The present invention is generally directed to communications between computers in a network computing environment, or the like, and more particularly to the protection and administration of passwords that are used to authenticate one computer to another during communications between them.
As the use of personal computers in the workplace increases, it is becoming commonplace to interconnect those computers by means of a local area network, or the like. In one form of local area network, each user node might comprise a fully-featured personal computer or workstation. For instance, an individual user""s computer might include one or more permanent storage devices, e.g., hard disk drives, a dedicated printer, and a modem for communications external to the network.
As the sophistication and use of local area networks continues to evolve, more and more functions are being provided by centralized network servers, rather than the individual workstations themselves. For example, to facilitate backup and retrieval, it has become a common practice to store all data files on a network file server, rather than on local media at the individual workstations. Other types of services are also being handled at the network server, for example external connections to remote sites. Consequently, there has been a move toward so-called network computing, which reduces the need for fully-featured computers at each user location. Typically, the network computer at each user node in such a system might consist solely of a microprocessor, random access memory, input devices such as a keyboard and mouse, and a display monitor. All other devices associated with the computing environment, e.g., file storage, modems, printers, etc. are associated with, and controlled by, the network server. Since the individual terminals located at the user nodes contain a minimal amount of hardware, the cost of this type of arrangement is significantly less than a local area network which employs personal computers, or similar types of fully-featured computers, at the user nodes.
The network computer typically does not provide local file storage capabilities. As a result, it is necessary to download required software, such as the computer""s operating system, application programs, and the like, from the network server after a connection has been established. For security purposes, requests for access to file storage at the network server must be authenticated by means of a password. If the network computer itself does not have non-volatile memory to store the password between different sessions, the password is provided to the network computer by the server as part of the boot process. This transmission of the password via the network raises a different security issue, however, since it is potentially capable of being obtained by an unauthorized user when it is transmitted from the server to the network computer. In such a case, the unauthorized user may also be able to gain access to files on the network server, or other network resources.
Accordingly, it is an objective of the present invention to provide a communications process which permits a computer to be authenticated to another computer, such as a network server, by means of a password, without compromising the integrity of the password in a manner that would permit unauthorized access to computer system resources.
In accordance with the present invention, authentication of a request by a computer for access to system resources is accomplished by means of a randomly generated password that can only be used a limited number of times. In an exemplary embodiment of the invention, when a network computer is turned on, it sends a boot request to a network server. In response, the network server generates a random password, and stores the password in a file to indicate that it is associated with the network computer that issued the boot request. In addition, a use counter is set to a value which indicates the number of times that the password can be used for access to network resources, preferably once. This password is transmitted to the network computer, which then uses it to initiate a session with a network file server, and mount a storage volume. Once the storage volume has been mounted, the network computer has access to the files on that volume, and the password is no longer needed. Consequently, the network server invalidates the password, by setting the use counter to zero. As a result, even if the password becomes known to an unauthorized user as it is being transmitted from the network server to the network computer, it cannot be subsequently employed to gain access to any network resources.
Further features of the invention, and the advantages provided thereby, are explained in greater detail hereinafter with reference to an embodiment of the invention illustrated in the accompanying drawings.