said pre-defined response string.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The computer system of claim 33, wherein said challenge string and said response string are both stored in flash memory.
  - 35. The computer system of claim 33, wherein said response string includes more than 40 alphanumeric characters.
  - 36. The computer system of claim 33, wherein said challenge string is presented on a video display.
  - 37. The computer system of claim 33, further comprising the step:
    - if said user password is not substantially similar to said pre-defined password, re-presenting said challenge phrase a predetermined number of times.
  - 38. The computer system of claim 33, further comprising the step:
    - if said user password is not substantially similar to said pre-defined password, repeating said steps of prompting, waiting, and checking with a different challenge phrase.
  - 39. The computer system of claim 33, wherein said challenge phrase is randomly chosen from a pool of possible challenge phrases for that specific user.
  - 40. The computer system of claim 33, wherein said start-up procedure presents at least two different challenge phrases before allowing access to said system.

41. A computer system, comprising:
- memory, and a microprocessor operatively connected to read and write said memory;
  
  a graphics controller connected to said microprocessor;
  
  a video display connected to said graphics controller;
  
  one or more non-volatile memories storing a start-up procedure, at least one stored user-specific challenge string, and at least one stored user-specific response string which includes more than 20 alphanumeric characters;
  
  wherein, when a user submits identification, said microprocessordisplays a customized challenge string, which is specific to that user, on said video display,waits for the user to input a user password,checks said user password for similarity to a pre-defined response string which includes more than 20 alphanumeric characters, andcontinues said start-up procedure if said user password is substantially similar to said pre-defined password, even if said user password is not identical to said pre-defined password, and otherwise halts the start-up procedure.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
- - 42. The computer system of claim 41, wherein said challenge string and said response string are both stored in flash memory.
  - 43. The computer system of claim 41, wherein said response string includes more than 40 alphanumeric characters.
  - 44. The computer system of claim 41, wherein said challenge string is presented on a video display.
  - 45. The computer system of claim 41, further comprising the step:
    - if said user password is not substantially similar to said pre-defined password, re-presenting said challenge phrase a predetermined number of times.
  - 46. The computer system of claim 41, further comprising the step:
    - if said user password is not substantially similar to said pre-defined password, repeating said displays step with a different challenge phrase.
  - 47. The computer system of claim 41, wherein said challenge phrase is randomly chosen from a pool of possible challenge phrases for that specific user.
  - 48. The computer system of claim 41, wherein said start-up procedure at least two different challenge phrases before continuing said start-up procedure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Hiles, Paul
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Revak, Christopher A.

Application Number

US08/940,893
Time in Patent Office

868 Days
Field of Search

713/200, 713/201, 713/202, 380/23, 380/25
US Class Current

726/18
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06F 2221/2131   Lost password, e.g. recover...

Challenge/response security architecture with fuzzy recognition of long passwords

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Challenge/response security architecture with fuzzy recognition of long passwords

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links