System and method for authenticating users in a computer network

US 20050273866A1
Filed: 08/08/2005
Published: 12/08/2005
Est. Priority Date: 07/06/1998
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to a computer resource in a computer environment, comprising:

receiving a user identification of a user;

determining whether there exists associated with the user identification an authentication rule requiring biometric information; and

if not, then prompting the user to provide a password whereby to control access based thereon.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A rule based biometric user authentication method and system in a computer network environment is provided. Multiple authentication rules can exist in the computer network. For example, there may be a default system-wide rule, and a rule associated with a particular user trying to log in. There may be other rules such as one associated with a remote computer from which the user is logging in, one associated with a group to which the user belongs, or one associated with a system resource to which the user requires access such as an application program or a database of confidential information. An order of precedence among the rules is then established which is used to authenticate the user.

85 Citations

View as Search Results

36 Claims

1. A method of controlling access to a computer resource in a computer environment, comprising:
- receiving a user identification of a user;
  
  determining whether there exists associated with the user identification an authentication rule requiring biometric information; and
  
  if not, then prompting the user to provide a password whereby to control access based thereon.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising receiving the password.
  - 3. The method of claim 2, further comprising comparing the received password to a stored password associated with the user identification.
  - 4. The method of claim 3, further comprising granting access to the resource if the received password corresponds to the stored password.
  - 5. The method of claim 2, wherein receiving the password further comprises receiving a password typed in by the user.
  - 6. The method of claim 2, wherein receiving the password further comprises receiving a password electronically read by an electronic reader.
  - 7. The method of claim 1, further comprising if the authentication rule associated with the user identification and requiring the biometric information is determined to exist, instead of prompting the user to provide the password, controlling access to the resource based on the biometric information.

8. A method of controlling access to a computer resource in a computer environment, comprising:
- using a first order of precedence as between at least first and second authentication rules for a first set of conditions pertaining to a user desiring access the resource;
  
  using a second order of precedence as between at least the first and second authentication rules for a second set of conditions pertaining to the user desiring access the resource; and
  
  enabling the user to attempt access to the resource according to at least one of the first and second orders of precedence.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising identifying at least the first and second set of conditions.
  - 10. The method of claim 8, further comprising determining by which of the at least first and second authentication rules the user should be authenticated.
  - 11. The method of claim 8, further comprising setting at least the first order of precedence as between the first and second authentication rules.

12. A method of controlling access to a computer resource in a computer environment, comprising:
- using a first order of precedence as between a first plurality of authentication rules for a first set of conditions pertaining to a user desiring access the resource;
  
  using a second order of precedence as between a second plurality of authentication rules for a second set of conditions pertaining to the user desiring access to the resource; and
  
  enabling the user to attempt access to the resource according to at least one of the first and second orders of precedence.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein enabling the user to attempt access further comprises enabling the attempt wherein the first and second pluralities include different numbers of authentication rules.
  - 14. The method of claim 12, wherein enabling the user to attempt access further comprises enabling the attempt wherein the first and second pluralities include the same number of authentication rules.
  - 15. The method of claim 12, wherein enabling the user to attempt access further comprises enabling the attempt wherein the first and second pluralities include dissimilar authentication rules.

16. A method of controlling access to a computer resource in a computer environment, comprising:
- using at a first point in time a first order of precedence as between at least first and second authentication rules for a user attempting to access the resource; and
  
  using at a subsequent point in time a second order of precedence as between at least the first and second rules for the user attempting to access the resource.
- View Dependent Claims (17)
- - 17. The method of claim 16, wherein using the second order of precedence further includes using the second order of precedence at the subsequent point in time even if the attempt at the first point in time was successful.

18. A method of controlling access to a computer resource in a computer environment, comprising:
- using at a first point in time a first order of precedence as between a first plurality of authentication rules; and
  
  using at a subsequent point in time a second order of precedence as between a second plurality of authentication rules.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein using the second order of precedence further includes using the second order of precedence at the subsequent point in time even if the attempt at the first point in time was successful.
  - 20. The method of claim 18, wherein using the first and second orders of precedence further comprise using the first and second orders of precedence wherein the first and second pluralities include different numbers of authentication rules.
  - 21. The method of claim 18, wherein using the first and second orders of precedence further comprise using the first and second orders of precedence wherein the first and second pluralities include the same number of authentication rules.
  - 22. The method of claim 18, wherein using the first and second orders of precedence further comprise using the first and second orders of precedence wherein the first and second pluralities include dissimilar authentication rules.
  - 23. The method of claim 18, further comprising setting at least the first order of precedence as between the first plurality of authentication rules.

24. A method of controlling access to a computer resource in a computer environment, comprising:
- determining a time of day during which a user attempts to access the resource;
  
  associating the determined time of day with an authentication rule;
  
  allowing the user to attempt to authenticate according to the authentication rule; and
  
  if the authentication attempt is successful, granting access for the user to the resource.
- View Dependent Claims (25, 26, 27)
- - 25. The method of claim 24, further comprising associating the authentication rule with at least one of the user and equipment used by the user to attempt to access the resource.
  - 26. The method of claim 24, further comprising determining a security level associated with at least one of the user and equipment used by the user to attempt to access the resource.
  - 27. The method of claim 24, further comprising determining a false accept/reject level associated with at least one of the user and equipment used by the user to attempt to access the resource.

28. A method of controlling access to a computer resource in a computer environment, comprising:
- determining a security level associated with at least one of a user and equipment used by the user to attempt to access the resource;
  
  associating the determined security level with an authentication rule;
  
  allowing the user to attempt to authenticate according to the authentication rule; and
  
  if the authentication attempt is successful, granting access for the user to the resource.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, further comprising associating the authentication rule with at least one of the user and the equipment used by the user to attempt to access the resource.
  - 30. The method of claim 28, further comprising associating with at least one of the user and the equipment used by the user to attempt to access the resource a time of day during which the authentication attempt was attempted.
  - 31. The method of claim 28, further comprising associating a false accept/reject level with at least one of the user and the equipment used by the user to attempt to access the resource.

32. A method of controlling access to a computer resource in a computer environment, comprising:
- determining a false accept/reject level associated with at least one of a user and equipment used by the user to attempt to access the resource;
  
  associating the determined false accept/reject level with an authentication rule;
  
  allowing the user to attempt to authenticate according to the authentication rule; and
  
  if the authentication attempt is successful, granting access for the user to the resource.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32, further comprising associating the authentication rule with at least one of the user and the equipment used by the user to attempt to access the resource.
  - 34. The method of claim 32, further comprising associating with at least one of the user and the equipment used by the user to attempt to access the resource a time of day during which the authentication attempt was attempted.
  - 35. The method of claim 32, further comprising determining a security level associated with at least one of the user and the equipment used by the user to attempt to access the resource.
  - 36. The method of claim 32, wherein the equipment used by the user to attempt to access the resource comprises a biometric reader.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Saflink Corporation (Imprivata Incorporated)
Inventors
Nelson, Dan, Jensen, Gregory C., Brown, Timothy J., Rivers, Rodney

Granted Patent

US 8,171,288 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3821   Electronic credentials

H04L 63/0861   using biometrical features,...

System and method for authenticating users in a computer network

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

System and method for authenticating users in a computer network

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others