There are many applications where information resources, such as databases, are maintained, which resources containing sensitive information to which authorized individuals require access, but to which there may be legal, moral, privacy, business or other reasons for denying access to unauthorized individuals. Examples of such resources or databases include medical records at a hospital or other medical facility where selected personnel, such as doctors or nurses working with a particular patient, may require access to such records without undue delay while at the same time such records are not made available to other hospital personnel not having a need to know or to nonhospital personnel. Similarly, companies may have engineering, business, accounting, or other company records in a data processing system, with authorized individuals requiring easy access to only selected portions of the database and with access otherwise being denied. A resource may also be a building, room, file cabinet, safe, container or other area or item to which it is desired that access be limited only to authorized individuals. The term "resource" as used hereinafter will generally be considered to include both information resources and these other types of resources.
Heretofore, control of access to such resources has been primarily achieved by use of a personal identification code (PIN) or password known only to the user which the user keys or dials into the system before making an access request. However, since this is a static value, an unauthorized individual may surreptitiously learn an authorized party's PIN by for example monitoring a data line over which such PIN is being transmitted or surreptitiously observing the PIN being inputted. The fact that the PIN has been compromised may not be learned for some time during which large quantities of data or other resources may be improperly obtained and/or used. Further, once an individual has access to the system, he may make changes in the database or other resources which may cause additional serious problems to the organization.
Password systems use only one of the three possible factors which are available to provide a secure system, namely, something the user knows. The other two factors are something an authorized individual has, for example a token, and something the individual is, for example a biocharacteristic. More secure resource access systems involve at least two of the factors, normally something the individual knows and something the individual has in his possession. However, it has been found that tokens containing a secret (i.e. nonobservable) static code value are also subject to surreptitious detection by for example the monitoring of a line over which such value is being transmitted. This problem is being exacerbated by the more extensive use of local and wide area networks and by the use of radiowaves to transmit data. It is also possible that the token could be "borrowed", read by a suitable device to obtain the secret user code and then returned before the owner realizes it is missing. In either event, the token containing the code could be recreated and used for some period of time to gain access to sensitive information within a database or to other information resources without detection. Therefore, improved "smart" tokens, such as those disclosed in U.S. Pat. Nos. 4,720,860 and 5,023,908 and various related patents have varied the values stored in the token, or at least the value outputted from the token, in accordance with some algorithm which causes the values to vary in a nonpredictable way with time so as to provide unique one-time codes.
However, while such devices have provided significantly enhanced security for secret access codes, and therefore significantly enhanced security for the data processing system, database or other information resource with which such devices are being utilized, a "smart" card (which for purposes of this application as defined as a card having data processing capability) has been required to use such systems. Smart cards are usually somewhat larger and heavier than a standard credit card and are significantly more expensive. Since these devices are typically battery-operated, they also have a finite life, typically about three years, and need to be replaced at the end of such time, further increasing the cost of their use. For systems having large numbers of authorized users, this expense can become substantial and, in conjunction with some resistance to the bulk of such cards, has limited the applications of such systems.
A need therefore exists for an improved secure access technique which provides the advantages of one-time code and the possibility of two factor security while permitting the use of inexpensive and relatively small tokens, which tokens may have a theoretically unlimited life.