GB2412774A - Variable password access controller - Google Patents

Variable password access controller Download PDF

Info

Publication number
GB2412774A
GB2412774A GB0506242A GB0506242A GB2412774A GB 2412774 A GB2412774 A GB 2412774A GB 0506242 A GB0506242 A GB 0506242A GB 0506242 A GB0506242 A GB 0506242A GB 2412774 A GB2412774 A GB 2412774A
Authority
GB
United Kingdom
Prior art keywords
password
user
passwords
access
ref
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0506242A
Other versions
GB0506242D0 (en
GB2412774B (en
Inventor
Brian Rothwell
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB0506242D0 publication Critical patent/GB0506242D0/en
Publication of GB2412774A publication Critical patent/GB2412774A/en
Application granted granted Critical
Publication of GB2412774B publication Critical patent/GB2412774B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G07C9/00142
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/0042Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed
    • G07C2009/00428Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed periodically after a time period
    • G07C2009/00436Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed periodically after a time period by the system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/0042Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed
    • G07C2009/00428Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed periodically after a time period
    • G07C2009/00468Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal containing a code which is changed periodically after a time period after n uses

Abstract

An access control device prompts a user requiring access to enter one of a number of passwords. The user identifies the password that is required from the prompt. There are two essential modes of operation. In both modes a device (10) confirms the ID of the user by comparing the password entered with that requested. In ID Test mode a device (13) then selects a different prompt and password to be used next time an ID Test is requested. In Set Up mode a device (12) requires the user to change the password for each prompt from that supplied to one of their choice. Preferably the device has the capability to allow a limited number of repeat attempts to enter the correct password and to allow from time to time the user to change the passwords corresponding to the prompts.

Description

241 2774
VARIABLE PASSWORD ACCESS CONTROLLER
The invention relates to security systems controlling access to something by the use of a password. The password is used to verify that the person or system attempting to obtain access is authorised to have access. In such systems the authorised user obtains access by entering the correct password using a keypad or other input device.
Such systems are well known but, because normally the users enter the same password each time they seek access, they suffer from the problem that if an unauthorized user learns the password by observing it being used, they can use it to obtain access until such time as the unauthorized use is detected.
An object of this invention is to provide a security device that reduces the possibility of unauthorized users obtaining access to whatever the security device is controlling access to, even when they have come into possession of a password they have observed being used successfully.
Accordingly, this invention provides an access control device that prompts a user requiring access to enter a password that is different from that used on the previous occasion the user obtained access, that the authorised user alone can readily identify from the prompt, and the device selects from a number of passwords.
Preferably according to the application the device has the capability to: 1. Permit the user to make a limited number of repeat attempts to enter the correct password after mistakenly entering an incorrect password.
2. Permit the user to change the passwords from time to time.
The device may be used to control access for various arrangements such as: 1. Individual users each with their own device including passwords and prompts embodied in a card such as a Chip and Pin Card.
2. Individual users each with their own set of passwords and prompts, but sharing the device such as when used to control access to personal data held on a computer.
Part or all of this access control device may be integrated into any other system and share such resources as computer processors, memory and input and output devices. This security device may be used in addition to or instead of the fixed password in normal systems including a Chip and Pin System.
Throughout the remainder of this description:
I. Password means a word consisting of one or more characters.
2. Variable Password Access Controller or VPAC means the device that is the subject of this invention.
3. Protected Device means the device that the VPAC is controlling access to.
4. User means the person or system using the VPAC for the purpose of obtaining access to the Protected Device.
5. Current Password means the Password that when entered into the VPAC will cause it to provide a signal to the Protected Device indicating that the correct Password has been entered. l
6. Prompt means a word of one or more characters that the VPAC uses to suggest to the User what the Current Password is.
7. System Controller means the person or system that authorises a User to use the VPAC to obtain access to the Protected Device.
8. Authorised User means the person or system that the System Controller has authorised to use the VPAC.
9. Available Passwords means the Passwords from which the VPAC will select the Current Password.
Figure I shows the basic systems diagram for the VPAC.
Figure 2 shows a more detailed system diagram for the part of the invention that facilitates changes to the Available Passwords during setting up the VPAC.
Figure 3 shows a more detailed system diagram for the part of the invention that selects the Current Password.
Figure 4 shows a system diagram for a modification to figure I that allows a limited number of repeat attempts after an incorrect Password has been entered.
Figure 5 shows a system diagram for a modification to figure 2 that allows the use of the system prior to the Authorised User setting up the system with the Available Passwords of their choice.
Figure 6 shows a system diagram for a modification to figure 2 that allows an Authorised User to change Available Passwords after the chosen ones have been entered.
Throughout the remainder of this description the reference numbers in the text correspond to the numbers in figures I - 6 and all of the processes described are implemented by means of known computer techniques. The description does not include any other security measures such as encryption that the System Controller might consider to be necessary.
Whilst figure 1, 2, 4 and 6 show the User as a person it could equally be another device such as a computer or electronic circuit.
BASIC SYSTEM DIAGRAM (FIGURE 1) As shown in figure I the Interface Signals are: "START ID TEST" by which the Protected Device (rep 1) initiates the processes of the VPAC (ref. 2). If the VPAC is controlling access for individual Authorised Users using different sets of Available Passwords (ref.
14) and Prompts (ref. 6) held in the same memory (ref.8), then the signal shall include the identity of the Authorised User so that the VPAC can use the appropriate memory locations for the data relevant to them.
"ID TEST PASSED" by which the VPAC signals to the Protected Device that the User (ref. 3) has entered the correct Password. The Protected Device may use this signal to initiate some other process such as the actions the Authorised User wishes to perform whilst access is allowed.
"ID TEST FAILED" by which the VPAC signals to the Protected Device that the User has failed to enter the correct Password. The Protected Device may use this signal to initiate some other process such as refusing all further attempts by the User to gain access.
The operation of the VPAC is initiated by the Protected Device supplying a Start ID Test signal to the VPAC. The signal is routed to process 4. The main purpose of this process is to invite the User to enter the correct Password.
This involves the process, on receipt of the signal, setting itself so as to ignore any further signals from the START ID TEST interface. It then issues to the User, by means of the Communications Output Device (ref. 5), a message such as "Please enter your *** Password", where *** is the Prompt (ref. 6) corresponding to the Current Password (ref. 7) for the Authorised User held in Memory (ref. 8).
The User identifies the Password that corresponds to the Prompt received and enters it via the Communications Input Device (ref. 9). If done correctly the Password entered will be the Current Password.
The VPAC has two modes of operation. The Set Up Mode is used by the Authorised User to enter the Passwords of their choice. The ID Test Mode is used to test if the Password entered in an attempt to obtain access to the Protected Device is the Current Password.
The main purpose of process 10 is to receive the Password entered and decide if it is correct. On receipt of the Password entered the process compares it with the Current Password. This results in a decision of OK if the two are the same and NOT OK if they are different. Any NOT OK decision sends an ID Test Failed signal to the Protected Device. Any OK decision is used to initiate the Mode Selector (ref. 11).
The main purpose of the Mode Selector is to determine what mode the VPAC should be in. The process results in either a Set Up Mode or ID Test Mode decision. Figure 2 describes this process in more detail. Any Set Up Mode decision initiates the Password Changer (re12). Any ID Test Mode decision sends an ID Test Passed signal to the Protected Device to indicate that the User has entered the correct Password. It also initiates the Next Current Password Selector (ref. 13) The main purpose of the Password Changer is to facilitate the Authorised User entering into the Memory at reference 14, the Available Passwords that correspond to the Prompts they have previously chosen and were entered into the Memory by the System Controller. Figure 2 describes the process in more detail.
The main purpose of the Next Current Password Selector is to select the next Current Password from the Available Passwords in such a way that an unauthorized User cannot predict the sequence in which the Available Passwords are used. The process then issues a signal to process 4 to reset it so as to respond to the next Start ID Test signal.
Figure 3 describes the process in more detail.
MODE SELECTOR AND PASSWORD CHANGER (FIGURE 2) In order to ensure that Available Passwords are only known to the Authorised User it is essential to have, as part of the set up process, the Authorised User enter the Password that that will correspond to each Prompt, without having to disclose it to the System Controller or anyone else. A preferred method of implementing this is now described.
Figure 2 shows a process by which Available Passwords (ref. 14) are initially entered by the System Controller and then on first use of the VPAC changed by the User to Passwords of their choice.
Throughout the remainder of this description:
1. Issued Password means the Password issued to the Authorised User for the purpose of entering the Available Passwords corresponding to the Prompts.
2. Excluded Password means a Password the System Controller has excluded from use as an Available Password for whatever reason.
3. A Valid New Password is a new Password that has been proven to be different from any Available Password or Excluded Password.
The System Controller shall, as part of the set up process, obtain from each Authorised User the Prompts they wish to use.
Using known computer techniques the System Controller shall: 1. Enter the Prompts in the Memory (ref. 8) at reference 6.
2. Enter the Issued Password in the Memory at reference 15.
3. Enter the Issued Password as the Password corresponding to each Prompt at reference 14.
4. Set the record of the Current Password at reference 7 to be the Issued Password.
5. Enter any Excluded Passwords in Memory at reference 16 The System Controller shall advise the Authorised User of the Issued Password.
Each time the Protected Device initiates an Identity Test the processes described in figure I will proceed up to and including process 10. If the User has inserted the Current Password (ref. 7) then an OK decision will occur and the Mode Selection process will be initiated.
The initiating signal is received by process 17 the main purpose of which is to decide if all of the Available Passwords entered by the System Controller as the Issued Password have been changed to the choice of the Authorised User. The process involves comparing each of the Available Passwords in turn with the Issued Password. No match being found indicates that all Available Passwords have been changed and results in an ID Test Mode decision. Any match being found results in a Set Up Mode decision.
An ID Test Mode decision initiates the selection of a new Current Password (see figure I reference 13 or figure 3) and sending an ID Test Passed signal to the Protected Device. A Set Up Mode decision initiates process 18.
The main purpose of process 18 is to provide the Authorised User with a Prompt corresponding to the Available Password that has not been changed and invite them to enter a new Password. The process involves issuing to the s User (ref. 3) by means of the Communications Output Device (ref. 5) a message such as "Please enter the New Password for Prompt ****" where **** is the Prompt corresponding to the Password being changed.
The User enters the Password that they wish to correspond to the Prompt given by means of the Communications Input Device (ref. 9).
The main purpose of process 19 is to test that the Password entered is a Valid New Password. The process involves comparing each of the Excluded Passwords and Available Passwords in turn with the Password entered. No matches being found results in a VALID decision that initiates process 20. Any matches being found results in an INVALID decision which initiates process 18.
The main purpose of process 20 is to overwrite the Available Password corresponding to the Prompt with the Valid New Password and then reinitiate process 17.
NEXT CURRENT PASSWORD SELECTOR (FIGURE 3) In order to reduces the possibility of unauthorized Users obtaining access, even when they have come into possession of a Password they have observed being used successfully, it is essential to ensure that having obtained access an Authorised User is not asked for the same Password on the next attempt to obtain access. A preferred method of achieving this is now described.
Figure 3 shows a process by which Available Passwords (ref. 14) are used as the Current Password in the sequence in which they are stored in Memory (ref.8). When all have been used the sequence in which they are stored is changed.
Throughout the remainder of this description:
1. Number of Available Passwords means the number of Available Passwords held in Memory.
2. Number of Passwords Used means the number of Available Passwords used since the sequence was last changed.
3. First Password In Order Of Use means the Password that is first in the sequence they are held in Memory.
As part of the set up process the System Controller shall, using known computer techniques, enter in the Memory the Number Of Passwords Available at reference 21 and enter one as the Number OF Passwords Used at reference 22.
The process is initiated by a signal from process 11 of Figure I. This signal is routed to and initiates process 23.
The main purpose of process 23 is to determine if all Available Passwords have been used since the sequence was last changed. This involves comparing the record of the Number of Passwords Used with the record of the Number of Passwords Available. This results in a decision of YES if they are equal and NO if they are not. Any NO decision initiates process 24. Any YES decision initiates process 25.
The main purpose of process 24 is to increase the Number of Passwords Used by 1 and having done so initiate process 26.
The main purpose of process 26 is to overwrite the Current Password with the next Password in the sequence in which the Available Passwords are held in Memory. It then issues a signal to process 4 of Figure I to indicate that the selection process has been completed and the next Start ID Test signal should be responded to.
The main purpose of process 25 is to change the sequence of the Available Passwords held in Memory. It then initiates process 27.
The main Purpose of process 27 is to ensure that on completion of the selection process the Current Password (ref.
7) will have changed. This involves comparing the First Password in Order of Use (ref. 30) with the Current Password. This results in a decision of YES if they are different and NO if they are the same. Any YES decision initiates process 28. Any NO decision re-initiates process 25.
The main purpose of process 28 is to cause the new sequence of Available Passwords to be used beginning with the First Password In Order Of Use This involves resetting the Number of Passwords Used (ref. 22) to one and then initiating process 29.
The main purpose of process 29 is the overwriting of the Current Password with the First Password In Order of Use.
It then issues a signal to process 4 of Figure I to indicate that the selection process has been completed and the next Start ID Test signal should be responded to.
FAILED ATTEMPTS CONTROLLER (FIGURE 4) It is preferable to allow an Authorised User that has entered an incorrect Password by mistake, to have the opportunity to make one or more further attempts to enter the correct Password. A preferred method of achieving this will now be described.
Figure 4 shows a process by which the number of consecutive failed attempts to enter the correct Password a User (ref. 3) has made is counted and if a pre-set limit is reached an ID Test Failed signal is issued to the Protected Device (ref. 1).
Throughout the remainder of this description:
I. Number Of Failed Attempts means the number of consecutive attempts to enter the correct Password that have been made by the User and have failed.
2. Allowable Number Of Failed Attempts means the maximum Number Of Failed Attempts that can be made before an ID Test Failed signal is sent to the Protected Device (ref. I).
As part of the set up process the System Controller shall, using known computer techniques, enter in the Memory (ref. 8) the Allowable Number Of Failed Attempts at reference. 31 and set the Number Of Failed Attempts at reference 32 to one.
Each time the Protected Device initiates an Identity Test the processes described in figure I will proceed up to and including process 10. If the User has inserted an incorrect Password then a NOT OK decision will occur and the Failed Attempt Controller will be initiated. If the correct Password has been entered then the Number of Failed Attempts (ref. 32) is set to one.
The initiating signal is received by process 33. The main purpose of this process is to decide if the Allowable Number Of Failed Attempts has been exceeded. This involves comparing the Allowable Number Of Failed Attempts with the Number Of Failed Attempts. The result is a decision of OK if they are they different and a NOT OK if they are the same. Any OK decision initiates process 34. Any NOT OK decision sends an ID Test Failed signal to the Protected Device.
The main purpose of process 34 is to increase the Number Of Failed Attempts by one and then initiate process 35.
The main purpose of process 35 is to provide the User with a warning that an incorrect Password has been entered and re-issue the Prompt (ref. 6) corresponding to the Current Password (ref. 7). The process involves issuing to the User (ref. 3) by means of the Communications Output Device (ref. 5) a message such as "Incorrect Password - Please enter the Password for Prompt ****" where **** is the Prompt corresponding to the Current Password.
RESTRICTED USE OF ISSUED PASSWORD (FIGURE 5) It is preferable to allow an Authorised User to use the Issued Password a number of times before changing the Available Passwords to those of their choice. A preferred method of achieving this will now be described.
Figure 5 shows a process by which the number of uses of the Issued Password is counted and if a pre-set limit is reached further use is prevented.
Throughout the remainder of this description:
1. Number Of Uses With Issued Password means the number of consecutive times beginning with the first use the Authorised User has obtained access using the Issued Password (ref. 15).
2. Allowable Number Of Uses With Issued Password means the maximum Number Of Uses With Issued Password that can be made before the Available Passwords (Ref. 14) must be changed from the Issued Password.
An additional interface with the Protected Device is required. PREVENT PASSWORD CHANGES is a signal from the Protected Device (ref. I) indicating that limited use of the Issued Password to obtain access is to be allowed As part of the set up process the System Controller shall, using known computer techniques, enter in the Memory (ref. 8) the Allowable Number Of Uses With Issued Password at reference 36 and set the Number Of Uses With Issued Password at reference 37 to one.
Each time the Protected Device initiates an Identity Test the processes described in figure I will proceed up to and including process 10. If the User has inserted the Current Password then an OK decision will occur and the Mode Selector (ref. 11) will be initiated.
The initiating signal is received by process 38. The main purpose of this process is to decide if a Prevent Password Changes signal from the Protected device is present. The result is a YES decision if it is present and a NO decision if it is not. Any YES decision initiates process 39. Any NO decision initiates process 17(see figure 2).
The main purpose of process 39 is to determine if the Allowed Number OF Uses with the Issued Password has been reached. This involves comparing the Allowable Number Of Uses With Issued Password with the Number Of Uses With Issued Password. The result is a decision of YES if they are the same and NO if they are different. Any YES decision initiates process 17. Any NO decision initiates process 40.
The main purpose of process 40 is to increase the Number Of Uses With Issued Password by one and then initiate the selection of a new Current Password (see figure I reference 14 or figure 3) and send an ID Test Passed signal to the Protected Device. (Note -As all the Available Passwords are the Issued Password the Current Password will not change.) MODE SELECTOR AND PASSWORD CHANGER BY REQUEST (FIGURE 6) It is preferable to allow an Authorised User to change Available Passwords after the initial change of Available Passwords from the Issued Password to ones of the Users choice. Figure 6 shows modifications to the processes in figure 2 to achieve this. The changes are drawn in thicker lines and described here.
An additional interface with the Protected Device is required. CHANGE PASSWORD is a signal from the Protected Device (ref. 1) to the VPAC (ref. 2 of figure 1) indicating that the User (ref. 3) wishes to change one of the AVAILABLE PASSWORDS.
The main purpose of process 41 is to detect whether or not the Protected Device has requested a change to an Available Password. This results in a YES decision if a change has been requested and a NO decision if it has not.
Any YES decision initiates process 42. Any NO decision sends an ID Test Passed signal to the Protected Device to : 9 indicate that the User has entered the correct Password. It also initiates the Next Current Password Selector (ref. 13 of figure I and figure 2).
The main purpose of process 42 is to request the User to enter the Available Password they wish to change. The process involves issuing to the User by means of the Communications Output Device (red 5) a message such as "Please enter the Password you wish to change". Additionally the process signals to process 43 that the next Password it receives is to be routed as an Available Password to process 44.
When the User enters the Available Password they wish to change via Communications Input Device (ref. 9) it is routed by process 43.
The main purpose of process 43 is to route the next Password it receives to process 19 (the default condition) unless it has received a signal from process 42 that the next Password it receives is to be routed to process 44.
The main purpose of process 44 is to determine if the Password to be changed entered by the User is a valid Available Password. This involves comparing each of the Available Passwords with the Password entered. The result is a decision of VALID if there is a match and INVALID if there is not. Any VALID decision initiates process 18. Any INVALID decision initiates process 42.

Claims (6)

1. An access control device that prompts a user requiring access to enter a password that is different from that used on the previous occasion the user obtained access and the authorised user alone can readily identify from the prompt and the device selects from a number of passwords.
2. A device as claimed in Claim I where a device selects the prompt and password that will be used the next time an attempt to gain access is made.
3. A device as claimed in Claim 1 where a device allows a user that has correctly entered the password issued to them to change the password identified by the prompt to another of their choice.
4. A device as claimed in Claim I or Claim 3 where a device controls the number of times that the issued password can be used before the user must change it.
5. A device as claimed in any proceeding claim including a device that controls the maximum number of consecutive incorrect passwords that may be entered before access is permanently denied.
6. An access control device substantially as herein described and illustrated in the accompanying figures.
GB0506242A 2004-04-03 2005-03-29 Variable password access controller Expired - Fee Related GB2412774B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB0407648.5A GB0407648D0 (en) 2004-04-03 2004-04-03 Variable password access controller

Publications (3)

Publication Number Publication Date
GB0506242D0 GB0506242D0 (en) 2005-05-04
GB2412774A true GB2412774A (en) 2005-10-05
GB2412774B GB2412774B (en) 2007-02-14

Family

ID=32247851

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB0407648.5A Ceased GB0407648D0 (en) 2004-04-03 2004-04-03 Variable password access controller
GB0506242A Expired - Fee Related GB2412774B (en) 2004-04-03 2005-03-29 Variable password access controller

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB0407648.5A Ceased GB0407648D0 (en) 2004-04-03 2004-04-03 Variable password access controller

Country Status (1)

Country Link
GB (2) GB0407648D0 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2435951A (en) * 2006-02-23 2007-09-12 Barclays Bank Plc System for PIN servicing

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110415419A (en) * 2019-08-21 2019-11-05 杭州享钥科技有限公司 Electron key share system in access control system based on mobile terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS58132860A (en) * 1982-02-02 1983-08-08 Omron Tateisi Electronics Co Personal collation method
US4912308A (en) * 1987-11-10 1990-03-27 Mitsubishi Denki Kabushiki Kaisha Device and method for effecting personal identification utilizing an IC card
US5056141A (en) * 1986-06-18 1991-10-08 Dyke David W Method and apparatus for the identification of personnel
DE10218945A1 (en) * 2002-04-22 2003-11-13 Deutsche Telekom Ag Security method for protecting a system, e.g. a computer or online system against unauthorized access, whereby a computer is used with a chip card reader, with an additional varying control question used for access authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS58132860A (en) * 1982-02-02 1983-08-08 Omron Tateisi Electronics Co Personal collation method
US5056141A (en) * 1986-06-18 1991-10-08 Dyke David W Method and apparatus for the identification of personnel
US4912308A (en) * 1987-11-10 1990-03-27 Mitsubishi Denki Kabushiki Kaisha Device and method for effecting personal identification utilizing an IC card
DE10218945A1 (en) * 2002-04-22 2003-11-13 Deutsche Telekom Ag Security method for protecting a system, e.g. a computer or online system against unauthorized access, whereby a computer is used with a chip card reader, with an additional varying control question used for access authentication

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2435951A (en) * 2006-02-23 2007-09-12 Barclays Bank Plc System for PIN servicing
US10528940B2 (en) 2006-02-23 2020-01-07 Barclays Execution Services Limited PIN servicing

Also Published As

Publication number Publication date
GB0506242D0 (en) 2005-05-04
GB0407648D0 (en) 2004-05-05
GB2412774B (en) 2007-02-14

Similar Documents

Publication Publication Date Title
EP3779741B1 (en) Binding to a user device
US20220318835A1 (en) Using a wireless transmitter and receiver to prevent unauthorized access to restricted computer systems
US9589397B1 (en) Securing internet of things (IoT) based entrance/exit with multi-factor authentication
KR102121708B1 (en) Account access recovery system, method and apparatus
US20160277383A1 (en) Binding to a user device
CN111835689B (en) Identity authentication method of digital key, terminal device and medium
CN111976649A (en) Control method and device
US8489888B2 (en) Processor apparatus having a security function
US20070079122A1 (en) Apparatus and method for executing security function using smart card
KR101451359B1 (en) User account recovery
WO2017016064A1 (en) Operation system switching method, operation system switching apparatus and terminal
US20150334188A1 (en) Network system, server, terminal, and information processing method
KR20090094240A (en) Method, apparatus and system for authentication of external storage devices
CN107977568B (en) MCU safety protection identity authentication device and method
KR20050058376A (en) Secure electric anti-theft device, anti-theft system comprising one such device and method of matching electric devices
CN105450629A (en) Biological-information-verification-based router connecting method and apparatus, and router
KR20110112570A (en) Apparatus and method for restricting network access in mobile communication terminal
US20070016959A1 (en) Information processing device and information processing system
CN109410384B (en) Safety management system
CN106778110A (en) Method and device for authenticating application program in multiple systems
GB2412774A (en) Variable password access controller
JP2005208993A (en) User authentication system
CA2550566A1 (en) Process for releasing the access to a computer system or to a program
US10091177B1 (en) Controlling access to a computerized resource of a mobile device based on whether the mobile device is within a vehicle that is currently moving
EP0809217A2 (en) Secret information indentification system

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20150329