Security system and method

US 20050216747A1
Filed: 06/04/2004
Published: 09/29/2005
Est. Priority Date: 03/26/2004
Status: Active Grant

First Claim

Patent Images

1. A system for providing secure access to a computing resource comprising:

a computing device accessible to a user after a local authentication of said user; and

, an authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system and method is provided. In an embodiment, a personal integrated circuit (“PIC”), is provided that can be presented to a laptop computer. The PIC includes a digital certificate personal to an authorized user and is operable to automatically install the certificate on the laptop computer once presented into the computer and once the user enters a valid password respective to the PIC. At this point, the laptop presents the certificate to a server via a network, and the certificate is checked for validity. If valid, the user is then permitted to log into the server. Having logged into the server, the user can remain logged in even as the PIC is removed and presented to different computing devices that are also able to connect to the server via the network. Typically, the user is only able to access the server through the computing device to which the PIC is attached. The user is automatically logged out of the server after a predefined period of inactivity or according to such other criteria as may be desired.

Citations

32 Claims

1. A system for providing secure access to a computing resource comprising:
- a computing device accessible to a user after a local authentication of said user; and
  
  , an authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
  - 3. The system of claim 1 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
  - 4. The system of claim 1 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device and via a second connection that is carried through said computing device.
  - 5. The system of claim 1 wherein said server and said device are further operable to encrypt communications over said connection while access is provided to said resource.
  - 6. The system of claim 5 wherein said encrypted communications between said server and said device are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
  - 7. The system of claim 6 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device, and wherein said asymmetric key pair is used to encrypt communications between said server and said second computing device.
  - 8. The system of claim 1 wherein said resource is a virtual private network that connects to said server.
  - 9. The system of claim 1 wherein said server terminates said remote authentication if said user fails to re-establish local authentication within a predefined period of time.
  - 10. The system of claim 1 wherein said remote authentication includes receipt and validation of a digital certificate respective to said user that is loadable onto said computing device.
  - 11. The system of claim 1 wherein said remote authentication includes receipt of a userid and password respective to said user that is received by said computing device and transmitted to said server.

12. An authentication server for connection with a computing device that is accessible to a user after a local authentication of said user, said authentication server connectable to said computing device via a connection after said local authentication and operable to provide access to said computing resource after a remote authentication of said user, said server further operable to maintain said remote authentication after said user has terminated said local authentication such that after said user re-establishes local authentication said server provides access to said resource.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The server of claim 12 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
  - 14. The server of claim 12 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
  - 15. The server of claim 12 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device and via a second connection that is carried through said computing device.
  - 16. The server of claim 12 wherein said server and said device are further operable to encrypt communications over said connection while access is provided to said resource.
  - 17. The server of claim 16 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
  - 18. The server of claim 17 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device, and wherein said asymmetric key pair is used to encrypt communications between said server and said second computing device.
  - 19. The server of claim 12 wherein said resource is a virtual private network that connects to said server.
  - 20. The server of claim 12 wherein said server terminates said remote authentication if said user fails to re-establish local authentication within a predefined period of time.
  - 21. The server of claim 12 wherein said remote authentication includes receipt and validation of a digital certificate respective to said user that is loadable onto said computing device.
  - 22. The server of claim 12 wherein said remote authentication includes receipt of a userid and password respective to said user that is received by said computing device and transmitted to said server.

23. A method of providing secure access to a computing resource comprising the steps of:
- performing a local authentication of a user at a computing device;
  
  performing a remote authentication at an authentication server connectable to said computing device via a connection after said local authentication;
  
  providing access to said computing resource via said authentication server after said remote authentication; and
  
  , maintaining said remote authentication after said user has terminated said local authentication.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The method of claim 23 comprising the additional step of re-establishing said access when said user re-establishes said local authentication.
  - 25. The method of claim 23 comprising the additional step of terminating said remote authentication if said user fails to re-establish said local authentication within a predefined period of time.
  - 26. The method of claim 23 wherein said user re-establishes said local authentication via a second connection that is different from said connection.
  - 27. The method of claim 23 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device.
  - 28. The method of claim 23 wherein said server and said device are operable to encrypt communications over said connection while access is provided to said resource.
  - 29. The method of claim 28 wherein said encrypted communications are conducted via an asymmetric key pair that is generated by said server and which remain valid for the duration that said server maintains said remote authentication.
  - 30. The method of claim 29 wherein said user re-establishes said local authentication using a second computing device that is different from said computing device, and wherein said asymmetric key pair is used to encrypt communications between said server and said second computing device.
  - 31. The method of claim 23 wherein said resource is a virtual private network that connects to said server.

32. A method of providing secure access to a computing resource comprising:
- sending a digital certificate from a computing device to a server;
  
  receiving a remote user authentication at said server from said computing device and determining if said remote user authentication is valid;
  
  terminating said method if said user authentication is not valid;
  
  generating security keys at said server and delivering a requisite portion of those keys to said computing device;
  
  conducting communications between said server and said computing device using said security keys; and
  
  , maintaining said remote user authentication when said computing device disconnects from said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
Lou, Dafu, O'Brien, William G., Yeap, Tet Hin, Xiaoli, Ren

Granted Patent

US 7,861,081 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

Security system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Security system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links