System and Method for Authentication of Users in a Secure Computer System
First Claim
1. A method of authenticating a user in a secure computer system comprising:
- in an enrollment session between the secure computer system and a client computer of a user,storing a first user identifier on a computer-readable storage medium of the secure computer system, and associating the first user identifier with the user,storing a second user identifier, unique to the user and selected by the secure computer system and that is not related to the client computer, on the computer-readable storage medium of the secure computer system, and associating the second user identifier with the user,creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted persistent object at the client computer, andstoring request header attributes from the client computer received during the enrollment session on the computer-readable storage medium of the secure computer system, and associating the request header attributes received during the enrollment process with the first and second user identifiers; and
in a subsequent sign-on session between the secure computer system and the client computer,receiving from the client computer by the secure computer system a request for a sign-on page;
transmitting from the secure computer system to the client computer a prompt for the first user identifier;
in response to said prompt, receiving from the client computer by the secure computer system a request includingthe first user identifier,the second user identifier stored in the object stored at the client computer anda plurality of current request header attributes;
authenticating at the secure computer system the first user identifier;
authenticating at the secure computer system the second user identifier;
comparing the transmitted plurality of current request header attributes with the plurality of request header attributes received during the enrollment session, stored at the computer system and associated with the first user identifier; and
if the first and second user identifiers are authenticated, and if at least some of the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message by the secure computer system to the client computer to be viewed by the user and allowing the user into the secure computer system, wherein the secure computer system does not modify the persistent object created in the enrollment session or create a new persistent object.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for authenticating a user in a secure computer system. A client computer transmits a request for a sign-on page, the secure computer system responds by transmitting a prompt for a first user identifier, and the client computer transmits a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. A server module authenticates the first and second user identifiers, and compares the transmitted plurality of request header attributes with request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if a predetermined number of transmitted request header attributes match stored request header attributes, the server software module transmits a success message, and the user is allowed to access the secure computer system.
-
Citations
43 Claims
-
1. A method of authenticating a user in a secure computer system comprising:
-
in an enrollment session between the secure computer system and a client computer of a user, storing a first user identifier on a computer-readable storage medium of the secure computer system, and associating the first user identifier with the user, storing a second user identifier, unique to the user and selected by the secure computer system and that is not related to the client computer, on the computer-readable storage medium of the secure computer system, and associating the second user identifier with the user, creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted persistent object at the client computer, and storing request header attributes from the client computer received during the enrollment session on the computer-readable storage medium of the secure computer system, and associating the request header attributes received during the enrollment process with the first and second user identifiers; and in a subsequent sign-on session between the secure computer system and the client computer, receiving from the client computer by the secure computer system a request for a sign-on page; transmitting from the secure computer system to the client computer a prompt for the first user identifier; in response to said prompt, receiving from the client computer by the secure computer system a request including the first user identifier, the second user identifier stored in the object stored at the client computer and a plurality of current request header attributes; authenticating at the secure computer system the first user identifier; authenticating at the secure computer system the second user identifier; comparing the transmitted plurality of current request header attributes with the plurality of request header attributes received during the enrollment session, stored at the computer system and associated with the first user identifier; and if the first and second user identifiers are authenticated, and if at least some of the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message by the secure computer system to the client computer to be viewed by the user and allowing the user into the secure computer system, wherein the secure computer system does not modify the persistent object created in the enrollment session or create a new persistent object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of enrolling a user in a secure computer system comprising:
-
establishing an enrollment session between the secure computer system and a client computer of a user, storing a first user identifier on a computer-readable storage medium of the secure computer system, and associating the first user identifier with the user; storing a second user identifier that is unique to the user, selected by the secure computer system and is not related to the client computer, on the computer-readable storage medium of the secure computer system, and associating the second user identifier with the user; creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted persistent object at the client computer; and storing request header attributes from the client computer received during the enrollment session on the computer-readable storage medium of the secure computer system and associating the request header attributes received during the enrollment process with the first and second user identifiers.
-
-
12. A method of enrolling a user in a secure computer system comprising:
-
receiving from a client computer of a user by the secure computer system a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to said client computer; transmitting from the secure computer system to the client computer a prompt for a user identifier; receiving by the secure computer system from the client computer the user identifier; validating the user identifier; authenticating the user identifier; transmitting from the secure computer system to the client computer a request for a user identification and password; receiving from the client computer and authenticating the user identification and password; storing the user identification and password in a computer-readable storage medium associated with the secure computer system in a file containing the device attributes and user identifier; creating a serial number and saving the serial number in the file; encrypting the serial number; creating a browser cookie containing the encrypted serial number and storing the browser cookie on the client computer; creating a local shared object containing the encrypted serial number and storing the local shared object on the client computer. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system for authenticating a user in a secure computer system comprising:
-
a server associated with the secure computer system having a module configured to establish communication over a network with a client computer operable by a user, and having a computer-readable storage medium; the module being configured to transmit from the server to the client computer a prompt for a first user identifier; the module being configured to receive from the client software module, in response to the prompt, the first user identifier, a second user identifier stored in an encrypted persistent object stored in the client computer, and a plurality of request header attributes; the module being configured to validate the first user identifier and the second user identifier, and compare the transmitted plurality of request header attributes to a plurality of request header attributes in the computer-readable storage medium and associated with the first identifier; the module being configured such that, if the first and second user identifiers are validated by the module, and if the transmitted request header attributes correspond to the stored request header attributes, the module allows the client computer access to the secure computer system. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system of authenticating a user in a secure computer system comprising:
-
a server associated with the secure computer system in communication with a computer-readable storage medium containing information pertaining to the user; the server including a module configured to receive from a client computer of the user over a network a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to the client computer; the module being configured to transmit from the server to the client computer a prompt for a user identifier, receive the user identifier from the client computer, validate the user identifier, authenticate the user identifier, transmit from the server to the client computer a request for a user identification and password, validate the user identification and password received from the client computer and store the user identification and password in the computer-readable storage; and the server software module being configured to receive a request from the client computer to register the client computer, and in response to the request to register, create a serial number unique to the user and save the serial number and the plurality of device attributes specific to the client computer in the computer-readable storage medium associated with the user identification and password, store the serial number on the client computer, and allow the user access to the secure computer system.
-
-
31. A system for authenticating a user in a secure computer system comprising:
-
a server associated with the secure computer system in communication with the client computer and having a computer-readable storage medium; the server having a module configured to transmit from the server over a network to a client computer of the user a prompt for a first user identifier; the module being configured to receive from the client computer over the network a request including the first user identifier, a second user identifier stored in an object stored at the client computer, and a plurality of request header attributes; and the module being configured to validate the first user identifier and the second user identifier and compare the plurality of request header attributes with a plurality of request header attributes in the computer-readable storage medium and associated with the first identifier; whereby, if the first and second user identifiers are validated by the server software module, and if the transmitted request header attributes correspond to the stored request header attributes, the server software module allows the client computer access to the secure computer system.
-
-
32. A system of authenticating a user in a secure computer system comprising:
-
a server associated with the secure computer system having a server software module configured to communicate over a network with a client computer of the user, the server having storage containing information pertaining to the user; the server software module being configured to receive from the client computer a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to the client computer; the server software module being configured to transmit to the client computer a prompt for a user identifier, receiving the user identifier from the client computer, validating the user identifier, authenticating the user identifier, transmitting from the server a request for a user identification and password, validating the user identification and password received from the client computer and storing the user identification and password on the computer-readable storage medium; the module being configured to receive from the client computer a request to register the client computer; and the module being configured such that, in response to the request to register, the module creates a serial number unique to the user and saves the serial number and the request attributes on the computer-readable storage medium associated with the user identification and password, stores the serial number on the client computer, and allows the user access to the secure computer system.
-
-
33. A method of authenticating a user in a secure computer system comprising the steps of:
-
receiving from a client computer of a user by the secure computer system over a network a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to said client computer; transmitting from the secure computer system to the client computer a prompt for a user identifier; the secure computer system receiving from the client computer the user identifier, validating the user identifier, authenticating the user identifier, and transmitting to the client computer a request for a user identification and password; the secure computer system receiving from the client computer a user identification and password, validating the user identification and password and storing the user identification and password in computer-readable storage medium associated therewith; the secure computer system receiving from the client computer a request to register the client computer; the secure computer system creating a serial number unique to the user and storing the serial number and request header in the computer-readable storage medium associated with the user identification and password; and the secure computer system storing the serial number on the client computer, and allowing the user access to the secure computer system. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification