Securely generating a computer system password by utilizing an external encryption algorithm
First Claim
1. A method for securely generating a system password in a computer system incorporating circuitry for communicating with an external token that includes a cryptographic algorithm and an encryption key, the computer system further incorporating a secure power-on process or other secure operating mode, the method comprising the steps of:
- providing a user password to the computer system;
communicatively coupling the external token to the computer system;
providing the user password to the cryptographic algorithm stored in the token; and
encrypting the user password with the cryptographic algorithm and the encryption key to produce a system password.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for generating system passwords derived from an external encryption algorithm and plain text user passwords entered during a secure power-on procedure. At some point during the secure power-up procedure, the computer system checks for the presence of an external token or smart card that is coupled to the computer through specialized hardware. The token or smart card is used to store an encryption algorithm furnished with an encryption key that is unique or of limited production. Following detection of the external token, the computer user is required to enter a user password. The user password is encrypted using the encryption algorithm contained in the external token, thereby creating a system password. The system password is then compared to a value stored in secure memory. If the two values match, the power-on sequence is completed and the user is allowed access to the computer system or individually secured resources. The two-piece nature of the authorization process requires the presence of both the user password and the external token in order to generate the system password.
68 Citations
23 Claims
-
1. A method for securely generating a system password in a computer system incorporating circuitry for communicating with an external token that includes a cryptographic algorithm and an encryption key, the computer system further incorporating a secure power-on process or other secure operating mode, the method comprising the steps of:
-
providing a user password to the computer system;
communicatively coupling the external token to the computer system;
providing the user password to the cryptographic algorithm stored in the token; and
encrypting the user password with the cryptographic algorithm and the encryption key to produce a system password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
comparing the system password with a stored system password value; and
permitting further computer system operations if the system password matches the stored system password value.
-
-
3. The method of claim 1, wherein said step of providing a user password to the computer system is performed while the computer system is in a secure period of operation.
-
4. The method of claim 3, wherein the secure period of operation includes a secure power-up procedure.
-
5. The method of claim 1, wherein said step of encrypting the user password with the cryptographic algorithm and the encryption key occurs in the token.
-
6. The method of claim 5, further comprising the step of communicating the system password from the token to the computer system.
-
7. The method of claim 1, wherein said step of providing the user password to the cryptographic algorithm comprises downloading both the cryptographic algorithm and the user password to secure computer memory, and wherein said step of encrypting the user password with the cryptographic algorithm and the encryption key occurs in secure computer memory.
-
8. The method of claim 1, wherein the token is a smart card.
-
9. The method of claim 1, wherein the token is a Touch Memory™
- device.
-
10. The method of claim 1, wherein the encryption key is unique or of limited production.
-
11. The method of claim 1 wherein the cryptographic algorithm is based on secret key technology.
-
12. The method of claim 11 wherein the cryptographic algorithm is DES.
-
13. The method of claim 1 wherein the cryptographic algorithm is an asymmetric algorithm.
-
14. The method of claim 13 wherein the cryptographic algorithm is RSA.
-
15. The method of claim 13 wherein the cryptographic algorithm is an elliptic-curve based algorithm.
-
16. A computer system having security capabilities that operate in conjunction with an external token containing a cryptographic algorithm and an encryption key, comprising:
-
a system bus;
a processor coupled to said system bus;
communication circuitry coupled to said processor for communicating with the external token; and
power-on code stored in a processor readable medium for causing the processor, on power-on, to perform the steps of;
receiving a user password;
providing the user password to the external token; and
receiving a system password from the external token, wherein the system password is an encrypted version of the user password. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification
-
- Resources
-
Current AssigneeHewlett-Packard Development Company, L.P. (HP Inc.)
-
Original AssigneeCompaq Computer Corporation (HP Inc.)
-
InventorsAngelo, Michael F.
-
Primary Examiner(s)PEESO, THOMAS R
-
Assistant Examiner(s)PEESO, THOMAS R
-
Application NumberUS08/766,267Time in Patent Office1,999 DaysField of Search380/23, 380/24, 380/9, 380/25, 380/4, 705/44, 705/18, 235/380, 395/187.01, 395/188.01US Class Current380/255CPC Class CodesG06F 21/31 User authenticationG06F 21/34 involving the use of extern...G06F 21/575 Secure bootG06F 21/77 in smart cardsG06F 21/81 by operating on the power s...G06F 2211/007 Encryption, En-/decode, En-...G06F 2211/1097 Boot, Start, Initialise, Power
