The present invention relates to the management of passwords to be used for the purpose of security at the time of logging in the computer system, and more particularly to a password updating system permitting flexible variation of password updating intervals according to the frequency of access to the system.
Conventional techniques for time-based management of passwords include a time lock-equipped security arrangement for use in a computer system with a security mechanism, characterized by its time lock mechanism permitting the limitation of access to the system or data by the access time.
There are various systems to update passwords by prescribing a time limit for each password in the management of passwords, including updating passwords at regular intervals indiscriminately for all users, or periodically updating passwords at the timing set by the system manager. Both unconditionally and immediately invalidate the old passwords upon expiration of the prescribed period and make it impossible for the users to whom the passwords were assigned to log in the computer system.
The aforementioned technique disclosed in the time lock-based security arrangement merely limits the period during which a password can be validly used, but does not update the password itself for the purpose of security management.
Or, under the system to update passwords according to a time limit prescribed in password management, the user or the manager of the system arbitrarily sets the available periods for passwords, but each user's frequency of access is not taken into account.
As a consequence, a user who seldom accesses the system may become unable to log in the system because his password has run out of its available period even if he never accessed the system during that period. Moreover, according to the prior art, the password is managed only with respect to the available period without prescribing the updating period, and is made unusable as soon as the period expires, with no advance warning given when the expiration was nearing. As a result, if the user forgets to update his password, he may be refused access to the system.
One object of the present invention is to make it possible to set the available period on the system side for each password according to the access frequency of the user whom the password identifies, prescribe a password updating period for a certain length of time immediately preceding the expiration of the available period, inform the user who logs in the system during the updating period that the expiration of his password is imminent by displaying a message requesting him to change his password, and thereby urge him to update his password. The length of the updating period is determined by that of the available period.