Browse Prior Art Database

Secure Method to Set and Test System Administrator Password

IP.com Disclosure Number: IPCOM000087749D
Original Publication Date: 1977-Mar-01
Included in the Prior Art Database: 2005-Mar-03
Document File: 3 page(s) / 37K

Publishing Venue

IBM

Related People

Matyas, SM: AUTHOR

Abstract

The system administrator is generally defined as that person who is responsible for overseeing the security of an entire computing system or systems. For our purposes, the system administrator (SYSADM) will be considered as that person who has complete access to the system, with full authority to determine, set and enforce those rights of access to the resources of the system granted to all other systems users.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Secure Method to Set and Test System Administrator Password

The system administrator is generally defined as that person who is responsible for overseeing the security of an entire computing system or systems. For our purposes, the system administrator (SYSADM) will be considered as that person who has complete access to the system, with full authority to determine, set and enforce those rights of access to the resources of the system granted to all other systems users.

It will be assumed that there is some in-place access control facility which requires users, including the SYSADM, to be identified through the use of an ID, and to be authenticated by supplying a secret password, or comparable quantity previously written on a magnetic striped card. This secret quantity is denoted by
P. It is, furthermore, assumed that the SYSADM, after being authenticated, has the capability to change, or otherwise reset his own P value.

The objective of this method is to describe a secure hardware-based protocol
(1) which will allow any desired value of P to be installed or set by the SYSADM into the system through software, and (2) which will assure that it is not possible for the SYSADM to be blocked from entry to the system even if he may lose or forget P, or incorrectly enter it when initially set into the system.

The figure shows the features of this invention. Means 11 is a 3-position physical key-operated SECURITY KEYLOCK whose positions are denoted by POS1, POS2 and POS3. Means 12 is a nonvolatile, nonaddressable storage location, called PASSWORD, which contains the value of P for SYSADM. Means 13 is a nonvolatile, nonaddressable storage location, called SWITCH, which stores two conditions (0 or 1). SP and TP are two, noninterruptible, system operation codes called SET PASSWORD and TEST PASSWORD, respectively. SP and TP may be machine instructions, microcode subroutines, etc., depending on the particular implementation desired.

Execution of SP, whose format is SP: [x], causes the following to occur. If SECURITY KEYLOCK = POS2 and SWITCH = 0, then x is written into PASSWORD and SWITCH is set to 1, otherwise no action is taken. The following condition codes 0, 1, 2 or 3 are defined:. 0 - normal operation 1 - SWITCH does not equal 0 2 - SECURITY KEYLOCK does not equal POS2 3 - SWITCH does not equal 0, and SECURITY KEYLOCK does not equal P...