SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO A COMPUTING DEVICE

US 20090165125A1
Filed: 12/19/2007
Published: 06/25/2009
Est. Priority Date: 12/19/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to a computing device, wherein in operation, m access rights associated with the computing device are provided only upon successful verification of n authentication factors, where m and n are integers greater than 1, the method comprising:

receiving one or more authentication factors required for access to the computing device;

verifying each of the one or more authentication factors received;

if at least one authentication factor is successfully verified and the number of successfully verified authentication factors equals n, providing m access rights; and

if at least one authentication factor is successfully verified and the number of successfully verified authentication factors is less than n,determining a selected subset of access rights from a plurality of different subsets of access rights, wherein the plurality of different subsets of access rights comprises more than one subset consisting of less than m access rights, andproviding the selected subset of access rights.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling user access to a computing device (e.g. a mobile device). In some embodiments, access rights are provided to a user based on successfully verified authentication factors, even where the user is unable to provide all the authentication factors typically required for access to the computing device. In one broad aspect, one or more authentication factors are provided by a user, and are received and verified by a security module application residing and executing on the computing device. When less than all of the authentication factors that would typically be expected in authenticating a user for access to the computing device is received and successfully verified, a subset of the available access rights selected from a plurality of different pre-defined subsets of access rights is provided to the user. The specific access rights provided to the user are based on the successfully verified authentication factors.

97 Citations

View as Search Results

22 Claims

1. A method of controlling access to a computing device, wherein in operation, m access rights associated with the computing device are provided only upon successful verification of n authentication factors, where m and n are integers greater than 1, the method comprising:
- receiving one or more authentication factors required for access to the computing device;
  
  verifying each of the one or more authentication factors received;
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors equals n, providing m access rights; and
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors is less than n,determining a selected subset of access rights from a plurality of different subsets of access rights, wherein the plurality of different subsets of access rights comprises more than one subset consisting of less than m access rights, andproviding the selected subset of access rights.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the selected subset of access rights consists of less than m access rights.
  - 3. The method of claim 1, wherein a weight factor is associated with each of the n authentication factors, and wherein the method further comprises:
    - determining an access score to determine the selected subset, the access score being a function of the weight factors associated with the successfully verified authentication factors, wherein the selected subset of access rights is determined based on the access score.
  - 4. The method of claim 1, wherein when the number of successfully verified authentication factors is less than n, the selected subset of access rights is determined based on the number of successfully verified authentication factors.
  - 5. The method of claim 1, wherein when the number of successfully verified authentication factors is less than n, the selected subset of access rights is determined based on the type of at least one successfully verified authentication factor.
  - 6. The method of claim 1, wherein when the number of successfully verified authentication factors is less than n, the selected subset of access rights is determined based both on the type of at least one successfully verified authentication factor and the number of successfully verified authentication factors.
  - 7. The method of claim 1, wherein the selected subset of access rights is determined in accordance with a predefined schedule.
  - 8. The method of claim 7, wherein the predefined schedule is user-specific.
  - 9. The method of claim 7, wherein the predefined schedule is defined through an administrative console.
  - 10. The method of claim 1, wherein the selected subset of access rights is determined in accordance with a plurality of predefined rules.
  - 11. The method of claim 10, wherein the plurality of predefined rules is user-specific.
  - 12. The method of claim 10, wherein the plurality of predefined rules is defined through an administrative console.
  - 13. The method of claim 1, wherein the selected subset of access rights is determined in accordance with a security policy governing use of the computing device.
  - 14. The method of claim 1, further comprising prompting for at least one authentication factor.
  - 15. The method of claim 1, further comprising granting access to the computing device in accordance with at least one of the selected subset of access rights.
  - 16. The method of claim 1, wherein each of the n authentication factors comprises one or more of the following:
    - user name, password, smart card, PIN, security token, biometric identifier, SIM card, physical location.
  - 17. The method of claim 1, wherein the computing device comprises a mobile device.
  - 18. The method of claim 1, wherein at least one of the m access rights is associated with a network accessible by the computing device.

19. A computer-readable medium comprising instructions executable on a processor of a computing device for implementing a method of controlling access to the computing device, wherein in operation, m access rights associated with the computing device are provided only upon successful verification of n authentication factors, where m and n are integers greater than 1, the method comprising:
- receiving one or more authentication factors required for access to the computing device;
  
  verifying each of the one or more authentication factors received;
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors equals n, providing m access rights; and
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors is less than n,determining a selected subset of access rights from a plurality of different subsets of access rights, wherein the plurality of different subsets of access rights comprises more than one subset consisting of less than m access rights, andproviding the selected subset of access rights.

20. A system for controlling access to a computing device, the system comprising at least a processor and a memory, wherein in operation, m access rights associated with the computing device are provided only upon successful verification of n authentication factors, where m and n are integers greater than 1, wherein the system is configured to execute a security module programmed to perform acts comprising:
- receiving one or more authentication factors required for access to the computing device;
  
  verifying each of the one or more authentication factors received;
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors equals n, providing m access rights; and
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors is less than n,determining a selected subset of access rights from a plurality of different subsets of access rights, wherein the plurality of different subsets of access rights comprises more than one subset consisting of less than m access rights, andproviding the selected subset consisting of less than m access rights.
- View Dependent Claims (21)
- - 21. The system of claim 20, wherein the computing device comprises a mobile device.

22. An access-controlled mobile device, wherein in operation, m access rights associated with the mobile device are provided only upon successful verification of n authentication factors, where m and n are integers greater than 1, wherein the mobile device comprises at least a processor and a memory, and wherein the mobile device further comprises a security module executable by the processor, the security module programmed to perform acts comprising:
- receiving one or more authentication factors required for access to the mobile device;
  
  verifying each of the one or more authentication factors received;
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors equals n, providing m access rights; and
  
  if at least one authentication factor is successfully verified and the number of successfully verified authentication factors is less than n,determining a selected subset of access rights from a plurality of different subsets of access rights, wherein the plurality of different subsets of access rights comprises more than one subset consisting of less than m access rights, andproviding the selected subset consisting of less than m access rights.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Brown, Michael S., Brown, Michael K., Kirkup, Michael G.

Application Number

US11/960,433
Publication Number

US 20090165125A1
Time in Patent Office

Days
Field of Search
US Class Current

726/21
CPC Class Codes

G06F 21/31   User authentication

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO A COMPUTING DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO A COMPUTING DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links