scispace - formally typeset
Search or ask a question
Patent

System, apparatus, and methods for performing state-based authentication

01 Feb 2006-
TL;DR: In this article, a system for authenticating access to a data processing device or database is presented, which includes a comparison module for comparing an attempt identifier with an account identifier, and a state-determining module for determining a state variable associated with at least one of the attempt identifier and the account identifier.
Abstract: A system for authenticating access to a data processing device or database is provided. The system includes a comparison module for comparing an attempt identifier with an account identifier, and a state-determining module for determining a state variable associated with at least one of the attempt identifier and the account identifier. The state-determining module determines the state variable by incrementing the state variable if the attempt identifier does not match the account identifier and if the state variable is less than a predetermined upper bound threshold, decrementing the state variable if the attempt identifier does match the account identifier and if the state variable is greater than a predetermined lower bound threshold, and authenticating the attempt identifier if the attempt identifier does match the account identifier and if the state variable equals the predetermined lower bound threshold.
Citations
More filters
Patent
23 Jul 2008
TL;DR: In this article, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device, and a method of using extended SCSI commands to communicate over a USB connection is provided.
Abstract: Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided.

18 citations

Patent
13 May 2010
TL;DR: In this article, a rotor-based encryption scheme was proposed for a low-cost key search while providing resilience against cloning, tracking, tampering and replay attacks, and the result is then compared with the received tag indicators to determine if the tag has been identified.
Abstract: The present invention describes a system and method for securely identifying and authenticating devices in a symmetric encryption system. An RFID tag can generate indicators using encryption state variables and a symmetric key. An RFID reader, after receiving the encryption state variables from the tag, may identify the tag by performing an exhaustive key search in a key database. Each key in the database may be tested by using the key and encryption state variables to perform an encryption operation similar to that performed by the tag. The result is then compared with the received tag indicators to determine if the tag has been identified. A rotor-based encryption scheme provides for a low cost key search while providing resilience against cloning, tracking, tampering and replay attacks.

11 citations

References
More filters
Patent
29 Aug 2002
TL;DR: In this paper, a method and system for controlling access, by an authentication server, to protected computer resources provided via an Internet Protocol network that includes storing (i) a digital identification associated with at least one client computer device, and (ii) data associated with the protected computers resources in at least a database associated with authentication server.
Abstract: A method and system for controlling access, by an authentication server, to protected computer resources provided via an Internet Protocol network that includes storing (i) a digital identification associated with at least one client computer device, and (ii) data associated with the protected computer resources in at least one database associated with the authentication server; authenticating, by the authentication server, the digital identification forwarded by at least one access server; authorizing, by the authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the authentication server, to the at least the portion of the protected computer resources upon successfully authenticating the digital identification and upon successfully authorizing the at least once client computer device.

185 citations

Patent
18 Mar 2002
TL;DR: In this article, a method and system for secure computational outsourcing and disguise is presented, where a first set of actual arguments and a second set of disguised arguments for an outsourced computation are determined.
Abstract: A method and system for secure computational outsourcing and disguise. According to an embodiment, a first set of actual arguments and a second set of actual arguments for an outsourced computation are determined. A first group of disguised arguments corresponding to the first set of actual arguments is prepared with a first computer. A second group of disguised arguments corresponding to the second set of actual arguments is prepared with a second computer. The first and second groups of disguised arguments are output from the first and second computers, respectively, for performance of the outsourced computation. A third computer performs the outsourced computation and returns a disguised result to the first and/or second computers. The first and/or second computers then unveil the actual result from the disguised result.

112 citations

Patent
10 May 2002
TL;DR: In this paper, a method for authenticating a user of a device comprises: generating at least one arrangement comprising a subset of a plurality of stored objects, the subset comprising at least 1 authenticating object that forms at least part of a user's authentication key and the sub-set further comprising at most one non-authenticating object.
Abstract: According to one embodiment of the present invention, a method for authenticating a user of a device comprises: generating at least one arrangement comprising a sub-set of a plurality of stored objects, the sub-set comprising at least one authenticating object that forms at least part of a user's authentication key and the sub-set further comprising at least one non-authenticating object, wherein such generating comprises randomly selecting a position within the at least one arrangement for the at least one authenticating object and randomly selecting the at least one non-authenticating object from the plurality of stored objects; presenting to a user the generated at least one arrangement; receiving input that comprises a selection of at least one of the objects from the at least one arrangement; and determining whether the selection identifies the authentication key.

112 citations

Patent
Bruce E. McNair1
21 Mar 1995
TL;DR: In this paper, a security system controlling access to a resource is arranged to operate such that when an attempt to access a resource using a password or PIN fails, the time interval "t" that must elapse before a subsequent attempt at access can be successful, is incremented.
Abstract: A security system controlling access to a resource is arranged to operate such that when an attempt to access a resource using a password or PIN fails, the time interval "t" that must elapse before a subsequent attempt at access can be successful, is incremented. By making the increments increasingly large (illustratively, an exponential function of the number "n" of unsuccessful attempts), repeated access attempts by hackers or other unauthorized users is discouraged, because they simply cannot wait the time needed to make a large number of trial and error attempts. On the other hand, valid users, while experiencing a delay prior to access, are nevertheless able to gain access, rather than being completely "lockedout". This approach is a better compromise between access control and denial.

81 citations

Patent
06 Feb 2002
TL;DR: In this paper, a first-class login token is provided to a user when a user successfully logs into an account, which entitles the user to one or more unsuccessful login attempts without experiencing delays the user would otherwise experience.
Abstract: When a user successfully logs into an account, the user is provided with a first-class login token, which entitles the user to one or more unsuccessful login attempts without experiencing delays the user would otherwise experience. If attempts with a second-class login token or an expired first-class login token is impermissible, a subsequent login attempt is subject to delays the user would otherwise not experience. The delays minimize the effectiveness of dictionary attacks. Additionally, if the user attempts to login without a login token or an invalid login token, the login attempt is impermissible and the user is provided with a second-class login token for use in a delayed, subsequent login attempt.

63 citations