Patent for Sale:

System for Protecting Access into an Access-Controlled Entity    

Prevents unauthorized access into an access controlled entity or environment by a unique, highly effective fail counter.

Overview

This new fail counter system and method ("Fail Counter Method") was developed by a computer scientist when she was in the National Security Agency ("NSA"). It differs from state-of-the-art technologies that also use a fail counter method in several ways. Specifically, it does not require a delay counter or timing mechanism to be used in tandem with the fail counter; it exclusively maintains a fail counter and does not impose an entry delay on the user; and it uniquely increments the fail counter exponentially a second number of times a user-entered password or PIN does not match a pre-determined authorized password or PIN.

In brief, this method incorporates a fail count that is decremented upon entry of the correct password or PIN and incremented upon a user entering an incorrect one. Access is denied until the fail counter is equal to one less than a pre-determined reference value; e.g., zero if the reference value were set at "1". Each time a user enters an incorrect password or PIN, then the fail counter goes up exponentially; e.g., the second time, it goes from 1 to 2 times; the next incorrect entry goes to 4, etc.

There is no time delay in entering passwords, etc., but the system may be set a specific time to shut down if the correct password is not entered. Once the user does enter the correct password, he has to enter it repeatedly to get the fail counter back to one number below the reference value. Importantly, with this Fail Counter Method, the unauthorized user receives no indication when a correct PIN is entered because the system will not unlock automatically. As noted above, the user has to repeatedly enter that password until the system tells them they have access.

Primary Application of the Technology

Any enterprise (i.e., company or organization) that is looking for a more secure, cost-effective means for employees, etc. to login to their internal Web site.

Competitive Advantage

- Easy to implement system and process
- Very user friendly through its simplicity in access codes; i.e., can be four characters instead of six or eight
- A very secure system and method on par with current complex systems...uses careful mathematical analysis to improve protection to any access-controlled system.
- Flexible in that the number of characters can be set to correspond with the risk profile for the organization; e.g., use of four characters requires an unauthorized user to have a 1:10,000 chance in guessing the right password or PIN; five characters is a 1:100,000 probability; etc.
- Can be used any where that access codes are needed, including, but not limited to, Smart Cards, Web purchases, bank accounts, cellular phone systems, employee badges with access capability, Intranet access, etc.
- Essentially real time processing as there is no delay counter or timing mechanism to preclude a user from making entries
- Easy to install and administermay be implemented using any well-known combination of hardware, software, and/or firmware capable of comparing an entered password or PIN to the correct PIN.

Resulting benefits versus current systems and technologies include:

- More productivity by minimizing the number of characters users must remember to access a system and having no delays in making password or PIN entries
- Reduced overhead hardware needed for implementation versus current more-complex systems and methods
- Less likelihood of an authorized user locking himself out of his own system
- Lower help desk costs by reducing system complexity, in turn reducing the number of user requests for supporte.g., easier to remember passwords.

Comments on Deal Structure, Potential Terms and Restrictions

Purchase of the patent also would include access to the inventor who would assist in the technology transfer by

Frequently Asked Questions

Why didnt the NSA use this login process? It was not complex enough for them, even though it achieved their desired security levels.

Additional Information

While the fail counter invention has yet to be put into a commercial environment, its viability was validated through simulations and modeling conducted by two NSA mathematicians. Their analysis indicated the fail counter system embodied in this patent enhances security significantly. When developed in the late 1990s, the inventor used JAVA as the programming language.

Patent Summary

U.S. Patent Classes & Classifications Covered in this listing:

Class 235: Registers

Machines employed for ascertaining the number of movements of various devices or machines; also, indicating devices where the purpose is to disclose the numerical extent or quantity of movement of a machine and where the device is separate and independent of the machine whose movements are to be noted; also organized machines, such as, cash-registers, fare-registers, voting machines and calculators having registering or counting devices as essential or important elements and having in addition certain other features necessary to make up the complete machines for the purposes desired.

Subclass 379: Banking systems
Subclass 380: Credit or identification card systems
Subclass 382: Permitting access