Method and system for authentication over a distributed service to limit password compromise

US 6,006,334 A
Filed: 05/01/1997
Issued: 12/21/1999
Est. Priority Date: 05/01/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling access to a distributed service to one user at any one time with a same password, comprising the steps of:

allowing a user initial access to the distributed service with a user identification, a password and an additional initial random factor created by said user for a unique record registration in a user record;

creating a user record containing the user identification, the password and the initial random factor;

receiving a subsequent request to access the distributed service utilizing the user identification, the password and a subsequent random factor;

accessing the user record corresponding to the user identification of the subsequent request; and

restricting use of the distributed service to said user during a subsequent request to access the distributed service with said user identification based on the accessed user identification, the password and said initial random factor contained in the user record.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

No more than one user at any one time is allowed to access a distributed service for each User ID and password. A user is allowed initial access to the distributed service with a password. The use of the distributed service is then restricted to the user upon entering the password plus a random factor created by the user. A user record is created as a unique recorded registration.

108 Citations

27 Claims

1. A method of controlling access to a distributed service to one user at any one time with a same password, comprising the steps of:
- allowing a user initial access to the distributed service with a user identification, a password and an additional initial random factor created by said user for a unique record registration in a user record;
  
  creating a user record containing the user identification, the password and the initial random factor;
  
  receiving a subsequent request to access the distributed service utilizing the user identification, the password and a subsequent random factor;
  
  accessing the user record corresponding to the user identification of the subsequent request; and
  
  restricting use of the distributed service to said user during a subsequent request to access the distributed service with said user identification based on the accessed user identification, the password and said initial random factor contained in the user record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - using an expiration date to remove said user record.
  - 3. The method of claim 2, further comprising:
    - allowing a visiting server to update said expiration date.
  - 4. The method of claim 3, further comprising:
    - prior to removing said user record due to said expiration date, checking to see if said user is accessing said visiting server; and
      
      if said user is accessing said visiting server, updating said expiration date in order to void removal of said user record.
  - 5. The method of claim 1, further comprising:
    - encrypting said initial random factor.
  - 6. The method of claim 1, further comprising:
    - storing said user record at a central database to record registration with a visiting server using said password plus said initial random factor.
  - 7. The method of claim 1, further comprising:
    - allowing a visiting server to remove said user record.
  - 8. The method of claim 1, further comprising the step of rejecting the subsequent request if the random factor provided in the subsequent request does not match the random factor contained in the user record.
  - 9. A method according to claim 1, further comprising the step of invoking a Duplication Handler when said subsequent request presents a subsequent random factor that does not match the initial random factor contained in the user record, wherein said Duplication Handler ensures that access to the distributed service in response to the subsequent request is limited to the services provided during the initial access.

10. A system for controlling access to a distributed service to one user at any one time with a same password, comprising:
- means for allowing a user initial access to the distributed service with a user identification, a password and an additional initial random factor created by said user for a unique record registration in a user record;
  
  means for creating a user record containing the user identification, the password and the initial random factor;
  
  means for receiving a subsequent request to access the distributed service utilizing the user identification, the password and a subsequent random factor;
  
  means for accessing the user record corresponding to the user identification of the subsequent request; and
  
  means for restricting use of the distributed service to said user during a subsequent request to access the distributed service with said user identification based on the accessed user identification, the password and said initial random factor contained in the user record.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, further comprising:
    - means for using an expiration date to remove said user record.
  - 12. The system of claim 11, further comprising:
    - means for allowing a visiting server to update said expiration date.
  - 13. The system of claim 12, further comprising:
    - prior to removing said user record due to said expiration date, means for checking to see if said user is accessing said visiting server; and
      
      if said user is accessing said visiting server, means for updating said expiration date in order to void removal of said user record.
  - 14. The system of claim 10, further comprising:
    - means for encrypting said initial random factor.
  - 15. The system of claim 10, further comprising:
    - means for storing said user record at a central database to record registration with a visiting server using said password plus said initial random factor.
  - 16. The system of claim 10, further comprising:
    - means for allowing a visiting server to remove said user record.
  - 17. The system of claim 10, further comprising means for rejecting the subsequent request if the random factor provided in the subsequent request does not match the random factor contained in the user record.
  - 18. A system according to claim 10, further comprising means for invoking a Duplication Handler when said subsequent request presents a subsequent random factor that does not match the initial random factor contained in the user record, wherein said Duplication Handler ensures that access to the distributed service in response to the subsequent request is limited to the services provided during the initial access.

19. A computer program product recorded on computer readable medium for controlling access to a distributed service to one user at any one time with a same password, comprising:
- computer readable means for allowing a user initial access to the distributed service with a user identification a password and an additional initial random factor created by said user for a unique record registration in a user record;
  
  computer readable means for creating a user record containing the user identification, the password and the initial random factor;
  
  computer readable means for receiving a subsequent request to access the distributed service utilizing the user identification, the password and a subsequent random factor;
  
  computer readable means for accessing the user record corresponding to the user identification of the subsequent request; and
  
  computer readable means for restricting use of the distributed service to said user during a subsequent request to access the distributed service with said user identification based on the accessed user identification, the password and said initial random factor contained in the user record.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The program product of claim 19, further comprising:
    - computer readable means for using an expiration date to remove said user record.
  - 21. The program product of claim 20, further comprising:
    - computer readable means for allowing a visiting server to update said expiration date.
  - 22. The program product of claim 21, further comprising:
    - prior to removing said user record due to said expiration date, computer readable means for checking to see if said user is accessing said visiting server; and
      
      if said user is accessing said visiting server, computer readable means for updating said expiration date in order to void removal of said user record.
  - 23. The program product of claim 19, further comprising:
    - computer readable means for encrypting said initial random factor.
  - 24. The program product of claim 19, further comprising:
    - computer readable means for storing said user record at a central database to record registration with a visiting server using said password plus said initial random factor.
  - 25. The program product of claim 19, further comprising:
    - computer readable means for allowing a visiting server to remove said user record.
  - 26. The program product of claim 19, further comprising computer readable means for rejecting the subsequent request if the random factor provided in the subsequent request does not match the random factor contained in the user record.
  - 27. A program product according to claim 19, further comprising computer readable means for invoking a Duplication Handler when said subsequent request presents a subsequent random factor that does not match the initial random factor contained in the user record, wherein said Duplication Handler ensures that access to the distributed service in response to the subsequent request is limited to the services provided during the initial access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Singhal, Sandeep Kishan, Redpath, Richard J., Nguyen, Binh Q.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Shaw, Brian H.

Application Number

US08/846,870
Time in Patent Office

964 Days
Field of Search

395/188.01, 395/187.01, 395/200.59, 395/200.57, 380/4, 713/202, 713/201, 709/229, 709/224
US Class Current

726/5
CPC Class Codes

G06F 21/335 for accessing specific reso...

Method and system for authentication over a distributed service to limit password compromise

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authentication over a distributed service to limit password compromise

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links