Method and system for user authorization over a multi-user computer system

US 5,684,951 A
Filed: 03/20/1996
Issued: 11/04/1997
Est. Priority Date: 03/20/1996
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system having access to a multi-user computer system, a method of authorizing a user for access to an application system, said method comprising the steps of:

requesting a user identification from said user, said step of requesting performed over a first interface protocol of said multi-user computer system;

accessing an address identifying a computer system employed by said user to originate access requests;

determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid;

determining whether said address is validated for said user identification;

generating a key for said user if said address is not validated for said user identification, said key based on said address and said user identification;

transferring said key to said user via a second interface protocol of said multi-user computer system;

in response to said step of transferring, receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and

granting access of said application system to said user if said user entered validation value equals said key and validating said address for said user identification.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for performing user authorization in a multi-user computer system. The novel method has particular application to the multi-user internet protocol. Within the system, an application contains a list of registered users. For each registered user, the application stores a user identification, an email (electronic mail) address, and a database containing each authorized IP address for that user. When a user requests access to the application over the multi-user system, the application requires the user to input a user identification value and, simultaneously, the application accesses the user'"'"'s current IP address (e.g., the user'"'"'s internet domain address) over the multi-user system. The application attempts to validate the user identification, and if valid, the application examines its database to determine if the user is authorized for its current IP address. If so, access is permitted. If the user identification is valid but the current IP address is not authorized, the application determines a validation key ("key") based on the user identification and the current IP address. The pseudo unique key is then forwarded via the email protocol to the user'"'"'s known email address. The user then is required to enter that key into the application to authorized the current IP address. Security is provided because (1) given a user identification, which can be stolen, the unauthorized user also needs to access the application using an authorized IP address and (2) email is used to transmit the keys to the user to a known user email address.

366 Citations

21 Claims

1. In a computer system having access to a multi-user computer system, a method of authorizing a user for access to an application system, said method comprising the steps of:
- requesting a user identification from said user, said step of requesting performed over a first interface protocol of said multi-user computer system;
  
  accessing an address identifying a computer system employed by said user to originate access requests;
  
  determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid;
  
  determining whether said address is validated for said user identification;
  
  generating a key for said user if said address is not validated for said user identification, said key based on said address and said user identification;
  
  transferring said key to said user via a second interface protocol of said multi-user computer system;
  
  in response to said step of transferring, receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and
  
  granting access of said application system to said user if said user entered validation value equals said key and validating said address for said user identification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as described in claim 1 wherein said multi-user computer system utilizes an internet protocol.
  - 3. A method as described in claim 2 wherein said first interface protocol is the world wide web internet application running hypertext transfer protocol (http) and wherein said second interface protocol is the electronic mail internet application running simple mail transport protocol (smtp).
  - 4. A method as described in claim 2 wherein said step of generating said key comprises the steps of:
    - accessing a secret code string;
      
      concatenating said secret code string, said user identification, and said address to generate a first value; and
      
      performing a first procedure upon said first value to produce a fixed length pseudo unique value corresponding to said first value wherein said key is said pseudo unique value.
  - 5. A method as described in claim 4 wherein said first procedure is a hash procedure.
  - 6. A method as described in claim 2 wherein said step of granting access to said application system if said user entered validation value equals said key comprises the steps of:
    - retrieving from a computer database said key indexed by said user identification and by said address;
      
      comparing said key to said user entered validation value; and
      
      indicating if said above step of comparing indicated a match of said key to said user entered validation value.
  - 7. A method as described in claim 2 wherein said address is an IP network domain address four octets wide.
  - 8. A method as described in claim 3 wherein said step of transferring said key to said user via said second interface protocol of said multi-user computer system comprises the step of transferring said key to a predetermined electronic mail account of said user.
  - 9. A method as described in claim 2 further comprising the step of embedding said user identification in all transactions originating from said user to said application system provided said user is granted access to said application system.

10. In a computer system, a method of authorizing a user for access to an application program available over a multi-user computer system using an internet protocol, said method comprising the steps of:
- requesting a user identification from said user, said step of requesting performed over a first interface protocol of said multi-user computer system;
  
  accessing an internet domain address identifying a computer system employed by said user to originate access requests;
  
  determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid;
  
  determining whether said internet domain address is validated for said user identification;
  
  generating a key for said user if said internet domain address is not validated for said user identification, said key based on said internet domain address and said user identification;
  
  transferring said key over an electronic mail internet application using simple mail transport protocol (smtp) to a predetermined electronic mail account of said user;
  
  in response to said step of transferring, receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and
  
  granting access of said application system to said user if said user entered validation value equals said key and validating said internet domain address for said user identification.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. A method as described in claim 10 wherein said first interface protocol is the world wide web (www) internet application running hypertext transfer protocol (http).
  - 12. A method as described in claim 10 wherein said step of generating said key comprises the steps of:
    - accessing a secret code of values;
      
      concatenating said secret code, said user identification, and said internet domain address to generate a first value; and
      
      performing a first procedure upon said first value to produce a fixed length pseudo unique value corresponding to said first value, wherein said key is said pseudo unique value.
  - 13. A method as described in claim 10 wherein said step of generating said key comprises the steps of:
    - accessing a secret code of values;
      
      accessing a timestamp representing a point in time;
      
      concatenating said secret code, said user identification, said internet domain address to generate a first value, and said timestamp; and
      
      performing a first procedure upon said first value to produce a fixed length pseudo unique value corresponding to said first value, wherein said key is said pseudo unique value.
  - 14. A method as described in claim 12 wherein said first procedure is a hash procedure.
  - 15. A method as described in claim 10 wherein said step of granting access to said application system if said user entered validation value equals said key comprises the steps of:
    - retrieving from a computer database said key indexed by said user identification and by said internet domain address;
      
      comparing said key to said user entered validation value; and
      
      indicating a match if said above step of comparing indicated a match of said key to said user entered validation value.
  - 16. A method as described in claim 10 wherein said internet domain address is an IP network domain address four octets wide.
  - 17. A method as described in claim 10 further comprising the step of embedding said user identification in all transactions originating from the user to the application system provided said user is granted access to said application system.

18. A computer system having access to a multi-user computer system, said computer system comprising a processor coupled to a bus, said bus coupled to a computer readable memory unit containing a program for causing said computer system to authorize a user for access to an application system, said program comprising:
- first code for requesting a user identification from said user, said first code for communicating over a first interface protocol of said multi-user computer system;
  
  second code for accessing a user address identifying a computer system employed by said user to originate access requests;
  
  code for determining whether said user identification is valid and response thereto denying access to said application system provided said user identification is not valid;
  
  code for determining whether said user address is validated for said user identification;
  
  third code for generating a key for said user if said user address is not validated for said user identification, said key based on said user address and said user identification;
  
  fourth code for transferring said key to said user via a second interface protocol of said multi-user computer system;
  
  fifth code, in response to said forth code, for receiving a user entered validation value from said user over said first interface protocol of said multi-user computer system; and
  
  sixth code for granting access of said application system to said user if said user entered validation value equals said key and validating said user address for said user identification.
- View Dependent Claims (19, 20, 21)
- - 19. A computer system as described in claim 18 wherein said multi-user computer system utilizes an internet protocol.
  - 20. A computer system as described in claim 19 wherein said first interface protocol is the world wide web internet application running hypertext transfer protocol (http) and wherein said second interface protocol is the electronic mail internet application running simple mail transport protocol (smtp).
  - 21. A computer system as described in claim 19 wherein said third code comprises:
    - seventh code for accessing a secret code string;
      
      eight code for concatenating said secret code string, said user identification, and said user address to generate a first value; and
      
      ninth code for performing a hash procedure upon said first value to produce a fixed length pseudo unique value corresponding to said first value wherein said key is said pseudo unique value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synopsys Incorporated
Original Assignee
Synopsys Incorporated
Inventors
Goldman, Jonathan, Saperstein, Garry
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
BADERMAN, SCOTT T

Application Number

US08/619,892
Time in Patent Office

594 Days
Field of Search

395/188.01, 395/187.01, 395/186, 395/200.06, 395/606, 395/609, 395/610, 380/30, 380/3, 379/145
US Class Current

726/6
CPC Class Codes

G06F 21/31 User authentication

Method and system for user authorization over a multi-user computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

366 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for user authorization over a multi-user computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

366 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links