Field of the Invention
This invention relates to computer systems having at least one terminal that requires user authentication and provides secure access to the system and includes an ultrasonic proximity sensor that logs out of the user's account on the terminal when the user leaves the vicinity of the terminal.
Description of Related Art
It has been recognized in the prior art that secure computer systems are often protected through the use of passwords, biometric identification, ID cards, and the like, to enable access to accounts or data that are stored in or linked to the computer system. These measures generally are effective in reducing break-ins to a computer system to a tolerable minimum.
Today the typical authentication is with what is called Two Factor Authentication (TFA). For the most part these two factors are a username and a password. There are several other TFA methods currently available in the market and these range from username and fingerprint to electronic identification cards (Xyloc et. al.) and to One Time Password (OTP) products such as Arcot and RSA tokens. Each of these authentication schemes has its advantages and disadvantages as described below.
Username and passwords have been the standard authentication scheme since (practically) the dawn of the computer age. Unfortunately, this scheme has two disadvantages. First, because usernames and passwords are so common, hackers have devised many techniques to attack them and gain access to secure systems. Secondly, because of the vulnerability of usernames and passwords many system administrators require passwords that are so random they are difficult to remember and because of that they are often forgotten. This requires the expense of changing them, or the user will write down the password, a record that can easily be stolen. One often sees usernames and passwords written on “Post-It” notes and adhered to the monitor of the user's computer. This is a severe security problem!
OTP tokens are very secure, but they are inconvenient. The user must, in the case of RSA, carry a token generating device or, as in the case of Arcot, have an application running on a device such as a cell phone. In both cases a cumbersome procedure is required by the user to log on. The RSA token device has the disadvantage of being stealable, allowing a nefarious user access to secure data, or it can be lost and a replacement cost incurred. A similar disadvantage exists for soft token providers: if the device is stolen or copied and the user's pin number is known, a hacker can impersonate that user and access the system. The user also has the inconvenience of having to remember their username.
Electronic cards are a good authentication method, but they are expensive and can be lost, stolen or cloned. These cards are usually used with a second factor such as a password or a fingerprint, but the replacement cost for these cards is high and there is the overhead of issuing and retrieving the cards as users come and go, which can also cause some expense and nuisance.
Usernames and fingerprint data are a good alternative to the above authentication schemes, but have the disadvantage that the username must be remembered. Fingerprint data is usually stored in an encrypted template file and not as an image, giving increased security. The fingerprint template generation requires the user to be physically present at log-on, as most modern fingerprint readers are resistant to attacks such as plastic casts of a fingerprint and non-living tissue as a result of physically dismembering the user's finger.
In addition, one common path for data to be stolen from a computer system involves the authorized user and his/her presence at the terminal at which authorized access has been granted. (“Terminal” is a general reference that includes desktop computers, workstations, or any similar system that employs a keyboard and requires user authentication.) It is not uncommon for individuals to temporarily leave the vicinity of the terminal for any one of a number of legitimate reasons, often without logging out of the authorized access state. As a result, the terminal is an open window into the secure system, and any nearby individual may glance at the screen, or may commandeer the terminal by using the keyboard to access data, enter data, or erase data. Thus it is clear that the log-out process is as important as the secure log-in process, but it is an aspect of computer security that in not given sufficient attention.
In U.S. Pat. No. 7,346,933 there is disclosed an ultrasonic proximity sensor that is connected to a secure computer system terminal so that the system may determine when an authorized computer user leaves the vicinity of the terminal. Upon detecting that the user has departed, the system immediately (or after a short time delay) logs out of the authorized state, so that casual snooping as well as determined hacking cannot take place. Although the patent describes an effective concept for preventing unauthorized computer access, it is notably lacking in describing any physical embodiment of the concept that may be practically useful. The only commercially available embodiment of the concept is a sensor module provided with a bracket for mounting on the upper edge surface of a computer monitor. This product is too large and too heavy to be realistic, and it does not protect the computer component that is most vital to data theft: the computer keyboard. Thus there is a deficiency in the prior art that deserves to be rectified.