Passwords have been used for guarding authorized access to computers and data for quite some time. However, password verification schemes are most reliable only when the password is manually entered by a human. It is nearly impossible for an unauthorized user to manually enter thousands, or even millions, of different "guess" passwords in an effort to discover the authorized password. The physical and time requirements of inputting many different passwords and awaiting clearance is enough to discourage unauthorized users. The password verification scheme is therefore quite reliable when human interaction is required.
Password verification schemes are not as effective, however, when human interaction cannot be guaranteed. Electronic-machines can be programmed to supply thousands or millions of "guess" passwords in a rather short period of time. Furthermore, the guess patterns are meticulous and comprehensive to avoid missing any possible permutation. Such electronics can often times quickly discover the appropriate password, thereby gaining access to the protected data. Accordingly, it is an object of this invention to provide an enhanced password verification scheme that protects against unauthorized access to data through the use of human or electronic-machine intervention.
One important area that passwords are used today is in the context of ATMs (Automated Teller Machines) owned by banks or other service providers. Bank members are given special ATM cards for use in the ATMs to permit automated access to the member's account. The ATM cards that are primarily in use today consist of magnetic-stripe memory cards that have a single magnetic stripe on one side. The magnetic stripe contains information regarding the bank, the member, and his/her account. The member inserts the mag-stripe card into the ATM and enters a four digit password or PIN (Personal Identification Number). The member is given three opportunities to enter the correct PIN. If the member fails the third time, access to the data is locked by the ATM for a period of time, such as 24 hours, before accepting a new set of PIN numbers. The member then has the option of waiting or personally taking the card to the bank to have the system reinitialized. The "three-misses-and-out" scheme guards against an unauthorized person who improperly gains possession of the ATM card and randomly enters many four digit PINs in an effort to gain access to the member's bank accounts.
Today, there is a movement toward use of "smart cards" instead of mag-stripe cards. A "smart card" is a credit card that has a built-in microcontroller (MCU) which enables the card to modify, or even create, data in response to external stimuli. The microcontroller is a single-wafer integrated circuit (IC) which is mounted on an otherwise plastic credit card.
The traditional mag-stripe ATM cards require password verification on-line with the ATM, where the locking and unlocking of data is done by the back end computer resident in the ATM. Since the ATM cards are single purpose (i.e., their only function is interfacing with the bank), losing access to the bank after three or four attempts is an acceptable form of security. Banks can simply replace the locked out ATM card because the banks already have all the information contained on the card. In contrast, smart cards are themselves a data processor that can be used for multiple purposes. Through the use of the processor, smart cards can perform password verification off-line without connection to a back end computer and are self-validating with the access security code resident thereon. A scheme where three or four failed password attempts cause the entire card to be locked is not useful in the smart card environment because locking the entire card might prohibit the smart card from being used for another unrelated purpose, like starting a car or gaining entry into an apartment building. Additionally, a smart card cannot be easily replaced by one entity (such as the bank) because the multi-purpose smart card stores much more data than that which is available at a single location outside of the card.
Conventional password schemes are not effective in the smart card context. Smart card readers are easy and inexpensive to emulate. Such readers can be programmed to check all possible access codes for a smart card in a relatively short period of time. Unauthorized persons might therefore be able to steal a user's smart card and gain access to its contents before any precautionary measures can be taken after the missing card is discovered.
It is therefore an object of this invention to provide a password verification scheme that can be used in the smart card environment which greatly reduces the chance of unauthorized access through electronic or manual means.