Removable media for password based authentication in a distributed system
First Claim
1. An apparatus for use with a computer system, the computer system having one or more processes which are accessible by a client process that is authenticated by comparing information derived from a password which is changed from time to time to authentication data in the computer system, the apparatus comprising:
- a. a portable computer readable medium for storing data thereon;
b. a client identifier stored on the medium, the client identifier identifying the client process;
c. a plurality of digital keys stored on the medium, one of the digital keys designated as current and associated with a current password that is in use, other of the digital keys associated with non-current previously-used passwords; and
d. logic in the computer system responsive to the plurality of digital keys for allowing access by the client process to one of the processes requiring authentication if any one of the plurality of digital keys stored on the medium corresponds to the authentication data.
4 Assignments
0 Petitions
Accused Products
Abstract
A portable medium containing client process identification information for use with a computer system requiring authentication prior to access thereto includes data identifying the client process and a plurality of data sets, each associated with a password, one of the passwords being designated as current. In one embodiment, the medium contains the passwords while in another embodiment, the medium contains keys at least partially derived from the passwords. The computer system with which the portable medium interfaces determines whether any of the data associated with the passwords matches authentication data previously stored in the computer system and associated with the client process. If a match occurs, the client process is allowed to access the system. If the data upon which access is based is not associated with a current password, the computer system will read the data associated with the current password and update its corresponding authentication data associated with the client process.
-
Citations
21 Claims
-
1. An apparatus for use with a computer system, the computer system having one or more processes which are accessible by a client process that is authenticated by comparing information derived from a password which is changed from time to time to authentication data in the computer system, the apparatus comprising:
-
a. a portable computer readable medium for storing data thereon; b. a client identifier stored on the medium, the client identifier identifying the client process; c. a plurality of digital keys stored on the medium, one of the digital keys designated as current and associated with a current password that is in use, other of the digital keys associated with non-current previously-used passwords; and d. logic in the computer system responsive to the plurality of digital keys for allowing access by the client process to one of the processes requiring authentication if any one of the plurality of digital keys stored on the medium corresponds to the authentication data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for generating a portable authentication medium for use with a computer system having one or more processes which are accessible using a password that is changed from time to time, the method comprising the steps of:
-
a. providing a portable medium capable of storing data thereon and being removably interfaceable with a computer system; b. each time the password is changed, generating a first digital key at least partially derived from a first password that is currently in use; c. storing the first digital key on the medium along with a plurality of second digital keys generated from previously-used passwords so that a key for at least one previously-used password is stored on the medium; d. designating the first digital key as a current key; and e. storing on the medium data identifying a client process associated with the passwords. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product for use with a computer system which can be accessed with a password that is changed from time to time, the computer program product comprising a portable computer usable medium having stored thereon:
-
a. a client identifier stored on the medium, the client identifier identifying a client process; b. a plurality of digital keys stored on the medium, one of the digital keys designated as a current key and associated with a current password that is in use, other of the digital keys associated with non-current previously-used passwords; and c. computer program code comprising; 1. program code, responsive to an authorization challenge from a computer process, for supplying one of the plurality of keys stored on the medium to the computer process, the key identified by authorization data with which the computer process presented the authorization challenge; and 2. program code for supplying to the computer process a key identifier associated with the current key for incorporation into the authentication data, if the computer process presented authentication data corresponding to other than the current key. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An apparatus for use with a computer system, the computer system having one or more processes which are accessible by a client process that is authenticated by comparing information derived from a password which is changed from time to time to authentication data in the computer system, the apparatus comprising:
-
a. a portable computer readable medium for storing data thereon; b. a client identifier stored on the medium, the client identifier identifying the client process; and c. a plurality of passwords stored on the medium, one of the passwords designated as a current and is in use, other of the passwords designated as non-current previously-used passwords; d. a secret parameter stored on the medium, the secret parameter uniquely identifying the client process; and e. authorization logic in the computer system responsive to the plurality of passwords and the secret parameter for allowing access by the client process to one of the processes requiring authentication if any one of the plurality of passwords stored on the medium corresponds to the authentication data. - View Dependent Claims (19, 20, 21)
-
Specification