1. Field of the Invention
The present invention relates to restricting access to computers and more particularly to a system and method for providing temporary remote access to a computer.
2. Description of Related Art
Businesses today typically store information on file servers connected to local area networks in their respective places of business. Employees connected to a local area network can gain access to information on a local file server if certain security criteria is met. For example, a traditional form of security requires the user to enter a username and password to authenticate the identity of the user. An employee entering his or her username and password will likely have read and write access to certain groups of files and read access to certain additional files on the file server. The typical user thus has limited access to files, and further cannot gain access to administrative facilities for the configuration and maintenance of the file server, which are usually reserved for a system administrator.
Through the proliferation of wide area computer networks, extranets, the Internet, and other forms of remote computer access, a computer user can log into a local area network from a remote location and access and/or destroy files on the file server. Although remote access to a computer network provides many advantages for a business, it also leaves the business more vulnerable to unauthorized and possibly destructive use of their computers.
Similar to the protocol used in a local area network, computer security for remote users is generally accomplished through the use of a username/password combination that uniquely identifies the user. Although virtually any combination of letters and numbers can be utilized for usernames and passwords, the use of a username/password combination provides a low level of security. Usernames on a network generally have a fixed format (e.g., first initial and first 7 letters of the user""s last name) and are often equivalent to an email address. In addition, user""s typically select passwords that are easy to remember such as the names of children or pets. An unscrupulous hacker can often guess a username/password combination with minimal information about the user, or can acquire the username/password combination by xe2x80x9ceavesdroppingxe2x80x9d on the communications link between the remote computer and the network.
Another method for restricting access to a computer network involves the use of hardware tokens or dongles that must be physically connected to a remote user""s computer before access will be granted. The server can be programmed to periodically check that a particular hardware device is connected to the remote computer, and terminate the remote access if the hardware device is not present. These hardware devices generally include username/password information or other information, such as a serial number, that can be used to identify the presence of the correct hardware device. Some drawbacks with these hardware devices include the difficulty of changing a user password, and in the case where the hardware device is lost or stolen, the ease at which a new owner can gain access to the system.
Despite the aforementioned problems, the use of a username/password combination and/or the use of hardware devices provides sufficient protection for most businesses. The information stored on a file server is often xe2x80x9cbacked-upxe2x80x9d on a daily basis, and if an unauthorized user (i.e., xe2x80x9chackerxe2x80x9d) is able to gain access to the computer system, the hacker will likely have limited access to files (e.g., only have access to the files of a single user), thus exposing the company to minimal risk. An extra level of security may also be added for high-level passwords to prevent their use from remote locations. For example, the system administrator who must perform maintenance or administrative functions may be required to access the computer network through a computer terminal that is physically connected to the file serverxe2x80x94e.g., a terminal in the same room as the file server. As discussed above, a system administrator can have virtually unlimited access to the computer system through a username/password that provides access to system administration, configuration, and maintenance functions, as well as access to all of the files stored on the file server. Because a potential hacker must be physically in the room to gain access, hacking into the system from a remote location as a system administrator would be nearly impossible.
When a computer network requires maintenance, troubleshooting or a software upgrade, the manufacturer or vendor may need access the computer network as a high-level user, such as a system administrator. With fast speed modems and dedicated communications links, it is often beneficial to access the computer networks remotely to perform the necessary maintenance. As discussed above, if a standard username and password are used, the entire computer system can be made vulnerable to hackers. Although a hardware token or dongle can be used to restrict access, if such a hardware device is lost or stolen, it could provide an unauthorized user with unrestricted access to the computer network. Because such maintenance is temporary in nature, there exists a need in the art for a system and method for providing secure temporary access to a computer system from a remote location.
The present invention satisfies a need in the art by providing a system and method for providing secure temporary access to a computer system from a remote location through the use of a perishable password.
In one embodiment of the present invention, a method for providing temporary remote access to a host computer from a remote computer is provided. First, a dongle is provided, which includes a processor, a non-volatile memory, and a program memory for storing program logic for controlling the processor. A date range is selected, including a starting date and time for the temporary remote access and an ending date and time for the temporary remote access, and stored in the non-volatile memory of the dongle. The dongle is then connected to the remote computer.
Through the remote computer, a communications link is established with the host computer, such as through a direct telephone connection or over the Internet. The host computer will grant remote access to the remote computer only if a system date from the host computer is within the date range stored in the non-volatile memory of the dongle connected to the remote computer. To ensure that remote access is not granted outside of the date range stored in the dongle, the dongle is deactivated if the remote computer attempts to access the host computer when the system date is outside of the date range.
The method may further include selecting an encryption key and storing the encryption key in the non-volatile memory of the dongle. The dongle further includes an encryption algorithm which can be used to encrypt a seed in accordance with the encryption key. Before allowing remote access, the validity of the encryption key is determined. If the encryption key is invalid, remote access to the host computer will not be granted.
In addition, a second dongle may also be provided, including a second processor, a second program memory for storing program logic for controlling the second processor and a second non-volatile memory. The second program memory includes a copy of the encryption algorithm stored in the first dongle. A copy of the encryption key is also stored in the second non-volatile memory. The second dongle is then connected to the host computer. Access to the host computer will only be granted if the encryption key in the dongle connected to the remote computer is equal to the copy of the encryption key stored in the second dongle connected to the host computer.
One way to verify that the encryption keys are identical is through the encryption algorithm. The host computer selects a unique seed and transmits the unique seed and the system date to the remote computer over the communications link. If the system date is within the date range stored in the non-volatile memory of the dongle, then the unique seed is encrypted by the encryption algorithm in accordance with the encryption key and provided to the remote computer. Otherwise, the encryption key is altered and the unique seed is encrypted using the altered encryption key, thus producing an invalid encryption result. The encrypted result is then transmitted to the host computer. The host computer performs its own encryption of the unique seed through the second dongle which utilizes the encryption algorithm stored in the second dongle in accordance with the stored copy of the encryption key to return to the host computer a second encrypted result. The host computer then compares the encrypted result received from the remote computer to the second encrypted result, and allows the remote computer to access the host computer only if the two results are equal. While the remote computer is accessing the host computer, the host computer may periodically verify that the dongle is still connected to the remote computer by rechecking the encryption key in the dongle.
Further, an access counter may also be included to limit the number of remote accesses available for the dongle. A number of allowable remote accesses is selected and stored in the access counter of the dongle connected to the remote computer. Each time an attempt is made to access the host computer, the access counter is decremented by one. Remote access to the host computer will be denied if the access counter equals zero. For example, the dongle may include logic to alter the encryption key when the access counter equals zero.
In another embodiment of the present invention, a system for providing temporary access to a host computer from a remote computer is provided. The host computer maintains a system date and is connected to the remote computer through a communications link, such as the Internet. The system includes a first dongle and a second dongle. The first dongle is adapted to be connected to the host computer, and includes a first program memory for storing an encryption algorithm and a temporary memory for storing an encryption key for use with the encryption algorithm. The second dongle is adapted to be connected to the remote computer, and includes a second program memory for storing a copy of the encryption algorithm and a non-volatile memory for storing a copy of the encryption key for use with the copy of the encryption algorithm. The copy of the encryption key cannot be read by the remote computer without an access key to the dongle; the access key is not provided to the remote user in the preferred embodiment.
A date range is stored in the non-volatile memory of the second dongle, and includes a starting date and time for the temporary access and an ending date and time for the temporary access. The second program memory further includes program logic for altering the copy of the encryption key in the non-volatile memory of the second dongle when an attempt is made to access the host computer on a date outside of the date range.
The system may also include a computer-readable storage media. In one embodiment, a first computer-readable storage medium includes program logic for controlling the host computer to perform the steps of: waiting for the remote computer to request access to the host computer; transmitting the system date to the remote computer; selecting a unique seed and transmitting the seed to the remote computer; encrypting the seed through the first dongle to receive a first encrypted value; receiving a second encrypted value from the remote computer; and comparing the first encrypted value with the said second encrypted value, and allowing the remote computer to access the host computer only if the first and second encrypted values are equal.
A second computer-readable storage medium may be provided and may include program logic for controlling the remote computer to perform the steps of: requesting access to the host computer; receiving the seed and system date from the host computer; instructing the second dongle to encrypt the seed in accordance with the copy of the encryption algorithm and encryption key stored in the dongle, thereby obtaining a second encrypted value; and transmitting the second encrypted value to the host computer.
A more complete understanding of the System and Method for Providing Remote Access to a Computer will be afforded to those skilled in the art, as well as a realization of additional advantages and objects thereof, by a consideration of the following detailed description of the preferred embodiment. Reference will be made to the appended sheets of drawings which will first be described briefly.