Computer security system

US 20040006710A1
Filed: 04/25/2003
Published: 01/08/2004
Est. Priority Date: 04/25/2002
Status: Active Grant

First Claim

Patent Images

1. A method of providing access to an authenticated user and restricting access to an unauthorized user of a computer system, said method comprising the steps of:

determining whether a user is authenticated to access at least one resource included in the computer system;

establishing-a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource; and

changing the session identifier each time the user completes an interaction with the computer system during the session.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing access to an authenticated user, and restricting access to an unauthorized user, of a computer system, is provided. The method includes determining whether a user is authenticated to access at least one resource included in the computer system. The method also includes establishing a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource. The method also includes changing the session identifier each time the user completes an interaction with the computer system during the session.

159 Citations

21 Claims

1. A method of providing access to an authenticated user and restricting access to an unauthorized user of a computer system, said method comprising the steps of:
- determining whether a user is authenticated to access at least one resource included in the computer system;
  
  establishing-a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource; and
  
  changing the session identifier each time the user completes an interaction with the computer system during the session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 further comprising the steps of:
    - calculating the time elapsed after an interaction of the user with the computer system during the session; and
      
      terminating the session upon the calculated time exceeding a predetermined value.
  - 3. The method of claim 1 wherein said determining step includes determining if identification data provided by the user to the computer system correlates to data included in a data source within or associated with the computer system.
  - 4. The method of claim 1 further comprising the steps of:
    - assigning a user identifier to the user if the user is authenticated to access the at least one resource.
  - 5. The method of claim 4 wherein said assigning step includes randomly generating the user identifier.
  - 6. The method of claim 4 wherein said assigning step includes generating the user identifier according to a logarithmic code
  - 7. The method of claim 1 further comprising the step of:
    - sending the user a single use token useful for accessing the at least one resource if the user is authenticated to access the at least one resource.
  - 8. The method of claim 7 further comprising the steps of:
    - verifying that the single use token is associated with a presently valid session identifier; and
      
      providing the user with access to the at least one resource.
  - 9. The method of claim 8 comprising the step of:
    - removing the single use security token from a list of valid security tokens on the computer system after said verifying step.
  - 10. The method of claim 7 wherein said providing step includes sending connection information to the user in the form of a script.
  - 11. The method of claim 7 wherein said providing step includes sending the user a cookie containing a session identifier useful for accessing the at least one resource.
  - 12. The method of claim 1 wherein said establishing step includes randomly generating the session identifier.
  - 13. The method of claim 1 wherein said establishing step includes generating the session identifier according to a logarithmic code.
  - 14. The method of claim 1 wherein said determining step includes:
    - providing login information related to the user to a web browser;
      
      transmitting the login information from the web browser to the computer system; and
      
      determining whether the user is authenticated to access the at least one resource included in the computer system using the login information.
  - 15. The method of claim 1 wherein the interaction is selected from the group consisting of a mouse-click, a keystroke, a mouse movement, a joystick action, a video command, an audio command, a touch screen command, or a keypad command.

16. A computer system comprising;
- a microprocessor; and
  
  a computer readable medium including computer program instructions which cause the computer system to implement a method of providing access to an authenticated user and restricting access to an unauthorized user of a computer system, the method comprising the steps of;
  
  determining whether a user is authenticated to access at least one resource included in the computer system;
  
  establishing a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource; and
  
  changing the session identifier each time the user completes an interaction with the computer system during the session.
- View Dependent Claims (17, 18)
- - 17. The computer system of claim 16 wherein the method further comprises the steps of:
    - calculating the time elapsed after an interaction of the user with the computer system during the session; and
      
      terminating the session upon the calculated time exceeding a predetermined value.
  - 18. The computer system of claim 16 wherein the computer system is selected from the group consisting of a personal computer, a mainframe computer, a computer server system, a computer network, a PDA, and a microprocessor based appliance.

19. A computer readable carrier including computer program instructions which cause a computer to implement a method of providing access to an authenticated user and restricting access to an unauthorized user of a computer system, the method comprising the steps of:
- determining whether a user is authenticated to access at least one resource included in the computer system;
  
  establishing a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource; and
  
  changing the session identifier each time the user completes an interaction with the computer system during the session.
- View Dependent Claims (20, 21)
- - 20. The computer readable carrier of claim 19 wherein the method further comprises the steps of:
    - calculating the time elapsed after an interaction of the user with the computer system during the session; and
      
      terminating the session upon the calculated time exceeding a predetermined value.
  - 21. The computer readable carrier of claim 19 wherein the computer readable carrier is selected from the group consisting of a packaged silicon device, a solid state memory, an optical disc, a magnetic disc, a radio frequency carrier wave, and an audio frequency carrier wave.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Pollutro, Dennis Vance, Almquist, Andrew

Granted Patent

US 7,644,434 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/31   User authentication

H04L 63/067   using one-time keys cryptog...

H04L 63/0838   using one-time-passwords

Computer security system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Computer security system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links