Computer access via a single-use password
First Claim
1. A method for allowing a user access to a password protected computer system through the use of a fail-safe password, the fail-safe password comprising an external hash value encrypted with an external private key, the method comprising the steps of:
- securely generating an internal hash value within the computer system, wherein the internal hash value is based on a changeable seed value distinct from a previous fail-safe password;
providing the fail-safe password to the computer system;
decrypting the fail-safe password using a public key corresponding to the private key to provide the external hash value;
comparing the internal hash value to the external hash value;
changing the seed value to a next seed value when the internal hash value equals the external hash value; and
permitting the user to access the computer system when the internal hash value equals the external hash value.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system according to the present invention implements a self-modifying “fail-safe” password system that allows a manufacturer or site administrator to securely supply a single-use password to users who lose a power-up password. The fail-safe password system utilizes at least one fail-safe counter, an encryption/decryption algorithm, a public key, and a secure non-volatile memory space. The fail-safe password is derived by generating a hash code using SHA, MD5,or a similar algorithm and encrypting the result. The fail-safe password is then communicated to the user. After the user enters the fail-safe password, the computer system generates an internal hash value and compares it with the hash code of the decrypted fail-safe password. When the decrypted fail-safe password matches the internal hash value, the user is allowed access to the computer system.
-
Citations
23 Claims
-
1. A method for allowing a user access to a password protected computer system through the use of a fail-safe password, the fail-safe password comprising an external hash value encrypted with an external private key, the method comprising the steps of:
-
securely generating an internal hash value within the computer system, wherein the internal hash value is based on a changeable seed value distinct from a previous fail-safe password;
providing the fail-safe password to the computer system;
decrypting the fail-safe password using a public key corresponding to the private key to provide the external hash value;
comparing the internal hash value to the external hash value;
changing the seed value to a next seed value when the internal hash value equals the external hash value; and
permitting the user to access the computer system when the internal hash value equals the external hash value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
obtaining the fail-safe password from a manufacturer, the manufacturer maintaining a mirror seed value that corresponds to the changeable seed value.
-
-
4. The method of claim 3, wherein the step of providing the fail-safe password to the computer system further comprises:
communicating the fail-safe password to the user by the manufacturer after the user'"'"'s identity is validated, the fail-safe password being entered into the computer system by the user through a locally connected keyboard.
-
5. The method of claim 1, wherein the step of providing the fail-safe password to the computer system further comprises:
obtaining the fail-safe password from a site administrator, the administrator maintaining a mirror seed value, the mirror seed value corresponding to the changeable seed value.
-
6. The method of claim 1, wherein the seed value includes a fixed portion.
-
7. The method of claim 6, wherein the fixed portion of the seed value includes the computer system serial number.
-
8. The method of claim 1, wherein the step of permitting the user to access the computer system further comprises:
allowing a new power-up password to be entered upon boot-up if the internal and external hash values are the same.
-
9. The method of claim 1, wherein the external and internal hash values are generated with SHA.
-
10. The method of claim 1, wherein the external and internal hash values are generated with MD5.
-
11. The method of claim 1, wherein the fail-safe password is an encrypted hash code of a mirror seed value which has been encrypted with a manufacturer'"'"'s private key.
-
12. A computer system having security capabilities enabled by a computer system generated internal hash value, the computer system comprising:
-
a system bus;
a processor coupled to the system bus;
a mass storage device coupled to the system bus; and
security code stored in a processor readable medium for causing the processor to perform the steps of;
securely generating the internal hash value within the computer system, wherein the internal hash value is based on a changeable seed value distinct from a previous fail-safe password;
providing a fail-safe password to the computer system;
decrypting the fail-safe password using a public key corresponding to a private key to provide an external hash value;
comparing the internal hash value to the external hash value;
changing the seed value to a next seed value when the internal hash value equals the external hash value; and
permitting the user to access the computer system when the internal hash value equals the external hash value. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
obtaining the fail-safe password from a manufacturer, the manufacturer maintaining a mirror seed value that corresponds to the changeable seed value.
-
-
15. The computer system of claim 14, wherein the step of providing the fail-safe password to the computer system further comprises:
communicating the fail-safe password to the user by the manufacturer after the user'"'"'s identity is validated, the fail-safe password being entered into the computer system by the user through a locally connected keyboard.
-
16. The computer system of claim 12, wherein the step of providing the fail-safe password to the computer system further comprises:
obtaining the fail-safe password from a site administrator, the administrator maintaining a mirror seed value, the mirror seed value corresponding to the changeable seed value.
-
17. The computer system of claim 12, wherein the seed value includes a fixed portion.
-
18. The computer system of claim 17, wherein the fixed portion includes the computer system serial number.
-
19. The computer system of claim 12, wherein the step of permitting the user to access the computer system further comprises:
allowing a new power-up password to be entered upon boot-up if the internal and external hash values are the same.
-
20. The computer system of claim 12, wherein the external and internal hash values are generated with SHA.
-
21. The computer system of claim 12, wherein the internal and external hash values are generated with MD5.
-
22. The computer system of claim 12, wherein the fail-safe password is an encrypted hash code of the seed value which has been encrypted with a manufacturer'"'"'s private key.
-
23. A method for allowing a user to access a password protected computer system through the use of a fail-safe password, comprising:
-
contacting a manufacturer of the computer system for the fail-safe password;
generating the fail-safe password based on a changeable mirror seed value distinct from a previous fail-safe password;
providing the fail-safe password to the user;
entering the fail-safe password into the computer system; and
changing the mirror seed value when the user is successful in accessing the computer system, wherein the user'"'"'s computer system has its own seed value which is internally changed to the next seed value.
-
Specification