The invention relates to computer access authentication methods generally and in particular to a computer access authentication method using a randomly selected challenge and response pair set stored in memory.
Computer security in a distributed computer system or network is essential if unauthorized intruders are to be prevented from accessing sensitive or classified information or data within the computer system.
One common authentication method is the use of a password which is selected by a particular user and stored in the computer. Each new log-on session generates a prompt for the user to enter the password. Only when the entered password matches the pre-stored password is the user granted access to the computer system.
However, studies have shown that most users select passwords that are easy to remember and are generally personal in nature or are controlled by password rules that require lengthy combinations of upper and lower case numbers or non alphanumerics. These factors enable such passwords to be easily guessed by an individual having only a small amount of personal information about a particular user.
Challenge authentication protocols are also known which provide a series of challenges and responses which must be correctly answered by a user in order to gain access to a computer system. However, the challenge and response pairs typically remain unchanged over a long period of time and are generated in the same sequence from session to session. This makes the responses easier to guess by an unauthorized user surreptitiously observing a user during a log-on event.
Thus, it would be desirable to provide a computer access authentication method which provides increased computer security while still enabling user selected passwords to be employed. It would also be desirable to provide a computer access authentication method which can be easily implemented in most computer systems and computer networks.
The access authentication method of the present invention increases computer system security by requiring a user to provide a number of responses to randomly selected challenges for each log-in session. At the same time, the challenge and response pairs, formed of simple personal word pair association which the user would be instructed to use and which specifically unique to the user. This would enable the user to more easily provide the correct response to each randomly selected challenge from his/her memory so as to eliminate the need for the user to write down the correct responses.
The present method also includes a step of preselecting a total number challenges to be issued in each log-in session. The method also includes procedural steps to enable a user to pre-select each challenge and response pair in the set.
Each optional challenge can be displayed by the computer on a display or monitor, with the individual responses entered by a key pad or other input device, such as voice recognition, and also displayed on the monitor.
In another aspect of the invention, the method includes the step of establishing a maximum time for the user to input correct responses to each of a predetermined number of randomly selected challenges. If the correct number of responses are provided by the user within the established maximum time, access is granted to the computer system.
In a further aspect, the user is permitted a predetermined number of mismatched responses. If he or she is unable to correctly input a matching response before exhausting the predetermined maximum number of permissible mismatches, access to the computer is denied.
Still another aspect of the invention permits the user to update the set of previously chosen challenges and responses by prompting the user after a predetermined number of log in sessions. For further security, a high level security authorized user must first authorize the updating of the set.
Other objects, advantages and applications of the present invention will become apparent to those skilled in the art when the following description of the best mode contemplated for practicing the invention is read in conjunction with the accompanying drawings.