Numerous techniques for limiting access to computer systems (also known as access management) and software (also known as software protection), and for enabling secure communications of data are practiced. In multiuser systems it is typical for each user to have an identification code and/or a password which the user must enter before gaining access to the system. Security of the system can be compromised when an authorized user reveals his or her identification code and/or password to unauthorized persons or the access code is discovered by a systematic attack such as that used by hackers.
Another technique employed, particularly with respect to application software that is provided on magnetic diskettes, is to encode on the diskette a protective routine that prevents the making of usable copies with standard copy methods. This technique has had only moderate success in preventing unauthorized use or unauthorized copying because programs for disabling such protective routines are widely available.
Further techniques for securing computers, software and communications include the use of seemingly random generated passwords affording the appropriate access. In some systems, these passwords are generated independently of where access is desired and in other systems the random passwords are generated in response to an inquiry or stimulus from the computer, software or communication source to which access is desired. For these types of systems, there are a number of approaches used by hackers and those intent on stealing valuable information in order to break into the system. One of the approaches is known as the "table attack" or "clear text attack." In the table attack, a table is built out of the relationship between the stimulus and the response or password generated therefrom. If the system for controlling access is relative static, a table can be built in a relatively short time so that given any particular stimulus, one intent on breaking into the system can determine the appropriate password from the table.
Another approach to break into such systems is known as the "cypher text attack." This approach is appropriate when the response or password results from a known or predictable stimulus. An analysis of the relationship between the stimulus and the response using standard cryptographic analysis techniques allows passwords appropriate to the future to be predicted.
Still a further approach or attack applicable to time dependent devices is time compression. This is accomplished by speeding up the clock to generate passwords appropriate to the future so as to more rapidly build a table for one of the other types of attack. Accordingly, when the future time arrives, the password is known and used to break into the system.