Many electronic systems are in use that require a user to identify himself before being granted access to the system. These systems include computer networks, automated teller machines (ATM's), automated databases such as LEXIS.TM., banking systems, electronic mail systems, on-line providers such as America On-Line (AOL).TM., stock-trading systems, educational institutions, payroll accounts, and a great variety of additional applications. To ensure that the information on these systems is protected from tampering, destruction, or misuse, most of these systems employ some type of security. Security is especially important when information is made easily available to a large community of potential users in multiple locations on networks.
System security typically can include physical, procedural, and technical mechanisms. However, most systems rely on one or more of three basic methods of identification and authentication, each of which requires something of the Prover (the terms "Prover" and "user" are used interchangeably throughout the Specification):
something the Prover knows (e.g., name and password); PA0 something the Prover has (e.g., identity badge); or PA0 something the Prover is (e.g., finger print).
Security systems commonly rely on something the Prover knows even when applying something the Prover has. The most widely applied approach to "something known" is the use of name and password in computer systems. Even recent security improvements (e.g., smart cards, firewalls, digital signatures) rely on traditional passwords and user ID's to identify and authenticate users when granting access.
Most authentication methodologies rely on the presence of a complete set of authentication information at every stage of the process (e.g., name and password). The typical process is that the user knows the complete set of authentication information, and inputs the complete set into a computer or terminal. The complete set is transmitted to a secure application and compared there to a set of stored authentication information. At each stage of the process, the necessary complete set of authentication data is exposed to interception and possible unauthorized use. This is especially true in the case of networked computer environments.
To ensure good security, passwords must be difficult to guess or decipher. Thus, users are advised to avoid "weak" passwords such as names (e.g., that of one's spouse, pet); easily obtained information (e.g., phone number, birthday); dictionary words; the same password for multiple systems, etc. To reduce the threat of unauthorized access, computer security experts often recommend that a user password contain only mixed letters and numbers in seemingly random strings (e.g., 87SFs81R9) and that it be changed often. Undetected unauthorized access could easily occur when a password is discovered, intercepted, or guessed.
The problems with such an approach are twofold. First, because human users typically find it easier to remember passwords that have a context to the user (e.g. a word or date), the passwords they choose typically are not difficult to guess. A study of the range of passwords chosen by computer operators found that one third of all user passwords could be found in the dictionary. Such passwords are vulnerable to commonly available software that can try every word in the dictionary as a password.
Second, the problem of "password overload" is resulting in many breaches of carefully planned security techniques. An increasing number of applications require that users follow an authentication process that typically includes presenting some form of a name and password to gain access. If users comply with security standards, they must memorize a seemingly random string of letters and numbers for each application. Further, most secure applications have their own interfaces and may require something unique of the user. Some review users' passwords and restrict the type of password that the user can use and how long the password may be valid. However, the vast majority of applications do nothing to simplify the process for users and instead make it more complex.
Ultimately, the difficulty with remembering a multitude of passwords for a multitude of applications encourages users toward bad habits. Users select weak passwords, share them, and maintain vulnerable password lists, often sticking passwords directly onto their computer. In effect, users themselves are the weakest link in most secure applications and systems, making the systems vulnerable to easy breach and unauthorized access.
Thus, there is a need for a type of password authentication system that can satisfy the two seemingly conflicting goals of being easy for the user to remember and difficult for anyone else to figure out.
One prior art solution to solving this problem is the technique known as "single log-on" or "single sign-on," typified by U.S. Pat. No. 5,241,594. In this technique, a user logs on to his or her user computer just once, using a conventional user ID and password. When the user needs to access a remote computer or application, the ID and password that the user just entered are encrypted and transmitted to the remote computer, using a secure transport layer protocol between the user's computer and the remote computer. The secure transport layer protocol is established either using special software on the user's computer or using a separate server. The encrypted password is then compared to a database of encrypted passwords stored in a central location, typically on the server or the remote computer. In addition, all systems that the user wants to access must use the same password.
However, the requirement that every computer or application in the system (i.e., the user computer and all remote computers) have the same password means that this technique may not work for all systems. This method may be unusable with remote computers or applications having complicated or atypical authentication requirements. Thus, many single sign-on applications are compatible with a limited number of applications. Moreover, most commercially available versions of single sign-on systems utilize the separate server method, which complicates and adds expense to the authentication process. Additionally, many commercially available systems require that all compliant applications use the same security protocols, hardware interfaces, etc., limiting the applicability of such systems. Therefore, there exists a need for a simple, yet secure, authentication system that does not require additional hardware and will work with systems having varied authentication techniques and requirements.