Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-10-28
2004-10-05
Morse, Gregory (Department: 2137)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S183000, C713S184000, C713S185000, C705S055000, C705S057000, C705S072000, C705S018000, C380S028000, C380S044000, C380S286000
Reexamination Certificate
active
06802000
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to a system for authenticating requests to access online content, and more particularly, to a challenge and response system for managing requests for access to online content referenced in a hardcopy document.
2. Description of Related Art
Increasingly, hardcopy documents contain references to “online content”. For example, references to online content may identify resources that are not available in hardcopy documents such as computer programs or electronic services that relate to content set forth in the hardcopy documents. More specifically, the type of online content referenced in a hardcopy document may include audio and video files (i.e., multimedia files), application programs, data files, electronic images, or any other data or program that may supplement or enhance content (e.g., an article) set forth in a hardcopy document.
A common approach for restricting access to online content stored on a server is performed by authenticating a simple password. The exchange of a simple password between a client and the server is defined herein as “a simple password exchange”. More generally, a simple password exchange provides an authentication mechanism for the provider of online content to restrict access to selected users and/or track the use of services on a user-by-user basis. In some instances, the server enforces a limited number of accesses requested by any single password to avoid fraudulent or abusive access to restricted online content.
As disclosed by Wong et al. in “Polonius: An Identity Authentication System,” published in the Proceedings of the 1985 Symposium on Security and Privacy, pp. 101-107, Apr. 22-24, 1985, Oakland, Calif., and incorporated herein by reference, the problem with a simple password exchange for authentication over insecure channels is that the information that is the basis for the authentication is reused. A simple password exchange is therefore vulnerable to attack (i.e., eavesdropping, playback, and exhaustive search) because the simple password is often repeatedly transmitted over an insecure channel before it is changed by the user or voided by the server.
In contrast, a one-time pad of passwords (hereinafter “one-time pad”) provides a more reliable password authentication technique, as disclosed by Wong et al. After each valid authentication (i.e., transaction) performed using a one-time pad, the valid password between parties is synchronously changed. Advantageously when using a one-time pad, exposure of a password over an insecure channel does not compromise the security of subsequent transactions because knowing a previously valid password does not provide any information about the validity of subsequent passwords.
A variant of a one-time pad is a one-time password. Unlike one-time pads which change the entire password after each valid authentication, one-time passwords change at least some part of a password after each valid authentication. In other words, after each authentication no material of a password is reused with one-time pads, whereas with a one-time password some material may be reused. One drawback of both one-time passwords and one-time pads (collectively referred to herein as “a one-time list”) is that it easy for one party to collusively use it with others (i.e., purposeful sharing). That is, the party being authenticated can readily copy and share the one-time list with others unbeknownst to the party performing the authentication.
Because of the increased use of references to online content in hardcopy documents, it would be desirable to provide a password mechanism that has the increased reliability of a one-time list over a simple password while making purposeful sharing through simple copying more difficult to carry out. Such a password mechanism would advantageously provide more robust authentication than a simple password while not requiring additional hardware to function properly. A further advantage of such a password mechanism is that it would be easily incorporated in a hardcopy document with a reference to the online content.
SUMMARY OF THE INVENTION
In accordance with the invention, there is provided a hardcopy document with a reference (e.g., a URL) to restricted online content and a password mechanism. In response to a request from a user to access the online content referenced in the hardcopy document, a server that controls access to the online content challenges the request. The challenge to the request from the server includes a hint for identifying a password from the password mechanism recorded in the hardcopy document. After successfully authenticating the password provided by the user in response to the challenge, the server issues a suggested state change to the password mechanism, thereby modifying the password for subsequent requests to access the online content.
In accordance with one aspect of the invention, there is provided a method and apparatus therefor, for providing secure access to online content referenced in a hardcopy document. Initially, in response to a first request for access to the online content referenced in the hardcopy document, a server issues a challenge to the first request for online content. After receiving a first password derived from a password mechanism in the hardcopy document in response to the issued challenge, the server suggests a state change to the password mechanism on the hardcopy document for identifying a second password to be used during a second request for access to the online content referenced in the hardcopy document.
REFERENCES:
patent: 4445712 (1984-05-01), Smagala-Romanoff
patent: 4802217 (1989-01-01), Michener
patent: 4926481 (1990-05-01), Collins, Jr.
patent: 4992783 (1991-02-01), Zdunek et al.
patent: 5163097 (1992-11-01), Pegg
patent: 5253295 (1993-10-01), Saada et al.
patent: 5560008 (1996-09-01), Johnson et al.
patent: WO 97/01137 (1997-01-01), None
patent: WO 98/51036 (1998-11-01), None
Wong, Raymond M. et al. “Polonius: An Identity Authentication System,” Proceedings of the 1985 Symposium on Security and Privacy, IEEE Computer Society, Apr. 22-24, 1985, Oakland, California, pp. 101-107.
Berson Thomas A.
Dean R. Drews
Greene Daniel H.
Callahan Paul
Morse Gregory
Xerox Corporation
LandOfFree
System for authenticating access to online content... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for authenticating access to online content..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for authenticating access to online content... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3317007