Determining whether to grant access to a passcode protected system

US 7,669,236 B2
Filed: 04/06/2005
Issued: 02/23/2010
Est. Priority Date: 11/18/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

after a registration process is complete, receiving at a machine a request for access from a user, the request including a user-generated passcodethat is valid temporarily, andthat is generated by applying at least one function at least one time to information associated with the user;

in response to the receiving the user-generated passcode, generating, via the machine, which runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator encrypting a current passcode generator derived by the automated administrator retrieving a prior passcode generator from a storage area of a storage unit and, in response to a prior attempted access being permitted, applying at least one function at least one time to perturb the prior passcode generator, and saving results of applying of the at least one function as the current passcode generator, the current passcode generator being the prior passcode generator being associated with the user; and

determining whether a current attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match, and if the user generated passcode matches the administrator generated passcode granting the request for access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The security of an entity is protected by using passcodes. A passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator.

86 Citations

View as Search Results

24 Claims

1. A method comprising:
- after a registration process is complete, receiving at a machine a request for access from a user, the request including a user-generated passcodethat is valid temporarily, andthat is generated by applying at least one function at least one time to information associated with the user;
  
  in response to the receiving the user-generated passcode, generating, via the machine, which runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator encrypting a current passcode generator derived by the automated administrator retrieving a prior passcode generator from a storage area of a storage unit and, in response to a prior attempted access being permitted, applying at least one function at least one time to perturb the prior passcode generator, and saving results of applying of the at least one function as the current passcode generator, the current passcode generator being the prior passcode generator being associated with the user; and
  
  determining whether a current attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match, and if the user generated passcode matches the administrator generated passcode granting the request for access.
- View Dependent Claims (2, 6, 7, 8, 9, 10, 11, 18)
- - 2. The method of claim 1, wherein the information is biometric data.
  - 6. The method of claim 1, wherein the passcode generated is associated with a timestamp.
  - 7. The method of claim 1, the request for access including a user-generated passcode that is generated on a user device, the generation of the user-generated passcode on the user device being self contained on the user device, and the method further comprises receiving a value for the passcode that was generated by the user;
    - wherein the determining includes at least determining whether the value received matches the administrator-generated passcode.
  - 8. The method of claim 7, wherein the receiving of the value for the user-generated passcode includes at least receiving signals caused by pressing multiple keys, each key that is pressed corresponds to a symbol that is part of the user-generated passcode.
  - 9. The method of claim 7, wherein the receiving of the value for the user-generated passcode includes at least receiving signals from an independent device associated with the user.
  - 10. The method of claim 1, the user generated-passcode being a first session user-generated passcode for accessing an entity, the receiving of the first session user-generated passcode initiating a first session, the method further comprising receiving a second session user-generated passcode that is based on the information for accessing the resource, the receiving of the second session user-generated passcode initiating a second session.
  - 11. The method of claim 10, further comprising during the second session generating a second session passcode generator based on a first session passcode generator that was generated during the second session, generating a second session administrator-generated passcode from the second session passcode generator, and determining whether to grant access by at least comparing the second session administrator generated passcode to the second session user-generated passcode.
  - 18. The method of claim 1, the generating of the administrator-generated passcode is repeated every time the user submits the request for access, and every time the generating is repeated the passcode that is generated is a new passcode.

3. A method comprising:
- generating, via a machine, at least one passcode that is valid temporarily, wherein the passcode is based on information associated with a user by being based on a passcode generator that is based the information associated with the user;
  
  the generating including at least retrieving at least one passcode generator from a storage unit associated with the machine;
  
  the machine generating the at least one passcode from the at least one passcode generator, the at least one passcode that was generated will be referred to as the at least one passcode generated;
  
  and determining whether an attempted access is permitted, based on the passcode generated, by at least determining whether the at least one passcode generated matches a passcode received;
  
  if the at least one passcode generated matches the passcode received,granting the user access to a secure entity,perturbing one passcode generator of the at least one passcode generator to create a new passcode generator, andstoring the new passcode generator in place of the at least one passcode generator;
  
  wherein the information is a fingerprint.

4. A method comprising:
- generating, via a machine, a passcode that is valid temporarily, wherein the passcode is based on information associated with a user;
  
  determining whether an attempted access is permitted, based on the passcode, by at leastdetermining whether the passcode generated matches a passcode received, which is a passcode that was received by the machine;
  
  if there is a match, permitting the attempted access;
  
  wherein the generating of the passcode includes at least;
  
  retrieving a prior passcode generator from a storage unit associated with the machine;
  
  generating a current passcode generator by at least perturbing the prior passcode generator, which is based on the information; and
  
  generating the passcode from the current passcode generator, the passcode being based on the information by being based on the current passcode generator, which is derived from the prior passcode generator, which is based on the information, the current passcode generator having been stored in place of the prior passcode generator as a result of an attempted access being permitted;
  
  wherein the current passcode generator is only temporarily valid.

5. A method comprising:
- generating, via a machine, a passcode that is valid temporarily, wherein the passcode is based on information associated with a user, the passcode will be referred to as a passcode generated; and
  
  determining whether an attempted access is permitted, based on the passcode generated, by at least determining whether the passcode generated matches a passcode received;
  
  wherein the generating of the passcode generated includes at leastgenerating a current passcode generator based on the information, the passcode being based on the information by being based on the passcode generator that is associated with the information; and
  
  generating the passcode from the current passcode generator;
  
  the method further including at least if it is determined that the passcode generated matches the passcode received,granting access to the user;
  
  applying a function to the current passcode generator to generate a new passcode generator; and
  
  storing the new passcode generator in place the current passcode generator.
- View Dependent Claims (23)
- - 23. The method of claim 5, the function being a first function;
    - the generating of the passcode generated includes at least applying a second function to the passcode generator, the second function being a one-way function and the second function being different than the first function.

12. A method comprising:
- receiving at a machine a passcode from a user;
  
  retrieving at least one passcode generator from a storage unit associated with the machine;
  
  generating at least one passcode from the at least one passcode generator;
  
  determining whether the at least one passcode of the at least one passcode generated matches the passcode received;
  
  if the one passcode matches the passcode received,granting the user access to a secure entity,perturbing the at least one passcode generator of the at least one passcode generator to create a new passcode generator, andstoring the new passcode generator in place of the at least one passcode generator.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the retrieving of the at least one passcode generator includes at least retrieving a set of passcode generators;
    - the generating of the at least one passcode includes at least generating, for a current passcode generator of the set, a current passcode from the current passcode generator;
      
      the determining includes at least determining whether the current passcode matches the passcode received;
      
      the method further comprisesif the current passcode does not match the passcode received,changing the current passcode generator to another passcode generator of the set, andrepeating the generating and the determining,wherein if the one passcode matches the passcode received includes at least if the current passcode matches the passcode received,granting the user access to the secure entity,perturbing the current passcode generator to create a new passcode generator, andstoring the new passcode generator in place of the current passcode generator;
      
      the method also comprising if the generating and the determining have been repeated for each passcode generator of the set, anda passcode that matches the passcode received has not been found,then denying the user access to the secure entity.
  - 14. The method of claim 12, wherein the at least one passcode is only one passcode;
    - and if the one passcode and the passcode received do not match, denying the user access to the secure entity.
  - 15. The method of claim 12, wherein the at least one passcode is only one passcode, and the at least one passcode generator is only one passcode generator;
    - and if the one passcode and the passcode received do not match,generating a current trial passcode generator from the one passcode generator,generating a current trial passcode from the current trial passcode generator,determining whether the current trial passcode matches the passcode received,generating a new passcode generator from the current trial passcode generator,if the current trial passcode and the passcode received match,replacing the current passcode generator with the new passcode generator, andgranting the user access to the secure entity.
  - 16. The method of claim 15, comprising:
    - if the current trial passcode and the passcode received do not match,replacing the current trial passcode generator with the new passcode generator,repeating the generating of the trial passcode,the determining of whether the current trial passcode matches the passcode received, andthe generating of the new passcode generator.
  - 17. The method of claim 16, where during the repeating,the generating of the trial passcode,the determining of whether, andthe generating of the new passcode generator are repeated until a predetermined maximum number of repetitions is reached or the determining finds a match between the current trial passcode and the passcode received,if the predetermined maximum is reached and the determining does not find a match between the current trial passcode and the passcode received, denying the user access to the secure entity.

19. A method comprising:
- after a registration process is complete, receiving a request for access at a machine,from a user via a user device, the request including a first user-generated passcodethat is valid temporarily, andthat is generated by encrypting a second user-generated passcode generated by applying at least one function at least one time to information associated with the user;
  
  generating, via the machine which runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator encrypting a current passcode generator derived by the automated administrator applying at least one function at least one time to a prior passcode generator that is associated with the user, and storage the current passcode generator in place of the prior passcode generator in a storage unit associated with the machine; and
  
  determining whether an attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match;
  
  if there is a match, granting the request for access;
  
  the generating of the administrator-generated passcode is repeated according to a random schedule that is independent of user requests, and every time the generating is repeated the passcode that is generated is a new passcode.

20. A method comprising:
- generating, via a machine, a passcode that is valid temporarily, wherein the passcode is based on information associated with a user, the passcode will be referred to as the passcode generated; and
  
  determining whether an attempted access is permitted, based on the passcode generated, by at least determining whether the passcode generated and a passcode received match;
  
  wherein the generating of the passcode includes at least generating a current passcode generator based on the information; and
  
  generating the passcode from the passcode generator, the generating of the passcode from the passcode generator is performed by applying a function to the passcode generator, the function being such that determining the passcode generator based on the passcode is expected to require a number of computation steps that would likely be required to determine the generator passcode by guessing;
  
  if the passcode generated matches the passcode received, permitting the attempted access;
  
  generating a new passcode generator by applying a function to perturb the current passcode generator; and
  
  storing the new passcode generator in place of the current passcode generator in a storage unit associated with the machine.

21. A method comprising:
- generating, via a machine, a passcode that is valid temporarily, wherein the passcode is generated form a current passcode generator that is an encryption that is performed by at least performing one application of a function to perturb an encryption of information associated with a user, the passcode being valid for only a short enough period of time so that the passcode is expected to be unlikely to be useful to someone that intercepts the passcode;
  
  determining whether an attempted access is permitted based on the passcode;
  
  thepasscode is referred to as the passcode generated, the determining includes at least determining whether the passcode generated matches the passcode received;
  
  if the passcode generated matches the passcode received, permitting the attempted access;
  
  generating a new passcode generator by at least perturbing the current passcode generator; and
  
  storing the new passcode generator in place of the current passcode generator.

22. A method comprising:
- receiving a request for access including a passcode, which will be referred to as a passcode received;
  
  in response to a request for access, generating, via a machine, a passcode, which will be referred to as a passcode generated, the passcode received being valid temporarily, wherein the passcode received is based on information associated with a user, but the information associated with the user is expected not to be determinable based on the passcode received, the passcode generated for a current attempted access being different than the passcodes generated for prior attempted accesses; and
  
  also in response to the receiving of the request for access, determining whether an attempted access is permitted based on the request for access, which includes determining whether the passcode generated matches the passcode received;
  
  if the passcode generated matches the passcode received, granting the request for accessthe generating of the passcode generated being performed by at least generating the passcode generated from a current passcode generator, the current passcode generator being based on the information, and the passcode generated being based on the information by being based on the current passcode generator;
  
  the method further including at least generating a new passcode from the current passcode; and
  
  storing the new passcode in place of the current passcode in a storage unit associated with the machine.

24. A method comprising:
- after a registration process is complete, receiving a request for access, from a user, the request including a first user-generated passcodethat is valid temporarily, andthat is generated based on information associated with the user;
  
  in response to the receiving of the user-generated passcode, generating, via a machine that runs an automated administrator, an administrator-generated passcode that is valid temporarily, wherein the administrator-generated passcode is generated by the automated administrator based on information associated with the user by at least the automated administrator generating the administrator generated passcode from a current passcode generator that is based on the information; and
  
  determining whether an attempted access is permitted, based on whether the user-generated passcode and the administrator-generated passcode match;
  
  if the user-generated passcode and the administrator-generated passcode match permitting the attempted access;
  
  generating a new passcode generator from the current passcode generator; and
  
  storing the new passcode generator in place of the current passcode generator in a storage unit associated with the machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biogy, Inc.
Original Assignee
Biogy, Inc.
Inventors
Fiske, Michael Stephen
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US11/100,803
Publication Number

US 20060107316A1
Time in Patent Office

1,784 Days
Field of Search

726/18, 713/184
US Class Current

726/18
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/46   by designing passwords or c...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/083   involving central third par...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

Determining whether to grant access to a passcode protected system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

86 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Determining whether to grant access to a passcode protected system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links