1. Field of the Invention
The present invention relates to the field of computer security systems and in particular to those systems for preventing unauthorized access to a time-shared computer which is normally accessed by remote users over conventional telephone lines and equipment.
2. Description of the Prior Art
Time shared computers, accessible over conventional telephone lines by a number of remotely located users, are particularly vulnerable to access by an unauthorized user and to serious disruption or damage to their data bases or programs by malicious and mischievous, unauthorized users. Typically, single or double level software passwords and codes have been employed to distinguish the authorized from the nonauthorized user. However, each of these software encryption systems are susceptible to software decoding, particularly where large numbers of permutations of possible codes and code structures can be searched and tested through the use of microprocessor decoding. A large number of possible combinations can be tried in a short time when a microprocssor is used for accessing.
Since it is no longer possible to secure access through a computer system by the mere number of possible combinations of single or multiple level passwords, the prior art has responded by providing increasingly complex coding and decoding systems, characterized not only by the mere number of possible passwords, but by the complexity of their interrelationships. See for example, Matyas et al, "Method for Authenticating the Identity of a User of an Information System," U.S. Pat. No. 4,218,738; Feistel, "Centralized Verification System," U.S. Pat. No. 3,798,605; and Peters, "Access Control System," U.S. Pat. No. 4,038,637.
The prior art has also attempted to make the access coding unbreakable by utilizing either nonrecurring routines, such as shown by Check, Jr., "Computer Accessing System," U.S. Pat. No. 4,310,720 or by incorporating random number generators in a manner as shown by Atalla, "Method and Apparatus for Securing Data Transmissions," U.S. Pat. No. 4,281,215.
Other prior arts systems for securing access to a computer system have used complex or user nonalterable passwords rather than complex enciphering. For example, Trice et al, "Remote Control Voting System," U.S. Pat. No. 3,525,811 shows a triple level system used for telephonic voting in which the voter provides the computer system with his voting registration number, his secret password, and a selected voice print. Only after all three passwords are authenticated, can the voter actually cast his vote.
Similarly, Caudill et al, "Computer Terminal Security System," U.S. Pat. No. 3,984,637 shows a remote terminal communicating with a time-shared computer through modems over conventional telephone lines wherein the remote user cannnot gain access to the local terminal until he provides the local terminal with an appropriate code word. Thus, the terminal cannot be locally activated without an appropriate password. The terminal then sends a user nonalterable code number to the computer to ensure that access to the computer from unauthorized terminals is prevented.
Constable, "Access- or Transaction-Control Equipment," U.S. Pat. No. 3,892,948 shows a remote computerized teller station in which a bank customer enters a password to gain access to a central processor handling the bank accounts. The remote teller station independently generates a code word based on the information provided by the customer which is then compared with a code word transmitted from the central processing station. The teller station then matches the two code words to determine whether or not to allow the customer access to the time-shared computer.
Each of these prior art systems suffer from the defect that the remote user can gain direct access either to the time-shared computer by his ability to arbitrarily enter access codes, or by his ability to gain direct access by altering or otherwise modifying what is intended to be user nonalterable code numbers. For example, in Caudill, the remote terminal independently sends a password to the time shared computer from a code transmitter physically contained within the remote terminal. The remote terminal can be opened and the thumbwheel switches used to change the otherwise user nonalterable number to falsely change an unauthorized terminal to an authorized one. Each of the other systems, including Constable and Trice, are systems which manipulate or process user supplied information which allows the user to arbitrarily enter as many passwords and password combinations as desired until access is accomplished.
What is needed then is a computer security system which is simple and yet provides a security barrier that cannot be decoded or user altered to gain access to a time-shared computer, even with the aid of computer assisted decoding.