Electronic information network user authentication and authorization system
First Claim
1. A system for authenticating a user to any service or computer on a heterogenous computer network comprising:
- at least one workstation in communication with a network; and
a removable, personally protectable coprocessor adapted to communicate with the workstation,the coprocessor adapted to receive user-provided initialization information from the workstation,the coprocessor adapted to receive signals including first encrypted authentication information from the workstation, the coprocessor including a preselected first key to decrypt the first encrypted authentication information, the coprocessor further programmed to assemble second authentication information and to encrypt the second authentication information using at least one of (i) a key contained within the first encrypted authentication information and (ii) a preselected second key and to send the second encrypted authentication information to the network via the workstation,whereby the user is authenticated to access the networked computer or service.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for authenticating and authorizing a user to access services on a heterogenous computer network. The system includes at least one workstation and one authorization server connected to each other through a network. A user couples a personally protectable coprocessor (smart card) to the workstation by means of a bidirectional communications channel. The coprocessor is adapted to receive signals including first encrypted authentication information and to decrypt the first encrypted authentication information using a preselected first key. The coprocessor is further adapted to assemble and encrypt second authentication information using a preselected second key and to transmit the encrypted second encrypted authentication information to the workstation. The workstation then communicates the information onto the network whereby the user is authenticated to access the networked computer or service.
344 Citations
4 Claims
-
1. A system for authenticating a user to any service or computer on a heterogenous computer network comprising:
-
at least one workstation in communication with a network; and a removable, personally protectable coprocessor adapted to communicate with the workstation, the coprocessor adapted to receive user-provided initialization information from the workstation, the coprocessor adapted to receive signals including first encrypted authentication information from the workstation, the coprocessor including a preselected first key to decrypt the first encrypted authentication information, the coprocessor further programmed to assemble second authentication information and to encrypt the second authentication information using at least one of (i) a key contained within the first encrypted authentication information and (ii) a preselected second key and to send the second encrypted authentication information to the network via the workstation, whereby the user is authenticated to access the networked computer or service. - View Dependent Claims (2, 3)
-
-
4. A system for authenticating a user to any service or computer on a heterogenous computer network comprising:
-
one authorization server in communication with the network; at least one workstation in communication with the network; and a removable, personally protectable coprocessor adapted to communicate with the workstation, the coprocessor adapted to receive user-provided initialization information from the workstation, the coprocessor adapted to receive signals including first encrypted authentication information from the workstation, the coprocessor programmed to include a preselected first key to decrypt the first encrypted authentication information, the coprocessor further programmed to receive signals including a preselected second key from the authorization server, the coprocessor further programmed to assemble second authentication information and to encrypt the second authentication information using at least one of (i) a key contained within the first encrypted authentication information and (ii) the preselected second key, and to send the second encrypted authentication information to the network via the workstation, whereby the user is authenticated to access the networked computer or service.
-
Specification