Apparatus and method for authenticating access to a network resource using multiple shared devices

US 20060075230A1
Filed: 10/05/2004
Published: 04/06/2006
Est. Priority Date: 10/05/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing secure access to network resources for a plurality of users, wherein each user utilizes any single device of a device fleet, comprising the steps of:

selecting a device from said fleet of devices accessible to a user;

imputing said user information into said selected device;

transmitting said user information to a credentials database server;

returning an encrypted user specific credentials database to said selected device;

returning to said credential database server an encrypted database key or an acknowledgement;

deciphering said user specific credentials database using said encrypted database key;

accessing with said selected device multiple network resources; and

finalizing use of said selected device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Means that allow multiple users to be authorized to authenticate through a single given mobile device are described. These means apply as well for the case that the number of users is so large the device does not store all of their authentication information in memory simultaneously. These means allow the authentication information to be securely transferred from a server to the device at the time that the user attempts to authenticate. The device utilizes means and methods that allow this information to be cached to speed up communication during periods when only a few users use the single device.

94 Citations

View as Search Results

50 Claims

1. A method for providing secure access to network resources for a plurality of users, wherein each user utilizes any single device of a device fleet, comprising the steps of:
- selecting a device from said fleet of devices accessible to a user;
  
  imputing said user information into said selected device;
  
  transmitting said user information to a credentials database server;
  
  returning an encrypted user specific credentials database to said selected device;
  
  returning to said credential database server an encrypted database key or an acknowledgement;
  
  deciphering said user specific credentials database using said encrypted database key;
  
  accessing with said selected device multiple network resources; and
  
  finalizing use of said selected device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, for providing secure access to network resources for a plurality of users, wherein each user utilizes any single device of a device fleet, wherein the step of accessing with said selected device multiple network resources comprises:
    - providing said selected device with one of plurality of possible user specific factors;
      
      determining if the user provided factors match a plurality of preauthorized factors for an authorized user;
      
      retrieving from said selected device memory a randomly generated password for the network resource; and
      
      transmitting the randomly generated password to the network resource to gain access thereto.
  - 3. The method of claim 2, wherein the single device includes an accounts database for storing information required to gain access to the network resource, further comprising adding a network resource to the accounts database.
  - 4. The method of claim 3, further comprising:
    - accessing the network resource;
      
      receiving from the network resource a template for providing network resource access parameters required to gain access to the network resource;
      
      providing at least one dummy network resource access parameter and any additional required network resource access parameters to the network resource;
      
      storing the network resource template; and
      
      changing the at least one dummy network resource access parameter when the network resource is next accessed.
  - 5. The method of claim 4, further comprising changing the randomly generated password for the network resource on a predetermined schedule.
  - 6. The method of claim 2, wherein the step of transmitting the randomly generated password to the network resource to gain access thereto further comprises transmitting the randomly generated password in encrypted form.
  - 7. The method of claim 1, for providing secure access to network resources for a plurality of users, wherein each user utilizes any single device of a device fleet, wherein the step of accessing with said selected device multiple network resources comprises:
    - providing said selected device with one of plurality of possible user specific factors;
      
      determining if the user password and the user biometrics match the password and the biometrics of an authorized user;
      
      using the device dependent key, decrypting the certain operational code or data stored in encrypted form;
      
      retrieving from the device memory the randomly generated password for the network resource; and
      
      transmitting the randomly generated password to the network resource to gain access thereto;
      
      wherein certain operational code or data of the device is stored in encrypted form, and wherein the device includes a device dependent key.
  - 22. The device of claim 7, wherein said access information for each network resource includes the network resource address, the network resource user identification, and the network resource password.
  - 23. The device of claim 22, wherein the network resource password is generated using random numbers.
  - 24. The device of claim 23, further comprising an entropy pool including a plurality of random numbers for use in generating the network resource password.
  - 25. The device of claim 22, wherein the network resource password is modified on a predetermined schedule.
  - 26. The device of claim 22, wherein the network resource password is modified each time access is gained to the network resource.

8. A device for providing a user with secure access to a network resource, comprising:
- a first module for authenticating a user to said device;
  
  a second module responsive to said first module for providing the user with access to the network resource using a network resource password unknown to the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 9. The device of claim 8, wherein said first module uses to authenticate the user to said device one of a user password entered by the user, a plurality of user biometrics, and possession of said device.
  - 10. The device of claim 8, further comprising an accounts database for storing information about network resource accessible to an authenticated user.
  - 11. The device of claim 8, wherein said first module is responsive to a user password and a duress password for authenticating the user to said device.
  - 12. The device of claim 11, further comprising:
    - a duress database; and
      
      an accounts database;
      
      wherein an entry of a correct duress password to authenticate to said device allows said user access only to network resources set forth in said duress database, and wherein entry of a correct user password to authenticate to said device permits access only to network resources set forth in said accounts database.
  - 13. The device of claim 12, wherein said network resources set forth in said duress database are those network resources not containing sensitive information, and wherein said network resources set forth in the accounts database are those to which said user would like to deny access by unauthorized users.
  - 14. The device of claim 9, wherein said device further comprises a biometrics database for storing a plurality of biometrics of authorized device users.
  - 15. The device of claim 14, wherein said first module is responsive to said plurality of user biometrics for authenticating the user to said device, and wherein said plurality of biometrics are compared with biometrics stored in said biometrics database, the user being authenticated to the device if a match is found.
  - 16. The device of claim 14, wherein said plurality of user biometrics comprises a fingerprint, a retina scan, a written word, a plurality of written words, and a signature.
  - 17. The device of claim 9, wherein said first module is responsive to the concomitant entry of one of said plurality of biometrics and a user password.
  - 18. The device of claim 17, wherein said device further comprises an entry pad onto which the user inscribes said user password, and wherein said plurality of user biometrics comprises the characteristics to map said inscribed user password.
  - 19. The device of claim 9, wherein said device further comprises a user password database for storing user passwords of authorized users.
  - 20. The device of claim 19, wherein said first module is responsive to a user entered password, and wherein the entered user password is compared with user passwords stored in the user password database for determining whether the user is an authorized user.
  - 21. The device of claim 8, further comprising:
    - an accounts database for storing network resources information, wherein an authenticated user has access to network resources stored in said accounts database, and wherein the second module is responsive to said accounts database for use in accessing the network resource.
  - 27. The device of claim 8, further comprising:
    - a communications module for transferring data in encrypted form over a communications link between the device and the network resource.
  - 28. The device of claim 27, wherein the communications link is one of a radio frequency link, an optical link, and an infrared link.
  - 29. The device of claim 27, wherein the communications link comprises the Internet.
  - 30. The device of claim 8, wherein a computer is interposed between the device and the network resource;
    - wherein information transferred between the device and the network resource is displayed on the computer, and wherein certain other information transferred between the device and the network resource is in encrypted form and is not displayed on the computer.
  - 31. The device of claim 8, further comprising a magnetic code writing module, that is operative to write information to a magnetic strip is a user is authenticated to the device.
  - 32. The device of claim 31, wherein the information written to the magnetic strip includes credit card information;
    - wherein the magnetic strip is affixed to a plastic substrate, and wherein a credit card is formed if the account information is written to the magnetic strip.
  - 33. The device of claim 8, wherein the device size permits hand-held operation of the device.
  - 34. The device of claim 8, wherein the second module logs the device onto the network resource by contacting the network resource and providing the required log-on information without intervention by the user.
  - 35. The device of claim 34, wherein the log-on information includes the network resource password, and wherein the network resource password is created by a random process without intervention by the user.
  - 36. The device of claim 8, further comprising a plurality of input modules such as a microphone, a touch-sensitive display screen, a keyboard, and a camera.
  - 37. The device of claim 8, further comprising a plurality of output modules such as speaker, a display, and a printer.
  - 38. The device of claim 8, wherein a plurality of users are authorized to use a specific device, and wherein the device further comprises:
    - an accounts database designating the accounts to which each user has access;
      
      a user password database including the user password for each authorized user, and a biometrics database including the biometrics for each authorized user; and
      
      wherein said first module is responsive to the user-entered user password and biometrics for comparing the contents of said user password database, and said biometrics database for determining if the user is an authorized user, and in response thereto, authenticating the user to the device, thereby permitting the user to access the designated accounts in the accounts database.
  - 39. The device of claim 8, further comprising a preferences database for storing device operational parameters for the authorized user.
  - 40. The device of claim 39, wherein the device operational parameters include the conditions for changing the network resource password.
  - 41. The device of claim 39, wherein after the user is authenticated to the device, the user can change the preferences stored in the preferences database.
  - 42. The device of claim 8, further comprising a device dependent key, wherein the contents of said first and second module are stored in encrypted form, and wherein said device dependent key is required to decrypt the contents of said first and the second modules.
  - 43. The device of claim 42, wherein the contents of said first and second module are backed up in encrypted form from the device to a storage module, wherein said device dependent key is not backed up to said storage module, such that the contents of the first and the second module as stored in said storage module cannot be decrypted.
  - 44. The device of claim 8, further comprising hardware and software elements for performing functions unrelated to accessing a network resource.
  - 45. The device of claim 8, further comprising a document storage module for storing documents intended for execution by the user, wherein upon authentication to the device, the user retrieves a document from said document storage module and electronically executes the document.
  - 46. The device of claim 8, wherein a document is downloaded from the network resource to the device after the user is authenticated, and wherein the user electronically executes the document and returns the document to the network resource.
  - 47. The device of claim 8, wherein the network resource is an appliance, and wherein after the user is authenticated to the device, the device, under user control, communicates with the appliance.
  - 48. The device of claim 47, wherein the device communicates with the appliance by sending a signal for controlling the appliance.
  - 49. The device of claim 47, wherein after the user is authenticated to the device, the device is operative to send a signal to a computer, and wherein in response to said signal, the computer controls the appliance.

50. An article of manufacture comprising:
- a computer program product comprising a computer-usable medium having a computer-readable code therein for authenticating a user to a device for contacting a network resource, the computer-readable code in the article of manufacture comprising;
  
  a computer-readable program code module for receiving a user password;
  
  a computer-readable program code module for receiving biometrics;
  
  a computer-readable program code module for determining if the user password and the user biometrics match the password and the biometrics of an authorized user;
  
  a computer-readable program code module for retrieving a randomly generated password for the network resource; and
  
  a computer-readable program code module for transmitting the randomly generated password to the network resource to gain access thereto.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Original Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Inventors
Harmon, Mance Edward, Baird, Leemon Claude III

Application Number

US10/958,610
Publication Number

US 20060075230A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/04 for providing a confidentia...

H04L 63/083 using passwords cryptograph...

Apparatus and method for authenticating access to a network resource using multiple shared devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for authenticating access to a network resource using multiple shared devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links