Method and system for user authorization over a multi-user computer system
First Claim
1. In a computer system having access to a multi-user computer system, a method of authorizing a user for access to an application system, said method comprising the steps of:
- requesting a user identification from said user, said step of requesting performed over a first interface protocol of said multi-user computer system;
accessing an address identifying a computer system employed by said user to originate access requests;
determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid;
determining whether said address is validated for said user identification;
generating a key for said user if said address is not validated for said user identification, said key based on said address and said user identification;
transferring said key to said user via a second interface protocol of said multi-user computer system;
in response to said step of transferring, receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and
granting access of said application system to said user if said user entered validation value equals said key and validating said address for said user identification.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for performing user authorization in a multi-user computer system. The novel method has particular application to the multi-user internet protocol. Within the system, an application contains a list of registered users. For each registered user, the application stores a user identification, an email (electronic mail) address, and a database containing each authorized IP address for that user. When a user requests access to the application over the multi-user system, the application requires the user to input a user identification value and, simultaneously, the application accesses the user'"'"'s current IP address (e.g., the user'"'"'s internet domain address) over the multi-user system. The application attempts to validate the user identification, and if valid, the application examines its database to determine if the user is authorized for its current IP address. If so, access is permitted. If the user identification is valid but the current IP address is not authorized, the application determines a validation key ("key") based on the user identification and the current IP address. The pseudo unique key is then forwarded via the email protocol to the user'"'"'s known email address. The user then is required to enter that key into the application to authorized the current IP address. Security is provided because (1) given a user identification, which can be stolen, the unauthorized user also needs to access the application using an authorized IP address and (2) email is used to transmit the keys to the user to a known user email address.
366 Citations
21 Claims
-
1. In a computer system having access to a multi-user computer system, a method of authorizing a user for access to an application system, said method comprising the steps of:
-
requesting a user identification from said user, said step of requesting performed over a first interface protocol of said multi-user computer system; accessing an address identifying a computer system employed by said user to originate access requests; determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid; determining whether said address is validated for said user identification; generating a key for said user if said address is not validated for said user identification, said key based on said address and said user identification; transferring said key to said user via a second interface protocol of said multi-user computer system; in response to said step of transferring, receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and granting access of said application system to said user if said user entered validation value equals said key and validating said address for said user identification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In a computer system, a method of authorizing a user for access to an application program available over a multi-user computer system using an internet protocol, said method comprising the steps of:
-
requesting a user identification from said user, said step of requesting performed over a first interface protocol of said multi-user computer system; accessing an internet domain address identifying a computer system employed by said user to originate access requests; determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid; determining whether said internet domain address is validated for said user identification; generating a key for said user if said internet domain address is not validated for said user identification, said key based on said internet domain address and said user identification; transferring said key over an electronic mail internet application using simple mail transport protocol (smtp) to a predetermined electronic mail account of said user; in response to said step of transferring, receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and granting access of said application system to said user if said user entered validation value equals said key and validating said internet domain address for said user identification. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer system having access to a multi-user computer system, said computer system comprising a processor coupled to a bus, said bus coupled to a computer readable memory unit containing a program for causing said computer system to authorize a user for access to an application system, said program comprising:
-
first code for requesting a user identification from said user, said first code for communicating over a first interface protocol of said multi-user computer system; second code for accessing a user address identifying a computer system employed by said user to originate access requests; code for determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid; code for determining whether said user address is validated for said user identification; third code for generating a key for said user if said user address is not validated for said user identification, said key based on said user address and said user identification; fourth code for transferring said key to said user via a second interface protocol of said multi-user computer system; fifth code, in response to said forth code, for receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and sixth code for granting access of said application system to said user if said user entered validation value equals said key and validating said user address for said user identification. - View Dependent Claims (19, 20, 21)
-
Specification