Computer access via a single-use password

US 6,370,649 B1
Filed: 03/02/1998
Issued: 04/09/2002
Est. Priority Date: 03/02/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method for allowing a user access to a password protected computer system through the use of a fail-safe password, the fail-safe password comprising an external hash value encrypted with an external private key, the method comprising the steps of:

securely generating an internal hash value within the computer system, wherein the internal hash value is based on a changeable seed value distinct from a previous fail-safe password;

providing the fail-safe password to the computer system;

decrypting the fail-safe password using a public key corresponding to the private key to provide the external hash value;

comparing the internal hash value to the external hash value;

changing the seed value to a next seed value when the internal hash value equals the external hash value; and

permitting the user to access the computer system when the internal hash value equals the external hash value.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system according to the present invention implements a self-modifying “fail-safe” password system that allows a manufacturer or site administrator to securely supply a single-use password to users who lose a power-up password. The fail-safe password system utilizes at least one fail-safe counter, an encryption/decryption algorithm, a public key, and a secure non-volatile memory space. The fail-safe password is derived by generating a hash code using SHA, MD5,or a similar algorithm and encrypting the result. The fail-safe password is then communicated to the user. After the user enters the fail-safe password, the computer system generates an internal hash value and compares it with the hash code of the decrypted fail-safe password. When the decrypted fail-safe password matches the internal hash value, the user is allowed access to the computer system.

Citations

23 Claims

1. A method for allowing a user access to a password protected computer system through the use of a fail-safe password, the fail-safe password comprising an external hash value encrypted with an external private key, the method comprising the steps of:
- securely generating an internal hash value within the computer system, wherein the internal hash value is based on a changeable seed value distinct from a previous fail-safe password;
  
  providing the fail-safe password to the computer system;
  
  decrypting the fail-safe password using a public key corresponding to the private key to provide the external hash value;
  
  comparing the internal hash value to the external hash value;
  
  changing the seed value to a next seed value when the internal hash value equals the external hash value; and
  
  permitting the user to access the computer system when the internal hash value equals the external hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the seed value is a count produced by a fail-safe counter that represents the number of times the fail-safe password has been utilized to regain access to the computer system, the fail-safe counter being incremented when the internal hash value equals the external hash value.
  - 3. The method of claim 1, wherein the step of providing the fail-safe password to the computer system further comprises:
4. The method of claim 3, wherein the step of providing the fail-safe password to the computer system further comprises:
- communicating the fail-safe password to the user by the manufacturer after the user'"'"'s identity is validated, the fail-safe password being entered into the computer system by the user through a locally connected keyboard.
5. The method of claim 1, wherein the step of providing the fail-safe password to the computer system further comprises:
- obtaining the fail-safe password from a site administrator, the administrator maintaining a mirror seed value, the mirror seed value corresponding to the changeable seed value.
6. The method of claim 1, wherein the seed value includes a fixed portion.
7. The method of claim 6, wherein the fixed portion of the seed value includes the computer system serial number.
8. The method of claim 1, wherein the step of permitting the user to access the computer system further comprises:
- allowing a new power-up password to be entered upon boot-up if the internal and external hash values are the same.
9. The method of claim 1, wherein the external and internal hash values are generated with SHA.
10. The method of claim 1, wherein the external and internal hash values are generated with MD5.
11. The method of claim 1, wherein the fail-safe password is an encrypted hash code of a mirror seed value which has been encrypted with a manufacturer'"'"'s private key.

12. A computer system having security capabilities enabled by a computer system generated internal hash value, the computer system comprising:
- a system bus;
  
  a processor coupled to the system bus;
  
  a mass storage device coupled to the system bus; and
  
  security code stored in a processor readable medium for causing the processor to perform the steps of;
  
  securely generating the internal hash value within the computer system, wherein the internal hash value is based on a changeable seed value distinct from a previous fail-safe password;
  
  providing a fail-safe password to the computer system;
  
  decrypting the fail-safe password using a public key corresponding to a private key to provide an external hash value;
  
  comparing the internal hash value to the external hash value;
  
  changing the seed value to a next seed value when the internal hash value equals the external hash value; and
  
  permitting the user to access the computer system when the internal hash value equals the external hash value.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer system of claim 12, wherein the seed value is a count produced by a fail-safe counter that represents the number of times the fail-safe password has been utilized to regain access to the computer system, the fail-safe counter being incremented when the internal hash value equals the external hash value.
  - 14. The computer system of claim 12, wherein the step of providing the fail-safe password to the computer system further comprises:
15. The computer system of claim 14, wherein the step of providing the fail-safe password to the computer system further comprises:
- communicating the fail-safe password to the user by the manufacturer after the user'"'"'s identity is validated, the fail-safe password being entered into the computer system by the user through a locally connected keyboard.
16. The computer system of claim 12, wherein the step of providing the fail-safe password to the computer system further comprises:
- obtaining the fail-safe password from a site administrator, the administrator maintaining a mirror seed value, the mirror seed value corresponding to the changeable seed value.
17. The computer system of claim 12, wherein the seed value includes a fixed portion.
18. The computer system of claim 17, wherein the fixed portion includes the computer system serial number.
19. The computer system of claim 12, wherein the step of permitting the user to access the computer system further comprises:
- allowing a new power-up password to be entered upon boot-up if the internal and external hash values are the same.
20. The computer system of claim 12, wherein the external and internal hash values are generated with SHA.
21. The computer system of claim 12, wherein the internal and external hash values are generated with MD5.
22. The computer system of claim 12, wherein the fail-safe password is an encrypted hash code of the seed value which has been encrypted with a manufacturer'"'"'s private key.

23. A method for allowing a user to access a password protected computer system through the use of a fail-safe password, comprising:
- contacting a manufacturer of the computer system for the fail-safe password;
  
  generating the fail-safe password based on a changeable mirror seed value distinct from a previous fail-safe password;
  
  providing the fail-safe password to the user;
  
  entering the fail-safe password into the computer system; and
  
  changing the mirror seed value when the user is successful in accessing the computer system, wherein the user'"'"'s computer system has its own seed value which is internally changed to the next seed value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Waldorf, Richard O., Angelo, Michael F., Le, Hung Q., Heinrich, David F.
Primary Examiner(s)
DeCady, Albert
Assistant Examiner(s)
Callahan, Paul E.

Application Number

US09/033,192
Time in Patent Office

1,499 Days
Field of Search

713/183, 713/184, 713/182, 713/1, 713/100, 713/200, 380/249, 380/247, 235/382, 235/382.5
US Class Current

726/18
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2131 Lost password, e.g. recover...

Computer access via a single-use password

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Computer access via a single-use password

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links