Single-use passwords for smart paper interfaces

US 6,480,958 B1
Filed: 06/01/1998
Issued: 11/12/2002
Est. Priority Date: 06/01/1998
Status: Expired due to Term

First Claim

Patent Images

1. A security control system for remote computers comprising:

a first local input/output device for entering a user name and regular password;

a password generator accessed by the first local input/output device such that the password generator, in response to the user name and regular password, returns to the first input/output device a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information corresponding to the date and time the user name and regular password were entered;

a second local input device for entering the single-use password; and

, a remote computer which receives the single-use password, the remote computer having;

a cache of previously received single-use passwords, wherein the remote computer compares the single-use password to the cache of previously received single-use passwords such that if there is a match further access to the remote computer is denied;

a decryption key, wherein the remote computer uses the decryption key to generate the user name, the representation of the regular password, and the date and time information from the single-use password;

a predetermined date and time threshold, wherein the remote computer compares the date and time generated by the decryption key to the predetermined date and time threshold such that if the date and time generated by the decryption key is older further access to the remote computer is denied; and

, a list of representations of regular passwords with corresponding user names, wherein the remote computer compares the user name and the representation of the regular password generated by the decryption key to the list such that if there is no match further access to the remote computer is denied.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security control system for remote computers includes a first local input/output device for entering a user name and regular password. A password generator (10) returns a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information. A second local input device is used for entering the single-use password. A remote computer (50) receives the single-use password. The remote computer (50) has a cache (76) of previously received single-use passwords. The remote computer (50) compares the single-use password to the cache (76) of previously received single-use passwords. If there is a match further access is denied. Also included is a decryption key (78) which is used to regenerate the user name, the representation of the regular password, and the date and time information. If the date and time is older than a predetermined date and time threshold further access is denied. The remote computer (50) also compares the user name and the representation of the regular password to a stored list (86). If there is no match further access is again denied.

87 Citations

View as Search Results

33 Claims

1. A security control system for remote computers comprising:
- a first local input/output device for entering a user name and regular password;
  
  a password generator accessed by the first local input/output device such that the password generator, in response to the user name and regular password, returns to the first input/output device a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information corresponding to the date and time the user name and regular password were entered;
  
  a second local input device for entering the single-use password; and
  
  , a remote computer which receives the single-use password, the remote computer having;
  
  a cache of previously received single-use passwords, wherein the remote computer compares the single-use password to the cache of previously received single-use passwords such that if there is a match further access to the remote computer is denied;
  
  a decryption key, wherein the remote computer uses the decryption key to generate the user name, the representation of the regular password, and the date and time information from the single-use password;
  
  a predetermined date and time threshold, wherein the remote computer compares the date and time generated by the decryption key to the predetermined date and time threshold such that if the date and time generated by the decryption key is older further access to the remote computer is denied; and
  
  , a list of representations of regular passwords with corresponding user names, wherein the remote computer compares the user name and the representation of the regular password generated by the decryption key to the list such that if there is no match further access to the remote computer is denied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The security control system according to claim 1, wherein the first input/output device is a telephone and the password generator is remotely located.
  - 3. The security control system according to claim 2, wherein the user name and regular password are entered via a numeric keypad of the telephone.
  - 4. The security control system according to claim 2, wherein the user name and regular password are entered verbally and are interpreted via a voice recognition device included in the password generator.
  - 5. The security control system according to claim 2, wherein the single-use password returned by the password generator is returned verbally.
  - 6. The security control system according to claim 2, wherein the single-use password returned by the password generator is returned in hard-copy format via one of a fax and a printer.
  - 7. The security control system according to claim 1, wherein previously entered single-use passwords are deleted from the cache when their date and time information is older than the predetermined date and time threshold.
  - 8. The security control system according to claim 1, wherein representations of the regular passwords are the same as the regular passwords.
  - 9. The security control system according to claim 1, wherein representations of the regular passwords are encrypted versions of the regular passwords.
  - 10. The security control system according to claim 1, wherein the single-use password is entered by having the second local input device read the single-use password from a hard copy thereof.
  - 11. The security control system according to claim 10, wherein the second local input device includes one of a fax machine and a scanner.

12. Method of controlling access to a remote computer from a local device comprising:
- (a) entering information including a user name and a regular password into a password generator;
  
  (b) combining the entered information with date and time information to generate combined data;
  
  (c) encrypting the combined data to generate a single-use password;
  
  (d) inputting the single-use password into the local device;
  
  (e) determining if the single-use password had been previously input;
  
  (i) denying access to the remote computer if it is determined that the single-use password had been previously input;
  
  (f) decrypting the single-use password to generate the combined data;
  
  (g) determining if the date and time information from the combined data is older than a predetermined threshold;
  
  (i) denying access to the remote computer if it is determine that the date and time information from the combined data is older than the predetermined threshold;
  
  (h) determining if entered information from the combined data is valid;
  
  (i) denying access to the remote computer if it is determined that entered information from the combined data is not valid; and
  
  , (i) granting access to the remote computer if access is not otherwise denied.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the step of combining further includes:
14. The method of claim 13, wherein the step of determining if entered information from the combined data is valid further includes:
- comparing the entered user name and encrypted version of the regular password against a list of valid user names and corresponding valid encrypted versions of regular passwords.
15. The method of claim 12, wherein the step of inputting further includes:
- reading the single-use password from a hard copy thereof.
16. The method of claim 12, wherein the step of determining if the single-use password had been previously input further includes:
- comparing the single-use password against a cache of previously input single-use passwords.
17. The method of claim 16, further including:
- deleting from the cache of previously input single-use passwords those which have time and date information older than the predetermined threshold.
18. The method of claim 12, wherein the step of determining if enter information from the combined data is valid further includes:
- encrypting the entered regular password to generate an encrypted version thereof; and
  
  , comparing the entered user name and encrypted version of the regular password against a list of valid user names and corresponding valid encrypted versions of regular passwords.
19. The method of claim 12, wherein the step of entering information further includes:
- entering information via a telephone to a remote location housing the password generator.

20. An access control system for remote devices comprising:
- a first local input/output device for entering authorization information;
  
  a password generator accessed by the first input/output device such that the password generator, in response to the authorization information, returns to the first input/output device a limited-use password which is an encrypted version of a combination of the authorization information with instance-dependent information;
  
  a second local input device for entering the limited-use password; and
  
  , an access controller which receives the limited-use password, wherein the access controller interprets and determines validity of the limited-use password such that access to a remote device is denied for invalid limited-use passwords.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 21. The access control system according to claim 20, wherein the remote device is one of a printer, a copier, and a computer.
  - 22. The access control system according to claim 20, wherein the limited-use password is entered by having the second input device read a hard copy thereof.
  - 23. The access control system according to claim 22, wherein the second input device is one of a fax machine and a scanner.
  - 24. The access control system according to claim 20, wherein the first input/output device is a computer and the password generator is locally located.
  - 25. The access control system according to claim 20, wherein the first input/output device is a telephone and the password generator is remotely located.
  - 26. The access control system according to claim 25, wherein the authorization information is entered via a numeric keypad of the telephone.
  - 27. The access control system according to claim 25, wherein the authorization information is entered verbally and is interpreted via a voice recognition device included in the password generator.
  - 28. The access control system according to claim 20, wherein the authorization information includes a user name and system password.
  - 29. The access control system according to claim 28, wherein the instance-dependent information includes date and time information corresponding to a date and time when the authorization information is entered.
  - 30. The access control system according to claim 29, wherein the encrypted version of the combination of the authorization information with the instance-dependent information is an encrypted version of a combination of the user name, an encrypted version of the system password, and the date and time information.
  - 31. The access control system according to claim 30, wherein the access controller uses the date and time information to determine if the limited-use password is expired.
  - 32. The access control system according to claim 20, wherein the limited-use password is valid for a single use and the access controller uses a cache of previously received limited-use passwords to determine if the limiteduse password has already been entered.
  - 33. The access control system according to claim 20, wherein the limited-use password is valid for a predetermined number of uses and the access controller uses a cache of previously received limited-use passwords to determine if the limited-use password has already been entered more than the predetermined number of times.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xerox Corporation (Xerox Holdings Corp.)
Original Assignee
Xerox Corporation (Xerox Holdings Corp.)
Inventors
Harrington, Steven J.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/088,344
Time in Patent Office

1,625 Days
Field of Search

713/161, 713/168, 713/170, 713/184, 713/200, 713/201, 713/202, 380/255, 380/264
US Class Current

713/184
CPC Class Codes

G06F 21/31 User authentication

Single-use passwords for smart paper interfaces

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Single-use passwords for smart paper interfaces

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links