Electrical computers and digital processing systems: support – System access control based on user identification by... – Solely password entry
Reexamination Certificate
1999-03-03
2003-12-23
Barrón, Gilberto (Department: 2766)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Solely password entry
C713S152000, C380S286000
Reexamination Certificate
active
06668323
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates in general to data processing and in particular to password protection of data processing systems. Still more particularly, the present invention relates to a method and system for password protection of a data processing system that permit a user-selected password to be recovered.
2. Description of the Related Art
Password protection is commonly utilized to control access to individual computer systems, computer networks, and other data processing resources. Each time a user desires to obtain access to a password protected resource, the user must enter a password. If the password entered by the user is valid, the user is permitted to access the password protected resource; if the entered password is invalid, no access is granted.
The security of protected data processing resources can be enhanced by increasing password complexity, which may entail, for example, enforcing a minimum password length, requiring the user to enter multiple passwords (e.g., a pass phrase), or requiring case-sensitive passwords or passwords containing both letters and numbers. Security is even further enhanced by limiting the duration of password validity. Thus, in very secure systems, passwords may be valid for only a single day or even a single access.
When administering a large collection of data processing resources such as an enterprise, a significant amount of the administrative cost is attributable to implementation of a password protection policy. Because the administrative burden of generating and distributing passwords from a central location to a large number of users is prohibitive, particularly when the passwords have limited durations of validity, it is preferred for users to be able to select and set their own passwords. In addition to lowering the administrative burden, user selection of passwords (as opposed to central assignment) has the additional benefit of increasing the likelihood is that a user will remember his password.
The ability of a user to remember his password(s) is a key concern in systems in which passwords are user-selected. It is highly desirable from a security standpoint that users refrain from writing down or so otherwise recording their passwords. However, relying on users to memorize their passwords requires that some mechanism be available that permits authorized access to a data processing resource protected by a user-selected password in the event that a user forgets his password.
SUMMARY OF THE INVENTION
The present invention satisfies the need to permit authorized access to a data processing resource protected by a user-selected password in the event that a user has forgotten the password by enabling the recovery of the password from an encrypted version of the password stored by the protected data processing system resource.
In accordance with the present invention, an access password and an encryption key unique to a protected resource are stored in non-volatile storage at a data processing system, where the encryption key is at least partially derived from unique information associated with the protected resource. In response to receipt of an attempted access password at the data processing system, access to the resource is permitted if the attempted access password matches the stored access password. However, in response to an indication that the access password has been forgotten, an encrypted access password generated at the data processing system from the stored access password utilizing the encryption key is output from the data processing system. The access password can thereafter be recovered from the encrypted access password and the unique information.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.
REFERENCES:
patent: 4759062 (1988-07-01), Traub et al.
patent: 4951249 (1990-08-01), McClung et al.
patent: 5091939 (1992-02-01), Cole et al.
patent: 5226080 (1993-07-01), Cole et al.
patent: 5402492 (1995-03-01), Goodman et al.
patent: 5436972 (1995-07-01), Fischer
patent: 5535409 (1996-07-01), Lavoire et al.
patent: 5699514 (1997-12-01), Durinovic-Johri et al.
patent: 5708777 (1998-01-01), Sloan et al.
patent: 5751812 (1998-05-01), Anderson
patent: 5768373 (1998-06-01), Lohstroh et al.
patent: 5774650 (1998-06-01), Chapman et al.
patent: 5781793 (1998-07-01), Larvoire et al.
patent: 5787169 (1998-07-01), Eldridge et al.
patent: 5818936 (1998-10-01), Mashayekhi
patent: 5818939 (1998-10-01), Davis
patent: 5841970 (1998-11-01), Tabuki
patent: 5850443 (1998-12-01), Van Oorschot et al.
patent: 5870470 (1999-02-01), Johnson et al.
patent: 5881226 (1999-03-01), Veneklase
patent: 5887131 (1999-03-01), Angelo
patent: 5892906 (1999-04-01), Chou et al.
patent: 6079021 (2000-06-01), Abadi et al.
patent: 6141760 (2000-10-01), Abadi et al.
patent: 63040963 (1988-02-01), None
patent: 7129511 (1995-05-01), None
Challener David Carroll
Peyravian Mohammad
Resnick Russell Alan
Barrón Gilberto
Bracewell & Patterson LLP
Fields Courtney D.
Munoz-Bustamante Carlos
LandOfFree
Method and system for password protection of a data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for password protection of a data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for password protection of a data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3173699