WO2001063383A1 - Method for providing authorized access to personal computer data resources - Google Patents

Method for providing authorized access to personal computer data resources Download PDF

Info

Publication number
WO2001063383A1
WO2001063383A1 PCT/BY2000/000002 BY0000002W WO0163383A1 WO 2001063383 A1 WO2001063383 A1 WO 2001063383A1 BY 0000002 W BY0000002 W BY 0000002W WO 0163383 A1 WO0163383 A1 WO 0163383A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
key
password
stored
restored
Prior art date
Application number
PCT/BY2000/000002
Other languages
French (fr)
Inventor
Valentin Alexandrovich Mischenko
Andrei Evgenievich Vatutin
Original Assignee
Mischenko Valentin Alexandrovi
Andrei Evgenievich Vatutin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mischenko Valentin Alexandrovi, Andrei Evgenievich Vatutin filed Critical Mischenko Valentin Alexandrovi
Priority to PCT/BY2000/000002 priority Critical patent/WO2001063383A1/en
Priority to AU2000227873A priority patent/AU2000227873A1/en
Publication of WO2001063383A1 publication Critical patent/WO2001063383A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to means for providing authorized access to personal computer data resources.
  • the invention may be used for protection of personal computer data from unauthorized access.
  • unauthorized access is disallowed by means of a specially selected password.
  • a specially selected password As a rule, such a password must be stored in the nonvolatile memory, and may be either read out or collated by a hacker or another unfair person.
  • a password or a list of passwords is stored in the computer memory and may be read out by unauthorized person.
  • a plurality of all available password variants in practice is limited to a small set of symbols corresponding to the symbols of a common language, which is even more limited by the fact that the choice is always associated with a person selecting a password.
  • An ideal password for protection is the password, the length of which is equal to the length of the protected data array or even exceeds its length.
  • the password of the kind allows to encode the resource to be protected without using any repeated features, making thereby practically impossible any unauthorized encoding.
  • long passwords are difficult to memorize and easy to make a mistake.
  • An example of the attempt to agree the contradiction between the requirement of having a long key and the advantage of easy memorizing of a password, may serve the CryptoMania software created in OAO " InfoTeKS" ("Safe protection for the information in files!, By Alexander Kalfa, Computer Press, March 1999".
  • This software provides for generating a long licensed password for the software purchaser.
  • the user introduces his password, which is composed of a part of words of the associative phrase that is known only to the user.
  • a licensed password may be accessible to several users, or it may be stolen.
  • a personal password may be matched as well, whereas a probability of selection may be substantially limited due to the fact that a keyboard comprises a limited number of symbols, and groups of symbols constitute parts of words.
  • the invention is aimed at solving a problem of the need to have a long password for providing a higher level of protection and a problem of difficulty of memorizing of a long password, as well as a problem of storing a password in the computer memory.
  • the problems are solved in the following way.
  • the known method for providing protection of personal data resources takes advantage of a password and transformation of the resource by using as a password a fragment of an associative array (notional text) selected by a user.
  • the selected fragment is transferred into the main memory and is used as an initiating sequence of symbols, which is transformed according to the encoding algorithm including randomization with chaining up to obtaining a password of a preset length (greater then or equal to the length of the secured resource).
  • the initial resource is encoded by the obtained password and is stored in the encoded form, and the initial resource, the password and the selected fragment are deleted from the computer memory.
  • the algorithm of transforming of the selected fragment into an encoding password may include randomizing or hashing with chaining.
  • the algorithm of transforming of the password may be stored either in the nonvolatile memory or on a separate carrier, which may also serve as an additional access password.
  • a notional text of a large length should be used for an associative array.
  • This may be a text generally used in the work, a help, a reference book, etc. In this case, it is desirable that the content or/and the structure of the text was well known to the user.
  • a real image or a styling one with solitary elements, desktop, homepage, etc. may also be used for the associative array.
  • a notional text of a rather large length that is greater than or equal to the length of the resource to be protected.
  • the password for encoding the resource was stored in the volatile memory. Unlike other systems for protection from unauthorized access, according to the proposed method, the password for encoding of the resource is deleted from the memory after the resource was encoded.
  • the following method for providing access to the personal resource of computer data means that takes advantage of a password and restoring of a resource transformed according to the afore described method, is characterized in that the same fragment of the associated array is selected as a password, the selected fragment is transferred to the nonvolatile memory and is used as an initial sequence of symbols, which is transformed under the preset encoding algorithm up to obtaining a password of a preset length (greater than or equal to the length of the initial text), thereafter the stored resource is decoded with the help of the obtained password and the restored resource is used.
  • the method is also characterized in that the password for decoding (restoring) the resource is stored in the volatile memory.
  • the password for encoding/restoring the resource is deleted from the
  • the password for encoding/restoring the resource is deleted from the volatile memory after restoring the resource, and the selected fragment is stored in the volatile memory.
  • the restored resource is stored in the nonvolatile memory, and after termination of work it should be deleted from the memory, or it should be transformed. This is determined by the passive or active mode of use of the resource.
  • the restored resource may be stored in the memory within a preset period of time.
  • the said resource may be changed in the course of operation, therefore after termination of work with the resource, which was restored and changed during operation, the renewed resource is transformed (encoded) by the stored password, thereafter the password and the restored array are deleted.
  • the restored resource When in the process of operation the restored resource is changed, then after termination of work with the restored resource, the resulting (changed) resource is transformed (encoded) by the stored password, thereafter the password and the initial array are deleted, and the anew- encoded resource is stored.
  • a password is generated anew, and the resource modified in the course of operation is transformed (encoded), thereafter the password and the resource modified in the process of operation are deleted, while the encoded resource is stored.
  • the resource to be protected Under the resource to be protected one should understand a specific array of information, a software or data, which are considered confidential, and therefore are to be protected.
  • the resource of that kind is stored in a special region of the computer memory and may be transformed or transferred.
  • the resource may also be a database or a specific text or file with a software, image, etc.
  • the method is carried out in the following way.
  • any notional text or a group of texts available for free access and/or exchange at least in the reading mode is used any notional text or a group of texts available for free access and/or exchange at least in the reading mode.
  • This may be a text of any work, an article, an instruction, a help, a reference book, etc.
  • the text should be enough long and multiform, so that one was able to select a notional fragment of the required length.
  • the text and the fragment from the text used as a password is selected by the user on the principle that the entire text was enough familiar for the user and the selected fragment had an associative meaning.
  • an initial data for forming a password one may use a visual and/or notional image of the beginning and of the end of the fragment.
  • a password is not the numbers of pages, lines and symbols but rather the total content o ⁇ the fragment.
  • the user should memorize neither the whole password, nor its length, etc.
  • the user should only remember the location of the source (a file name and a path to the file) and the notional and/or visual content of the password.
  • the selected fragment may be also represented as a password or a password phrase.

Abstract

According to the method for providing authorized access to personal computer data resources, a user selects a password in the form of the fragment of a text of a large length. The selected fragment is transformed into a key for encoding of the used data resource. The data is stored in the memory in the encoded form. The method provides a long key for encoding of the used resource and ensures easy memorizing of a long password on bases of associative features.

Description

METHOD FOR PROVIDING AUTHORIZED ACCESS TO PERSONAL COMPUTER DATA RESOURCES
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to means for providing authorized access to personal computer data resources. The invention may be used for protection of personal computer data from unauthorized access.
2. Description of the Prior Art
Various means for protection from unauthorized access are known in the prior art. Generally, unauthorized access is disallowed by means of a specially selected password. As a rule, such a password must be stored in the nonvolatile memory, and may be either read out or collated by a hacker or another unfair person.
Different means are used to protect from the password selection, such as limitation of selection attempts and indication of unauthorized access (US patent 5,475,755), or cyclic change of passwords by means of pseudorandom generation (US patent 5,812,764).
In such systems, a password or a list of passwords is stored in the computer memory and may be read out by unauthorized person.
Advantage is also taken of the system for protection from unauthorized access, which uses an external password recorded on any carrier, e.g. on a diskette, or of a combination of such methods (US patent 5,949,882). In all cases a password is compared with the data stored in the memory. However, an external password may be lost, copied or stolen. Moreover, an access to the resource may be got bypassing the locking systems, and the information may be read out. In this situation, a more safe protection is provided by transforming or encoding the proper resource. In this case, the resource is stored openly in the encoded form and the access to it may be obtained by decoding the stored resource. (US patent 5636281 ). The protection of the kind may also use an external key, but it is not always usable. Therefore, they often use passwords composed of words or phrase abbreviations.
Frequently, for the sake of easy memorizing they use a short text or associative passwords, which are also easily matched or peeped, in particular when working in a public office.
Thus, a plurality of all available password variants in practice is limited to a small set of symbols corresponding to the symbols of a common language, which is even more limited by the fact that the choice is always associated with a person selecting a password.
An ideal password for protection is the password, the length of which is equal to the length of the protected data array or even exceeds its length. The password of the kind allows to encode the resource to be protected without using any repeated features, making thereby practically impossible any unauthorized encoding. At the same time, long passwords are difficult to memorize and easy to make a mistake. An example of the attempt to agree the contradiction between the requirement of having a long key and the advantage of easy memorizing of a password, may serve the CryptoMania software created in OAO " InfoTeKS" ("Safe protection for the information in files!", By Alexander Kalfa, Computer Press, March 1999".
This software provides for generating a long licensed password for the software purchaser. The user introduces his password, which is composed of a part of words of the associative phrase that is known only to the user. However, a licensed password may be accessible to several users, or it may be stolen. Moreover, a personal password may be matched as well, whereas a probability of selection may be substantially limited due to the fact that a keyboard comprises a limited number of symbols, and groups of symbols constitute parts of words.
SUMMARY OF THE INVENTION
The invention is aimed at solving a problem of the need to have a long password for providing a higher level of protection and a problem of difficulty of memorizing of a long password, as well as a problem of storing a password in the computer memory.
The problems are solved in the following way. The known method for providing protection of personal data resources takes advantage of a password and transformation of the resource by using as a password a fragment of an associative array (notional text) selected by a user. In this case, the selected fragment is transferred into the main memory and is used as an initiating sequence of symbols, which is transformed according to the encoding algorithm including randomization with chaining up to obtaining a password of a preset length (greater then or equal to the length of the secured resource). Thereafter, the initial resource is encoded by the obtained password and is stored in the encoded form, and the initial resource, the password and the selected fragment are deleted from the computer memory.
In order to prevent a possibility of selection or guessing the part of the selected fragment, the algorithm of transforming of the selected fragment into an encoding password may include randomizing or hashing with chaining.
In this case the algorithm of transforming of the password may be stored either in the nonvolatile memory or on a separate carrier, which may also serve as an additional access password.
Preferably, a notional text of a large length should be used for an associative array. This may be a text generally used in the work, a help, a reference book, etc. In this case, it is desirable that the content or/and the structure of the text was well known to the user.
A real image or a styling one with solitary elements, desktop, homepage, etc. may also be used for the associative array.
Preferably, to provide protection of a resource from unauthorized access they use a notional text of a rather large length that is greater than or equal to the length of the resource to be protected.
It is mostly preferable that the password for encoding the resource was stored in the volatile memory. Unlike other systems for protection from unauthorized access, according to the proposed method, the password for encoding of the resource is deleted from the memory after the resource was encoded.
The following method for providing access to the personal resource of computer data means that takes advantage of a password and restoring of a resource transformed according to the afore described method, is characterized in that the same fragment of the associated array is selected as a password, the selected fragment is transferred to the nonvolatile memory and is used as an initial sequence of symbols, which is transformed under the preset encoding algorithm up to obtaining a password of a preset length (greater than or equal to the length of the initial text), thereafter the stored resource is decoded with the help of the obtained password and the restored resource is used.
In this case is used the same algorithm of transforming the selected fragment into the encoding password including randomization with chaining.
The method is also characterized in that the password for decoding (restoring) the resource is stored in the volatile memory.
The password for encoding/restoring the resource is deleted from the
volatile memory after the resource was restored.
According to one embodiment of the invention the password for encoding/restoring the resource is deleted from the volatile memory after restoring the resource, and the selected fragment is stored in the volatile memory.
For the sake of safe operation the restored resource is stored in the nonvolatile memory, and after termination of work it should be deleted from the memory, or it should be transformed. This is determined by the passive or active mode of use of the resource.
For some purposes of application, the restored resource may be stored in the memory within a preset period of time.
In case of active usage of the protected resource, the said resource may be changed in the course of operation, therefore after termination of work with the resource, which was restored and changed during operation, the renewed resource is transformed (encoded) by the stored password, thereafter the password and the restored array are deleted.
When in the process of operation the restored resource is changed, then after termination of work with the restored resource, the resulting (changed) resource is transformed (encoded) by the stored password, thereafter the password and the initial array are deleted, and the anew- encoded resource is stored.
According to one of the embodiments, if the password was deleted after restoring the resource, then after termination of work with the restored resource a password is generated anew, and the resource modified in the course of operation is transformed (encoded), thereafter the password and the resource modified in the process of operation are deleted, while the encoded resource is stored.
Under the resource to be protected one should understand a specific array of information, a software or data, which are considered confidential, and therefore are to be protected. The resource of that kind is stored in a special region of the computer memory and may be transformed or transferred. The resource may also be a database or a specific text or file with a software, image, etc.
DESCRIPTION OF THE PREFERRED EMBODIMENT
In the most preferable embodiment the method is carried out in the following way.
Under the choice of the user, for an initial array for setting a password is used any notional text or a group of texts available for free access and/or exchange at least in the reading mode. This may be a text of any work, an article, an instruction, a help, a reference book, etc. The text should be enough long and multiform, so that one was able to select a notional fragment of the required length. The text and the fragment from the text used as a password is selected by the user on the principle that the entire text was enough familiar for the user and the selected fragment had an associative meaning. As an initial data for forming a password one may use a visual and/or notional image of the beginning and of the end of the fragment.
In this case a password is not the numbers of pages, lines and symbols but rather the total content oτ the fragment. The user should memorize neither the whole password, nor its length, etc. The user should only remember the location of the source (a file name and a path to the file) and the notional and/or visual content of the password. In this case the selected fragment may be also represented as a password or a password phrase. Not furnished at time of publication
Not furnished at time of publication
Not furnished at time of publication
Not furnished at time of publication

Claims

1. A method for providing protection for a personal resource of computer means, the said method using a password and transformation of a resource, characterized in that as a password is used at least one fragment of the associative array selected by the user, the selected fragment is transferred into the buffer memory and is used as an initiating sequence of symbols that is transformed according to the pre-set algorithm of transformation till obtaining a key of a pre-set length that is greater than or equal to the size of the resource to be protected, thereafter the initial resource is encoded by the resulting key and is stored in the encoded form, and the initial resource, the key and the selected fragment are deleted from the computer memory.
2. The method according to Claim 1 , characterized in that the algorithm of transformation of the selected fragment into the encoded key comprises randomizing with chaining.
3. The method according to Claim 1 , characterized in that, as an associative array used is a notional text of a large length.
4. The method according to Claim 1 , characterized in that as an associative array used is a realistic image or a styling image with detailed elements.
5. The method according to Claim 1 , characterized in that as an associative array used is a notional text of a large length that is comparable with the size of the resource to be protected.
6. The method according to Claims 1-4, characterized in that the key for encoding the resource is stored in the volatile memory.
7. The method according to claims 1-4, characterized in that the key for encoding of the resource is deleted from the memory after the resource is encoded.
8. A method for providing access to the personal resource of computer means, the said method using a password and restoring of the resource transformed according to claim 1 , characterized in that as a password is selected the same fragment of the associative array, the selected array is transferred into the buffer memory and is used as an initial sequence of symbols that is transformed according to the pre-set algorithm of transformation up to obtaining a key of the pre-set length that is greater than or equal to the size of the resource to be protected, thereafter the stored resource is decoded by the resulting key, and the restored resource is used.
9. The method according to claim 1 , characterized in that the algorithm of transformation of the selected fragment into the encoding key comprises randomizing with chaining.
10. The method according to claim 8, characterized in that the key, transformed from a fragment for encoding the resource, is stored in the volatile memory.
11. The method according to claim 8, characterized in that the key for encoding/restoring the resource is deleted from the volatile memory after the resource is restored.
12. The method according to claim 8, characterized in that the key for encoding/restoring the resource is deleted from the volatile memory after the resource is restored and the selected fragment is stored in the volatile memory.
13. The method according to claim 8, characterized in that the restored resource is stored in the volatile memory.
14. The method according to claim 8, characterized in that the restored resource is stored in the volatile memory within a specified time period.
15. The method according to claims 8 and 9, characterized in that after termination of work with the restored resource, the said restored resource is transformed (encoded) by the stored key, thereafter the key and the restored array are deleted.
16. The method according to claims 8 and 9, characterized in that after termination of work with the resource, the said resulting 'esource is transformed (encoded) by the stored key, thereafter the key and the restored array are deleted.
17. The method according to claims 8 and 9, characterized in that after termination of work with the resource, the said resulting resource is transformed (encoded) by the generated key, thereafter the key and the working array are deleted.
PCT/BY2000/000002 2000-02-24 2000-02-24 Method for providing authorized access to personal computer data resources WO2001063383A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/BY2000/000002 WO2001063383A1 (en) 2000-02-24 2000-02-24 Method for providing authorized access to personal computer data resources
AU2000227873A AU2000227873A1 (en) 2000-02-24 2000-02-24 Method for providing authorized access to personal computer data resources

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/BY2000/000002 WO2001063383A1 (en) 2000-02-24 2000-02-24 Method for providing authorized access to personal computer data resources

Publications (1)

Publication Number Publication Date
WO2001063383A1 true WO2001063383A1 (en) 2001-08-30

Family

ID=4083751

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BY2000/000002 WO2001063383A1 (en) 2000-02-24 2000-02-24 Method for providing authorized access to personal computer data resources

Country Status (2)

Country Link
AU (1) AU2000227873A1 (en)
WO (1) WO2001063383A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010134940A (en) * 2001-10-25 2010-06-17 Research In Motion Ltd Multiple-stage system and method for processing encoded message

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5485519A (en) * 1991-06-07 1996-01-16 Security Dynamics Technologies, Inc. Enhanced security for a secure token code
US5677952A (en) * 1993-12-06 1997-10-14 International Business Machines Corporation Method to protect information on a computer storage device
EP0901060A2 (en) * 1997-09-05 1999-03-10 Fujitsu Limited Secure data control apparatus and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5485519A (en) * 1991-06-07 1996-01-16 Security Dynamics Technologies, Inc. Enhanced security for a secure token code
US5677952A (en) * 1993-12-06 1997-10-14 International Business Machines Corporation Method to protect information on a computer storage device
EP0901060A2 (en) * 1997-09-05 1999-03-10 Fujitsu Limited Secure data control apparatus and method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010134940A (en) * 2001-10-25 2010-06-17 Research In Motion Ltd Multiple-stage system and method for processing encoded message
US8194857B2 (en) 2001-10-25 2012-06-05 Research In Motion Limited Multiple-stage system and method for processing encoded messages
US20120216032A1 (en) * 2001-10-25 2012-08-23 Research In Motion Limited Multiple-stage system and method for processing encoded messages
US8526618B2 (en) 2001-10-25 2013-09-03 Research In Motion Limited Multiple-stage system and method for processing encoded messages

Also Published As

Publication number Publication date
AU2000227873A1 (en) 2001-09-03

Similar Documents

Publication Publication Date Title
US5425102A (en) Computer security apparatus with password hints
US8561174B2 (en) Authorization method with hints to the authorization code
US9740849B2 (en) Registration and authentication of computing devices using a digital skeleton key
US7739733B2 (en) Storing digital secrets in a vault
US5416841A (en) Cryptography system
US6986050B2 (en) Computer security method and apparatus
US7461399B2 (en) PIN recovery in a smart card
AU674560B2 (en) A method for premitting digital secret information to be recovered.
US8219823B2 (en) System for and method of managing access to a system using combinations of user information
EP1043862A2 (en) Generation of repeatable cryptographic key based on varying parameters
WO2001077788A2 (en) Method and system for secure access_control
US11514153B2 (en) Method of registering and authenticating a user of an online system
JP2007310819A (en) Password generation method with improved resistance to password analysis, and authentication apparatus using this password
WO2001063383A1 (en) Method for providing authorized access to personal computer data resources
EP3729312A1 (en) Authentication method and device
WO2004054297A1 (en) One-time password generator for mobile telephones
JPH0239260A (en) Password controller
JP2007336241A (en) Electronic check collation system
Stamm Passwords and Authentication
WO2024009052A1 (en) Secure storage of data
CN111066013A (en) Method and access system for access management to devices
Sherfield et al. Thematic Graphical User Authentication: Graphical User Authentication Using Themed Images on Mobile Devices
Highland QETUOADGJLXVN or the selection and use of passwords for security
Joshi et al. Secure E-mailing System Using Pair Based Scheme and AES with Session Password
CA2404769A1 (en) Method and system for secure access

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase