Methods and systems for secure shared smartcard access

US 20070277032A1
Filed: 05/24/2006
Published: 11/29/2007
Est. Priority Date: 05/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method of accessing a secure computer, the method comprising:

capturing an authentication state of a security token in response to a verification of user authentication information;

providing the authentication state to at least one application requiring authentication with the security token; and

accessing the at least one application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment generally relates to a method of accessing a secure computer. The method includes capturing an authentication state of a security token in response to a verification of user authentication information. The method also includes providing the authentication state to at least one application requiring authentication with the security token and accessing the at least one application.

104 Citations

View as Search Results

22 Claims

1. A method of accessing a secure computer, the method comprising:
- capturing an authentication state of a security token in response to a verification of user authentication information;
  
  providing the authentication state to at least one application requiring authentication with the security token; and
  
  accessing the at least one application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - prompting for user authentication information in response to the insertion of a security token into the secure computer;
      
      receiving the user authentication information; and
      
      verifying the user authentication information.
  - 3. The method of claim 1, further comprising:
    - using a PKCS #11 interface to the captured authentication state for the at least one application to access the captured authentication state.
  - 4. The method of claim 1, further comprising:
    - connecting with a remote secure computer from the secure computer;
      
      providing the captured authentication state to access the remote secure computer; and
      
      accessing at least one remote application on the remote secure computer in response to the remote secure computer authenticating with the captured authentication state.
  - 5. The method of claim 1, wherein the security token is a token which does not contain separate authentication states for processes.
  - 6. The method of claim 5, further comprising locking the authentication state of the token with a session state.
  - 7. The method of claim 5, wherein the security token is a personal identity verification (PIV) token.
  - 8. The method of claim 1, wherein the security token is shared among multiple users.
  - 9. The method of claim 8, further comprising:
    - creating a respective session state for each user;
      
      creating an associated authentication state for each respective session state based on the security token; and
      
      binding the associated authentication state with each respective session.
  - 10. An apparatus comprising of means for performing the method of claim 1.
  - 11. A computer readable medium comprising executable code for performing the method of claim 1.

12. A system for secure access, comprising:
- a computing machine configured to access a multi-user multi-machine system;
  
  a security device interface with the computing machine, the security device configured to accept a security token for accessing the computing machine; and
  
  a security daemon configured to be executing on the computing machine, wherein the security daemon is configured to initiate a session and capture an authentication state of a security token in response to a verification of user inputted authentication information and bind the authentication state to the session.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the security daemon is further configured to provide the authentication state to requesting applications requesting authorization.
  - 14. The system of claim 12, wherein the security daemon is further configured to prompt a user for the authentication information in response to detecting a presence of the security token in the security device.
  - 15. The system of claim 12, wherein the security daemon is further configured to verify received authentication information.
  - 16. The system of claim 13, wherein the security daemon is further configured to store the authentication state of the security token in response to the verification of the authentication information.
  - 17. The system of claim 12, further comprising a remote computing machine configured to interface with associated security device, wherein the computing machine is configured to access a remote computing machine using a secure shell protocol connection.
  - 18. The system of claim 17, wherein the remote computing machine is configured to forward queries for authentication through a local port created by the secure shell protocol.
  - 19. The system of claim 18, wherein the security daemon is configured to present the authentication state to respond to the queries for authentication.
  - 20. The system of claim 19, wherein the remote computing machine is configured to make available the same resources to the computing machine as though the security token is authenticated at the remote computing machine.
  - 21. The system of claim 12, wherein the security daemon is configured to interface with applications and process with a PKCS #11 compliant interface.

22. A method of sharing a security token, the method comprising:
- providing the security token to a plurality of users, each user assigned respective initial authentication information and in combination with the security token identifies each user;
  
  creating a respective session state for each user;
  
  creating an associated authentication state for each respective session state in response to verification of the respective initial authentication information with the security token; and
  
  binding the respective session state for each user with the associated authentication state to provide access to secure applications, wherein the authentication state of held by session state provides access to secure applications cleared for access for the respective user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert

Granted Patent

US 7,992,203 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/159
CPC Class Codes

H04L 63/0853 using an additional device,...

Methods and systems for secure shared smartcard access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

104 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure shared smartcard access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links