Secure transaction system

US 20010027527A1
Filed: 02/23/2001
Published: 10/04/2001
Est. Priority Date: 02/25/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a request by a user for access to a first server;

receiving a token at the first server, the token indicating that the user has been authenticated and including a role assigned to the user; and

determining, based at least in part on the role identified in the token, whether the user is permitted to perform a particular transaction in connection with a specified file or application at the first server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing secure transactions can include receiving a request for access to a first server by a user. The request includes the user'"'"'s credentials such as biometric information, an electronic certificate, or other information. The user is authenticated based on the credentials, and a token is sent to the first server. The token indicates whether the user has been authenticated and includes criteria about the user. Based on the criteria in the token, the first server can determine whether the user is authorized to perform a particular transaction in connection with a specified file or application at the first server. The user can be re-authenticated prior to allowing the transaction to be completed. Each time the user is authenticated, a time-stamped record can be stored. Encryption can be used to enhance security.

Citations

34 Claims

1. A method comprising:
- receiving a request by a user for access to a first server;
  
  receiving a token at the first server, the token indicating that the user has been authenticated and including a role assigned to the user; and
  
  determining, based at least in part on the role identified in the token, whether the user is permitted to perform a particular transaction in connection with a specified file or application at the first server.
- View Dependent Claims (2, 3, 4, 5, 11)
- - 2. The method of claim 1 including:
    - generating the token at a second server; and
      
      sending the token to the first server via a public network.
  - 3. The method of claim 1 including:
    - authenticating the user; and
      
      sending the token to the first server after authenticating the user, the token including a set of credentials used to authenticate the user.
  - 4. The method of claim 3 wherein the token identifies a time at which the user was authenticated, the method including validating the token based on the authentication time and a predefined threshold.
  - 5. The method of claim 3 including storing a time-stamped record of the user authentication in a database.
  - 11. The method of claim 1 wherein the user credentials include biometric information.

6. A method comprising:
- receiving a request for access to a first server by a user, the request including credentials of the user;
  
  authenticating the user based on the credentials;
  
  sending a token to the first server, the token indicating whether the user has been authenticated and including criteria about the user; and
  
  determining, based on the criteria in the token, whether the user is permitted to perform a particular transaction in connection with a specified file or application at the first server.
- View Dependent Claims (7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19)
- - 7. The method of claim 6 including storing a time-stamped record of the authentication.
  - 8. The method of claim 6 including:
    - re-authenticating the user prior to allowing the transaction to be completed; and
      
      storing a time-stamped record of the re-authentication.
  - 9. The method of claim 6 including determining the validity of the token with respect to the first server.
  - 10. The method of claim 6 wherein the user credentials include an electronic certificate.
  - 12. The method of claim 6 including encrypting the token with a shared key and sending the encrypted token to the secure server.
  - 13. The method of claim 6 wherein the criteria in the token includes an indication of a role assigned to the user.
  - 14. The method of claim 6 wherein determining whether the user is permitted to perform a particular transaction includes examining the criteria in the token and a business rule.
  - 15. The method of claim 6 including re-authenticating the user based on the credentials.
  - 16. The method of claim 6 including determining, based on the criteria in the token, whether the user is authorized to access a particular file or application.
  - 17. The method of claim 6 including determining, based on the criteria in the token, whether the user is authorized to modify a particular file.
  - 18. The method of claim 6 including determining, based on the criteria in the token, whether the user is authorized to forward a particular file.
  - 19. The method of claim 6 including determining, based on the criteria in the token, whether the user is authorized to print a particular file.

20. A method comprising:
- receiving a request for access to a first server by a user, the request including biometric credentials of the user;
  
  authenticating the user based on the biometric credentials;
  
  sending a token to the first server, the token indicating whether the user has been authenticated and identifying a role assigned to the user;
  
  determining, based on the role identified in the token, whether the user is authorized to perform a particular transaction in connection with the first server;
  
  re-authenticating the user prior to allowing the transaction to be completed; and
  
  storing time-stamped records of the authentication and re-authentication of the user.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20 including encrypting at least a portion of the token with a shared key and sending the encrypted token to the secure server.
  - 22. The method of claim 21 including determining the validity of the token with respect to the first server.

23. A system comprising:
- a first server; and
  
  an authentication server configured to;
  
  receive a request for access to the first server by a user, the request including credentials of the user;
  
  authenticate the user based on the credentials;
  
  store a time-stamped record of the authentication; and
  
  send a token to the first server, the token indicating whether the user has been authenticated and including criteria about the user; and
  
  the first server configured to determine, based on the criteria in the token, whether the user is permitted to perform a particular transaction in connection with the first server.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The system of claim 23 wherein the first server is configured to examine the criteria in the token and a business rule to determine whether the user is authorized to perform the particular transaction.
  - 25. The system of claim 23 wherein the first server is configured to request re-authentication of the user prior to allowing the transaction to be completed.
  - 26. The system of claim 25 wherein the authentication server is configured to store a time-stamped record of the re-authentication.
  - 27. The system of claim 23 wherein the first server is configured to determine the validity of the token received from the authentication server.
  - 28. The system of claim 23 wherein the authentication server is configured to encrypt at least a portion of the token with a shared key and to send the encrypted token to the first server.

29. A system comprising:
- a secure server;
  
  a database for storing a user profile and criteria about the user, the criteria being established by an administrator of the secure server; and
  
  an authentication server configured to;
  
  receive a request for access to the secure server by a user, the request including credentials of the user;
  
  authenticate the user based on the credentials and the user profile stored in the database;
  
  store a time-stamped record of authentication of the user in the database; and
  
  send a token to the secure server, the token indicating whether the user has been authenticated and including the criteria about the user from the database, the secure server configured to use the criteria about the user in the token in conjunction with a business rule established by the administrator to determine whether the user is authorized to perform a particular transaction in connection with a specified file or application at the secure server.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The system of claim 29 wherein the secure server is configured to request re-authentication of the user prior to allowing the transaction to be completed.
  - 31. The system of claim 30 wherein the authentication server is configured to store a time-stamped record of the re-authentication in the database.
  - 32. The system of claim 31 wherein the secure server is configured to determine the validity of the token received from the authentication server.
  - 33. The system of claim 29 wherein the user'"'"'s credentials include biometric information.
  - 34. The system of claim 33 including:
    - a network coupled to the secure server and the authentication server;
      
      a user device that can execute a browser and that is coupled to the network; and
      
      a fingerprint reader coupled to the user device and that can be used by the user to submit the biometric information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Identix, Inc. (Advent International Corporation)
Original Assignee
Identix, Inc. (Advent International Corporation)
Inventors
Balashov, Alex, Khidekel, Yuri, Bashmakov, Vladimir

Application Number

US09/792,391
Publication Number

US 20010027527A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

G06F 2211/007   Encryption, En-/decode, En-...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

Secure transaction system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure transaction system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links