Multiple factor-based user identification and authentication
First Claim
1. A method of authenticating the identity of a user to determine access to a system, comprising:
- providing a plurality of factor-based data instances corresponding to a user;
evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of authenticating the identity of a user to determine access to a system includes providing a plurality of factor-based data instances corresponding to a user, evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated, and granting or restricting the user'"'"'s access to the system if the user'"'"'s identity is authenticated. More particularly, the method includes providing a modified data instance based on a second data instance, generating a key based on a first data instance, applying the key to the a modified data instance to generate a recovered data instance, interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation, and granting or restricting the user'"'"'s access to the system based at least in part on the validity of the authentication value.
-
Citations
30 Claims
-
1. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a plurality of factor-based data instances corresponding to a user;
evaluating the factor-based data instances to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a plurality of factor-based data instances corresponding to a user, including at least one modified data instance based on a second data instance of the plurality of factor-based data instances;
generating a key based on a first data instance of the plurality of factor-based data instances;
applying the key to the at least one modified data instance to generate a recovered data instance;
interrogating the recovered data instance against the second data instance to generate an authentication value as a result of a correspondence evaluation;
restricting the user'"'"'s access to the system based at least in part on an invalid authentication value; and
granting the user'"'"'s access to the system based at least in part on a valid authentication value. - View Dependent Claims (8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30)
-
-
13. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a possession-based data instance, a modified version of the possession-based data instance, a knowledge-based data instance, a biometric-based data instance, and a modified version of the biometric-based data instance;
generating a key based on the knowledge-based data instance;
applying the key to the modified version of the possession-based data instance to generate a first recovered data instance;
interrogating the first recovered data instance against the possession-based data instance to generate a possession value as a result of a first correspondence evaluation;
applying the key to the modified version of the biometric-based data instance to generate a second recovered data instance;
interrogating the second recovered data instance against the biometric-based data instance to generate a biometric value as a result of a second correspondence evaluation;
combining the key, the possession value, and the biometric value to form an authentication value;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated, based at least in part on the authentication value; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated, based at least in part on the authentication value.
-
-
19. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a possession-based data instance, a stored biometric-based data instance, and a read biometric-based data instance;
interrogating the stored biometric-based data instance against the read biometric-based data instance to generate a biometric value as a result of a correspondence evaluation;
combining the possession-based data instance and the biometric value to form an authentication value;
evaluating the authentication value to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated, based at least in part on the authentication value; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated, based at least in part on the authentication value.
-
-
25. A method of authenticating the identity of a user to determine access to a system, comprising:
-
providing a possession-based data instance, a biometric-based data instance, and a modified version of the biometric-based data instance;
applying the possession-based data instance to the modified version of the biometric-based data instance to generate a recovered data instance;
interrogating the recovered data instance against the biometric-based data instance to generate a biometric value as a result of a correspondence evaluation;
combining the possession-based data instance and the biometric value to form an authentication value;
evaluating the authentication value to determine if the user'"'"'s identity is authenticated;
restricting the user'"'"'s access to the system if the user'"'"'s identity is not authenticated, based at least in part on the authentication value; and
granting the user'"'"'s access to the system if the user'"'"'s identity is authenticated, based at least in part on the authentication value.
-
Specification