Electrical computers and digital processing systems: support – System access control based on user identification by... – Pin/password generator device
Reexamination Certificate
1998-06-01
2002-11-12
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Pin/password generator device
C713S161000
Reexamination Certificate
active
06480958
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to the art of password generation. It finds particular application in conjunction with single-use passwords for smart paper interfaces, and will be described with particular reference thereto. However, it is to be appreciated that the present invention is also amenable to other like applications where high levels of security are desired.
Smart paper or smart form techniques refer to techniques for communicating with electronic devices, such as computers, printers, copiers, and the like, with hard-copy instructions (i.e. instructions written on paper). Typically, the instructions are in the form of checked boxes, circled objects, carefully printed text, and/or other like schemes. Generally, the paper or other hard copy containing the instructions scanned or otherwise read, the user's marks are identified and interpreted, and the corresponding instructions are carried out. The technique is used to communicate with a remote device through a fax machine or other like device. The user's instructions are scanned and transmitted by the fax to the remote device that then identifies and interprets them. Commonly, the device's response is then sent back to the user through the same fax machine. This allows communication with a remote device without terminals, keyboards, workstations or local area networks.
However, in systems that provide access to information, it is advantageous to implement security measures in order to limit access to only those individuals who are authorized. Often data is personal, private, and/or otherwise sensitive and it is desirable to not have it openly available. Moreover, where the remote computer or device is being instructed to perform tasks, only those individuals authorized to operate it are to be granted access. A common approach to establishing access rights is through the use of a secret password and personal user name or identification number. The password is a sequence of characters that the authorized user alone knows and enters into the computer along with their user name or identification number. The computer then checks the password against that assigned to the user to verify authorization. One problem with using this scheme in smart paper applications is that the password would be written down. This greatly jeopardizes the systems security by potentially revealing otherwise secret passwords to unauthorized individuals. As an alternative, the password may be entered via the telephone buttons or numeric keypad as part of establishing the fax link. However, this would involve the establishment of a special connection protocol in every fax machine that was to be used. Generally, it is more desirous to use arbitrary conventional fax machines. It is therefore advantageous to send the authorization code on the smart paper along with the instructions.
The present invention contemplates a new and improved single-use password generator and security control system which overcomes the above-referenced problems and others.
SUMMARY OF THE INVENTION
In accordance with one aspect of the present invention, a security control system for remote computers is provided. It includes a first local input/output device for entering a user name and regular password. A password generator is accessed by the first local input/output device such that the password generator, in response to the user name and regular password, returns to the first input/output device a single-use password which is an encrypted combination of the user name, a representation of the regular password, and date and time information corresponding to the date and time the user name and regular password were entered. A second local input device is used for entering the single-use password. A remote computer which receives the single-use password includes a cache of previously received single-use passwords. The remote computer compares the single-use password to the cache of previously received single-use passwords. If there is a match further access to the remote computer is denied. Also included is a decryption key. The remote computer uses the decryption key to generate the user name, the representation of the regular password, and the date and time information from the single-use password. The remote computer compares the date and time generated by the decryption key to a predetermined date and time threshold such that if the date and time generated by the decryption key is older, further access to the remote computer is denied. Also included is a list of representations of regular passwords with corresponding user names. The remote computer compares the user name and the representation of the regular password generated from the decryption key to the list such that if there is no match further access to the remote computer is denied.
In accordance with a more limited aspect of the present invention, the first input/output device is a telephone and the password generator is remotely located.
In accordance with another aspect of the present invention, the user name and regular password are entered via a numeric keypad of the telephone.
In accordance with a more limited aspect of the present invention, the user name and regular password are entered verbally and are interpreted via voice recognition device included in the password generator.
In accordance with a more limited aspect of the present invention, the single-use password returned by the password generator is returned verbally.
In accordance with a more limited aspect of the present invention, the single-use password returned by the password generator is returned in hard-copy form via one of a fax and a printer.
In accordance with a more limited aspect of the present invention, the representations of the regular passwords are the same as the regular passwords.
In accordance with a more limited aspect of the present invention, the representations of the regular passwords are encrypted versions of the regular passwords.
In accordance with a more limited aspect of the present invention, the single-use password is entered by having the second local input device read the single-use password from a hard copy thereof.
In accordance with a more limited aspect of the present invention, the second local input device includes one of a fax machine and a scanner.
In accordance with another aspect of the present invention, a method of controlling access to a remote computer from a local device is provided. The method includes entering information including a user name and a regular password into a password generator.
The entered information is combined with date and time information to generate combined data. The combined data is encrypted to generate a single-use password. The single-use password is then input into the local device. It is then determined if the single-use password had been previously input. Access to the remote computer is denied if it is determined that the single-use password had been previously input. The single-use password is then decrypted to generate the combined data. If the date and time information from the combined data is older than a predetermined threshold, access to the remote computer is denied. It is next determined if the entered information from the combined data is valid and access to the remote computer is denied if the entered information is not valid. Access to the remote computer is granted if access is not otherwise denied.
In accordance with a more limited aspect of the present invention, the step of combining further includes encrypting the regular password prior to combining such that the combined data generated includes the entered user name and encrypted version of the entered regular password, and the date and time information.
In accordance with a more limited aspect of the present invention, the step of determining if entered information from the combined data is valid further includes comparing the entered user name and encrypted version of the regular password against a list of valid user names and corresponding valid encrypted versi
Fay Sharpe Fagan Minnich & McKee LLP
Peeso Thomas R.
Xerox Corporation
LandOfFree
Single-use passwords for smart paper interfaces does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Single-use passwords for smart paper interfaces, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Single-use passwords for smart paper interfaces will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2931227