Flexible method of user authentication

US 20040215980A1
Filed: 05/19/2004
Published: 10/28/2004
Est. Priority Date: 07/25/2000
Status: Active Grant

First Claim

Patent Images

1. A method of authorizing a user in communication with a workstation that is in communication with a server comprising:

providing data relating to said workstation to said server;

determining at said server based upon said data relating to said workstation and on previously stored policy data at least an authorization method for authorizing said user;

receiving by said workstation of user data from said user; and

, registering said user data against previously stored user data in accordance with said determined at least an authorization method to perform at least one of identifying and authorizing said user in dependence upon said data relating to the workstation.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.

79 Citations

View as Search Results

24 Claims

1. A method of authorizing a user in communication with a workstation that is in communication with a server comprising:
- providing data relating to said workstation to said server;
  
  determining at said server based upon said data relating to said workstation and on previously stored policy data at least an authorization method for authorizing said user;
  
  receiving by said workstation of user data from said user; and
  
  , registering said user data against previously stored user data in accordance with said determined at least an authorization method to perform at least one of identifying and authorizing said user in dependence upon said data relating to the workstation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20, 23, 24)
- - 2. A method according to claim 1 comprising:
    - determining a security policy from a plurality of predetermined security policies based on said previously stored policy data and said data relating to the workstation; and
      
      , performing the step of determining of said at least an authorization method according to said determined security policy.
  - 3. A method according to claim 2 wherein said authorization method comprises prompting said user to provide said user data at random time intervals.
  - 4. A method according to claim 1 wherein a different at least an authorization method for authorizing said user is determined based upon different data relating to said workstation.
  - 5. A method according to claim 1 wherein said data relating to the workstation comprises geographic data that is dependent upon a geographical location of said workstation.
  - 6. A method according to claim 5 comprising determining a geographical location of said workstation.
  - 7. A method according to claim 1 wherein said data relating to the workstation comprises network data relating to a communication link between said workstation and said server.
  - 8. A method according to claim 7 wherein said data relating to the workstation comprises network infrastructure data relating to a communication infrastructure formed between said workstation and said server.
  - 9. A method according to claim 1 wherein said user data is biometric data.
  - 10. A method according to claim 1 comprising accessing secured data in accordance with said determined at least an authorization method, wherein said determined at least an authorization method is different when said at least an authorization method is determined based on different workstation data.
  - 20. A method according to claim 1 comprising accessing secured data in accordance with said determined at least an authorization method, wherein said determined at least an authorization method is different when said at least an authorization method is determined based on different first data.
  - 23. A computer program product embodied in a tangible form programmatic information executable by at least one processor adapted to perform the method according to claim 1 or 11.
  - 24. A computer program product according to claim 23 wherein said programmatic information includes at least one of compiled object code, compilable source code, compilable byte code, interpretable source code or interpretable byte code.

11. A method of authorizing a user for providing secure access to a data with a predetermined level of security:
- providing a workstation in communication with a server;
  
  providing first data from said workstation to said server, the first data relating to said workstation, said first data being different for a same workstation under different security affecting operating conditions;
  
  determining based on said first data and a security policy, at least an authorization method for use by a user of the workstation, said at least an authorization method for providing at least the predetermined level of security in light of said first data and selected from a plurality of authorization methods; and
  
  authorizing said user of said workstation in accordance with said at least an authorization method for providing access to second data from said server, the provided access having at least said predetermined level of security.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. A method according to claim 11 comprising:
    - determining said security policy from a plurality of predetermined security policies based on the previously stored policy data and said first data relating to the workstation; and
      
      , performing the step of determining of said at least an authorization method according to the determined security policy.
  - 13. A method according to claim 12 wherein said at least an authorization method comprises prompting the user to provide said user data at random time intervals.
  - 14. A method according to claim 11 wherein a different at least an authorization method for authorizing said user is determined based upon different first data relating to said workstation.
  - 15. A method according to claim 11 wherein said data relating to the workstation comprises geographic data that is dependent upon a geographical location of said workstation.
  - 16. A method according to claim 15 comprising determining a geographical location of said workstation.
  - 17. A method according to claim 11 wherein said first data relating to said workstation comprises network data relating to a communication link between said workstation and said server.
  - 18. A method according to claim 17 wherein said first data relating to said workstation comprises network infrastructure data relating to a communication infrastructure formed between said workstation and said server.
  - 19. A method according to claim 11 wherein said user data is biometric data.

21. A system for authorizing a user for providing secure access to a data with a predetermined level of security comprising:
- a workstation in communication with a server;
  
  means for providing first data from said workstation to said server, said first data relating to said workstation, said first data being different for a same workstation under different security affecting operating conditions;
  
  means for determining based on said first data and a security policy, an authorization method for use by a user of said workstation, said authorization method for providing at least a predetermined level of security in light of said first data and selected from a plurality of authorization methods; and
  
  means for authorizing a user of said workstation in accordance with said authorization method for providing access to second data from said server, said provided access having at least said predetermined level of security.
- View Dependent Claims (22)
- - 22. A system according to claim 21 wherein said user data is biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HID Global Corporation (Assa Abloy AB)
Original Assignee
Actividentity Corporation (Assa Abloy AB)
Inventors
Hamid, Laurence

Granted Patent

US 9,098,685 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/31 User authentication

G06F 21/6218 to a system of files or obj...

Flexible method of user authentication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible method of user authentication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links