Accessing a secure resource using certificates bound with authentication information

US 6,636,975 B1
Filed: 12/15/1999
Issued: 10/21/2003
Est. Priority Date: 12/15/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user;

verifying the identification information;

issuing a certificate to the user when the identification information is verified;

signing a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;

signing the authentication information; and

sending the unique user identifier to an authentication server that is configured to authenticate the user in reference to the sent information.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program product for accessing a secure resource using a certificate bound with authentication information. In one implementation, the method includes receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user; verifying the identification information; issuing a certificate to the user when the identification information is verified; and sending the authentication information and a certificate identifier for the certificate to an authentication server. According to one aspect, the sending step includes signing a combination of the authentication information and the certificate identifier to form a unique user identifier; signing the authentication information; and sending the unique user identifier to the authentication server.

Citations

18 Claims

1. A method, comprising:
- receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
  
  verifying the identification information;
  
  issuing a certificate to the user when the identification information is verified;
  
  signing a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
  
  signing the authentication information; and
  
  sending the unique user identifier to an authentication server that is configured to authenticate the user in reference to the sent information.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the authentication information includes at least one of a password, smartcard information, and biometric information.
  - 3. The method of claim 2, wherein the biometric information includes information describing at least one of a fingerprint, facial scan, voice print, or iris scan of the user.

4. A method for use in a secure server, comprising:
- receiving a certificate for a user and a request for access for the user to the secure server;
  
  sending an authentication query regarding the user to an authentication server;
  
  receiving a delta in response to the authentication query, the delta indicating the amount of time that has passed since the user was last authenticated by the authentication server;
  
  comparing the delta to a predefined threshold; and
  
  granting access when the predefined threshold exceeds the delta.
- View Dependent Claims (5)
- - 5. The method of claim 4, further comprising:

6. A method, comprising:
- sending a request for access to a secure server, the request containing a certificate associated with a user;
  
  signing a combination of authentication information and a certificate identifier for the certificate to form a unique user identifier;
  
  signing the authentication information;
  
  sending the unique user identifier, when the secure server denies access, to an authentication server configured to authenticate the user in reference to the sent information; and
  
  sending the certificate and request to the secure server again when an indication of authentication is received from the authentication server.

7. A method for use in an authentication server, comprising:
- receiving, from a secure server, a request to authenticate a user;
  
  determining a delta indicating the amount of time that has passed since the user was last authenticated by the authentication server; and
  
  sending the delta to the secure server.
- View Dependent Claims (8)
- - 8. The method of claim 7, further comprising:

9. A computer program product, tangibly stored on a machine-readable medium, comprising instructions operable to cause a programmable processor to:
- receive a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
  
  verify the identification information;
  
  issue a certificate to the user when the identification information is verified;
  
  sign a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
  
  sign the authentication information; and
  
  send the unique user identifier to an authentication server operable to authenticate the user in reference to the sent information.
- View Dependent Claims (10, 11)
- - 10. The computer program product of claim 9, wherein the authentication information includes at least one of a password, smartcard information, and biometric information.
  - 11. The computer program product of claim 10, wherein the biometric information includes information describing at least one of a fingerprint, facial scan, voice print, or iris scan of the user.

12. A computer program product, tangibly stored on a machine-readable medium, for use in a secure server, comprising instructions operable to cause a programmable processor to:
- receive a certificate for a user and a request for access for the user to the secure server;
  
  send an authentication query regarding the user to an authentication server;
  
  receive a delta in response to the authentication query, the delta indicating the amount of time that has passed since the user was last authenticated by the authentication server;
  
  compare the delta to a predefined threshold; and
  
  grant access when the predefined threshold exceeds the delta.
- View Dependent Claims (13)
- - 13. The computer program product of claim 12, further comprising instructions to cause a programmable processor to:

14. A computer program product, tangibly stored on a machine-readable medium, comprising instructions operable to cause a programmable processor to:
- sign a combination of authentication information and a certificate identifier for a certificate associated with a user to form a unique user identifier;
  
  sign the authentication information;
  
  send a request for access to a secure server, the request containing a certificate associated with a user;
  
  send the unique user identifier, when the secure server denies access, to an authentication server operable to authenticate the user in reference to the sent information; and
  
  send the certificate and request to the secure server again when an indication of authentication is received from the authentication server.

15. A computer program product, tangibly stored on a machine-readable medium, comprising instructions operable to cause a programmable processor to:
- receive, from a secure server, a request to authenticate a user;
  
  determine a delta indicating the amount of time that has passed since the user was last authenticated by the authentication server; and
  
  send the delta to the secure server.
- View Dependent Claims (16)
- - 16. The computer program product of claim 15, further comprising instructions operable to cause a programmable processor to:

17. An authentication system, comprising a server configured to:
- receive a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
  
  verify the identification information;
  
  issue a certificate to the user when the identification information is verified;
  
  sign a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
  
  sign the authentication information; and
  
  send the unique user identifier to an authentication server that is configured to authenticate the user in reference to the sent authentication information.

18. An authentication system, comprising a server configured to:
- receive a certificate for a user and a request for access for the user to the secure server;
  
  send an authentication query regarding the user to an authentication server;
  
  receive a delta in response to the authentication query, the delta indicating the amount of time that has passed since the user was last authenticated by the authentication server;
  
  compare the delta to a predefined threshold; and
  
  when the predefined threshold exceeds the delta, denying access and causing a request for authentication information, including biometric information, to be sent to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Morphotrust USA Incorporated (Advent International Corporation)
Original Assignee
Identix, Inc. (Advent International Corporation)
Inventors
Kisurin, Sergey, Balashov, Alex, Khidekel, Yuri
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/464,214
Time in Patent Office

1,406 Days
Field of Search

713/155, 713/156, 713/157, 713/158, 713/186, 713/200-202, 382/115
US Class Current

726/10
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

H04L 63/0861   using biometrical features,...

Accessing a secure resource using certificates bound with authentication information

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing a secure resource using certificates bound with authentication information

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links