User login delegation

US 20040015702A1
Filed: 04/04/2003
Published: 01/22/2004
Est. Priority Date: 03/01/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to electronic data, comprising:

receiving capture authentication code from a user desiring access to an account of a principal user;

determining if the capture authentication code received from the user matches within predetermined parameters a set of stored authentication code correlated to the principal user;

if there is such a match of the capture authentication code, permitting the user access to the account of the principal user; and

if the match is not established, determining if the capture authentication code received from the user matches within predetermined parameters a set of authentication code correlated to a delegate user privileged to access the account of the principal user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus 10, method and program product 42 logs a delegate user into an account of a principal user on behalf of the principal in response to authentication code, such as biometric data, correlated to the delegate user. Actions taken by the delegate while within the account of the principal may be recorded for evaluation and accountability considerations. Delegate user(s) privileged to access the account of the principal are added and deleted to a profile 44 as necessary to facilitate controlled sharing of resources.

Citations

38 Claims

1. A method of controlling access to electronic data, comprising:
- receiving capture authentication code from a user desiring access to an account of a principal user;
  
  determining if the capture authentication code received from the user matches within predetermined parameters a set of stored authentication code correlated to the principal user;
  
  if there is such a match of the capture authentication code, permitting the user access to the account of the principal user; and
  
  if the match is not established, determining if the capture authentication code received from the user matches within predetermined parameters a set of authentication code correlated to a delegate user privileged to access the account of the principal user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising denying the user access to the account of the principal user in response to the capture authentication code not matching within the predetermined parameters the set of authentication code correlated to the delegate user.
  - 3. The method of claim 1, further comprising granting the user access to at least a portion of the account of the principal user on behalf of the principal user in response to the capture authentication code matching within the predetermined parameters the set of authentication code correlated to the delegate user.
  - 4. The method of claim 3, wherein granting the user access to the account further includes granting the user restricted access to the account.
  - 5. The method of claim 3, further comprising storing information within a memory for later use, the information pertaining to an action made by the user while operating within the account of the principal user.
  - 6. The method of claim 5, wherein the action is selected from among a group consisting of at least one of:
    - logging in, logging out, locking a computer, unlocking the computer, launching protected application programs, viewing data and inputting data.
  - 7. The method of claim 1, wherein determining if the capture authentication code received from the user matches the set of authentication code correlated to the delegate user privileged to access the account of the principal user as the principal user further includes retrieving the set of authentication code from a remote network server.
  - 8. The method of claim 1, further comprising locally storing the set of authentication code correlated to the delegate for future use in response to the capture authentication code received from the user matching within predetermined parameters the set of authentication code correlated to the delegate user privileged to access the account of the principal user as the principal user.
  - 9. The method of claim 1, further comprising encrypting the set of authentication code correlated to the delegate.
  - 10. The method of claim 1, further comprising recalling a profile associated with the principal user.
  - 11. The method of claim 10, further comprising assigning identifying information associated with the user to the profile.
  - 12. The method of claim 10, further comprising deleting identifying information associated with the user from the profile.
  - 13. The method of claim 1, wherein receiving authentication code further includes selecting a biometric device used to enter the capture authentication code based upon selection criteria wherein the selection criteria relates to considerations selected from a group consisting of at least one of:
    - a user preference, a user privilege, a default machine setting, a default network setting, prior usage, an administrative command, system processing time, and device and system availability.
  - 14. The method of claim 1, wherein determining if the capture authentication code received from the user matches within predetermined parameters the set of authentication code correlated to the delegate user further includes retrieving a recently used set of authentication code.
  - 15. The method of claim 1, further comprising receiving a first user ID associated with a first user selected from a group consisting of at least one of:
    - the principal user and the delegate user.
  - 16. The method of claim 15, further comprising receiving a second user ID associated with a second user selected from a group consisting of at least one of:
    - the principal user and the delegate user.

17. A method of selecting a BIR capture device to receive capture BIR data from a user from among a plurality of BIR capture devices, comprising:
- programmatically determining a first BIR capture device of the plurality of BIR capture devices from a user setting established for the user, wherein the user setting indicates a partiality to at least the first BIR capture device;
  
  programmatically determining a second BIR capture device of the plurality of BIR capture devices from a machine setting particular to a computer, wherein the machine setting indicates a partiality to at least the second BIR capture device;
  
  programmatically determining a third BIR capture device of the plurality of BIR capture devices from a global setting designating a preference for at least the third BIR capture device; and
  
  if the first, second and third BIR capture devices correspond to at least one BIR capture device that conforms to the user, machine and global settings, receiving capture authentication code from the at least one BIR capture device.

18. A method of controlling access to electronic data, comprising:
- receiving capture authentication code from a user desiring access to an account of a principal user;
  
  determining if the capture authentication code received from the user matches a set of stored authentication code correlated to a group consisting of at least one of;
  
  a principal user and a delegate user;
  
  if there is such a match of the capture authentication code, permitting the user access to at least a portion of the account of the principal user on behalf of the principal user.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, further comprising denying the user access to the account of the principal user in response to the capture authentication code not matching within the predetermined parameters a set of stored authentication code correlated to a group consisting of at least one of:
    - the principal user and the delegate user.
  - 20. The method of claim 18, wherein permitting the user access to the account of the principal user as the principal user further includes recording an identifier communicative of an identity of the user.
  - 21. The method of claim 18, wherein permitting the user access to the account of the principal user as the principal user further includes storing information within a memory for later use, the information pertaining to an action made by the user while operating within the account of the principal user.
  - 22. The method of claim 18, wherein determining if the capture authentication code received from the user matches a set of stored authentication code correlated to a group consisting of at least one of:
    - a principal user and a delegate user, further includes retrieving a recently used set of authentication code.

23. An apparatus, comprising:
- a memory;
  
  a database resident within the memory, the database storing respective sets of authentication codes, a first set of authentication code correlated to a principal user and a set correlated to a delegate user having privileged access to an account of the principal user;
  
  program code configured to receive capture authentication code from a user desiring access to the account of the principal user and to determine if the capture authentication code received from the user matches within predetermined parameters the set of stored authentication code correlated to the principal user;
  
  if there is such a match of the capture authentication code, the program code further permitting the user access to the account of the principal user; and
  
  if the match is not established, the program code being configured to determine if the capture authentication code received from the user matches within predetermined parameters the set of authentication code correlated to the delegate user privileged to access the account of the principal user as the principal user.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38)
- - 24. The apparatus according to claim 23, wherein the program code initiates denying the user access to the account of the principal user in response to the capture authentication code not matching within the predetermined parameters the set of authentication code correlated to the delegate user.
  - 25. The apparatus according to claim 23, wherein the program code initiates granting the user access to the account of the principal user as the principal user in response to the capture authentication code matching within the predetermined parameters the set of authentication code correlated to the delegate user.
  - 26. The apparatus according to claim 25 wherein the program code initiates granting the user access to the account further includes granting the user restricted access to the account.
  - 27. The apparatus according to claim 25, wherein the program code initiates storing information within a memory for later use, the information pertaining to an action made by the user while operating within the account of the principal user.
  - 28. The apparatus according to claim 27, wherein the action is selected from among a group consisting of at least one of:
    - logging in, login out, locking a computer, unlocking the computer, launching protected application programs, viewing data and inputting data.
  - 29. The apparatus according to claim 23, wherein the program code initiates retrieving the set of authentication code correlated to the delegate user privileged to access the account of the principal user from a remote network server.
  - 30. The apparatus according to claim 23, wherein the program code initiates locally storing the set of authentication code correlated to the delegate for future use in response to the capture authentication code received from the user matching within predetermined parameters the set of authentication code correlated to the delegate user privileged to access the account of the principal user as the principal user.
  - 31. The apparatus according to claim 23, wherein the program code initiates encrypting the set of authentication code correlated to the delegate.
  - 32. The apparatus according to claim 23, wherein the program code initiates recalling a profile associated with the principal user.
  - 33. The apparatus according to claim 32, wherein the program code initiates assigning identifying information associated with the user to the profile.
  - 34. The apparatus according to claim 32, wherein the program code initiates deleting identifying information associated with the user from the profile.
  - 35. The apparatus according to claim 23, wherein the program code initiates selecting a biometric device used to enter the capture authentication code based upon selection criteria, wherein the selection criteria relates to considerations selected from a group consisting of at least one of:
    - a user preference, a user privilege, a default machine setting, a default network setting, prior usage, an administrative command, device and system availability and system processing time.
  - 36. The apparatus of claim 23, wherein the delegate user has independent access to a system supporting the account.
  - 38. The program product of claim 36, wherein the signal bearing medium includes at least one of a recordable medium and a transmission-type medium.

37. A program product, comprising:
- a program configured to receive capture authentication code from a user desiring access to the account of a principal user and to determine if the capture authentication code received from the user matches within predetermined parameters a set of stored authentication code correlated to the principal user;
  
  if there is such a match of the capture authentication code, the program code further permitting the user access to the account of the principal user; and
  
  if the match is not established, the program code being configured to determine if the capture authentication code received from the user matches within predetermined parameters a set of authentication code correlated to a delegate user privileged to access the account of the principal user as the principal user; and
  
  a signal bearing medium bearing the first program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Saflink Corporation (Imprivata Incorporated)
Original Assignee
Saflink Corporation (Imprivata Incorporated)
Inventors
Frey, Rod, Mercredi, Dwayne

Application Number

US10/398,356
Publication Number

US 20040015702A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

User login delegation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

User login delegation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links