System and method for authenticating users in a computer network
DCFirst Claim
1. A method of controlling access in a computer network environment comprising the steps of:
- (a) receiving a user identification of a user;
(b) determining whether there exists an authentication rule associated with the user;
(c) prompting the user to provide biometric information according to the authentication rule associated with the user if it is determined that the authentication rule associated with the user exists;
(d) prompting the user to provide biometric information according to a system default authentication rule if it is determined that the authentication rule associated with the user does not exist;
(e) capturing the biometric information;
(f) retrieving a stored biometric information associated with the user identification;
(g) comparing the captured biometric information with the retrieved biometric information; and
(h) completing a log-on procedure if the captured biometric information corresponds to the retrieved biometric information.
9 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A rule based biometric user authentication method and system in a computer network environment is provided. Multiple authentication rules can exist in the computer network. For example, there may be a default system-wide rule, and a rule associated with a particular user trying to log in. There may be other rules such as one associated with a remote computer from which the user is logging in, one associated with a group to which the user belongs, or one associated with a system resource to which the user requires access such as an application program or a database of confidential information. An order of precedence among the rules is then established which is used to authenticate the user.
-
Citations
10 Claims
-
1. A method of controlling access in a computer network environment comprising the steps of:
-
(a) receiving a user identification of a user;
(b) determining whether there exists an authentication rule associated with the user;
(c) prompting the user to provide biometric information according to the authentication rule associated with the user if it is determined that the authentication rule associated with the user exists;
(d) prompting the user to provide biometric information according to a system default authentication rule if it is determined that the authentication rule associated with the user does not exist;
(e) capturing the biometric information;
(f) retrieving a stored biometric information associated with the user identification;
(g) comparing the captured biometric information with the retrieved biometric information; and
(h) completing a log-on procedure if the captured biometric information corresponds to the retrieved biometric information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
determining whether there exists an authentication rule associated with a remote computer from which the user is logging on;
prompting the user to provide biometric information according to the authentication rule associated with the remote computer if it is determined that the authentication rule associated with the remote computer exists.
-
-
3. The method of claim 1, prior to step (b), further comprising the steps of:
-
determining whether there exists an authentication rule associated with an object to which the user is being authenticated for access;
prompting the user to provide biometric information according to the authentication rule associated with the object if it is determined that the authentication rule associated with the object exists.
-
-
4. The method of claim 1, after step (c) and prior to step (d), further comprising the steps of:
-
determining whether there exists an authentication rule associated with a group to which the user belongs;
requesting the user to provide biometric information according to the authentication rule associated with the group if it is determined that the authentication rule associated with the group exists;
wherein step (d) includes prompting the user to provide biometric information according to the system default authentication rule if it is determined that both the authentication rule associated with the user and the authentication rule associated with the group do not exist.
-
-
5. The method of claim 1, further comprising the steps of:
-
determining whether there exists an authentication rule associated with an object to which the user is being authenticated for access;
requesting the user to provide biometric information according to the authentication rule associated with the object if it is determined that the authentication rule associated with the object exists;
determining whether there exists an authentication rule associated with a remote computer from which the user is logging on if the authentication rule associated with the object to which the user is being authenticated for access does not exist;
requesting the user to provide biometric information according to the authentication rule associated with the remote computer if it is determined that the authentication rule associated with the remote computer exists;
wherein step (b) includes determining whether there exists an authentication rule associated with the user if the authentication rule associated with the remote computer does not exist;
determining whether there exists an authentication rule associated with a group to which the user belongs if it is determined that the authentication rule associated with the user does not exist;
requesting the user to provide biometric information according to the authentication rule associated with the group if it is determined that the authentication rule associated with the group exists;
wherein step (d) includes prompting the user to provide biometric information according to the system default authentication rule if it is determined that both the authentication rule associated with the user and the authentication rule associated with the group do not exist.
-
-
6. The method of claim 1, wherein the biometric information includes information relating to one or more of a finger, hand, face, voice and signature of the user.
-
7. The method of claim 1, wherein the rule includes a parameter that specifies which type of biometric information reading devices is allowable for authentication.
-
8. The method of claim 1, wherein the rule includes a parameter that specifies the confidence level of a match between the captured biometric information and the retrieved biometric information.
-
9. A method of controlling access in a computer network environment comprising the steps of:
-
(a) receiving a user identification of a user;
(b) determining whether there exists an authentication rule associated with the user;
(c) authenticating the user with a captured biometric information and a previously stored biometric information according to the authentication rule associated with the user if it is determined that the authentication rule associated with the user exists; and
(d) authenticating the user with the captured biometric information and the previously stored biometric information according to a system default authentication rule if it is determined that the authentication rule associated with the user does not exist. - View Dependent Claims (10)
determining whether there exists an authentication rule associated with a remote computer from which the user is logging on;
authenticating the user with the captured biometric information and the previously stored biometric information according to the authentication rule associated with the remote computer if it is determined that the authentication rule associated with the remote computer exists.
-
Specification