Zero administrative interventions accounts

US 20040064708A1
Filed: 09/30/2002
Published: 04/01/2004
Est. Priority Date: 09/30/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing a user account on a computer, comprising:

(a) inserting a token into the computer, said token comprising user account information and security data which permits the user account information to be verified;

(b) verifying a user of said token;

(c) verifying said security data on said token; and

(d) creating said user account if said security data is successfully verified.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security token is used to dynamically create a user account on a host computer system. The token preferably is programmed with a user'"'"'s credentials which includes information regarding the user account and security data. Once programmed, the token then can be inserted into a host computer. The user verifies himself or herself to the host computer/token and the token verifies itself to the host computer. Once verified, the user'"'"'s credentials stored on the token are accessed to dynamically create the user account on the host system. The token may comprise a smart card, USB-compatible memory device, and the like. Storage media, such as floppy disks, also can be used if fewer security features are acceptable.

Citations

43 Claims

1. A method of managing a user account on a computer, comprising:
- (a) inserting a token into the computer, said token comprising user account information and security data which permits the user account information to be verified;
  
  (b) verifying a user of said token;
  
  (c) verifying said security data on said token; and
  
  (d) creating said user account if said security data is successfully verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein (b) includes providing a user verification value and verifying said user verification value.
  - 3. The method of claim 2 wherein said user verification value comprises a password and a copy of said password is stored on said token.
  - 4. The method of claim 2 wherein said user verification value comprises a biometric value, a biometric template is stored on said token and verifying said user verification value comprises verifying the biometric value obtained from the user against the biometric template stored on the token.
  - 5. The method of claim 4 wherein said biometric value comprises a fingerprint image.
  - 6. The method of claim 4 wherein said biometric value comprises a retinal scan.
  - 7. The method of claim 1 wherein said security data comprises a hash of said account information.
  - 8. The method of claim 1 wherein said security data comprises an encrypted hash of said account information.
  - 9. The method of claim 8 wherein said encrypted hash was encrypted using a private key.
  - 10. The method of claim 8 wherein (c) includes retrieving said signed hash and said account information from said token, computing a hash of said account information obtained from said token, decrypting said signed hash to produce a decrypted hash, and comparing the decrypted hash to the hash retrieved from the token.
  - 11. The method of claim 10 wherein (c) further includes determining the security data to be verified if said decrypted hash and retrieved hash match.
  - 12. The method of claim 1 wherein the token also includes a validity time period value and the method further includes determining whether the validity time period has expired.
  - 13. The method of claim 12 wherein (d) includes creating said user account if said security data is successfully verified and said validity time period has not expired.
  - 14. The method of claim 1 further including deleting said user account when said user logs off said computer.

15. A method of creating a token usable to dynamically create a user account on a computer, comprising:
- (a) inserting the token into a token programmer coupled to a configuration system;
  
  (b) generating a private key;
  
  (c) generating user credentials containing user account information and a security value, said user credentials usable to create a user account on said computer upon insertion of said token into said computer; and
  
  (d) writing said user credentials to said token.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15 further including generating a private key and public key pair and signing said account information with said private key.
  - 17. The method of claim 16 wherein said security value comprises a signed hash of said account information.
  - 18. The method of claim 15 further including generating user preferences and writing said user preferences to said token.
  - 19. The method of claim 15 further including recharging said token before the expiration of recharging period of time, said recharging including inserting said token into said configuration system and updating a value stored on said token.

20. A token, comprising:
- memory;
  
  an interface coupled to said memory and usable to couple said token to a computer;
  
  wherein said memory contains user account information which permits a user account to be created on a computer and security data which permits the user account information to be verified.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The token of claim 20 wherein said memory also includes user preferences.
  - 22. The token of claim 20 wherein said security data comprises a hash of said account information.
  - 23. The token of claim 20 wherein said security data comprises an encrypted hash of said account information.
  - 24. The token of claim 23 wherein said encrypted hash was encrypted using a private key.

25. A token configuration system, comprising:
- a CPU; and
  
  a token programmer coupled to said CPU and configured to receive a token;
  
  wherein said CPU writes user account information and security data to said token, said user account information usable to permit a user account to be created using the token and said security data usable to permit the user account information to be verified.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The token configuration system of claim 25 wherein said account information includes a validity time period value indicative of a time period during which said token is viable to create the user account.
  - 27. The token configuration system of claim 26 wherein said CPU alters said validity time period when said token is inserted into the programmer after the user account and security data have been written to the token.
  - 28. The token configuration system of claim 25 wherein said CPU generates said security value to include a hash of said account information.
  - 29. The token configuration system of claim 25 wherein said CPU generates said security value to include a signed hash of said account information.
  - 30. The token configuration system of claim 25 wherein said CPU writes user preferences to said token.
  - 31. The token configuration system of claim 25 wherein said token programmer comprises a USB.

32. A computer system comprising:
- a CPU; and
  
  a token reader coupled to said CPU and configured to receive a token;
  
  whereby said token includes user account information which is read by said CPU and used to create a user account.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 33. The computer system of claim 32 wherein said token also includes a security value and said CPU verifies said token using said security value.
  - 34. The computer system of claim 32 further including an input device coupled to said CPU via which a user enters a verification value which said CPU verifies.
  - 35. The computer system of claim 34 wherein said input device comprises a keyboard and the verification value includes a password.
  - 36. The computer system of claim 34 wherein the input device includes a biometric sensor and the verification value includes a biometrics value.
  - 37. The computer system of claim 36 wherein the biometrics sensor comprises a fingerprint scanner.
  - 38. The computer system of claim 36 wherein the biometric sensor comprises a retinal scanner.
  - 39. The computer system of claim 32 wherein the token includes a validity time period value and said CPU retrieves said validity time period value and determines whether said time period has expired, and if said time period has expired, said CPU prevents the user account from being created.
  - 40. The computer system of claim 39 wherein said CPU creates said account if said time period has not expired.
  - 41. The computer system of claim 32 further including memory coupled to said CPU and wherein said token includes an executable application which said CPU copies to said memory and executes.
  - 42. The computer system of claim 33 further including memory coupled to said CPU and wherein said token includes an executable application which said CPU copies to said memory and executes if said CPU successfully verifies said security value.
  - 43. The computer system of claim 32 wherein said token reader includes a USB bus to which said token can be coupled.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Information Technologies Group LP (HP Inc.)
Inventors
Carchide, John A., Novoa, Manuel, Angelo, Michael F.

Application Number

US10/260,892
Publication Number

US 20040064708A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/45 Structures or tools for the...

Zero administrative interventions accounts

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Zero administrative interventions accounts

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links