Rule-based operation and service provider authentication for a keyed system

US 20020133716A1
Filed: 12/29/2000
Published: 09/19/2002
Est. Priority Date: 09/05/2000
Status: Abandoned Application

First Claim

Patent Images

1. A network system for providing a level of operation privileges to a user, the system comprising:

a first computational device comprising a plurality of identification tags and associated rule sets, wherein each identification tag and rule set pair establishes a level of operation privileges to the user; and

a second computational device adapted to program an access device with at least one of the identification tags upon authorization from the first computational device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A keyed authentication system and method employing rule based operation and service provider authentication techniques are described herein to provide for governing access and/or operation privileges for use environments such as vehicles, buildings, homes, computers, equipment, and intelligence. Broadly speaking, the system employs the use of an access device, including an identification tag, which may be validated by an authentication device to grant specific access and/or operation privileges to the controlled use environment. The identification tag encoded on the access device may be aligned with a set of rules that establish the level of access and/or operation for each unique identification tag. An application service provider may maintain the plurality of identification tags and associated rule sets and authorize trusted encoding devices to program the desired identification tags and associated rule sets into the plurality of access and authentication devices within the system.

119 Citations

62 Claims

1. A network system for providing a level of operation privileges to a user, the system comprising:
- a first computational device comprising a plurality of identification tags and associated rule sets, wherein each identification tag and rule set pair establishes a level of operation privileges to the user; and
  
  a second computational device adapted to program an access device with at least one of the identification tags upon authorization from the first computational device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network system of claim 1, wherein the second computational device is further adapted to program an authentication device with a plurality of the identification tags and associated rule sets upon authorization from the first computational device.
  - 3. The network system of claim 2, wherein the authentication device is adapted to interface with the access device and provide the corresponding level of operation privileges to the user if the identification tag programmed on the access device matches with at least one of the identification tags programmed on the authentication device.
  - 4. The network system of claim 1, further comprising a third computational device adapted to program the access device with at least one of the identification tags upon authorization from the first computational device.
  - 5. The network system of claim 4, wherein the access device is adapted to be periodically re-authenticated by the third computational device upon authorization from the first computational device.
  - 6. The network system of claim 1, wherein the first, second, and third computational devices are interconnected via a network such as the Internet.

7. A network system for providing a level of operation privileges to a user, the system comprising an encoding device adapted to program an access device with at least one identification tag upon authorization by a central authority connected to the network system.
- View Dependent Claims (8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 8. The network system of claim 7, wherein the encoding device is further adapted to program an authentication device with a plurality of identification tags and associated rule sets upon authorization by the central authority.
  - 9. The network system of claim 8, wherein the central authority is adapted to maintain and administer the plurality of identification tags and associated rule sets.
  - 10. The network system of claim 8, wherein each identification tag and rule set pair establishes a level of operation privileges for the user.
  - 11. The network system of claim 10, wherein the authentication device is adapted to provide the corresponding level of operation privileges, if upon establishing a communication link with the access device, the authentication device matches the identification tag stored on the access device with at least one the plurality of identification tags stored on the authentication device.
  - 12. The network system of claim 7, wherein the network system comprises the Internet.
  - 14. The network of claim 13, further comprising an access device adapted to store at least one of the plurality of identification tags and an authentication device adapted to store a plurality of the identification tags and associated rule sets.
  - 15. The network of claim 14, further comprising an encoding device adapted to program the access device with at least one of the plurality of identification tags upon authorization from the central authority.
  - 16. The network of claim 14, wherein the encoding device is further adapted to program the authentication device with a plurality of the identification tags and associated rule sets upon authorization from the central authority.
  - 17. The network of claim 14, wherein the authentication device is adapted to interface with the access device and provide the corresponding level of operation privileges to the user if the identification tag stored on the access device matches with at least one of the plurality of identification tags stored on the authentication device.
  - 18. The network of claim 13, wherein the network comprises the Internet.
  - 20. The network system of claim 19, further comprising an encoding device adapted to program the access device and the authentication device upon authorization by the central authority.
  - 21. The network system of claim 19, wherein the network system comprises the Internet.
  - 22. The network system of claim 19, wherein the central authority maintains and administers the plurality of identification tags and associated rule sets, and wherein each of the identification tag and rule set pair establishes a level of operation privileges for the user.
  - 23. The network system of claim 19, wherein the authentication device is further adapted to interface with the access device and provide the corresponding level of operation privileges to the user if the identification tag stored on the access device matches at least one of the plurality of identification tags stored on the authentication device.
  - 24. The network system of claim 20, wherein the access device is further adapted to be periodically authenticated by the encoding device upon authorization from the central authority.
  - 26. The network system of claim 25, wherein the central authority maintains and administers the plurality of identification tags and associated rule sets, and wherein each identification tag and rule set pair establishes a level of operation privileges to the user of the vehicle.
  - 27. The network system of claim 25, wherein the network system comprises the Internet.
  - 28. The network system of claim 25, further comprising an encoding device adapted to program the access device and the authentication device upon authorization from the central authority.
  - 29. The network system of claim 26, wherein the authentication device is further adapted to interface with the access device and provide the corresponding level of operation privileges to the user if the identification tag programmed on the access device matches at least one of the plurality of identification tags programmed on the authentication device.
  - 30. The network system of claim 26, wherein the authentication device is coupled to an engine control module to establish the operational parameters for the vehicle corresponding to the level of operation privileges provided by the authentication device.
  - 31. The network system of claim 26, wherein the authentication device is further coupled to an electronics system to establish the operational parameters for the vehicle corresponding to the level of operation privileges provided by the authentication device.
  - 32. The network system of claim 26, wherein the authentication device is further coupled to a telematics system to establish the operational parameters for the vehicle corresponding to the level of operation privileges provided by the authentication device.
  - 33. The network system of claim 28, wherein the access device is further adapted to be periodically re-authenticated by the encoding device upon authorization by the central authority.
  - 34. The network system of claim 33, wherein the access device is further adapted to store data associated with operational metrics of the user during the use of the vehicle.
  - 35. The network system of claim 34, wherein the encoding device is further adapted to re-authenticate the access device by retrieving the data and submitting the data to the central authority.
  - 36. The network system of claim 35, wherein the central authority is adapted to authorize the re-authentication of the access device if the data does not violate a level of eligibility for re-authentication as established by the associated rule set corresponding to the level of operation privileges provided to the user.
  - 37. The network system of claim 26, further comprising means for bypassing the current level of operation privileges as provided by the authentication device and providing a dissimilar level of operation privileges.
  - 38. The network system of claim 37, wherein the means for bypassing the current level of operation privileges is adapted to disable future access to the identification tag on the access device by the encoding device and the authentication device.
  - 39. The network system of claim 25, wherein the network system comprises the Internet.

13. A communication network for providing a level of operation privileges to a user, the system comprising a central authority arranged in the network and comprising a plurality of identification tags and associated rule sets, wherein each identification tag and rule set pair establishes a level of operation privileges for the user.

19. A network system for providing a level of operation privileges to a user, the system comprising:
- an access device adapted to store a programmed identification tag, wherein the identification tag is programmed upon authorization by a central authority connected to the network system; and
  
  an authentication device adapted to store a plurality of programmed identification tags and associated rule sets, wherein the plurality of identification tags and associated rule sets are programmed upon authorization by the central authority.

25. A network system for providing a level of operation privileges to the user of a vehicle, the system comprising:
- an access device adapted to store a programmed identification tag, wherein the access device is programmed upon authorization from a central authority connected to the network system; and
  
  a vehicle comprising an authentication device adapted to store a plurality of programmed identification tags and associated rule sets, wherein the authentication device is programmed upon authorization from the central authority.

40. A method for providing a plurality of operation privileges to a user, the method comprising:
- establishing a plurality of identification tags and associated rule sets, wherein each identification tag and rule set pair corresponds to a level of operation privileges that may be provided to the user; and
  
  programming an access device with an encoding device operably linked via a network to a central authority which administers the plurality of identification tags associated rule sets, wherein said programming occurs upon authorization from the central authority, and wherein the access device is programmed with at least one of the plurality of identification tags.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 48, 49)
- - 41. The method of claim 40, further comprising programming an authentication device with the encoding device, wherein the programming occurs upon authorization from the central authority, and wherein the authentication device is programmed with a plurality of the identification tags and associated rule sets.
  - 42. The method of claim 41, further comprising:
    - establishing a communication link between the access device and the authentication device;
      
      retrieving the identification tag stored on the access device and comparing it with the plurality of identification tags stored on the authentication device;
      
      retrieving the rule set associated with the identification tag stored on the access device if said comparing results in a match of the identification tag with at least one of the plurality of identification tags; and
      
      providing the corresponding level of operation privileges to the user.
  - 43. The method of claim 42, further comprising providing a default level of operation privileges to the user if said comparing does not result in a match of the identification tag with at least one of the plurality of identification tags.
  - 44. The method of claim 43, further comprising bypassing the corresponding level of operation privileges and providing an alternate level of operation privileges to the user dissimilar to the corresponding level of operation privileges.
  - 45. The method of claim 44, wherein said providing an alternate level of operation privileges comprises providing complete operation privileges to the user.
  - 46. The method of claim 44, wherein said bypassing the corresponding level of operation privileges comprises:
    - receiving a request from the user for bypassing the corresponding level of operation privileges; and
      
      disabling future access to the identification tag programmed on the access device.
  - 48. The method of claim 47, wherein said determining authorization of the authentication request comprises:
    - authenticating the encoding device to the central authority;
      
      retrieving data from the access device, wherein the data comprises operational metrics of the user for the corresponding level of operation privileges provided to the user by the access device; and
      
      authorizing the authentication request if the data conforms to the level of eligibility for authentication as established by the associated rule set corresponding to the level of privileges provided to the user.
  - 49. The method of claim 48, wherein said determining authorization of the authentication request further comprises denying the authorization request if the data violates a level of eligibility for authentication as established by the associated rule set corresponding to the level of operation privileges provided to the user.

47. A method for authenticating an access device used for obtaining a level of operation privileges, the method comprising:
- establishing a communications link between an encoding device and a central authority connected via a network, wherein the central authority maintains and administers a plurality of identification tags and associated rule sets, and wherein each identification tag and rule set pair establishes a level of operation privileges for a user;
  
  receiving a request from the encoding device for authenticating an access device, wherein the access device is associated with a level of operation privileges provided to the user; and
  
  determining authorization of the authentication request.

50. A method for authenticating an access device used in obtaining a level of operation privileges, the method comprising:
- establishing a communications link between an encoding device and a central authority connected via a network, wherein the central authority maintains and administers a plurality of identification tags and associated rule sets, and wherein each identification tag and rule set pair establishes a level of operation privileges for a user;
  
  receiving a request from the encoding device for authenticating a slave access device, wherein the slave access device is associated with a level of operation privileges provided to the user; and
  
  determining authorization of the authentication request.
- View Dependent Claims (51)
- - 51. The method of claim 50, wherein said determining authorization of the authentication request comprises:
    - authenticating the encoding device to the central authority;
      
      authenticating an access device, configured as a master to the slave access device, to the central authority;
      
      retrieving data from the slave access device, wherein the data comprises operational metrics of the user for the corresponding level of operation privileges provided to the user by the access device; and
      
      authorizing the authentication request regardless of whether the data conforms to the level of eligibility for authentication as established by the associated rule set corresponding to the level of privileges provided to the user.

52. A computer-readable medium comprising:
- first program instructions executable on a first computational device for authenticating an encoding device by a central authority coupled to the encoding device by a network; and
  
  second program instructions executable on the first computational device for authorizing a request sent via the network from the encoding device for programming an access device with an identification tag, said access device useable for accessing a controlled environment.
- View Dependent Claims (53, 54, 55, 56, 57, 59, 60, 61, 62)
- - 53. The computer-readable medium of claim 52, further comprising third program instructions executable on the first computational device for authorizing a request from the encoding device for programming an authentication device with a plurality of identification tags and associated rule sets, wherein each identification tag and rule set pair establishes a level of operation privileges for a user.
  - 54. The computer-readable medium of claim 53, further comprising fourth program instructions executable on a second computational device for providing the corresponding level of operation privileges to the user if the identification tag programmed in the access device matches with at least one of the plurality of identification tags programmed in the authentication device.
  - 55. The computer-readable medium of claim 54, wherein the fourth program instructions are further executable for providing a default level of operation privileges to the user if the identification tag programmed in the access device does not match with at least one of the plurality of identification tags programmed in the authentication device.
  - 56. The computer-readable medium of claim 55, further comprising fifth program instructions executable on the second computational device for bypassing the corresponding level of operation privileges and providing a dissimilar level of operation privileges.
  - 57. The computer-usable carrier medium of claim 56, wherein the fifth program instructions are further executable for disabling future access to the identification tag programmed in the access device.
  - 59. The computer-readable medium of claim 58, wherein the second program instructions are further executable to retrieve data from the access device, wherein the data comprises operational metrics of the user for the corresponding level of operation privileges provided to the user by the first access device.
  - 60. The computer-readable medium of claim 59, wherein the second program instructions are further executable for authorizing the authentication request if the data conforms to the level of eligibility for authentication as established for the corresponding level of operation privileges.
  - 61. The computer-readable medium of claim 60, further comprising third program instructions executable on the computational device for authenticating a second access device to the central authority.
  - 62. The computer-readable medium of claim 61, wherein the third program instructions are further executable for authorizing the authentication request if the second access device is configured as a master to the first access device.

58. A computer-readable medium comprising:
- first program instructions executable on a first computational device for authenticating an encoding device by a central authority coupled to the encoding device by a network; and
  
  second program instructions executable on the first computational device for authorizing a request sent via the network authenticating a first access device, wherein the first access device comprises a programmed identification tag associated with a level of operational privileges for a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Harif, Shlomi

Application Number

US09/751,829
Publication Number

US 20020133716A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G07C 2009/00761   with data transmission perf...

G07C 2009/00873   by code input from the lock

G07C 9/00857   where the code of the data ...

G07C 9/27   with central registration

Rule-based operation and service provider authentication for a keyed system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

119 Citations

62 Claims

Specification

Use Cases

Quick Links

Others

Rule-based operation and service provider authentication for a keyed system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

62 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others