1. Technical Field
Embodiments generally relate to techniques for controlling access to one or more computer resources. More particularly, certain embodiments provide a method for securely exchanging an authentication factor for use in authenticating a local user of a computer platform.
2. Background Art
In today's society, it has become necessary to protect information stored within a computer in order to prevent unauthorized persons from downloading information onto a floppy disk, digital tape or other type of storage device. In certain situations, this information may be sensitive in nature such as a trade secret or privileged information. The importance of controlling user access to information stored on a computer has encouraged the creation of different access control mechanisms.
Many conventional access control mechanisms are operating system (OS) dependent. For example, in a computer-based password mechanism, user authentication involves the OS requesting the user to manually enter a password after completion of the boot process. The password may be entered via an alphanumeric keyboard or a keypad. If the entered password matches a password locally stored at system configuration of the computer, the user is granted access to the stored information.
Another type of access control mechanism is a smartcard authentication mechanism. Smartcards are an attractive approach for user authentication due to their convenient form factor and ease of use. However, similar to the other control access mechanisms, user authentication is based on the correct operations of the OS initiating an exchange of messages with the smartcard.
These above-described user authentication techniques are prone to a number of disadvantages. For example, due to their OS dependency, they are subject to deliberate virus-based corruption, which could result in the installation of a backdoor to circumvent the authentication software. More specifically, the virus may modify the “login” portion of the OS so that when a special key combination or sequence is entered, user authentication functionality would be entirely bypassed.
Hence, it is desirable for a more robust user authentication technique, independent of the operations of the OS, for controlling access to platform resources.