Single-use passwords for smart paper interfaces
First Claim
1. A security control system for remote computers comprising:
- a first local input/output device for entering a user name and regular password;
a password generator accessed by the first local input/output device such that the password generator, in response to the user name and regular password, returns to the first input/output device a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information corresponding to the date and time the user name and regular password were entered;
a second local input device for entering the single-use password; and
, a remote computer which receives the single-use password, the remote computer having;
a cache of previously received single-use passwords, wherein the remote computer compares the single-use password to the cache of previously received single-use passwords such that if there is a match further access to the remote computer is denied;
a decryption key, wherein the remote computer uses the decryption key to generate the user name, the representation of the regular password, and the date and time information from the single-use password;
a predetermined date and time threshold, wherein the remote computer compares the date and time generated by the decryption key to the predetermined date and time threshold such that if the date and time generated by the decryption key is older further access to the remote computer is denied; and
, a list of representations of regular passwords with corresponding user names, wherein the remote computer compares the user name and the representation of the regular password generated by the decryption key to the list such that if there is no match further access to the remote computer is denied.
7 Assignments
0 Petitions
Accused Products
Abstract
A security control system for remote computers includes a first local input/output device for entering a user name and regular password. A password generator (10) returns a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information. A second local input device is used for entering the single-use password. A remote computer (50) receives the single-use password. The remote computer (50) has a cache (76) of previously received single-use passwords. The remote computer (50) compares the single-use password to the cache (76) of previously received single-use passwords. If there is a match further access is denied. Also included is a decryption key (78) which is used to regenerate the user name, the representation of the regular password, and the date and time information. If the date and time is older than a predetermined date and time threshold further access is denied. The remote computer (50) also compares the user name and the representation of the regular password to a stored list (86). If there is no match further access is again denied.
-
Citations
33 Claims
-
1. A security control system for remote computers comprising:
-
a first local input/output device for entering a user name and regular password;
a password generator accessed by the first local input/output device such that the password generator, in response to the user name and regular password, returns to the first input/output device a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information corresponding to the date and time the user name and regular password were entered;
a second local input device for entering the single-use password; and
,a remote computer which receives the single-use password, the remote computer having;
a cache of previously received single-use passwords, wherein the remote computer compares the single-use password to the cache of previously received single-use passwords such that if there is a match further access to the remote computer is denied;
a decryption key, wherein the remote computer uses the decryption key to generate the user name, the representation of the regular password, and the date and time information from the single-use password;
a predetermined date and time threshold, wherein the remote computer compares the date and time generated by the decryption key to the predetermined date and time threshold such that if the date and time generated by the decryption key is older further access to the remote computer is denied; and
,a list of representations of regular passwords with corresponding user names, wherein the remote computer compares the user name and the representation of the regular password generated by the decryption key to the list such that if there is no match further access to the remote computer is denied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. Method of controlling access to a remote computer from a local device comprising:
-
(a) entering information including a user name and a regular password into a password generator;
(b) combining the entered information with date and time information to generate combined data;
(c) encrypting the combined data to generate a single-use password;
(d) inputting the single-use password into the local device;
(e) determining if the single-use password had been previously input;
(i) denying access to the remote computer if it is determined that the single-use password had been previously input;
(f) decrypting the single-use password to generate the combined data;
(g) determining if the date and time information from the combined data is older than a predetermined threshold;
(i) denying access to the remote computer if it is determine that the date and time information from the combined data is older than the predetermined threshold;
(h) determining if entered information from the combined data is valid;
(i) denying access to the remote computer if it is determined that entered information from the combined data is not valid; and
,(i) granting access to the remote computer if access is not otherwise denied. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
encrypting the regular password prior to combining such that the combined data generated includes the entered user name, an encrypted version of the entered regular password, and the date and time information.
-
-
14. The method of claim 13, wherein the step of determining if entered information from the combined data is valid further includes:
comparing the entered user name and encrypted version of the regular password against a list of valid user names and corresponding valid encrypted versions of regular passwords.
-
15. The method of claim 12, wherein the step of inputting further includes:
reading the single-use password from a hard copy thereof.
-
16. The method of claim 12, wherein the step of determining if the single-use password had been previously input further includes:
comparing the single-use password against a cache of previously input single-use passwords.
-
17. The method of claim 16, further including:
deleting from the cache of previously input single-use passwords those which have time and date information older than the predetermined threshold.
-
18. The method of claim 12, wherein the step of determining if enter information from the combined data is valid further includes:
-
encrypting the entered regular password to generate an encrypted version thereof; and
,comparing the entered user name and encrypted version of the regular password against a list of valid user names and corresponding valid encrypted versions of regular passwords.
-
-
19. The method of claim 12, wherein the step of entering information further includes:
entering information via a telephone to a remote location housing the password generator.
-
20. An access control system for remote devices comprising:
-
a first local input/output device for entering authorization information;
a password generator accessed by the first input/output device such that the password generator, in response to the authorization information, returns to the first input/output device a limited-use password which is an encrypted version of a combination of the authorization information with instance-dependent information;
a second local input device for entering the limited-use password; and
,an access controller which receives the limited-use password, wherein the access controller interprets and determines validity of the limited-use password such that access to a remote device is denied for invalid limited-use passwords. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification