System and method for facilitating operator authentication

US 20030115154A1
Filed: 12/18/2001
Published: 06/19/2003
Est. Priority Date: 12/18/2001
Status: Abandoned Application

First Claim

Patent Images

1. A system for authenticating an operator, comprising:

at least one resource and a high-security authentication device, the at least one resource being selectively utilizable by an operator;

the high-security authentication device being configured to perform an authentication operation in connection with a prospective operator and generate a credential for the prospective operator if it authenticates the prospective operator; and

, the at least one resource being configured to, in response to the prospective operator attempting to utilize the resource, initiate an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and allow the prospective operator to utilize the at least one resource in response to the operator authentication verification operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes at least one resource, such as a computer, and a high-security authentication device, the at least one resource being selectively utilizable by an operator. The high-security authentication device is configured to perform an authentication operation in connection with a prospective operator and generate a credential for the prospective operator if it authenticates the prospective operator. The at least one resource is configured to, in response to the prospective operator attempting to utilize the resource, initiate an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and allow the prospective operator to utilize the at least one resource in response to the operator authentication verification operation. Since the system may include a number of such resources, a single, relatively expensive high-security authentication device can be used to provide authentication services for prospective operators for one or more resources. It will be appreciated that, since the high-security authentication device gives the credentials to the prospective operator, they can be compromised; however, since the duration during which the credentials may be valid can be limited to a relatively short period of time, the likelihood of compromise and the duration that the credentials may be comprised are reduced.

58 Citations

View as Search Results

49 Claims

1. A system for authenticating an operator, comprising:
- at least one resource and a high-security authentication device, the at least one resource being selectively utilizable by an operator;
  
  the high-security authentication device being configured to perform an authentication operation in connection with a prospective operator and generate a credential for the prospective operator if it authenticates the prospective operator; and
  
  , the at least one resource being configured to, in response to the prospective operator attempting to utilize the resource, initiate an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and allow the prospective operator to utilize the at least one resource in response to the operator authentication verification operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 2. The system as in claim 1 in which the high-security authentication device further comprises:
    - a biometric authentication device configured to, during the authentication operation, authenticate the prospective operator in connection with at least one physical characteristic of the prospective operator.
  - 3. The system as in claim 1 in which the high-security authentication device further comprises:
    - a computer-readable media reader configured to retrieve information from at least one type of computer-readable media and, during the authentication operation, authenticate the prospective operator in connection with authentication information contained on a computer-readable medium provided thereto by the prospective operator.
  - 4. The system as in claim 3 wherein the computer-readable medium further comprises:
    - a smart card, the smart card having authentication information stored therein, and the computer-readable media reader comprises a smart card reader.
  - 5. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for generating credential information for use in the credential.
  - 6. The system as in claim 5 wherein the high-security authentication device further comprises:
    - means for generating a random number as the credential information.
  - 7. The system as in claim 5 wherein the high-security authentication device further comprises:
    - means for generating a passphrase as the credential information.
  - 8. The system as in claim 5 wherein the high-security authentication device further comprises:
    - means for generating a personal identification number (PIN) as the credential information.
  - 9. The system as in claim 5 wherein which the high-security authentication device further comprises:
    - means for generating a public key/private key pair as the credential information.
  - 10. The system as in claim 5 wherein the high-security authentication device further comprises:
    - means for generating a ticket-granting ticket as the credential information.
  - 11. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for inferring the credential from data supplied by the operator.
  - 12. The system as in claim 1 wherein the high-security authentication device further comprises:
    - an operator input device configured to receive credential information input thereto by the prospective operator, the high-security authentication device being configured to use the credential information input by the prospective operator in connection with generation of the credential.
  - 13. The system as in claim 1 wherein the high-security authentication device further comprises:
    - a media reader configured to retrieve certificate information from a machine-readable medium, the high-security authentication device being configured to use the credential information retrieved from the machine-readable medium in connection with generation of the credential.
  - 14. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for providing the credential to the prospective operator over a communication link.
  - 15. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for providing the credential to the at least one resource over a communication link.
  - 16. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for providing the credential to a centralized account management facility.
  - 17. The system as in claim 1 wherein the centralized account management facility further comprises:
    - means for providing the credential to the at least one resource.
  - 18. The system as in claim 1 further comprising:
    - means for the at least one resource to receive the credential, the at least one resource being further configured to, when the prospective operator wishes to utilize the at least one resource, perform the operator authentication verification operation in connection with the credential as received to determine whether the credential received corresponds to the credential as provided by the prospective operator.
  - 19. The system as in claim 1 further comprising:
    - means for the at least one resource to receive the credential from the prospective operator, when the prospective operator wishes to utilize the at least one resource, and transfer the credential to another device, the other device being configured to determine whether the credential as generated by the high-security authentication device corresponds to the credential as provided by the prospective operator, the other device being further configured to notify the at least one resource of the determination.
  - 20. The system as in claim 18 in which the high-security authentication device comprises:
    - the other device.
  - 21. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for performing an authentication operation in connection with the identity of the prospective operator.
  - 22. The system as in claim 1 wherein the high-security authentication device further comprises:
    - means for performing an authentication operation in connection with at least one personal characteristic of the prospective operator other than identity.
  - 23. The system as defined in claim 21 in which the at least one personal characteristic further comprises:
    - at least one of sobriety, blood pressure, weight, radiation emission, and credit worthiness.
  - 24. The system as in claim 1, wherein the credential further comprises:
    - a short term credential.
  - 26. The method as in claim 24 further comprising:
    - authenticating the prospective operator in connection with at least one physical characteristic of the prospective operator by a biometric authentication device.
  - 27. The method as in claim 24 further comprising:
    - retrieving information from a computer-readable media provided by the prospective operator, and during the authentication operation, authenticating the prospective operator in connection with authentication information contained on the computer-readable medium.
  - 28. The method as in claim 26 further comprising:
    - using as the computer readable media a smart card, the smart card having authentication information stored therein.
  - 29. The method as in claim 24 further comprising:
    - generating credential information by the high-security authentication device for use in the credential.
  - 30. The method as in claim 24 further comprising:
    - generating a random number as the credential information.
  - 31. The method as in claim 24 further comprising:
    - generating a passphrase as the credential information.
  - 32. The method as in claim 24 further comprising:
    - generating a personal identification number (PIN) as the credential information.
  - 33. The method as in claim 24 further comprising:
    - inferring the credential from data supplied by the operator.
  - 34. The method as in claim 24 further comprising:
    - generating a public key/private key pair as the credential information.
  - 35. The method as in claim 24 further comprising:
    - generating a ticket-granting ticket as the credential information.
  - 36. The method as in claim 24 further comprising:
    - receiving credential information input into an operator input device by the prospective operator.
  - 37. The method as in claim 24 further comprising:
    - retrieving certificate information from a machine-readable medium.
  - 38. The method as in claim 24 further comprising:
    - providing the credential to the prospective operator and to the at least one resource over a communication link.
  - 39. The method as in claim 24 further comprising:
    - providing the credential to a centralized account management facility.
  - 40. The method as in claim 38 further comprising:
    - providing, by the centralized account management facility, the credential to the at least one resource.
  - 41. The method as in claim 1 further comprising:
    - receiving the credential by the at least one resource; and
      
      , configuring the at least one resource to perform the operator authentication verification operation in connection with the credential as received, to determine whether the credential received corresponds to the credential as provided by the prospective operator.
  - 42. The method as in claim 24 further comprising:
    - receiving the credential from the prospective operator by the at least one resource, when the prospective operator wishes to utilize the at least one resource, and transferring the credential to another device, the other device being configured to determine whether the credential as generated by the high-security authentication device corresponds to the credential as provided by the prospective operator, the other device being further configured to notify the at least one resource of the determination.
  - 43. The method as in claim 41 further comprising:
    - using the high-security authentication device as the other device.
  - 44. The method as in claim 24 further comprising:
    - performing an authentication operation in connection with the identity of the prospective operator.
  - 45. The method as in claim 24 further comprising:
    - performing an authentication operation in connection with at least one personal characteristic of the prospective operator other than identity.
  - 46. The method as in claim 44 further comprising:
    - using as the at least one personal characteristic at least one of sobriety, blood pressure, weight, radiation emission, and credit worthiness.
  - 47. The method as in claim 24 further comprising:
    - using as the credential a short term credential.
  - 48. A computer readable media comprising:
    - the computer readable media having information written thereon, the information having instructions for execution in a computer for the practice of the method of claim 24.
  - 49. Electromagnetic signals propagating on a computer network comprising:
    - said electromagnetic signals carrying information, the information having instructions for execution in a computer for the practice of the method of claim 24.

25. A method of authenticating an operator, comprising:
- operating a system having at least one resource and a high-security authentication device, the at least one resource being selectively utilizable by an operator, the method comprising the steps of;
  
  performing, using a high-security authentication device, an authentication operation in connection with a prospective operator and generating a credential for the prospective operator if it authenticates the prospective operator; and
  
  , in response to the prospective operator attempting to utilize the resource, initiating an operator authentication verification operation using the credential to attempt to verify the authentication of the operator, and conditioning utilization of the resource by the prospective operator in response to the operator authentication verification operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Perlman, Radia J., Hanna, Stephen R., Anderson, Anne H.

Application Number

US10/025,596
Publication Number

US 20030115154A1
Time in Patent Office

Days
Field of Search
US Class Current

705/73
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06Q 20/382   insuring higher security of...

G07C 9/257   electronically G07C9/26 tak...

System and method for facilitating operator authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for facilitating operator authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links