Secure user authentication from personal computer

US 5,210,795 A
Filed: 01/10/1992
Issued: 05/11/1993
Est. Priority Date: 01/10/1992
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating a user possessing a storage medium for a computing machine having memory, the storage medium tangibly embodying machine executable instructions, a password for the user, and an encrypted long-term secret for the user, the method comprising the steps of:

(a) receiving from the user the storage medium and booting the computing machine from machine executable instructions thereon;

(b) receiving from the user a password;

(c) initiating a one-way hash of the password according to machine executable instructions embodied on the storage medium; and

(d) decrypting the user'"'"'s encrypted long-term secrete using the hashed password as an decryption key thereby authenticating the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating a human user on a personal computer without requiring the user to expose his password or authentication secret to the personal computer of a server. Also a method for protecting a floppy disk with login software from unauthorized use.

205 Citations

14 Claims

1. A method for authenticating a user possessing a storage medium for a computing machine having memory, the storage medium tangibly embodying machine executable instructions, a password for the user, and an encrypted long-term secret for the user, the method comprising the steps of:
- (a) receiving from the user the storage medium and booting the computing machine from machine executable instructions thereon;
  
  (b) receiving from the user a password;
  
  (c) initiating a one-way hash of the password according to machine executable instructions embodied on the storage medium; and
  
  (d) decrypting the user'"'"'s encrypted long-term secrete using the hashed password as an decryption key thereby authenticating the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the storage medium is received by a powered down computing machine.
  - 3. The method of claim 1 further comprising the step of:
    - (a) determining whether the user'"'"'s storage medium is write protected; and
      
      (b) if so, clearing the password from the computing machine'"'"'s memory, terminating the hash of the password, and halting the computing machine'"'"'s operations.
  - 4. The method of claim 1 further comprising the step of writing to the user'"'"'s storage medium the number of passwords entered.
  - 5. The method of claim 4 further including the step of halting the computing machine'"'"'s operations when the number of passwords entered exceeds a preselected number.
  - 6. The method of claim 1 wherein the computing machine'"'"'s memory contains an operating system and the user'"'"'s storage medium contains a list of acceptable values representing acceptable operating system files, the method further comprising the steps of:
    - (a) computing a value as a specified function of the operating system file of the computing machine;
      
      (b) comparing the computed value to the list of acceptable values; and
      
      (c) advising the user if the calculated value does not match any of the values on the list of values representing acceptable operating systems.
  - 7. The method of any one of claims 1-6 wherein the storage medium is a floppy disk.

8. A security device for authenticating a user on a computer, the security device comprising a machine-readable storage medium on which is recorded:
- (a) a machine readable embodiment of the user'"'"'s long term private encryption key, wherein the private encryption key is encrypted under a key consisting of a slow hash of the user'"'"'s password;
  
  (b) a first group of trusted machine executable instructions for carrying out cryptographic calculations; and
  
  (c) a second group of trusted machine executable instructions for performing a slow hash of received passwords.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The security device of claim 8 further comprising a machine readable representation of the public key of the user'"'"'s certifying authority.
  - 10. The security device of claim 8 further comprising a machine readable representation of the time of the user'"'"'s last login.
  - 11. The security device of claim 8 further comprising a machine readable representation of the number of incorrect passwords entered.
  - 12. The security device of claim 8 further comprising a machine readable representation of a list of names and message digests of acceptable operating system images which the user is willing to boot the computer with.
  - 13. The security device of claim 8 wherein the security device is a floppy disk.

14. A security device for authenticating a user on a computer, the user having a public and private key and a certifying authority, comprising a floppy disk containing a machine readable representation of:
- (a) the user'"'"'s long term secret, a private key encrypted under a key consisting of a slow hash of a password known only to the user;
  
  (b) the public key of the user'"'"'s certifying authority;
  
  (c) the time of the user'"'"'s last login;
  
  (d) the number of incorrect passwords entered;
  
  (e) a first machine executable trusted program that can carry out cryptographic calculations and authentications;
  
  (f) a second machine executable trusted program that can carry out a slow hash of a password and a trusted message program; and
  
  (g) a list of names and message digests of acceptable operating system images with which the user is willing to boot the personal computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Gasser, Morrie, Lampson, Butler W., Lipner, Steven B.
Primary Examiner(s)
Swann, Tod R.

Application Number

US07/818,855
Time in Patent Office

487 Days
Field of Search

380/3, 380/4, 380/21, 380/22, 380/23, 380/24, 380/25, 380/28, 380/30, 395/425, 395/725, 364/975.2, 364/976
US Class Current

713/187
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2107   File encryption

H04L 2209/605   Copy protection

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Secure user authentication from personal computer

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

205 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure user authentication from personal computer

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links