Many different types of computing systems have attained widespread use around the world. These computing systems include personal computers, servers, mainframes and a wide variety of stand-alone and embedded computing devices. Sprawling client-server systems exist, with applications and information spread across many PC networks, mainframes and minicomputers. In a distributed system connected by networks, a user may access many application programs, databases, network systems, operating systems and mainframe applications. Computers provide individuals and businesses with a host of software applications including word processing, spreadsheet, accounting, e-mail, voice over Internet protocol telecommunications, facsimile, and a growing list of simulation, modeling, analysis and tracking functions.
For example, businesses often employ a wide variety of computing applications to support critical work activities such as accounting, customer support, engineering and sales. Government entities often use computers to track statistical and project data. Individuals and families often use computers for word processing, homework, research, telecommuting, games, news, stock market information and trading, banking, shopping, shipping, communication in the form of Voice over Internet protocol (VoIP) and email, as well as many other activities. In fact, for millions of businesses and individuals, computers represent an essential tool for their livelihood. Corresponding to their variety of uses, computers are physically located in a wide variety of locations, including physically secure buildings, the home office, trains, airplane terminals, etc. Users transport mobile PCs such as laptop computers over distances into and out of unsecured areas.
Because of the utility and widespread use of computers, one of the prominent features of computers is the creation, storage and use of digital data. The vast majority of computer programs create, store and use digital data as part of their functioning. The nature of this data can be trivial, say related to a video game, or alternatively the data can be essential trade secret business information whose value to its owner far outweighs the value of the computer that contains it. Many computers store most of their non-volatile data as hard-files on hard disk drives (HDDs). For example, users of business computers, including laptop computers in particular, containing valuable stored data are transported to many different locations outside of the more secure confines of the business environment. In this manner, users carry valuable and confidential data store in computers to unsecured areas where they are more likely to be lost or stolen.
Thus, computer systems store and transfer large amounts of confidential information. To protect this information, systems, software applications, and databases currently offer password protection, leading to many users being responsible for a large and increasing number of passwords. To use these systems and applications, the user must issue separate sign-on commands for each specific system or application. Indeed, a user may encounter ten or more different login sessions during a working shift, and these often are different interfaces with different user ID and authentication information, usually passwords. This places the user under a significant burden to remember passwords and other authentication.
As the number of software applications and their associated passwords proliferate, so does the difficulty for the users to keep track of all those passwords. To manage those passwords some users select the same password, or a small set of passwords, using the same password for different applications, databases and systems. Often the user will choose a password that is simple to remember. Some users keep their passwords written in an unprotected file on the very computer they seek to protect. An unauthorized person may therefore discover or guess a user's password and gain access to the user's information and software. Further, even simple passwords are forgotten through infrequent use. When the user forgets a password, he or she must retrieve it from a written source, or a system administrator may have to reset the password. If this is not possible, the information associated with the password is lost.
The loss of password-protected data can have a significant, negative impact on the owner or user of that data. For example, original business data accumulated at considerable expense that becomes lost may require a second expenditure of finds and efforts to recreate that data. For this reason, computer owners such as businesses often avoid password protection of data, especially hard disk drive data, to avoid costly losses, thereby defeating the entire password-protection scheme for HDDs and other storage devices. Indeed, software applications frequently give the user the opportunity to store the chosen password and to “remember” it next time the user logs on to the application. This too defeats security.
Methods called Single Sign-On (SSO) or Secure Single Sign-On (SSSO) enable a user to logon to a host of applications, systems, and databases using a single password. A single sign-on system should provide secure storage of user passwords, support for more than one user password, as well as support for multiple target logon methods. One approach is to encrypt a password and use it to gain access to all the user's systems and applications. This weakens system security. If an unauthorized person discovers the password, he or she obtains access to all the information, systems and applications covered by the password.
Further, different programs and systems have their own distinctive password requirements. It is problematic therefore to use the same password for multiple targets. A more limited approach seeks to reduce the number of passwords a user must remember without using a single password for all user information, applications and systems. Thus, there is a need to reduce the number of passwords that a user of a computer system must remember and enter while providing password security.