Two factor token identification

US 20060136741A1
Filed: 12/16/2004
Published: 06/22/2006
Est. Priority Date: 12/16/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling user access with tokens, the method comprising:

detecting a plurality of tokens associated with a plurality of users, including a token associated with the user desiring access;

causing the user to provide a capture biometric record without having to designate a user ID; and

evaluating the capture biometric record with a stored biometric record to determine whether the user is to be given access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method and program product allow two factor token authentication in the presence of multiple tokens. When multiple tokens are detected, a user desiring access needs merely to provide a unique biometric identifier, referred to as a capture BIR, and that capture BIR is evaluated against a stored BIR associated with at least one of the tokens to determine if access is to be granted. If there is a match, that user is given access. If not, the capture BIR is evaluated against the stored BIR associated with another of the detected tokens. The process may repeat until either a match is found and the user is granted access, or none is found and access is denied. The foregoing occurs without the user having to input any user ID or the like and without the inconvenience or risk of error associated with selecting a user ID from a list of potential user ID'"'"'s.

Citations

39 Claims

1. A method of controlling user access with tokens, the method comprising:
- detecting a plurality of tokens associated with a plurality of users, including a token associated with the user desiring access;
  
  causing the user to provide a capture biometric record without having to designate a user ID; and
  
  evaluating the capture biometric record with a stored biometric record to determine whether the user is to be given access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising creating a list associated with the plurality of tokens.
  - 3. The method of claim 2, wherein evaluating the capture biometric record with a stored biometric record further comprises comparing the capture biometric record with at least one of a plurality of stored biometric records associated with the list.
  - 4. The method of claim 2, further comprising determining a proximity of the token relative to a detector.
  - 5. The method of claim 4, further comprising ordering the list according to the proximity.
  - 6. The method of claim 5, wherein the closest user is first on the list.
  - 7. The method of claim 2, further comprising ordering the list according to a frequency at which an access control device was accessed by the user associated with the token.
  - 8. The method of claim 7, further comprising ordering the list according to recent activity involving the token.
  - 9. The method of claim 1, further comprising determining from the token an identifier associated with the user.
  - 10. The method of claim 9, further comprising determining a policy associated with at least one of the token and the user.
  - 11. The method of claim 10, further comprising associating the policy with a biometric authentication practice.
  - 12. The method of claim 10, further comprising determining the policy from a group consisting of at least one of a user policy, a program policy and a system wide policy.
  - 13. The method of claim 10, wherein causing the user to provide the biometric record further comprises causing the user to provide the capture biometric record according to the policy.
  - 14. The method of claim 1, further comprising prior to causing the user to provide the capture biometric record, determining at a time subsequent to the first detection of the token if the token is within a predetermined proximity.
  - 15. The method of the claim 14, further comprising if the token is not within the predetermined proximity, causing a second user to provide a second biometric record.
  - 16. The method of claim 14, further comprising determining if the token is continuously within the predetermined proximity for a period spanning a time when the token was detected to the time subsequent to the first detection of the token.
  - 17. The method of claim 1, further comprising retrieving the stored biometric record from memory of an access control device.
  - 18. The method of claim 1, further comprising displaying a plurality of user ID'"'"'s respectively associated with the plurality of tokens and allowing the user to select the user ID associated with the user.
  - 19. The method of claim 1, further comprising in response the evaluation of the capture biometric record and the stored biometric record determining that the user is not to be given access, evaluating the capture biometric record with a second stored biometric record associated with a second user associated with a second token of the plurality of tokens.
  - 20. The method of claim 19, wherein the second token of the second user is next on an ordered list generated in response to detecting the plurality of tokens.
  - 21. The method of claim 1, further comprising granting the user access in response to determining a match between the capture biometric record and the stored biometric record.

22. An access control device, comprising:
- a detector configured to detect a plurality of tokens associated a plurality of users, including a token associated with a privileged user;
  
  a memory storing a plurality of stored biometric records respectively correlated to the plurality of users; and
  
  a program resident in the memory, the program configured to cause the privileged user to provide a capture biometric record and not a user ID, wherein the program is configured to evaluate the capture biometric record with one of the plurality of stored biometric records to determine whether the privileged user is to be given access by the access control device.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 23. The apparatus of claim 22, wherein the memory further includes a list associated with the plurality of tokens.
  - 24. The apparatus of claim 23, wherein the program is configured to compare the capture biometric record with at least one of a plurality of stored biometric records associated with the list.
  - 25. The apparatus of claim 23, wherein the list is ordered according to a proximity of each token relative to the access control device.
  - 26. The apparatus of claim 25, wherein the closest user relative to the detector is first on the list.
  - 27. The apparatus of claim 23, wherein the list is ordered according to a frequency at which the access control device was accessed by the privileged user.
  - 28. The apparatus of claim 22, wherein the program is further configured to determine at least one of a policy and a user ID associated with token.
  - 29. The apparatus of claim 28, wherein the policy is associated with a biometric accessing technique.
  - 30. The apparatus of claim 28, wherein the policy is determined from a group consisting of at least one of a user policy, a program policy and a system wide policy.
  - 31. The apparatus of claim 28, wherein the program causes the user to provide the capture biometric record according to the policy.
  - 32. The apparatus of claim 22, wherein prior to causing the user to provide the capture biometric record, the program determines at a time subsequent to the first detection of the token if the token is within a predetermined proximity.
  - 33. The apparatus of the claim 32, wherein if the token is not within the predetermined proximity, the program causes a second user to provide a second biometric record.
  - 34. The apparatus of claim 32, wherein token is continuously within the predetermined proximity for a period spanning a time when the token was detected to the time subsequent to the first detection of the token.
  - 35. The apparatus of claim 22, wherein the stored biometric record is retrieved from memory of at least one of the access control device and a remote access control device.
  - 36. The apparatus of claim 22, wherein in response to the evaluation of the capture biometric record and the stored biometric record determining that the user is not to be given access to the access control device, the program is configured to evaluate the capture biometric record with a second stored biometric record associated with a second user associated with a second token of the plurality of tokens.
  - 37. The apparatus of claim 22, wherein the privileged user is granted access to the access control device in response to a determination of a match between the capture biometric record and the stored biometric record.

38. An apparatus comprising:
- a plurality of tokens respectively associated with a plurality of users, including a token associated with a privileged user;
  
  a memory storing a stored biometric record correlated with the privileged user; and
  
  a processor configured to receive a signal indicative of the presence of the plurality of tokens, including the token associated with the privileged user, the processor further configured to execute a program configured to cause the privileged user to provide a capture biometric record, and in the absence of an ID provided by the privileged user, to evaluate the capture biometric record with a stored biometric record to determine whether the privileged user is to be given access by an access control device.

39. A program product, comprising:
- program code configured to receive a signal indicative of the presence of a plurality of tokens associated with a plurality of users, including a token associated with a privileged user, wherein the program is further configured to cause the privileged user to provide a capture biometric record, and in the absence of a user ID provided by the privileged user, to evaluate the capture biometric record with a stored biometric record to determine whether the privileged user is to be given access by an access control device; and
  
  a signal bearing medium bearing the program code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IdentiPHI, Inc. (Imprivata Incorporated)
Original Assignee
Saflink Corporation (Imprivata Incorporated)
Inventors
Mercredi, Dwayne

Application Number

US11/013,668
Publication Number

US 20060136741A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/35   communicating wirelessly

G07C 9/257   electronically G07C9/26 tak...

Two factor token identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Two factor token identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links