Browse Prior Art Database

PREVENTING UNAUTHORIZED LOGINS

IP.com Disclosure Number: IPCOM000126834D
Publication Date: 2005-Aug-15
Document File: 1 page(s) / 22K

Publishing Venue

The IP.com Prior Art Database

Abstract

System and Method of preventing unauthorized logins An unauthorized user should not be allowed to gain access to a user’s handheld communication device or their desktop computer. Lock screens with passwords are typically used to prevent unauthorized access, but under certain situations provide no security. For instance, a user can return to his or her desk and type in their password without hitting “enter.” This person can then get interrupted by something or someone. After the interruption, he or she may leave their desk area. Their password is still sitting in the password entry field. The attacker only has to push the “enter” key to gain access. Other possible situations render the security of one’s computer or handheld in jeopardy. The problem is more relevant on handheld communication devices, as most desktop computers already have perimeter security. There are a couple of good solutions to this problem. One way is to clear the password from the password entry dialog when the user cradles or holsters their device. This requires the password dialog to listen to holster events. When an even is received, the dialog sets the password text to the empty string. Unfortunately, this solution does not cover the problems in which the device is left somewhere, and not returned to its holster. A safer or additional solution would be to clear the password after the device has been idle for a certain amount of time (in seconds). This solution is implemented by starting a background thread when the dialog is first opened. The thread “wakes up” every second and checks to see if the device has been idle for the set amount of time. If so, the password is cleared. If not, the thread “sleeps” for another second, and the process continues until the dialog is closed. A different implementation of the first two solutions would be to close the password dialog instead of clearing the passwords from the dialog. Combining the two solutions would provide a way to prevent unauthorized logins where an authorized user has already entered the password.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 69% of the total text.

PREVENTING UNAUTHORIZED LOGINS

System and Method of preventing unauthorized logins

Disclosed Anonymously

An unauthorized user should not be allowed to gain access to a user’s handheld communication device or their desktop computer.  Lock screens with passwords are typically used to prevent unauthorized access, but under certain situations provide no security.  For instance, a user can return to his or her desk and type in their password without hitting “enter.”  This person can then get interrupted by something or someone.  After the interruption, he or she may leave their desk area.  Their password is still sitting in the password entry field.  The attacker only has to push the “enter” key to gain access. 

Other possible situations render the security of one’s computer or handheld in jeopardy.  The problem is more relevant on handheld communication devices, as most desktop computers already have perimeter security.

There are a couple of good solutions to this problem.  One way is to clear the password from the password entry dialog when the user cradles or holsters their device.  This requires the password dialog to listen to holster events.  When an even is received, the dialog sets the password text to the empty string.  Unfortunately, this solution does not cover the problems in which the device is left somewhere, and not returned to its holster.  A safer or additional solution would be to clear the password after the device has been idle for a c...