1. Field of the Invention
This invention relates to computer key and computer lock devices and a system incorporating the devices which provides a secure password for remote computer access. More particularly, it relates to a portable device which generates a series of unique passwords which change continually with time. It further relates to an interface which communicates with the password generating device to control access to the computer by receipt of a valid password generated by the password generating device. Together, the password generating device and the interface device constitute a lock and key system for secure remote computer access.
2. Description of the Prior Art
Remote password generating devices and interface devices connected to control access to a computer are known in the art. For example, a system incorporating such devices is disclosed in U.S. Pat. No. 4,310,720, issued Jan. 12, 1982 to Check, Jr. In the system there disclosed, a portable access unit generates a sequential series of access codes, with a different one of the access codes being used each time a computer is accessed with the unit. An access controller connected to the computer generates a corresponding series of access codes. If the access codes generated by the two devices match, the access controller grants access to the computer. The two devices generate the access codes on the basis of a user password and a pseudo-randomly generated number. The devices and system there disclosed provide password security because the password itself is never transmitted and is therefore not subject to interception. However, a significant problem with the system there disclosed is that the portable access unit and the access controller must stay at the same point in the sequential series of access codes. In practice, remote accesses to computers are often interrupted before completion. Also, through user error, an access code may be generated with such a portable access unit when it is not communicating with the access controller. For these reasons, it is very easy for the two access code sequences used in the Check system to be at different points in the sequences, so that the portable access unit is no longer effective for obtaining access to the computer.
A variety of other computer security systems are also known in the art. The problem of computer security has become a very hot issue recently, with the movie "War Games" and the problems with "hackers" finding their way into time-shared computer systems. The problem of computer security is much more widespread than keeping hackers out of ARPANET or starting a war by entering the computers which control our missiles. Making entry into an unauthorized computer system illegal does not physically prevent anyone from entering the system. A computer with no access control is very close to leaving a bank vault door open and then saying that it is illegal to walk in and take the money. Computer systems now contain the accounting systems for a very large number of businesses, both large and small. These books were formerly locked in safes so that competitors would not have access to the information. Now the books are stored on a computer which has a telephone access and is open to anyone who has a terminal or computer with a modem attached to it. The vault doors are now wide open to anyone.
Many computers are protected with a system of passwords. Each user has his own password, and this is the key to the system. However, passwords are notoriously easy to crack. Many people devise passwords which are easy to remember. They use their wife's name, dog's name or even their own name. Most small computers do not have any security at all. A small business person will hook up a personal computer to the telephone lines for remote access, and in effect open the vault doors to anyone.
To prevent unauthorized access, computers which do classified work usually do not have telephone connections. The computers are locked in vaults with combination locks and all the mass storage, such as disks, are protected very carefully. Security for classified computers is very strict, but such techniques are not practical for most applications.
Computers used for unclassified work are not as well protected. Most such computers at best have only password protection. Another commonly used approach is a call back technique. The user calls the computer and will receive a special tone. The user then keys in an access code using the touch tone keys on the telephone. The response from the computer is a distinctive tone or a message asking the user to hang up. Both the computer and the user now hang up the phone and the computer dials the user at a predetermined phone number.
There are a number of disadvantages with a system of this type. First, the user must be at a predetermined telephone number and cannot move around. Sales people and others who need computer access while traveling would have a lot of trouble with this system. Second, someone who is determined to enter the system can defeat it by diverting the phone connection or other techniques.
Some computers utilize a Digital Encryption Standard (DES) encryptor to encode messages transmitted. The DES encryptor is a system developed at IBM and authorized by the National Security Agency to encrypt data commercially. The DES circuit is available from several sources and is quite secure. This approach involves encrypting the whole message and therefore makes the whole transaction secure. For many purposes, this approach is overkill.
Another encryption scheme is called the public key encryption system. This system is based on the use of so-called "trapdoor functions." Trapdoor functions are arithmetic calculations which are easy in one direction but very difficult in the reverse direction. There are several of these functions known. One function is called the Knapsack problem. This method was broken a couple of years ago. Another function is called the RSA algorithm, named after R. Rivest, A. Shamir and L. Adelman at MIT. The RSA algorithm is based on the idea that it is easy to generate a large number by multiplying its prime factors together, but very difficult to find the prime factors of a large number. Recently, someone has factored a 55-digit number on a Cray computer. Given sufficient computer power, the RSA algorithm may someday become insecure. To factor numbers this large, immense computer power is required. The public key system is still pretty safe.
The public key system allows a user to provide a secure signature. The public key system has two keys. The private key is known only to the user, and the public key can be published in a book. If someone wants to send a message to the user, he can look up the user's public key in the book and encode the message using the public key. The user is the only one who can decode the message, using his private key. If the user needs to generate his signature, he can encode a message in his private key and it can be decoded with the public eye. Since he is the only one who can encode the message in his private key, anyone who decodes the message using the public key knows that the user is the only one who could have sent the message. This technique provides an authentic signature, but the public key book must be carefully controlled to prevent an imposter from publishing his own public key in someone else's name. The public key system is a good way to build a password protection system, but it requires an immense amount of computation and very long keys to be effective.
The following additional patents relate generally to data processing system security and password identification: U.S. Pat. No. 3,890,601, issued June 17, 1975 to Pietrolewicz; U.S. Pat. No. 4,218,738, issued Aug. 19, 1980 to Matyas et al.; and U.S. Pat. No. 4,445,712, issued May 1, 1984 to Smagala-Romanoff.
A further indication of the state of the art in computer security and password techniques is supplied by Wood, Charles C., "Effective Information Systems Security with Password Controls", Comput. Secur., Volume II, No. 1, January 1983, pp. 5-10; Calhoun, G., "Decoding the `Secret End` Password is an Easy Key to Computer Fraud", Telephony, Vol. 204, No. 14, pp. 45-46, 4 April 1983; Dotto, L., "Computer Security - Keeping Data Assets Secure", Can. Datasyst., Vol. 15, No. 2, pp. 30-35, February 1983; and Damerau, F. J., "Terminal Security Via a Light-Pen-Readable Key Card", IBM Tech. Disclosure Bull., Vol. 22, No. 5, p. 2154, October 1979.
Thus, while the art pertaining to computer security is a well developed one, a need still remains for further improvement in devices and systems for controlling computer access, particularly in a commercial environment, and especially for smaller computers.