1
AUTHORIZATION METHOD
BACKGROUND
Many computerized systems prevent unauthorized access 5 by requiring a person attempting to gain access to enter one or more passwords. In many applications, the passwords are entered via a keyboard. This may be especially dangerous at public usage terminals or other public remote clients where keystroke capturing software may be installed. By obtaining 10 such passwords, unauthorized users may gain access to resources and sensitive information.
BRIEF DESCRIPTION OF THE DRAWINGS
15
FIG. 1 is a schematic diagram illustrating one example of an authorization system of the present invention.
FIG. 2 is a flowchart illustrating one example of an authorization method performed by the authorization system of FIG. 1. 20
FIG. 3 is a schematic diagram illustrating portions of the authorization system of FIG. 1 performing the method of FIG. 2 according to one exemplary embodiment.
FIG. 4 is a schematic diagram illustrating portions of the system of FIG. 1 performing another embodiment of the 25 method of FIG. 2 according to one exemplary embodiment.
FIG. 5 is a schematic diagram illustrating a specific example of the system of FIG. 1.
FIG. 6 is a schematic diagram illustrating another embodiment of the authorization system of FIG. 1 according to 30 another exemplary embodiment.
DETAILED DESCRIPTION OF THE EXAMPLE
EMBODIMENTS
35
FIG. 1 is a schematic illustration of an authorization system 10 configured to use a password associated with a particular user. For purposes of this disclosure, the term "password" means any combination of characters in a defined order, utilized for accessing or denying access to a device, network, 40 system and the like. The term "password" encompasses user names and other authorization codes. For purposes of this disclosure, the term "characters" includes alpha-numeric symbols, displays, icons, graphics and the like.
Authorization system 10 is configured to grant or deny 45 authorization or access using an authorization method or scheme described hereafter with respect to FIGS. 2 and 3. As shown by FIG. 1, authorization system 10 generally includes authorization site 12 and remote clients 14. Authorization site 12 comprises a site generally removed from remote clients 50 14, but in communication with remote clients 14. In the particular embodiment illustrated, authorization site 12 communicates to remote clients 14 via a network 16. Network 16 allows two-way communication between site 12 and remote clients 14. Network 16 may use any of a variety of protocols 55 such as Transmission Control Protocol/Internet Protocol (TCP/IP) network protocol, Digital Equipment Corporation NETwork protocol (DEC net), X.25, User Datagram Protocol (UDP) or other protocols. Network 16 may comprise any type of network, such as an internet, an Ethernet, a net-ware net- 60 work or a private network (VPN). Network 16 may include a configuration such as wide area network (WAN), a wireless network or a local area network (LAN). Network 16 may provide communication via Hypertext Markup Language (HTML) web pages. 65
Authorization site 12 generally includes processor 18, reader 20, computer readable media 22 and memory 24. Pro
2
cessor 18, sometimes referred to as a controller, comprises a processing unit that executes sequences of instructions contained in a memory. Execution of the sequences of instructions causes the processing unit to perform steps such as generating control signals. The instructions may be loaded in a random access memory (RAM) for execution by the processing unit from a read only memory (ROM), a mass storage device, or some other persistent storage. In other embodiments, hardwired circuitry may be used in place of or in combination with software instructions to implement the functions described. Processor 18 is not limited to any specific combination of hardware circuitry and software, nor to any particular source for the instructions executed by the processing unit. In the particular embodiment shown, processor 18 generates control signals and processes information based at least in part upon instructions from computer readable media 22 received through reader 20.
Reader 20 comprises a device configured to read information and instructions contained on computer readable media 22. Computer readable media 22 comprises a portable medium containing instructions that are communicated to processor 18 by reader 20. Computer readable media 22 contains instructions that direct processor 18 to perform an authorization method as will be described in greater detail hereafter with respect to FIGS. 2 and 3.
In one embodiment, computer readable media 22 may comprise an optically encoded medium such as a compact disk (CD), digital versatile disk (DVD) and the like, wherein reader 20 is configured to read such optically encoded information. In another embodiment, computer readable media 22 may comprise a magnetically encoded medium such as a floppy disk, a tape and the like, wherein reader 20 is configured to read such magnetically encoded information. In still another embodiment, computer readable medium may comprise a hardwired digital device, such as a flash or other memory card, wherein reader 20 is configured to interact with the card for the transference of instructions. Computer readable media 22 enables the authorization scheme or method to be easily transferred between different authorization sites 12 and to be updated or replaced. In other embodiments, reader 20 and computer readable medium 22 may be omitted or utilized for other purposes, wherein site 12 includes a permanent medium containing instructions for executing the authorization scheme. In still other embodiments, reader 20 and computer readable medium 22 may be provided as part of one or more of remote clients 14, wherein instructions are transmitted to authorization site 12 through network 16. In still other embodiments, remote clients 14 may include permanent internal mediums providing such instructions for executing the authorization scheme.
Memory 24 comprises a medium configured to store information. Memory 24 may contain instructions for processor 18. Memory 24 may also store input or generated data relating to the authorization scheme. For example, memory 24 may store one or more passwords as well as assignments of code characters as described hereafter. Memory 24 may comprise random access memory (RAM), read only memory (ROM), a mass storage device or some other persistent storage.
Remote clients 14 generally comprise devices distinct from authorization site 12 and connected to authorization site 12 via network 16. Remote clients 14 comprise devices configured to interact with individuals or users. Examples of remote clients 14 include laptop computers, personal computers, printers, fax machines, personal digital assistants (PDA), cell phones, scanners, copiers, access terminals and the like. Each remote client 14 includes display 30, character input 32, processor 34 and memory 36. Display 30 generally
