Determining whether to grant access to a passcode protected system
First Claim
Patent Images
1. A method comprising:
- after a registration process is complete, receiving at a machine a request for access from a user, the request including a user-generated passcodethat is valid temporarily, andthat is generated by applying at least one function at least one time to information associated with the user;
in response to the receiving the user-generated passcode, generating, via the machine, which runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator encrypting a current passcode generator derived by the automated administrator retrieving a prior passcode generator from a storage area of a storage unit and, in response to a prior attempted access being permitted, applying at least one function at least one time to perturb the prior passcode generator, and saving results of applying of the at least one function as the current passcode generator, the current passcode generator being the prior passcode generator being associated with the user; and
determining whether a current attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match, and if the user generated passcode matches the administrator generated passcode granting the request for access.
1 Assignment
0 Petitions
Accused Products
Abstract
The security of an entity is protected by using passcodes. A passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator.
86 Citations
24 Claims
-
1. A method comprising:
-
after a registration process is complete, receiving at a machine a request for access from a user, the request including a user-generated passcode that is valid temporarily, and that is generated by applying at least one function at least one time to information associated with the user; in response to the receiving the user-generated passcode, generating, via the machine, which runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator encrypting a current passcode generator derived by the automated administrator retrieving a prior passcode generator from a storage area of a storage unit and, in response to a prior attempted access being permitted, applying at least one function at least one time to perturb the prior passcode generator, and saving results of applying of the at least one function as the current passcode generator, the current passcode generator being the prior passcode generator being associated with the user; and determining whether a current attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match, and if the user generated passcode matches the administrator generated passcode granting the request for access. - View Dependent Claims (2, 6, 7, 8, 9, 10, 11, 18)
-
-
3. A method comprising:
-
generating, via a machine, at least one passcode that is valid temporarily, wherein the passcode is based on information associated with a user by being based on a passcode generator that is based the information associated with the user; the generating including at least retrieving at least one passcode generator from a storage unit associated with the machine; the machine generating the at least one passcode from the at least one passcode generator, the at least one passcode that was generated will be referred to as the at least one passcode generated; and determining whether an attempted access is permitted, based on the passcode generated, by at least determining whether the at least one passcode generated matches a passcode received; if the at least one passcode generated matches the passcode received, granting the user access to a secure entity, perturbing one passcode generator of the at least one passcode generator to create a new passcode generator, and storing the new passcode generator in place of the at least one passcode generator; wherein the information is a fingerprint.
-
-
4. A method comprising:
-
generating, via a machine, a passcode that is valid temporarily, wherein the passcode is based on information associated with a user; determining whether an attempted access is permitted, based on the passcode, by at least determining whether the passcode generated matches a passcode received, which is a passcode that was received by the machine; if there is a match, permitting the attempted access; wherein the generating of the passcode includes at least; retrieving a prior passcode generator from a storage unit associated with the machine; generating a current passcode generator by at least perturbing the prior passcode generator, which is based on the information; and generating the passcode from the current passcode generator, the passcode being based on the information by being based on the current passcode generator, which is derived from the prior passcode generator, which is based on the information, the current passcode generator having been stored in place of the prior passcode generator as a result of an attempted access being permitted; wherein the current passcode generator is only temporarily valid.
-
-
5. A method comprising:
-
generating, via a machine, a passcode that is valid temporarily, wherein the passcode is based on information associated with a user, the passcode will be referred to as a passcode generated; and determining whether an attempted access is permitted, based on the passcode generated, by at least determining whether the passcode generated matches a passcode received; wherein the generating of the passcode generated includes at least generating a current passcode generator based on the information, the passcode being based on the information by being based on the passcode generator that is associated with the information; and generating the passcode from the current passcode generator; the method further including at least if it is determined that the passcode generated matches the passcode received, granting access to the user; applying a function to the current passcode generator to generate a new passcode generator; and storing the new passcode generator in place the current passcode generator. - View Dependent Claims (23)
-
-
12. A method comprising:
-
receiving at a machine a passcode from a user; retrieving at least one passcode generator from a storage unit associated with the machine; generating at least one passcode from the at least one passcode generator; determining whether the at least one passcode of the at least one passcode generated matches the passcode received; if the one passcode matches the passcode received, granting the user access to a secure entity, perturbing the at least one passcode generator of the at least one passcode generator to create a new passcode generator, and storing the new passcode generator in place of the at least one passcode generator. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
19. A method comprising:
-
after a registration process is complete, receiving a request for access at a machine, from a user via a user device, the request including a first user-generated passcode that is valid temporarily, and that is generated by encrypting a second user-generated passcode generated by applying at least one function at least one time to information associated with the user; generating, via the machine which runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator encrypting a current passcode generator derived by the automated administrator applying at least one function at least one time to a prior passcode generator that is associated with the user, and storage the current passcode generator in place of the prior passcode generator in a storage unit associated with the machine; and determining whether an attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match;
if there is a match, granting the request for access;
the generating of the administrator-generated passcode is repeated according to a random schedule that is independent of user requests, and every time the generating is repeated the passcode that is generated is a new passcode.
-
-
20. A method comprising:
-
generating, via a machine, a passcode that is valid temporarily, wherein the passcode is based on information associated with a user, the passcode will be referred to as the passcode generated; and determining whether an attempted access is permitted, based on the passcode generated, by at least determining whether the passcode generated and a passcode received match; wherein the generating of the passcode includes at least generating a current passcode generator based on the information; and generating the passcode from the passcode generator, the generating of the passcode from the passcode generator is performed by applying a function to the passcode generator, the function being such that determining the passcode generator based on the passcode is expected to require a number of computation steps that would likely be required to determine the generator passcode by guessing; if the passcode generated matches the passcode received, permitting the attempted access; generating a new passcode generator by applying a function to perturb the current passcode generator; and
storing the new passcode generator in place of the current passcode generator in a storage unit associated with the machine.
-
-
21. A method comprising:
-
generating, via a machine, a passcode that is valid temporarily, wherein the passcode is generated form a current passcode generator that is an encryption that is performed by at least performing one application of a function to perturb an encryption of information associated with a user, the passcode being valid for only a short enough period of time so that the passcode is expected to be unlikely to be useful to someone that intercepts the passcode; determining whether an attempted access is permitted based on the passcode;
thepasscode is referred to as the passcode generated, the determining includes at least determining whether the passcode generated matches the passcode received; if the passcode generated matches the passcode received, permitting the attempted access; generating a new passcode generator by at least perturbing the current passcode generator; and storing the new passcode generator in place of the current passcode generator.
-
-
22. A method comprising:
-
receiving a request for access including a passcode, which will be referred to as a passcode received; in response to a request for access, generating, via a machine, a passcode, which will be referred to as a passcode generated, the passcode received being valid temporarily, wherein the passcode received is based on information associated with a user, but the information associated with the user is expected not to be determinable based on the passcode received, the passcode generated for a current attempted access being different than the passcodes generated for prior attempted accesses; and also in response to the receiving of the request for access, determining whether an attempted access is permitted based on the request for access, which includes determining whether the passcode generated matches the passcode received; if the passcode generated matches the passcode received, granting the request for access the generating of the passcode generated being performed by at least generating the passcode generated from a current passcode generator, the current passcode generator being based on the information, and the passcode generated being based on the information by being based on the current passcode generator; the method further including at least generating a new passcode from the current passcode; and
storing the new passcode in place of the current passcode in a storage unit associated with the machine.
-
-
24. A method comprising:
-
after a registration process is complete, receiving a request for access, from a user, the request including a first user-generated passcode that is valid temporarily, and that is generated based on information associated with the user; in response to the receiving of the user-generated passcode, generating, via a machine that runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator based on information associated with the user by at least the automated administrator generating the administrator generated passcode from a current passcode generator that is based on the information; and determining whether an attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match; if the user-generated passcode and the administrator-generated passcode match permitting the attempted access; generating a new passcode generator from the current passcode generator; and storing the new passcode generator in place of the current passcode generator in a storage unit associated with the machine.
-
Specification