Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-03-12
2002-12-03
Hua, Ly V. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S152000, C380S255000, C380S029000
Reexamination Certificate
active
06490687
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention generally relates to a communications system permitting authorized users to log in to a host computer or server and, in particular, to a login permission method and system from outside to the host computer with improved security.
2. Description of the Related Art
In a premises network system to which a user can access from outside through a communications line, network security is one of the most important issues. A major focus of network security on computer systems like this is the prevention of system use by unauthorized persons. To protect the system from unauthorized use, the system requires a user to enter a password to verify that the user is authorized to access the network.
According to a conventional security method, a user name and a user's authentication information are registered on the host computer in advance. When a user's mobile terminal has accessed to the host computer through a communications line, the user name is sent to the host computer and, if it matches the registered user name, then the user's authentication information is also sent to the host computer. In this way, only when both the user name and the user's authentication information match the registered ones, a one-time password is sent from the host computer to the mobile terminal. The mobile terminal is allowed to log in to the host computer using the one-time password.
When an unauthorized person has known the user name and the authentication information of the authorized user, however, the unauthorized person can get the one-time password easily, resulting in comprised security of the network. Further, the conventional technique fails to provide sufficiently rapid connection establishment because the one-time password transmission is performed between the host computer and the mobile terminal during the login process.
An authentication method using secret-key encryption has been proposed in Japanese Patent Unexamined Publication No. 5-327693. A base station transmits random data to a mobile terminal. At the mobile terminal, first and second encrypted authentication signals are produced based on the received random data, a first secret key of the mobile terminal, and a second secret key input by the subscriber, respectively. The encrypted authentication response data is transmitted to the base station.
At the base station, the same encryption process is performed to produce encrypted check data and matches it with the encrypted authentication response data received from the mobile terminal. If the produced encrypted data matches the received one, the authentication check is affirmative.
In a combination of the conventional one-time password security method and the conventional authentication method using secret-key encryption, pluralities of data exchanges are needed for login between a mobile terminal and a host computer. Therefore, it is very difficult to shorten the time required for login completion.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a login permission method and system which can improve network security and efficiently perform a login process at a short time.
According to the present invention, in a host-based network, information required for outside login is previously registered with the host-based network. When an outside login request is received from a terminal through the communications line, it is determined whether user's login information received is validated based on the registered information required for outside login. Only when the user's login information is validated, the terminal is permitted to log in to the host-based network from outside.
The user's login information is preferably a user name and a user's authentication information, wherein the user's authentication information is encrypted at the terminal and is decrypted at the host-based network according to a predetermined encryption scheme based on the registered information required for outside login. Further preferably, the registered information required for outside login include a unique information uniquely assigned to the terminal, such as an identification number assigned to a selective call receiver or a pager which can be detachably connected to the terminal.
Preferably, the registered information required for outside login further include a one-time password that is temporarily assigned to the terminal by the host-based network when the information required for outside login is registered with the host-based network.
REFERENCES:
patent: 5387904 (1995-02-01), Takada
patent: 5592553 (1997-01-01), Guski et al.
patent: 6084969 (2000-07-01), Wright et al.
patent: 6108790 (2000-08-01), Moriya et al.
patent: 6237093 (2001-05-01), Vatanen
patent: 0 033 833 (1981-08-01), None
patent: 0 817 518 (1998-01-01), None
patent: 2 019 606 (1979-10-01), None
patent: 2 168 831 (1986-06-01), None
patent: 2 300 288 (1996-10-01), None
patent: A 5-235932 (1993-09-01), None
patent: 5-235932 (1993-09-01), None
patent: 5-327693 (1993-10-01), None
patent: 9-93367 (1997-04-01), None
patent: 10-145354 (1998-05-01), None
patent: A 10-145354 (1998-05-01), None
patent: 10-215488 (1998-08-01), None
patent: A 10-215488 (1998-08-01), None
patent: WO 96/13920 (1996-05-01), None
“Nikkei Communication”, pp. 105-109, Nikkei BP Co., Apr. 21, 1995, No. 244.
Nikkei Open System, Nikkei BP Co., Ltd., Dec. 15, 1997, No. 57, pp. 246-253.
Net PC, ASKII Co. Ltd., Dec. 1, 1997, vol. 2, No. 12, pp. 66-72.
PC Work!, Mainich Communications Co., Ltd., Jun. 18, 1997, vol. 4, No. 6, pp. 192-195.
LandOfFree
Login permission with improved security does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Login permission with improved security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Login permission with improved security will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2986054