System, method and computer program product for allowing access to enterprise resources using biometric devices

US 6,256,737 B1
Filed: 03/09/1999
Issued: 07/03/2001
Est. Priority Date: 03/09/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing user authentication to enterprise resources, comprising the steps of:

(a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;

(b) assigning one of said biometric policies to the user;

(c) determining whether the user is authenticated by executing said assigned biometric policy; and

(d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an OR policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said OR policy if the user passes one of said biometric devices in said list of devices.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product that utilizes biometric measurements for the authentication of users to enterprise resources. The system includes a biometric server that stores the engine and collections of data required by the system to authenticate users. In the present invention, it is the biometric policies that determine the way or method in which a user is to be authenticated by the system. The execution of the biometric policies involves the use of one or more biometric templates. Biometric devices utilize a scientific technique to identify a user based on compared measurements of unique personal characteristics. These measurements, called biometric measurements, may include, but are not limited to, measurements of finger and hand geometry, retina and facial images, weight, DNA data, breath, voice, typing stroke and signature. The biometric policies of the present invention provide flexibility to the level of protection for individual enterprise resources. In an embodiment of the present invention, a method of storing both biometric templates and digital certificates in a hierarchical structure allows for the ease of access to biometric templates and digital certificates. In another embodiment of the present invention, the system of the present invention is implemented as a roaming profile server in a certificate authority system.

769 Citations

105 Claims

1. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an OR policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said OR policy if the user passes one of said biometric devices in said list of devices.

2. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an OR policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said OR policy if the user passes said biometric device while being tested with at least two biometric measurements.

3. A method for proving user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an AND policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said AND policy if the user passes all of said biometric devices in said list of devices.

4. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an AND policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said AND policy if the user passes said biometric device while being tested with at least two biometric measurements.

5. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first biometric device or if the user exceeds a contingent threshold associated with said first biometric device and the user exceeds a minimum threshold associated with a second biometric device.

6. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes only one biometric device, wherein a first biometric measurement and a second biometric measurement are associated with said biometric device, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with said biometric device and said first biometric measurement or if the user exceeds a contingent threshold associated with said biometric device and said first biometric measurement and the user exceeds a minimum threshold associated with said biometric device and said second biometric measurement.

7. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a RANDOM policy having a list of devices, wherein said list of devices includes at least two different biometric devices, wherein a random biometric device is determined from said list of devices, and wherein the user passes said RANDOM policy if the user passes said random biometric device.

8. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a RANDOM policy having a list of devices, wherein said list of devices includes only one biometric device, wherein a random biometric measurement is determined from one or more biometric measurements, and wherein the user passes said RANDOM policy if the user passes said biometric device while being tested with said random biometric measurement.

9. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said biometric devices in said list of devices.

10. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested with one or more biometric measurements on said biometric device in said list of devices.

11. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an OR policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said OR policy if the user passes one of said biometric policies in said list of biometric policies.

12. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an AND policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said AND policy if the user passes all of said biometric policies in said list of biometric policies.

13. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a CONTINGENT policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first biometric policy or if the user exceeds a contingent threshold associated with said first biometric policy and the user exceeds a minimum threshold associated with a second biometric policy.

14. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a RANDOM policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, wherein a random biometric policy is determined from said list of biometric policies, and wherein the user passes said RANDOM policy if the user passes said random biometric policy.

15. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a THRESHOLD policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said biometric policies in said list of biometric policies.

16. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an OR policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said OR policy if the user passes one of said elements in said list of policies or devices.

17. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is an AND policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said AND policy if the user passes all of said elements in said list of policies or devices.

18. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a CONTINGENT policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first element or if the user exceeds a contingent threshold associated with said first element and the user exceeds a minimum threshold associated with a second element.

19. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server including placing the user within a biometric group, wherein said biometric group defines one or more users having a specified characteristic, said biometric server having stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  (b) assigning one of said biometric policies to the user;
  
  (c) determining whether the user is authenticated by executing said assigned biometric policy; and
  
  (d) indicating that the user may access the enterprise resources if the user passes said assigned biometric policy, otherwise indicating that the user may not access the enterprise resources, wherein said assigned biometric policy is a RANDOM policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, wherein a random element is determined from said elements in said list of policies or devices, and wherein the user passes said RANDOM policy if the user passes said random element.

20. A method of storing biometric templates in a hierarchical structure throughout an enterprise, the enterprise having multiple locations, comprising the steps of:
- determining a corporate location;
  
  storing all of the biometric templates associated with a group of users at said corporate location;
  
  dividing all of the remaining locations into multiple logical groupings, wherein each logical grouping is associated with a subset of said group of users;
  
  selecting a top level location in each of said logical groupings;
  
  storing at said top level location for each logical grouping all of the biometric templates associated with said subset of users; and
  
  storing at a bottom level location for each of said logical groupings all of said biometric templates associated with a further subset of said subset of users.

21. A method of storing digital certificates in a hierarchical structure throughout an enterprise, the enterprise having multiple locations, comprising the steps of:
- determining a corporate location;
  
  storing all of the digital certificates associated with a group of users at said corporate location;
  
  dividing all of the remaining locations into multiple logical groupings, wherein each logical grouping is associated with a subset of said group of users;
  
  selecting a top level location in each of said logical groupings;
  
  storing at said top level location for each logical grouping all of the digital certificates associated with said subset of users; and
  
  storing at a bottom level location for each of said logical groupings all of said digital certificates associated with a further subset of said subset of users.

22. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an OR policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said OR policy if the user passes one of said biometric devices in said list of devices.

23. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an OR policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said OR policy if the user passes said biometric device while being tested with at least two biometric measurements.

24. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an AND policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said AND policy if the user passes all of said biometric devices in said list of devices.

25. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an AND policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said AND policy if the user passes said biometric device while being tested with at least two biometric measurements.

26. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first biometric device or if the user exceeds a contingent threshold associated with said first biometric device and the user exceeds a minimum threshold associated with a second biometric device.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, wherein said minimum thresholds and said contingent threshold is set by an administrator.
  - 28. The system of claim 26, wherein said second biometric device is selected based on environmental conditions.

29. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes only one biometric device, wherein a first biometric measurement and a second biometric measurement are associated with said biometric device, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with said biometric device and said first biometric measurement or if the user exceeds a contingent threshold associated with said biometric device and said first biometric measurement and the user exceeds a minimum threshold associated with said biometric device and said second biometric measurement.

30. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a RANDOM policy having a list of devices, wherein said list of devices includes at least two different biometric devices, wherein a random biometric device is determined from said list of devices, and wherein the user passes said RANDOM policy if the user passes said random biometric device.

31. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a RANDOM policy having a list of devices, wherein said list of devices includes only one biometric device, wherein a random biometric measurement is determined from one or more biometric measurements, and wherein the user passes said RANDOM policy if the user passes said biometric device while being tested with said random biometric measurement.

32. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said biometric devices in said list of devices.

33. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested with one or more biometric measurements on said biometric device in said list of devices.

34. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an OR policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said OR policy if the user passes one of said biometric policies in said list of biometric policies.

35. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an AND policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said AND policy if the user passes all of said biometric policies in said list of biometric policies.

36. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a CONTINGENT policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first biometric policy or if the user exceeds a contingent threshold associated with said first biometric policy and the user exceeds a minimum threshold associated with a second biometric policy.

37. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a RANDOM policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, wherein a random biometric policy is determined from said list of biometric policies, and wherein the user passes said RANDOM policy if the user passes said random biometric policy.

38. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user;
  
  wherein said biometric policy is a THRESHOLD policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said biometric policies in said list of biometric policies.

39. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an OR policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said OR policy if the user passes one of said elements in said list of policies or devices.

40. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is an AND policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said AND policy if the user passes all of said elements in said list of policies or devices.

41. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a CONTINGENT policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first element or if the user exceeds a contingent threshold associated with said first element and the user exceeds a minimum threshold associated with a second element.

42. A system for controlling access to enterprise resources, comprising:
- a biometric server having stored therein biometric data related to a plurality of users, at least one biometric group that the user is associated with and at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources;
  
  at least one computer connected to said biometric server;
  
  a plurality of biometric devices, wherein said biometric policy has associated therewith at least one of said plurality of biometric devices; and
  
  wherein said biometric server includes means for indicating whether the user can access said enterprise resources, wherein said user may gain access to the enterprise resources by passing one of said biometric policies that has been assigned to the user, wherein said biometric policy is a RANDOM policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, wherein a random element is determined from said elements in said list of policies or devices, and wherein the user passes said RANDOM policy if the user passes said random element.

43. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is specified as one of the following;
  
  i. an OR policy having a list of devices;
  
  ii. an AND policy having a list of devices;
  
  iii. a CONTINGENT policy having a list of devices;
  
  iv. a RANDOM policy having a list of devices;
  
  or v. a THRESHOLD policy having a list of devices.
- View Dependent Claims (44, 45, 46, 47, 48)
- - 44. The method according to claim 43, wherein said biometric policy is further specified as one of the following:
45. The method claim 44, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.
46. The method according to claim 43, wherein said biometric policy is further specified as one of the following:
- vi. an OR policy having a list of policies or devices;
  
  vii. an AND policy having a list of policies or devices;
  
  viii. a CONTINGENT policy having a list of policies or devices;
  
  ix. a RANDOM policy having a list of policies or devices;
  
  or x. a THRESHOLD policy having a list of policies or devices.
47. The method claim 46, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.
48. The method claim 43, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

49. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an OR policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said OR policy if the user passes one of said biometric devices in said list of devices.
- View Dependent Claims (50, 51)
- - 50. The method according to claim 49, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 51. The method claim 49, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

52. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an OR policy having a list of devices, wherein said biometric policy is an OR policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said OR policy if the user passes said biometric device while being tested with at least two biometric measurements.
- View Dependent Claims (53, 54)
- - 53. The method according to claim 52, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 54. The method claim 52, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

55. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an AND policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said AND policy if the user passes all of said biometric devices in said list of devices.
- View Dependent Claims (56, 57)
- - 56. The method according to claim 55, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 57. The method claim 55, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

58. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an AND policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said AND policy if the user passes said biometric device while being tested with at least two biometric measurements.
- View Dependent Claims (59, 60)
- - 59. The method according to claim 58, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 60. The method claim 58, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

61. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first biometric device or if the user exceeds a contingent threshold associated with said first biometric device and the user exceeds a minimum threshold associated with a second biometric device.
- View Dependent Claims (62, 63)
- - 62. The method according to claim 61, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 63. The method claim 61, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

64. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes only one biometric device, wherein a first biometric measurement and a second biometric measurement are associated with said biometric device, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with said biometric device and said first biometric measurement or if the user exceeds a contingent threshold associated with said biometric device and said first biometric measurement and the user exceeds a minimum threshold associated with said biometric device and said second biometric measurement.
- View Dependent Claims (65, 66)
- - 65. The method according to claim 64, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 66. The method claim 64, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

67. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a RANDOM policy having a list of devices, wherein said list of devices includes at least two different biometric devices, wherein a random biometric device is determined from said list of devices, and wherein the user passes said RANDOM policy if the user passes said random biometric device.
- View Dependent Claims (68, 69)
- - 68. The method according to claim 67, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 69. The method claim 67, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

70. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a RANDOM policy having a list of devices, wherein said list of devices includes only one biometric device, wherein a random biometric measurement is determined from one or more biometric measurements, and wherein the user passes said RANDOM policy if the user passes said biometric device while being tested with said random biometric measurement.
- View Dependent Claims (71, 72)
- - 71. The method according to claim 70, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 72. The method claim 70, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

73. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes at least two different biometric devices, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said biometric devices in said list of devices.
- View Dependent Claims (74, 75)
- - 74. The method according to claim 73, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 75. The method claim 73, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

76. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes only one biometric device, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested with one or more biometric measurements on said biometric device in said list of devices.
- View Dependent Claims (77, 78)
- - 77. The method according to claim 76, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 78. The method claim 76, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

79. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an OR policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said OR policy if the user passes one of said biometric policies in said list of biometric policies.
- View Dependent Claims (80, 81)
- - 80. The method according to claim 79, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 81. The method claim 79, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

82. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an AND policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said AND policy if the user passes all of said biometric policies in said list of biometric policies.
- View Dependent Claims (83, 84)
- - 83. The method according to claim 82, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 84. The method claim 82, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

85. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a CONTINGENT policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first biometric policy or if the user exceeds a contingent threshold associated with said first biometric policy and the user exceeds a minimum threshold associated with a second biometric policy.
- View Dependent Claims (86, 87)
- - 86. The method according to claim 85, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 87. The method claim 85, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

88. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a RANDOM policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, wherein a random biometric policy is determined from said list of biometric policies, and wherein the user passes said RANDOM policy if the user passes said random biometric policy.
- View Dependent Claims (89, 90)
- - 89. The method according to claim 88, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 90. The method claim 88, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

91. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a THRESHOLD policy having a list of biometric policies, wherein said list of biometric policies includes at least two biometric policies, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said biometric policies in said list of biometric policies.
- View Dependent Claims (92, 93)
- - 92. The method according to claim 91, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 93. The method claim 91, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

94. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an OR policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said OR policy if the user passes one of said elements in said list of policies or devices.
- View Dependent Claims (95, 96)
- - 95. The method according to claim 94, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 96. The method claim 94, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

97. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is an AND policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said AND policy if the user passes all of said elements in said list of policies or devices.
- View Dependent Claims (98, 99)
- - 98. The method according to claim 97, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 99. The method claim 97, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

100. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a CONTINGENT policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first element or if the user exceeds a contingent threshold associated with said first element and the user exceeds a minimum threshold associated with a second element.
- View Dependent Claims (101, 102)
- - 101. The method according to claim 100, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 102. The method claim 100, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

103. A method for providing user authentication to enterprise resources, comprising the steps of:
- (a) setting up a biometric server, said biometric server having stored therein at least one biometric policy that determines whether the user can gain access to the enterprise resources, wherein said biometric policy has associated therewith at least one biometric device;
  
  (b) determining whether the user is authenticated by executing said biometric policy; and
  
  (c) allowing the user access to the enterprise resources if the user passes said biometric policy, otherwise denying access to the user to the enterprise resources, wherein said biometric policy is a RANDOM policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, wherein a random element is determined from said elements in said list of policies or devices, and wherein the user passes said RANDOM policy if the user passes said random element.
- View Dependent Claims (104, 105)
- - 104. The method according to claim 103, wherein said biometric server has stored therein at least two biometric policies that each define different authentication levels, each said authentication level defining a probability that the user is authorized to access the enterprise resources.
  - 105. The method claim 103, further comprising the step of enrolling the user for authentication by having the user create a biometric template for each said biometric device, wherein said biometric template includes biometric data unique to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BioNetrix Systems Corporation
Original Assignee
BioNetrix Systems Corporation
Inventors
Bianco, Peter Garrett, Sterling, Robert Brewster, Boon, William Taylor, Ware, Karl Roger
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US09/264,726
Time in Patent Office

847 Days
Field of Search

713/200, 713/201, 713/161, 713/186, 713/202, 380/3, 380/4, 380/25, 709/229, 340/825.31, 340/825.34
US Class Current

713/186
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G07C 9/37 using biometric data, e.g. ...

System, method and computer program product for allowing access to enterprise resources using biometric devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

769 Citations

105 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for allowing access to enterprise resources using biometric devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

769 Citations

105 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links