Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-09-28
2002-03-19
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S180000, C713S182000, C380S255000, C380S277000
Reexamination Certificate
active
06360322
ABSTRACT:
FIELD OF INVENTION
The invention relates to computer security and particularly to computer security when a user has lost or forgotten the user password.
BACKGROUND OF THE INVENTION
Many personal computers (PCs) or workstations allow a user to secure data and information stored in a computer by requiring the user to enter a password previously defined by the user. The password is used to limit access to data stored on the computer.
In one type of security system encryption is used to transform “plaintext” data into a form unintelligible to anyone who does not have a decryption key. Data is thus kept private and away from those for whom it is not intended. The password may serve as a decryption key or a means for obtaining the decryption key.
To regain access to encrypted data, the user, often at logon, must type in the user password exactly as he/she previously defined it. The user password is then used to decrypt the data. However, without the user password, access to the data cannot generally be gained.
In a centralized network situation, when a user forgets his/her password, a system administrator can give the user access to his/her files by overriding the user password function through a backdoor access, or, if passwords are centrally stored, obtaining the password for the user. However, with a freestanding PC or workstation, unlike with networks, there is no centralized administration or access to passwords, and loss of a user password in an independent PC or workstation situation can be devastating.
Typically, if a user forgets the user password, for unlocking all files the entire computer product must be removed/replaced and/or the data encrypted with the password must be erased since it is unintelligible without a decryption key. Generally, loss of a user password in such a situation will cause the user to lose a significant amount, if not all, of the user's protected data.
Thus, it is desirable to develop a system which allows a user to gain access to his/her computer data even if the user has forgotten the password. However, because data security is of prime significance to users who use passwords, it is also desirable to allow a user to override password protection to data in a way that does not significantly compromise the security of the data.
SUMMARY OF THE INVENTION
In accordance with the invention a method of securely and automatically authenticating a user is disclosed. Bona fides are entered for a user, hashed, and then stored at an authenticating entity, remote from the user's computer. When a user forgets his/her password, the user enters his/her bona fides, which are again hashed on the user's system, and then securely transmitted to the authenticating entity. The authenticating entity compares the received, hashed bona fides to those previously stored at the authenticating entity. If the comparison shows that the values match or otherwise appropriately correlate, the user will be authenticated. The user will then be provided with the means to access his/her encrypted data. In other words, once authenticated the authenticating entity will automatically provide the user and/or the user's computer with an access key, in one embodiment, allowing the user to access his/her encrypted data.
Such a method is advantageous in that it can minimize the live-human resources dedicated at the authenticating entity to responding to lost-password inquiries. In fact, in utilizing the present invention, no human need be present at the authenticating entity to grant a user access to his/her data, and yet the granting of such access is granted remains secure.
REFERENCES:
patent: 5719941 (1998-02-01), Swift et al.
patent: 5768373 (1998-06-01), Lohstroh et al.
patent: 5923756 (1999-07-01), Shambroom
patent: 5953422 (1999-09-01), Angelo et al.
patent: 5995624 (1999-11-01), Fielder et al.
patent: 6061790 (2000-05-01), Bodnar
patent: 6105133 (2000-08-01), Fielder et al.
patent: WO 97/46933 (1997-12-01), None
Fliesler Dubb Meyer & Lovejoy LLP
Peeso Thomas R.
Symantec Corporation
LandOfFree
Automatic recovery of forgotten passwords does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatic recovery of forgotten passwords, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatic recovery of forgotten passwords will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2886182