The present invention relates generally to computer security and, more specifically, to the authentication of users and other entities on a computer system.
Those skilled in the art understand that authentication is a very important part of computer security, and that authentication may be implemented on several levels. Merely by way of example, a computer's operating system may require user authentication before allowing access to the computer itself, and/or various applications (including without limitation relational database management systems (“RDBMS”), such as Oracle Corp.'s Oracle 10 g™ RDBMS) can require authentication before allowing access to the application (and/or any databases, files, etc. used by the application). Some operating systems and/or applications offer a “single login,” whereby a user can authenticate once (e.g., at the operating system level), and the software thereafter will perform additional authentication (as necessary) on behalf of the user (e.g., by storing additional usernames/passwords, by providing other verification of the user's identity, etc.). There are many other forms of authentication well known in the art.
One common way to authenticate an entity (such as a user) is by requiring the entity to provide a username and a password. This is particularly common in situations in which a user operating a client computer desires access to a resource (operating system, application, etc.) on a server computer, although password authentication is not uncommon on a single-computer system (such as a user's home PC) as well. In such situations, the operating system, application, etc. (which may be on the server) generally will store the user's username and password (often in an encrypted file, as a hash table, etc. for security), and will compare the provided username and password with the stored information. If the provided username and password match the stored information, the user is considered authentic and is thereafter allowed to access whatever resources were protected by the authentication.
Although common, the username/password scheme suffers from a variety of security vulnerabilities. Merely by way of example, if the stored usernames and passwords are insufficiently protected (by encryption, hashing, etc.), they may be retrieved and thereafter used by illegitimate users seeking access to the system, application, etc. Moreover, if a user is careless with his/her username and/or password (e.g., by writing the username and/or password in an accessible location, giving this information to an untrustworthy person, choosing an easily-identifiable password, etc.), that carelessness may result in a third party gaining unauthorized access to a system. Further, in recent times, password security has become subject to a variety of technological attacks, such as packet-sniffing (i.e., eavesdropping on the communications between a user's computer and a server) and key logging (i.e., installing a software and/or hardware component on the user's computer to intercept and log the user's keystrokes) to identify a username and/or password “in transit” to the authenticating entity (e.g., a server, operating system, application, etc.).
Some of these vulnerabilities can be mitigated by taking proper precautions, but those skilled in the art will appreciate that it is virtually impossible to assure perfect security of password information. For this reason, many authentication schemes require users to change passwords regularly, under the rationale that, even if a password is compromised, the compromise will be remedied when the password is changed. Nonetheless, even this solution leaves open a window of time during which an unauthorized person might gain access to a resource before the user (who likely is unaware of the compromise) is required to change his/her password.
Another possible solution is the use of “one time” passwords schemes, which generally provide passwords that are available only for a single use, after which they expire, with a new password being used for each authentication. Such schemes have proven relatively difficult to implement in a usable manner for computer authentication, however, since they often require the exchange of sequential lists of passwords between the server and client, producing additional security vulnerabilities. An alternative is an algorithm-based password system, wherein an authenticating server is configured to calculate a password at the time of authentication, usually based upon a time-dependent algorithm. In order to authenticate, the user generally carries a hardware token (such as a key fob or some other device) that likewise calculates an identical password using a corresponding algorithm. By consulting the hardware token, the user will ascertain the proper password for that time, and by providing that password, the user can authenticate. This model, while generally more secure than those discussed above, can present logistical (and other) problems. Merely by way of example, if the hardware token and the server become out of synchronization, the respective passwords generated by the hardware token and the server likely will not match until the devices have been re-synchronized. Moreover, if the user does not have the hardware token when attempting to authenticate, the user will be unable to authenticate. Similarly, an unauthorized person may use an illegitimately-acquired token to masquerade as the authorized user to whom the token was issued, since the tokens themselves often are left unsecured by passwords, etc. That is, mere possession of the hardware token is assumed to assure the authenticity of the user, creating additional security vulnerabilities.
Hence, those skilled in the art will appreciate the need for more flexible and secure authentication models.