Browse Prior Art Database

Automatic entry of dynamic password data

IP.com Disclosure Number: IPCOM000202204D
Original Publication Date: 2010-Dec-08
Included in the Prior Art Database: 2010-Dec-08
Document File: 1 page(s) / 91K

Publishing Venue

Lenovo

Related People

David Rivera: INVENTOR [+2]

Abstract

Key fobs have become a common mechanism for user authentication for VPN access. Software solutions that emulate a key fob, but do not require the physical device, are also popular as a means to reduce costs associated with the physical device. When logging into a VPN or server, the user enters his personal password or PIN in addition to the dynamic passcode displayed on the key fob device (or its software equivalent). Because of the dynamic nature of the passcode provided by key fob or software, the user cannot use a password management application, like Lenovo's Password Manager, for automatic entry of the logon credentials. The user must manually type the passcode displayed by the key fob device or software into the logon application. To simplify the logon experience, users would prefer a mechanism that supports automatic submission of the password/PIN + passcode data, with the simplicity of existing password management applications. The simple task of swiping a fingerprint, for example, or using the computer’s integrated camera, would allow the user to log on to the VPN software using the dynamic passcode. This article describes mechanisms for simplifying the user logon experience with key fob devices.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 74% of the total text.

Automatic entry of dynamic password data

Disclosed are two methods for simplifying the login process for users of key fob devices.  The first part defines implementation of an

API

that allows the current passcode to be retrieved from the software implementation of the key fob. The key fob software implementation requires some user authentication before the passcode can be retrieved from the implementation’s secure storage (within the fingerprint sensor, TPM, smart card, etc.). After the user authentication is complete, the passcode can be retrieved via software, combined with the user's static password/

PIN

, and automatically submitted to the logon interface. This allows for a simpler logon experience for the user, while maintaining the security required by the key fob software implementation. A password management application, such as Lenovo's Password Manager, could prompt the user for a fingerprint swipe, could retrieve the dynamic RSA SecurID passcode via the proposed

API

, and also retrieve the user's stored static password/

PIN

. The two entries could be combined to allow automatic logon.

An additional improvement to the logon process with a key fob device allows for retrieval of the dynamic passcode directly from the key fob device via the computer's integrated camera. With this, the user would not need to manually type the dynamic passcode or the static password/

PIN

. The user would begin the logon process as usual and would be prompted for a fingerprint swipe or other...