This is an informal description of a possibly but unlikely new technique for secure authentication, designed to be combined with other technique such as passwords or smartcards to limit risk without additional cost other than possible inconvenience.

Identity authentication techniques may be divided into one of three categories:

1. something you know (password, pass phrase, PIN)
2. something you have (smartcard, hardware token)
3. something inherent to you (i.e. biometric)

Time-constrained login technique falls into the first category: valid login time and duration is something you know.  This technique is different from other knowledge-based techniques in that the required knowledge may be changed more frequently, possibly each time.  This is because, while people can't remember daily changing passwords, they can easily remember appointments.

With time-constrained login, authentication succeeds only at certain time.  A specialized form of time-constrained login is Time Capsule since it can only be opened after certain amount of time has passed.  Another example that is more appropriate for day to day use is CVS login restricted to 10-11am and 6-7pm.

Absolute time-constrained login uses specific time such as 1:35pm GMT or 7:12am PST.  Relative time-constrained login uses relative time such as 5 hours and 12 minutes from one or more event such as 'now' or 'after receiving SMS message containing the word 'Hollywood' from me'.  Time constraint can be specified by random, by schedule, or by combination (hours by schedule and minutes randomly).  Duration can be determined according to the need.  Specifying relative time constraint as one logs off may be useful to protect your workstation while going to a meeting or lunch.

This is all I have so far.  If you know of a similar techniques or have suggestions, please let me know.  If not — unlikely but possible – I may file an anti-patent if there are any patent lawyers interested in doing some pro bono work.  <g>