Personal authentication system and method for multiple computer platform
First Claim
1. In a computer network having a client and a server, a method comprising the steps of:
- providing an account password and an account name by the client;
at the server, comparing the account password and account name to a database of account names and associated account passwords;
providing a challenge to the client;
at the client, producing a response to the challenge using the challenge and at least a user password;
transmitting the response to the server, but not the user password;
at the server, producing a local response based on the challenge and the user password, the user password being stored in the database and being associated with the account name;
authorizing access to the server if the local response favorably compares to the received response; and
prohibiting authorized access to the server for an increasing period of time if the local response does not favorably compare to the received response, the period of time increasing after each set of failures to favorably compare.
3 Assignments
0 Petitions
Accused Products
Abstract
A personal authentication system provides at least two levels of security for an authentication process, in addition to numerous other security features. The system operates across many different software and hardware platforms, in a client/server fashion, employing a challenge/response process that does not require users to transmit their passwords across a network. An application running on a client computer is coupled with an application running on a server computer. The client generates a response to a challenge, which is provided by the server. The response is a combined function of the server'"'"'s challenge, a serial number assigned to the client, and a password provided by the user.
-
Citations
27 Claims
-
1. In a computer network having a client and a server, a method comprising the steps of:
-
providing an account password and an account name by the client; at the server, comparing the account password and account name to a database of account names and associated account passwords; providing a challenge to the client; at the client, producing a response to the challenge using the challenge and at least a user password; transmitting the response to the server, but not the user password; at the server, producing a local response based on the challenge and the user password, the user password being stored in the database and being associated with the account name; authorizing access to the server if the local response favorably compares to the received response; and prohibiting authorized access to the server for an increasing period of time if the local response does not favorably compare to the received response, the period of time increasing after each set of failures to favorably compare. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An electronic access method for use by a user comprising the steps of:
-
providing a challenge to the user and producing a local response to the challenge using the challenge and at least a locally stored value; receiving a response to the challenge from the user; authorizing access if the local response favorably compares to a received response; and prohibiting authorized access for an increasing period of time if the local response does not favorably compare to the received response, wherein the period of time increases after each failure to favorably compare. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable medium having stored thereon a computer-readable data structure for use by a server in an authorization procedure, the server being networked to at least one client, the data structure comprising:
-
an identifier data structure; a password associated with the identifier data structure, the password having a time period indicating a period during which the password is valid; an allowances value indicating a number of authorizations permitted under the authorization procedure after the period that the password is valid has expired; a serial number data structure associated with the client; and a response data structure, the response data structure storing a response produced by the server from a server calculator, the server calculator generating the response based on a server generated challenge, the serial number and the password, wherein the password is associated with a user of the account, and wherein the response is compared with a response received from the client. - View Dependent Claims (14, 15)
-
-
16. In a computer network having at least one client, an apparatus comprising:
-
a user account database having stored therein a first password associated with a user account; and a first server coupled to the database and being programmed for receiving an authorization request from the client for the user account, including a response, generating a local response based on the first password and a locally generated seed value, permitting access to the first server by the client if the local response favorably compares to the received response, and prohibiting access to the first server by the client for an increasing time period for each group of failed authorization attempts for the user account, the server is programmed for incrementing an authorization failures value in the database for each consecutive occurrence that the local response does not favorably compare to the received response;
prohibiting authorized access for a first period of time if the authorization failures value equals a set value;
again incrementing the authorization failures value for each consecutive occurrence that the local response does not favorably compare to the received response until the authorization failures value equals a multiple of the set value; and
prohibiting authorized access for the first period of time times a multiplier value if the authorization failures value equals the multiple of the set value, where the multiplier value is greater than one. - View Dependent Claims (17, 18)
-
-
19. In a computer network having a client and first and second servers, a method of authorizing a user comprising the steps of:
-
receiving at the first server a request for user authorization by the client; receiving at the second server a request for authorization by the first server; providing authorization between the first and second servers; at the second server, providing a challenge to the first server; at the first server, providing the challenge to the client; at the client, producing a response to the challenge using the challenge and at least a user password; transmitting the response, but not the user password, to the first server; forwarding the response to the second server; at the second server, producing a local response based on the challenge and the user password; and at the second server, authorizing access if the local response favorably compares to the received response. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. In a computer network having at least one client, an apparatus comprising:
-
a user account database having stored therein a first password associated with a user account; and a first server coupled to the database and being programmed for receiving an authorization request from the client for the user account, including a response, generating a local response based in the first password and a locally generated seed value, permitting access to the first server by the client if the local response favorably compares to the received response, and prohibiting access to the first server by the client for an increasing time period for each group of failed authorization attempts for the user account, the server is programmed for distributing a client calculator, wherein the client calculator is initialized by inputting a number assigned to the client.
-
-
26. In a computer network having at least one client, an apparatus comprising:
-
a user account database having stored therein a first password associated with a user account; and a first server coupled to the database and being programmed for receiving an authorization request from the client for the user account, including a response, generating a local response based on the first password and a locally generated seed value, permitting access to the first server by the client if the local response favorably compares to the received response, and prohibiting access to the first server by the client for an increasing time period for each group of failed authorization attempts for the user account, the server is programmed for providing a one-way response generating algorithm, inputting the challenge and the user password to the one-way algorithm and generating the response.
-
-
27. In a computer network having at least one client, an apparatus comprising:
-
a user account database having stored therein a first password associated with a user account; and a first server coupled to the database and being programmed for receiving an authorization request from the client for the user account, including a response, generating a local response based on the first password and a locally generated seed value, permitting access to the first server by the client if the local response favorably compares to the received response, and prohibiting access to the first server by the client for an increasing time period for each group of failed authorization attempts for the user account, the server is programmed for determining if a life-time of a second password has expired, if the second password has expired, then determining if a number of allowances remain for the user account, if a number of allowances remain, then performing the step of providing a challenge, and if a number of allowances does not remain, prohibiting authorized access to the server, and wherein the second password is stored in the database and is associated with the user account.
-
Specification