Authentication system based on periodic challenge/response protocol

US 6,088,450 A
Filed: 04/17/1996
Issued: 07/11/2000
Est. Priority Date: 04/17/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method to control an operating state of a node, the method comprising:

authenticating a token by a user inputting data into the token;

authenticating a node by exchanging messages between the token possesed by the user and the node, periodically performing the message exchange to ascertain whether the token is within a predetermined distance from the node, and disabling at least one peripheral device of the node in order to place the node into a non-operational state if the token is determined to be outside a range established by the predetermined distance; and

periodically authenticating the token by requiring the user to input the data into the token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless authentication system to control an operating state of a node being a computer, door control mechanism or any muti-state product based on the proximity of an authorized user to the node. The wireless authentication system comprises a security device implemented within the computer and a user authentication token ("token") in possession of the authorized user. A Challenge/Response protocol is configured between the security device and the token. The first successful Challenge/Response message exchange between the security device and the token places the node in an operational state allowing the authorized user access to the contents and/or networked resources of the node. Later Challenge/Response message exchanges are set to occur periodically to check whether the authorized user possessing the token has left the node unattended thereby causing the node to be placed in a non-operational state.

Citations

47 Claims

1. A method to control an operating state of a node, the method comprising:
- authenticating a token by a user inputting data into the token;
  
  authenticating a node by exchanging messages between the token possesed by the user and the node, periodically performing the message exchange to ascertain whether the token is within a predetermined distance from the node, and disabling at least one peripheral device of the node in order to place the node into a non-operational state if the token is determined to be outside a range established by the predetermined distance; and
  
  periodically authenticating the token by requiring the user to input the data into the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the node includes a computer.
  - 3. The method according to claim 2, wherein the at least one peripheral device includes one of a keyboard and a mouse.
  - 4. The method according to claim 1, wherein the authentication of the token further includes entering of a subsequently verified alphanumeric password by the user to activate the token.
  - 5. The method according to claim 4, wherein the periodic authentication of the token includes reloading of the alphanumeric password after a prescribed time period has elapsed to reactive the token.
  - 6. The method according to claim 1, wherein the authentication of the token includes providing biometric data of the user and determining that the biometric data matches characteristics of an authorized user.
  - 7. The method according to claim 1, wherein the node includes a door control mechanism.
  - 8. The method according to claim 1, wherein the periodicity of the first and second message exchanges is programmable.
  - 9. The method according to claim 1, wherein prior to exchanging the messages, the method comprises:
    - transferring a query message from the node to the token; and
      
      transferring a response to the node by the token when the token is within the predetermined distance from the node.
  - 10. The method according to claim 1, wherein prior to exchanging the messages, the method further comprisestransferring a query message from the token to the node;
    - andtransferring a response message from the node to the token indicating that the node acknowledges that the token is within the predetermined distance.
  - 11. The method according to claim 1 further comprising periodically authenticating the token to ensure that the token is being used by the authorized user.

12. A method to control an operating state of a node, the method comprising:
- authenticating a user from loading alphanumeric data into a token and determining whether the alphanumeric data matches pre-stored alphanumeric data;
  
  exchanging at least a first and second messages between the token and the node, the node being placed in an operational state if the second message correctly responds to the first message; and
  
  periodically determining whether the token is within a predetermined distance from the node.
- View Dependent Claims (13, 14)
- - 13. The method according to claim 12, wherein the periodic determination comprisesmaintaining the node in the operational state if the token correctly responds due to a presence of the token within the predetermined distance;
    - placing the node in a non-operational state if the token fails to respond due to the presence of the token being more than the predetermined distance away from the node or the token responds incorrectly; and
      
      periodically performing the authentication of the user to ascertain that the user in possession of the token is authorized to use the token.
  - 14. The method according to claim 12, wherein the periodic determination comprises reloading the alphanumeric data by the user.

15. A wireless authentication system comprising:
- a computer including a peripheral device;
  
  a security device having a wireless transceiver, the security device, including a package containing both (i) a processing unit and (ii) a memory unit coupled to the processing unit, to generate a plurality of messages to be transmitted through the wireless transceiver, each of the plurality of messages is separately transmitted after a prescribed time interval has elapsed; and
  
  a token to establish a wireless communication link with the security device, to operate in combination with the security device to respond to the plurality of messages in order to place the computer in an operational state using the plurality of messages when the token is within a predetermined distance from the computer, to place the computer in a non-operational state by disabling the peripheral device, and to authenticate a user of the token by periodically notifying the user to input information therein.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The wireless authentication system according to claim 15, wherein each of the plurality of messages generated by the security device is separately transmitted after the prescribed time interval has elapsed.
  - 17. The wireless authentication system according to claim 16, wherein the token (i) initially receives a first message of the plurality of messages, (ii) generates a message in response to the first message for transmission to the security device to place the computer in the operational state and (iii) generates a message in response to each of the plurality of messages subsequent to the first message as long as the token remains within the predetermined distance from the security device.
  - 18. The wireless authentication system according to claim 15, wherein the security device further includes a random number generator coupled to the processing unit, the random number generator contained in the package.
  - 19. The wireless authentication system according to claim 15, wherein the token includesa second data bus;
    - a wireless interface in communication with the second data bus, the wireless interface is further coupled to the wireless transceiver of the security device through the wireless communication link to receive the plurality of messages and to transmit a corresponding plurality of messages in response to the plurality of messages from the security device;
      
      a memory element coupled to the second data bus, the memory element to contain cryptographic information; and
      
      a processor coupled to the second data bus, the processor to generate the corresponding plurality of messages in response to the plurality of messages.
  - 20. The wireless authentication system according to claim 19, wherein the token further includes a power source to provide power to at least the memory element and the processor.
  - 21. The wireless authentication system according to claim 15, wherein the peripheral device includes one of a keyboard and a mouse.

22. A wireless authentication system comprising:
- a computer includinga transmitter,a receiver, anda security device including a processing unit and a memory unit; and
  
  a token in bi-directional communications with the transmitter and receiver of the computer, the token operating in combination with the security device to place the computer in an operational state when the token is determined to be within a predetermined distance from the computer, and to place the computer in a non-operational state when the token is determined to be more than the predetermined distance from the computer, the token further authenticating its user by comparing input data received with a prestored master after a period of time has elapsed.
- View Dependent Claims (23)
- - 23. The wireless authentication system according to claim 22, wherein the token includes a biometric measurement device to periodically authenticate a user of the token by inputting the data, being biometric data of the user, into the token.

24. A method to control an operating state of a node, the method comprising:
- activating a token;
  
  placing a node into either (i) an operational state if the token is determined to be within a predetermined distance from the node, or (ii) an non-operational state when the token is determined to be located more than the predetermined distance from the node; and
  
  re-authenticating the user of the token by periodically requiring the user to input predetermined data into the token.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The method according to claim 24, wherein the placing of the node into an operational state further includes responding to a query message from the node by the token returning a response that correctly responds to the query message.
  - 26. The method according to claim 24, wherein the predetermined data input into the token includes a subsequently verified alphanumeric password.
  - 27. The method according to claim 26, wherein the reauthentication of the user includes reloading of the alphanumeric password after a prescribed time period has elapsed in order to continue activation of the token.
  - 28. The method according to claim 24, wherein the predetermined data input into the token includes biometric data of the user.
  - 29. The method according to claim 24, wherein the activation of the token occurs after a user of the token is authenticated based on the predetermined data input into the token by the user.
  - 30. The method according to claim 24, wherein the node includes a door control mechanism.
  - 31. The method according to claim 24, wherein the periodicity in reauthenticating the user is programmable.
  - 32. The method according to claim 24, wherein the placing of the node into an operational state further includesissuing a query message by the token to the node;
    - andreceiving a response message by the token indicating that the node acknowledges that the token within the predetermined distance from the node.

33. A method to control an operating state of a node, the method comprising:
- activating a token upon authentication of the user by loading alphanumeric data into the token and determining that the alphanumeric data matches pre-stored alphanumeric data;
  
  determining a state of the node by exchanging at least a first message and a second message between the token and the node, the node being placed in an operational state if the second message correctly responds to the first message; and
  
  periodically authenticating that the user is in possession of the token.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The method according to claim 33, wherein the periodic authentication of the node further determines that the token is within a predetermined distance from the node.
  - 35. The method according to claim 33, wherein the periodic authentication of the node further determines that the user of the token is authorized to access the node.
  - 36. The method according to claim 33, wherein the periodic authentication of the token comprises reloading data by the user for authentication of the user.
  - 37. The-method according to claim 36, wherein the data is alphanumeric data for comparison with pre-stored data.
  - 38. The method according to claim 36, wherein the data includes biometric data for comparison with pre-stored characteristics of at least one authorized user.

39. A token comprising:
- an interface to support wireless communications with a node;
  
  a memory element; and
  
  a processor coupled to the memory element and the interface, the processor to authenticate a user of the token by periodically notifying the user to input information therein and to exchange messages with the node in order to place the node in an non-operational state when the token is determined to be greater than a predetermined distance away from the node.
- View Dependent Claims (40, 41, 42)
- - 40. The token according to claim 39, wherein the wireless communications are messages in a radio frequency format.
  - 41. The token according to claim 39, wherein the processor places the node in the non-operational state by disabling at least one peripheral device of the node.
  - 42. The token according to claim 39, wherein the at least one peripheral device includes a keyboard.

43. A node comprising:
- a peripheral device;
  
  a security device having a wireless transceiver and in control of the node, the security device to transmit a plurality of messages, each of the plurality of messages is separately transmitted to a mobile token after a prescribed time interval has elapsed in order to determine whether the token is within a predetermined distance from the security device and to maintain the node in an operational state if the token is authenticated and is determined to be within a predetermined distance from the security device.
- View Dependent Claims (44, 45, 46, 47)
- - 44. The node according to claim 43, wherein the security device to alter the node from the operational state to a non-operational state if the token is determined to be farther from the security device than the predetermined distance.
  - 45. The node according to claim 44, wherein the security device alters the node to the non-operational state if the token is not authenticated.
  - 46. The node according to claim 43, wherein the security device alters the node to the non-operational state if the token is not authenticated.
  - 47. The node according to claim 43 is a computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Smith, Lionel, Davis, Derek L.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/634,068
Time in Patent Office

1,546 Days
Field of Search

380/23, 380/25, 380/24, 380/49, 380/50, 380/59, 380/29, 380/30, 340/825.31, 340/825.34, 235/379, 235/380, 235/382
US Class Current

713/182
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/35   communicating wirelessly

G06F 2221/2103   Challenge-response

G07C 9/28   the pass enabling tracking ...

H04L 63/0492   by using a location-limited...

H04L 63/0853   using an additional device,...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 4/80   Services using short range ...

Authentication system based on periodic challenge/response protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system based on periodic challenge/response protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links