SYSTEM AND METHOD FOR PROTECTING UNAUTHORIZED ACCESS TO DATA CONTENTS
 Inventor: Vinay Deo, Redmond, Wash.
 Assignee: Microsoft Corporation, Redmond, Wash.
 Appl. No.: 412,295
 Filed: Mar. 28, 1995
 Int. CI.6 G06K5/00
 U.S. CI 235/380; 902/4; 902/26
 Field of Search 902/4, 5, 26; 235/380,
 References Cited
U.S. PATENT DOCUMENTS
4,449,040 5/1984 Watsugka et al 235/380
4,453,074 6/1984 Weinstein 235/380
4,667,087 5/1987 Quintana 235/380
4,684,791 8/1987 Bito 235/380
4,710,613 12/1987 Shigenaga 235/380
4,801,787 1/1989 Suzuki 235/380
4,839,506 6/1989 Homraa et al 235/379
Primary Examiner—Donald T. Hajec
Assistant Examiner—Jeffrey R. Filipek
Attorney, Agent, or Firm—Lee & Hayes, PLLC
i run iiiiiui in inn urn urn inn Jijii Iiiji Iim Jiiu Iihn ftJ inn Iiii
[ii] Patent Number: 5,594,227  Date of Patent: Jan. 14, 1997
A smart card protection system is provided for protecting against unauthorized access of data contents on a smart card through human or electronic-machine tampering. The smart card protection system includes a smart card having an authorized password stored thereon for associated data and a smart card terminal to supply an entered password for accessing the data on the smart card. The smart card includes a comparator to compare the entered password to the stored password, and two counters: a fail counter and a delay counter. The fail counter keeps a fail count indicative of the number of times that the entered password fails to match the stored password. The fail counter is incremented when the entered password fails to match the stored password and decremented when the entered password successfully matches the stored password. The delay counter maintains a delay count that is incremented each time the comparator compares the entered password to the stored password regardless of a match. In the event that the fail count is not equal to its starting value of zero, the smart card denies access to the data contents. Access is denied even though a match might occur after initial misses because the fail count is not zero. Further, when access is denied, a delay period is imposed before comparing the -next entered password received from the smart card terminal. The delay period increases each time based upon a function of the delay count.
28 Claims, 6 Drawing Sheets