Method and system for password protection of a data processing system that permit a user-selected password to be recovered

US 6,668,323 B1
Filed: 03/03/1999
Issued: 12/23/2003
Est. Priority Date: 03/03/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method within a data processing system for providing password protection for a resource protected by a password that may be user selected, said method comprising:

storing an access password and an encryption key unique to said resource in non-volatile storage at a data processing system, wherein said encryption key is at least partially derived from unique information associated with said resource;

in response to receipt of an attempted access password at said data processing system, allowing access to said resource if said attempted access password matches said stored access password;

in response to an indication that said access password has been forgotten, outputting an encrypted access password generated at said data processing system from said stored access password utilizing said encryption key; and

thereafter, recovering said access password from said encrypted access password and said unique information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system-based password protection system protects a resource with an access password that may be user selected. The access password and an encryption key unique to the resource are stored in non-volatile storage at a data processing system, where the encryption key is at least partially derived from unique information associated with the resource. In response to receipt of an attempted access password at the data processing system, access to the resource is permitted if the attempted access password matches the stored access password. However, in response to an indication that the access password has been forgotten, an encrypted access password generated at the data processing system from the stored access password utilizing the encryption key is output from the data processing system. The access password can thereafter be recovered from the encrypted access password and the unique information.

155 Citations

20 Claims

1. A method within a data processing system for providing password protection for a resource protected by a password that may be user selected, said method comprising:
- storing an access password and an encryption key unique to said resource in non-volatile storage at a data processing system, wherein said encryption key is at least partially derived from unique information associated with said resource;
  
  in response to receipt of an attempted access password at said data processing system, allowing access to said resource if said attempted access password matches said stored access password;
  
  in response to an indication that said access password has been forgotten, outputting an encrypted access password generated at said data processing system from said stored access password utilizing said encryption key; and
  
  thereafter, recovering said access password from said encrypted access password and said unique information.
- View Dependent Claims (2, 3, 4, 5, 6, 17, 18)
- - 2. The method of claim 1, and further comprising deriving said encryption key from a control password and said unique information utilizing a non-reversible hashing algorithm.
  - 3. The method of claim 2, wherein recovering said password comprises:
4. The method of claim 1, wherein said unique information is a serial number of said data processing system.
5. The method of claim 1, wherein said data processing system is a first data processing system, and wherein said step of outputting an encrypted access password comprises outputting said encrypted access password to a second data processing system utilized to recover said access password.
6. The method of claim 1, and further comprising:
- in response to entry of said recovered access password into said data processing system, requiring a user to change said access password stored within said non-volatile storage.
17. The method of claim 5, wherein said steps of storing and allowing access are performed by said first data processing system.
18. The method of claim 17, wherein said step of allowing access comprises allowing access in response to user entry of said access password.

7. A password protection system for a resource, said password protection system comprising:
- a data processing system that protects access to said resource by requiring entry of an access password to obtain access to said resource, said data processing system including non-volatile storage that stores an access password and an encryption key unique to said resource, wherein said encryption key is at least partially derived from unique information associated with said resource, and wherein said data processing system outputs an encrypted access password generated at said data processing system from said stored access password utilizing said encryption key in response to an indication that said access password has been forgotten, such that said access password can be recovered from said encrypted access password and said unique information without advance knowledge of said access password.
- View Dependent Claims (8, 9, 10, 11, 19)
- - 8. The password protection system of claim 7, wherein said encryption key is derived from a control password and said unique information utilizing a non-reversible hashing algorithm.
  - 9. The password protection system of claim 8, wherein said data processing system is a first data processing system, said password protection system further comprises a second data processing system that again derives said encryption key from said control password and said unique information and utilizes said encryption key to decrypt said encrypted access password output by said first data processing system, such that said access password is recovered.
  - 10. The password protection system of claim 7, wherein said unique information is a serial number of said data processing system.
  - 11. The password protection system of claim 7, wherein said data processing system requires a user to change said access password stored within said non-volatile storage in response to entry of said recovered access password into said data processing system.
  - 19. The password protection system of claim 7, wherein said data processing system allows access to said response in response to user entry of said access password.

12. A program product, comprising:
- a data processing system usable medium; and
  
  password protection software, embodied within said data processing system usable medium, that protects access to a resource by requiring entry of an access password into a data processing system to obtain access to said resource, wherein said password protection program derives an encryption key unique to said resource at least partially from unique information associated with said resource, said password protection program outputting an encrypted access password generated utilizing said encryption key in response to an indication that said access password has been forgotten, such that said access password can be recovered from said encrypted access password and said unique information without advance knowledge of said access password.
- View Dependent Claims (13, 14, 15, 16, 20)
- - 13. The program product of claim 12, wherein said password protection software derives said encryption key from a control password and said unique information utilizing a non-reversible hashing algorithm.
  - 14. The program product of claim 13, said password protection software further comprising password recovery software that again derives said encryption key from said control password and said unique information and utilizes said encryption key to decrypt said encrypted access password output by said first data processing system, such that said access password is recovered.
  - 15. The program product of claim 12, wherein said unique information is a serial number of said data processing system.
  - 16. The program product of claim 12, wherein password protection software requires a user to change said access password in response to entry of a recovered access password into said data processing system.
  - 20. The program product of claim 12, wherein said password protection software allows access to said response in response to user entry of said access password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peyravian, Mohammad, Challener, David Carroll, Resnick, Russell Alan
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Fields, Courtney D.

Application Number

US09/262,124
Time in Patent Office

1,756 Days
Field of Search

713/183, 713/182, 713/202, 380/286
US Class Current

713/183
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2131 Lost password, e.g. recover...

Method and system for password protection of a data processing system that permit a user-selected password to be recovered

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

155 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for password protection of a data processing system that permit a user-selected password to be recovered

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links