Smart card enabled secure computing environment system

US 20030088780A1
Filed: 10/18/2002
Published: 05/08/2003
Est. Priority Date: 02/28/2001
Status: Active Grant

First Claim

Patent Images

1. A process for controlling access to a host computer via user specific smart cards, comprising the steps of:

providing a smart card reader;

locking said host computer from user access;

providing access time definition means on said host computer for defining valid users and access time intervals for each user;

storing said valid users and said access time intervals for each user on said host computer;

detecting that a smart card has been inserted into said smart card reader;

retrieving a smart card password and username from said smart card;

receiving a password entered by a user;

comparing said entered password to said retrieved password;

searching said stored valid users for said username if said entered password matches said retrieved password;

retrieving stored access time intervals associated with said username; and

granting access to the user by unlocking said host computer if the current time is within any of the stored access time intervals.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart card enabled secure computing environment system locks the host computer system from user access and waits for a smart card to be inserted into an attached or co-resident smart card reader. When a smart card is inserted into the smart card reader, the invention asks the user to enter his smart card password which is compared to the password on the smart card. If the two passwords match, the invention looks up the user'"'"'s username in an access file of valid users and finds its associated access times and/or cumulative time limits in the access file. if the current time is within any of the valid access times and the user'"'"'s cumulative usage time is within the specified cumulative time limit, then access is granted and the system is unlocked. The invention periodically checks the current time while the user is using the computer. If a blocked time period is entered or a cumulative time limit is exceeded, the user is logged off the machine and the computer is locked from user access. If at any time the user'"'"'s smart card is removed from the smart card reader the invention will shut down all of the user'"'"'s programs and lock the system.

102 Citations

View as Search Results

46 Claims

1. A process for controlling access to a host computer via user specific smart cards, comprising the steps of:
- providing a smart card reader;
  
  locking said host computer from user access;
  
  providing access time definition means on said host computer for defining valid users and access time intervals for each user;
  
  storing said valid users and said access time intervals for each user on said host computer;
  
  detecting that a smart card has been inserted into said smart card reader;
  
  retrieving a smart card password and username from said smart card;
  
  receiving a password entered by a user;
  
  comparing said entered password to said retrieved password;
  
  searching said stored valid users for said username if said entered password matches said retrieved password;
  
  retrieving stored access time intervals associated with said username; and
  
  granting access to the user by unlocking said host computer if the current time is within any of the stored access time intervals.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The process of claim 1, wherein only a designated primary user is allowed to define said valid users and said access time intervals for each user.
  - 3. The process of claim 1, further comprising the step of:
    - denying access to the user if the current time falls outside of the associated stored access time intervals.
  - 4. The process of claim 1, further comprising the step of:
    - periodically checking the current time while the user is using said host computer.
  - 5. The process of claim 4, further comprising the step of:
    - warning the user if the current time is approaching the end of an access time interval;
      
      wherein said warning is issued to the user at preset intervals.
  - 6. The process of claim 4, further comprising the step of:
    - determining that an access time interval has ended; and
      
      wherein said determining step logs the user off said computer and locks said host computer from user access.
  - 7. The process of claim 6, wherein said determining step shuts down all of the user'"'"'s running programs.
  - 8. The process of claim 1, further comprising the step of:
    - logging the user off said host computer and locking said host computer from user access if said smart card is removed from said smart card reader.
  - 9. The process of claim 1, wherein said access time definition means defines cumulative time limits for a username, and wherein said cumulative time limits span any of:
    - a day, a week, a month.
  - 10. The process of claim 9, wherein said granting step grants access to the user if the username'"'"'s cumulative usage time is within the username'"'"'s associated cumulative time limit.
  - 11. The process of claim 9, further comprising the step of:
    - denying access to the user if the username'"'"'s cumulative usage time exceeds the username'"'"'s associated cumulative time limit.
  - 12. The process of claim 9, further comprising the steps of:
    - periodically checking the current time while the user is using said host computer; and
      
      adding a time value since the last periodic check to the username'"'"'s cumulative usage time and storing said cumulative usage time on said host computer.
  - 13. The process of claim 12, further comprising the step of:
    - warning the user if said cumulative usage time is about to exceed any of the username'"'"'s associated cumulative time limits;
      
      wherein said warning is issued to the user at preset intervals.
  - 14. The process of claim 12, further comprising the step of:
    - determining that a username'"'"'s associated cumulative time limit has been exceeded; and
      
      wherein said determining step logs the user off said computer and locks said host computer from user access.
  - 15. The process of claim 14, wherein said determining step shuts down all of the user'"'"'s running programs.

16. A process for using low-cost memory cards to log onto a Windows XP host computer connected to a smart card reader, comprising the steps of:
- detecting that a low-cost memory card has been inserted into said smart card reader;
  
  retrieving a smart card password from said low-cost memory card;
  
  receiving a password entered by a user;
  
  comparing said entered password to said retrieved password; and
  
  retrieving a Windows domain name and password from said low-cost memory card if said entered password matches said retrieved password.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The process of claim 16, wherein if said entered password does not match said retrieved password then reverting to a manual Windows XP logon process by calling a Windows XP logon executable file.
  - 18. The process of claim 16, further comprising the step of:
    - calling a Windows XP logon executable file and passing said Windows XP logon executable file said retrieved domain name and said retrieved password.
  - 19. The process of claim 17, further comprising the step of:
    - launching a screen saver and locking said host computer from user access when said low-cost memory card is removed from said smart card reader;
  - 20. The process of claim 19, wherein if said detecting step detects that a subsequent low-cost memory card has been inserted into said smart card reader after said removal then retrieving a subsequent smart card password from said subsequent low-cost memory card.
  - 21. The process of claim 20, wherein if said subsequent password matches said retrieved password then retrieving a subsequent Windows domain name and password from said subsequent low-cost memory card.
  - 22. The process of claim 21, further comprising the step of:
    - unlocking said host computer and returning the user back to his session if said subsequent Windows domain name and password match said retrieved Windows domain name and password.
  - 23. The process of claim 20, further comprising the step of:
    - logging the user off said host computer if said subsequent password does not match said retrieved password.

24. An apparatus for controlling access to a host computer via user specific smart cards, comprising:
- a smart card reader;
  
  a module for locking said host computer from user access;
  
  access time definition means on said host computer for defining valid users and access time intervals for each user;
  
  a module for storing said valid users and said access time intervals for each user on said host computer;
  
  a module for detecting that a smart card has been inserted into said smart card reader;
  
  a module for retrieving a smart card password and username from said smart card;
  
  a module for receiving a password entered by a user;
  
  a module for comparing said entered password to said retrieved password;
  
  a module for searching said stored valid users for said username if said entered password matches said retrieved password;
  
  a module for retrieving stored access time intervals associated with said username; and
  
  a module for granting access to the user by unlocking said host computer if the current time is within any of the stored access time intervals.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 25. The apparatus of claim 24, wherein only a designated primary user is allowed to define said valid users and said access time intervals for each user.
  - 26. The apparatus of claim 24, further comprising:
    - a module for denying access to the user if the current time falls outside of the associated stored access time intervals.
  - 27. The apparatus of claim 24, further comprising:
    - a module for periodically checking the current time while the user is using said host computer.
  - 28. The apparatus of claim 27, further comprising:
    - a module for warning the user if the current time is approaching the end of an access time interval;
      
      wherein said warning is issued to the user at preset intervals.
  - 29. The apparatus of claim 27, further comprising:
    - a module for determining that an access time interval has ended; and
      
      wherein said determining module logs the user off said computer and locks said host computer from user access.
  - 30. The apparatus of claim 29, wherein said determining module shuts down all of the user'"'"'s running programs.
  - 31. The apparatus of claim 24, further comprising:
    - a module for logging the user off said host computer and locking said host computer from user access if said smart card is removed from said smart card reader.
  - 32. The apparatus of claim 24, wherein said access time definition means defines cumulative time limits for a username, and wherein said cumulative time limits span any of:
    - a day, a week, a month.
  - 33. The apparatus of claim 32, wherein said granting module grants access to the user if the username'"'"'s cumulative usage time is within the username'"'"'s associated cumulative time limit.
  - 34. The apparatus of claim 32, further comprising:
    - a module for denying access to the user if the username'"'"'s cumulative usage time exceeds the username'"'"'s associated cumulative time limit.
  - 35. The apparatus of claim 32, further comprising:
    - a module for periodically checking the current time while the user is using said host computer; and
      
      a module for adding a time value since the last periodic check to the username'"'"'s cumulative usage time and storing said cumulative usage time on said host computer.
  - 36. The apparatus of claim 35, further comprising:
    - a module for warning the user if said cumulative usage time is about to exceed any of the username'"'"'s associated cumulative time limits;
      
      wherein said warning is issued to the user at preset intervals.
  - 37. The apparatus of claim 35, further comprising:
    - a module for determining that a username'"'"'s associated cumulative time limit has been exceeded; and
      
      wherein said determining module logs the user off said computer and locks said host computer from user access.
  - 38. The apparatus of claim 37, wherein said determining module shuts down all of the user'"'"'s running programs.

39. An apparatus for using low-cost memory cards to log onto a Windows XP host computer connected to a smart card reader, comprising:
- a module for detecting that a low-cost memory card has been inserted into said smart card reader;
  
  a module for retrieving a smart card password from said low-cost memory card;
  
  a module for receiving a password entered by a user;
  
  a module for comparing said entered password to said retrieved password; and
  
  a module for retrieving a Windows domain name and password from said low-cost memory card if said entered password matches said retrieved password.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
- - 40. The apparatus of claim 39, wherein if said entered password does not match said retrieved password then reverting to a manual Windows XP logon process by calling a Windows XP logon executable file.
  - 41. The apparatus of claim 39, further comprising:
    - a module for calling a Windows XP logon executable file and passing said Windows XP logon executable file said retrieved domain name and said retrieved password.
  - 42. The apparatus of claim 40, further comprising:
    - a module for launching a screen saver and locking said host computer from user access when said low-cost memory card is removed from said smart card reader;
  - 43. The apparatus of claim 42, wherein if said detecting module detects that a subsequent low-cost memory card has been inserted into said smart card reader after said removal then retrieving a subsequent smart card password from said subsequent low-cost memory card.
  - 44. The apparatus of claim 43, wherein if said subsequent password matches said retrieved password then retrieving a subsequent Windows domain name and password from said subsequent low-cost memory card.
  - 45. The apparatus of claim 44, further comprising:
    - a module for unlocking said host computer and returning the user back to his session if said subsequent Windows domain name and password match said retrieved Windows domain name and password.
  - 46. The apparatus of claim 43, further comprising:
    - a module for logging the user off said host computer if said subsequent password does not match said retrieved password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
O2 Micro International Limited (O2 Micro Incorporated)
Original Assignee
O2 Micro International Limited (O2 Micro Incorporated)
Inventors
Li, Miao, Luo, Wei, Kuo, Chih Jen

Granted Patent

US 7,861,091 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6272   by registering files or doc...

G06F 2221/2153   Using hardware token as a s...

G06Q 30/02   Marketing; Price estimation...

Smart card enabled secure computing environment system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

46 Claims

Specification

Use Cases

Quick Links

Others

Smart card enabled secure computing environment system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

46 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others