Protected software access control apparatus and method
First Claim
1. A software access control for limiting access to an executable program to an authorized user, said software access control system comprising:
- (a) data communication means for transmitting an access request message requesting permission to execute a selected program;
(b) processor means comprising means for controlling access to said program, means for executing said program, first memory means for storing said program and a manifestation identifying said selected program, and first means coupled to said data communication means and responsive to the receipt of said access request message for transmitting an authentication message including said selected program identifying manifestation;
(c) portable key means possessed by the authorized user and comprising second memory means for storing a program identifying manifestation assigned to said key means; and
(d) means coupled to said processor means for releasably receiving said key means and responsive to said authentication message for detecting the presence of said portable key means and, if present, for applying said authentication to said portable key means;
(e) said portable key means comprising means responsive to said applied authentication message for accessing said second memory means to obtain from said second memory means said assigned program identifying manifestation, for determining whether there is a match between said selected program identifying manifestation and said assigned program identifying manifestation and, if there is a match, for generating and transmitting to said access controlling means of said processor means an access granting signal whereby said access controlling means permits access to the executable program.
1 Assignment
0 Petitions
Accused Products
Abstract
A software access control system is disclosed for controlling access to a protected application program. The software access control system comprises first and second processors, each having a terminal or port adapting its processor to be coupled with the other. The first processor is programmed to permit access to the protected application program and comprises a first memory storing the protected application program, a program identification manifestation and a customer identification manifestation. The second processor comprises a second memory for storing a program identification manifestation and a customer identification manifestation, as assigned to the second processor. A user terminal is actuated to transmit an access request message including a requested program identification manifestation to the first processor requesting permission to execute a particular application program. There is disclosed a two-step process of granting access to a protected application program. First, the requested program identification manifestation, as entered on the user terminal, is compared with a program identification manifestation retained within the second processor. If there is a first match, a customer authentication message is transmitted from the first processor to the second processor. In response, the second processor transmits its assigned customer identification manifestation to the first processor, wherein a comparison is made between the retained customer identification manifestation and the assigned customer identification transmission. If there is a second match, access to use and to execute the application program is granted.
380 Citations
12 Claims
-
1. A software access control for limiting access to an executable program to an authorized user, said software access control system comprising:
-
(a) data communication means for transmitting an access request message requesting permission to execute a selected program; (b) processor means comprising means for controlling access to said program, means for executing said program, first memory means for storing said program and a manifestation identifying said selected program, and first means coupled to said data communication means and responsive to the receipt of said access request message for transmitting an authentication message including said selected program identifying manifestation; (c) portable key means possessed by the authorized user and comprising second memory means for storing a program identifying manifestation assigned to said key means; and (d) means coupled to said processor means for releasably receiving said key means and responsive to said authentication message for detecting the presence of said portable key means and, if present, for applying said authentication to said portable key means; (e) said portable key means comprising means responsive to said applied authentication message for accessing said second memory means to obtain from said second memory means said assigned program identifying manifestation, for determining whether there is a match between said selected program identifying manifestation and said assigned program identifying manifestation and, if there is a match, for generating and transmitting to said access controlling means of said processor means an access granting signal whereby said access controlling means permits access to the executable program. - View Dependent Claims (2, 3)
-
-
4. A software cross control system for limiting access to an executable program to an authorized user, said program having a first manifestation particularly identifying said program and a second manifestation particularly identifying an authorized user to be granted access to the executable program, said software access control system comprising:
-
(a) data comunication means for transmitting an access request message requesting permission to execute a selected program; (b) processor means comprising means for executing said program, first memory means for storing a program and its first and second identifying manifestations, and first means responsive to the receipt of said access request message for transmitting a program authentication message including said selected first identifying manifestation; (c) portable key means possessed by the authorized user and comprising second memory means for storing an assigned first identifying manifestation assigned to said key means and identifying that program to which access is to be granted, and a second identifying manifestation assigned to said key means its authorized user; (d) means coupled to said processor for releasably receiving said portable key means and comprising means responsive to said program authentication message for determining the presence of said portable key means and, if present, for accessing said second memory means to obtain said assigned first identifying manifestation, and matching means for determining whether there is a match between said selected first identifying manifestation and said assigned first identifying manifestation indicating that a corresponding key means is coupled to said processor means; (e) said key means including means responsive to said match between said selected and assigned first identifying manifestations for obtaining said assigned second identifying manifestation from said second memory means and for transmitting said second assigned identification manifestation to said processor means; and (f) said processor means comprising matching means for obtaining from said first memory means said second identifying manifestation and for comparing said second identifying manifestation with said assigned second identifying manifestation to determine whether there is a match therebetween and, if there exists a match, for providing an access permission signal, said executing means responsive to said access permission signal for enabling the execution of said program. - View Dependent Claims (5, 6)
-
-
7. A software access control system for limiting access to a protected program to an authorized user, said protected program having at least one manifestation particularly identifying an authorized user to be granted access to said protected program, said software access control system comprising:
-
(a) data communication means for transmitting an access request message requesting permission to gain access to a selected protected program; (b) processor means comprising means for executing said protected program, first memory means for storing a program, and means responsive to the receipt of said access request message for transmtting a program authentication message indicative of said selected protected program if said selected protected program is stored in said first memory means; (c) portable key means possessed by the authorized user and adapted to be coupled to said processor means and comprising second memory means for storing an identifying manifestation assigned to said key means and indicative of its authorized user; and (d) means coupled to said processor means for releasably receiving said portable key means and comprising means for receiving and analyzing said authentication message to determine whether said portable key means is present and, if present, for determining whether said authentication message is compatible with said key means; (e) said key means including means, actuable if said program authentication message is compatible with said key means, for obtaining said assigned identifying manifestation from said second memory means and for transmitting said assigned identification manifestation to said processor means; (f) said processor means further comprising matching means for receiving and comparing said assigned identifying manifestation with said identifying manifestations stored in said first memory means and, if there is a match, for providing an access permission signal. - View Dependent Claims (8, 9)
-
-
10. A software access control system for limiting access to a protected program to an authorized user, said protected program having at least one manifestation particularly identifying an authorized user to be granted access to said protected program, said software access control system comprising:
-
(a) means for transmitting a program authentication message requesting permission to gain access to a selected protected program; (b) processor means comprising means for executing said protected program and first memory means for storing a program; (c) portable key means possessed by the authorized user and adapted to be coupled to said processor means and comprising second memory means for storing an identifying manifestation assigned to said key means and indicative of its authorized user; and (d) means coupled to said transmitting means for receiving releasably said key means, and comprising means for receiving and analyzing said authentication message to determine whether said portable key means is present and, if so, to determine whether it is compatible with said key means; (e) said key means including means, actuatable if said program authentication message is compatible with said key means, for obtaining said assigned identifying manifestation from said second memory means and for transmitting said assigned identification manifestation to said processor means; (f) said processor means further comprising matching means for receiving and comparing said assigned identifying manifestation with said identifying manifestations stored in said first memory means and, if there is a match, for providing an access permission signal.
-
-
11. A software access control system for limiting access to a plurality of protected programs to authorized users, each of said protected programs having a list of manifestations, each manifestation identifying an authorized user to be granted access to a corresponding program, said software access control system comprising:
-
(a) processor means comprising means for controlling access to said protected programs, first memory means for storing said plurality of programs and said list of user identifying manifestations, means for generating and transmitting an access request message requesting permission to gain access to a selected one of said plurality of protected programs; (b) portable key means possessed by an authorized user and comprising second memory means for storing a user identifying manifestation assigned to said key means; and (c) means for releasably receiving said portable key means, said receiving means comprising means for determining the presence of said portable key means and, if present, for applying said access request message to said received portable key means; (d) said portable key means comprising means for interpreting said applied access request message to determine whether it is compatible with said key means, and means for transmitting said assigned user identifying manifestation if said interpreted access request message is compatible with said key means; (e) said access controlling means coupled to said transmitting means to receive said user assigned identifying manifestation for determining whether said transmitted, assigned user identifying manifestation matches one of said list of user identifying manifestations of said selected one protected program and, if there is a match, for granting user access to said selected protected program. - View Dependent Claims (12)
-
Specification