Electrical computers and digital processing systems: support – System access control based on user identification by... – Pin/password generator device
Reexamination Certificate
1998-07-21
2002-08-27
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Pin/password generator device
Reexamination Certificate
active
06442692
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to authentication security systems employed in both computer and telecommunications networks and in any security system or other resources that uses a set of numbers or codes to be entered manually by a customer. More particularly, the present invention relates to an authentication security method based on keystroke dynamics.
Network security is becoming increasingly problematic with the recent explosion in computers, networks and growing TV-PC usage. With the emergence of a myriad number of “on-line” databases and services, traditional forms of network security are no longer sufficient to ensure that only authorized users or paying subscribers are able to gain access to secured networks. More and more people are discovering the advantages of shopping on the Internet. According to Forrester Research, Inc. in 1997 consumers spent online $2.4 billion, this figure is likely grow to $17.3 billion by 2001. Security of transactions is always in question. The Internet growth is restrained by consumers' concern over the potential for theft, fraud and misuse of their credit card numbers. Regardless of the security measure used, it's all about keeping the wrong people from seeing or hearing your private data.
Disadvantages of the conventional firewalls are:
Firewalls are designed to guard Intranet servers or LANs. An unauthorized access could be performed from any terminal connected to the network since the security is dependent upon the password of a particular user instead of the particular connection made to the network. Disgruntled employees and hackers can easily sneak through the network's back door without ever being caught by the firewall.
Once a user is logged-on to the computer or to the network, there is no means for periodic dynamic verification of the connection to the network which is transparent to the user and precludes attacks or misuse in cases when the qualified user leaves, or is forced to leave, his computer or terminal unattended.
Disadvantages of the conventional encryption techniques are:
Encryption cards along with the PINs can be stolen and systems which authenticate the access has no way to detect the fraudulent use of the account.
Inconvenient procedure for users—users need to enter their PIN into the encryption card first (except for SecurID), then manually type in the generated key from the encryption card display into their system upon logon.
Should users fail on any step in the multi-staged authentication procedure, whole sequences need to be repeated from scratch. Some encryption cards even lock on repeated failures.
According to recent surveys by the Computer Security Institute/FBI and Ernst & Young, nearly half of all attacks on firewalls come from ‘within’ the network and via dial-up connections.
The present invention is equally applicable for protecting intranet and extranet servers or LANs from inside attacks since it makes stealing or guessing a password obsolete. For example, a hacker could not gain entry since the security system of the present invention is preferably based on biometric characteristics in the form of a typing characteristics token which may be created by the user each time he or she logs-in.
This invention relates to an improved security system that inhibits eavesdropping, dictionary attacks, and intrusion into computers, workstations and other computer systems requiring password for connection validation.
The present invention is aimed to enhance security of password-related applications and connections and to add value to conventional password-based security systems by providing protection from outside threats and internally based attacks.
The programmed microcontroller of the present invention measures certain characteristics of keystroke dynamics which are independent of the typing text and, upon statistical filtering and processing, a “typing characteristic” (e.g., in the form of a token or “TYPING BARCODE”) is created for the each individual.
The proposed method of security is independent of computer platform since the algorithm and associated program are preferably realized on a microcontroller embedded in a keyboard that performs the primary measurements (preferably with an accuracy of 0.001 s) and primary statistical processing and filtering and then sends the results to the associated CPU in the form of TYPING BARCODE for the purpose of authenticating the user and possibly as a local security lock or for validation of server connection. The CPU may also be provided with a program that allows receipt of the keyboard typing characteristics token and comparison with the stored typing characteristics token associated with each user (the stored typing characteristics token may be associated with a user password, terminal identification number, IP address, other network identifier or other form of user identification). Similarly, in case of a network connection, the server is provided with the program that allows it to receive a typing characteristics token and compare it with a stored token in its memory, again the stored tokens preferably being associated with issued passwords.
The present invention fulfills the following security objectives:
It adds value to a typical password routine since it precludes access to a computer system by a unauthorized user who may have access to a valid password but whose currently generated TYPEPRINT BARCODE does not match the stored “ESTABLISHED” typing characteristic token associated with the particular password.
In a security critical environment the program of the present invention could be run on a background at a controlled intervals allowing a continuous security monitoring mode. In this mode of operation the program preferably creates a TYPING BARCODE without actually recording the input text.
This type of additional password security is easy to use since it is transparent to a user, and requires no additional hardware except the microcontroller of the present invention.
The generation of the TYPING BARCODE is based on controlled studies that reveal that the unconscious directs the thinking needed to do a task automatically. When a person first learns to type, it requires very conscious effort. But when typing becomes automatic, its control is shifted over to the unconscious, so the conscious mind can attend to more challenging tasks. Typing as a subconscious process is characterized by the stability of individual characteristics. For example, if a person routinely types his or her password, his/her separate elements of typing (time intervals for pressing and holding of separate keys) would be very stable or reproducible under normal typing conditions—when attention distraction is excluded or minimized.
Regular users of a keyboard type automatically, in a subconscious manner, i.e., typing is characterized by individual features which are as unique as person's fingerprints.
The invention relates to a microcontroller to be incorporated into a computer keyboard and an algorithm for processing user's keystroke dynamics and creating a TYPING BARCODE unique to a keyboard user. The TYPING BARCODE according to the present invention is used as the token for authentication purpose.
Accordingly, it is one object of the present invention to provide a method and apparatus for implementing security in log-in to a computer or to telecommunications network which uniquely characterizes both the network user or subscriber and the particular connection made to the network.
It is another object of the present invention to provide a method and apparatus for securing access to a network service, database or device which uses the authentication of a manually input password identifying both the specific user or subscriber and the particular connection to the network made by the user or subscriber.
It is a further object of the present invention to provide enhanced security system for critical applications requiring a constant surveillance of the computer or workstation or terminal activity. This enhanced security is provided by cre
DiLorenzo Anthony
Hayes Gail
Standley & Gilcrest LLP
LandOfFree
Security method and apparatus employing authentication by... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security method and apparatus employing authentication by..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security method and apparatus employing authentication by... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2899023