Browse Prior Art Database

secured personalized access control

IP.com Disclosure Number: IPCOM000022684D
Original Publication Date: 2004-Mar-25
Included in the Prior Art Database: 2004-Mar-25
Document File: 1 page(s) / 35K

Publishing Venue

IBM

Abstract

The most common computer control access method is the password. This method is cheap, as it doesn't require expensive instruments, like finger-print readers, etc.. However, over time, an individual needs to remember many passwords for the various computers he or she uses and is also often compelled to change these passwords for security reasons. Some systems also enforce complicated rules for setting passwords and deny re-use of old passwords. The end result is either a tedious login process, where the user hopes to get it right (within the allowed number of mistakes configured) or, worse still, where the passwords are written/saved on some plain media, thus defeating the whole purpose of the password. The purpose of the 'secured personalized access control' method is to provide a secure access control to a system without the hassle of remembering a weird assortment of passwords. The method is easy to implement and does not require any major expenses or learning curve, and as such can be absorbed relatively quickly.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 69% of the total text.

Page 1 of 1

secured personalized access control

The 'secure personalized access control' in essence is a multiple password method. Once a user is authenticated for the first time, he/she has to fill in a form with a minimum enforced number of fields(TBD). The user is the one to decide about the nature of the information. The system can give the user suggestions as to what kind of information to pick, such as: Who was my teacher in first grade?, etc. The system, of course, should monitor the value fields and enforce any company guidelines applicable to passwords, such as, for example, that a birth date field will not be accepted as a personalized password. Then the whole form is encrypted. At the next login, the system will randomly pick any one (or more) of the fields and use it/them for authentication, in a fashion similar to a password prompt. In this way, the user will be able answer the questions (as long as he or she remembers the answers, in any case) and still get secured access to the system. The other techniques used today can still be employed, such as locking the account after maximum number of wrong access tries. Also, the system can require the user to refresh his/her secure information every so often. This idea is already in use, for instance when one forgets an internet password, although that procedure is done via an interactive session on the phone

    An added value to the 'secure personalized access control' technique is the ability to configure different leve...