Authentication framework for multiple authentication processes and mechanisms

US 6,651,168 B1
Filed: 01/29/1999
Issued: 11/18/2003
Est. Priority Date: 01/29/1999
Status: Expired due to Term

First Claim

Patent Images

1. An authentication subsystem for enabling a computer system to authenticate a user with a selected one of a plurality of authentication processes, each having a distinct sequence of steps and a unique input/output (I/O) interface for exchanging authentication information with the computer system, comprising:

a first conversation function driver coupled to a first authentication module, defining a first programmed sequence of steps to authenticate a user with a first authentication process, said first driver having access to first display configuration information and first input device configuration information used during said first authentication process, to configure a user display and input device for the first authentication process;

a second conversation function driver coupled to a second authentication module, defining a second programmed sequence of steps to authenticate a user with a second authentication process, said second driver having access to second display configuration information and second input device configuration information used during said second authentication process, to configure the user display and input device for the second authentication process;

an authentication framework in the computer system; and

a generic conversation function including an interpreter/processor in the authentication framework coupled to the user display and input device, defining a generic programmed sequence of steps for selectively re-configuring the user display and input device layouts and a command line interface in response to said first programmed sequence of steps or said second programmed sequence of steps;

said generic conversation function receiving said first programmed sequence of steps from the first conversation driver, to selectively re-configure the user display and input device for authenticating a user during the first authentication process;

said generic conversation function receiving said second programmed sequence of steps from the second conversation driver, to selectively re-configure the user display and input device for authenticating a user during the second authentication process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication framework subsystem enables a computer system to authenticate a user with a selected one of a plurality of authentication processes. Each of the authentication processes has a distinct sequence of steps and a unique input/output (I/O) interface for exchanging authentication information with the computer system. The invention includes an authentication framework in the computer system. An application program interface in the authentication framework provides an interface to an I/O component, such as a graphical user interface (GUI), of the computer system. A plurality of authentication modules interface with the framework. Each module has a conversation function driver defining a programmed sequence of steps to authenticate a user with a distinct authentication process. A conversation function in the application program interface, defines a programmed sequence of steps for controlling the I/O component in response to generic instructions that have the same format but different sequences for each of the authentication modules.

Citations

21 Claims

1. An authentication subsystem for enabling a computer system to authenticate a user with a selected one of a plurality of authentication processes, each having a distinct sequence of steps and a unique input/output (I/O) interface for exchanging authentication information with the computer system, comprising:
- a first conversation function driver coupled to a first authentication module, defining a first programmed sequence of steps to authenticate a user with a first authentication process, said first driver having access to first display configuration information and first input device configuration information used during said first authentication process, to configure a user display and input device for the first authentication process;
  
  a second conversation function driver coupled to a second authentication module, defining a second programmed sequence of steps to authenticate a user with a second authentication process, said second driver having access to second display configuration information and second input device configuration information used during said second authentication process, to configure the user display and input device for the second authentication process;
  
  an authentication framework in the computer system; and
  
  a generic conversation function including an interpreter/processor in the authentication framework coupled to the user display and input device, defining a generic programmed sequence of steps for selectively re-configuring the user display and input device layouts and a command line interface in response to said first programmed sequence of steps or said second programmed sequence of steps;
  
  said generic conversation function receiving said first programmed sequence of steps from the first conversation driver, to selectively re-configure the user display and input device for authenticating a user during the first authentication process;
  
  said generic conversation function receiving said second programmed sequence of steps from the second conversation driver, to selectively re-configure the user display and input device for authenticating a user during the second authentication process.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authentication subsystem of claim 1, wherein said first authentication process is selected from the group consisting of a userid/password authentication process, a smart card authentication process, a fingerprint authentication process, a biometric authentication process, a voice print scanning authentication process, a hand and face geometry scanning authentication process, a body odor profiling authentication process, a vein scanning authentication process, and a signature recognition authentication process.
  - 3. The authentication subsystem of claim 2, wherein said second authentication process is selected from the group consisting of a userid/password authentication process, a smart card authentication process, a fingerprint authentication process, a biometric authentication process, a voice print scanning authentication process, a hand and face geometry scanning authentication process, a body odor profiling authentication process, a vein scanning authentication process, and a signature recognition authentication process.
  - 4. The authentication subsystem of claim 1, wherein said display device includes a graphical user interface.
  - 5. The authentication subsystem of claim 1, wherein said display device includes a command line interface.
  - 6. The authentication subsystem of claim 1, wherein said input device is a keyboard.
  - 7. The authentication subsystem of claim 1, wherein said first authentication module provides credentials derived from authentication to a single sign-on system.

8. An authentication method for enabling a computer system to authenticate a user with a selected one of a plurality of authentication processes, each having a distinct sequence of steps and a unique input/output (I/O) interface for exchanging authentication information with the computer system, comprising:
- defining a first programmed sequence of steps in a first conversation function driver coupled to a first authentication module, to authenticate a user with a first authentication process, said first driver having access to first display configuration information and first input device configuration information used during said first authentication process, to configure a user display and input device for the first authentication process;
  
  defining a second programmed sequence of steps in a second conversation function driver coupled to a second authentication module, to authenticate a user with a second authentication process, said second driver having access to second display configuration information and second input device configuration information used during said second authentication process, to configure the user display and input device for the second authentication process; and
  
  defining a generic programmed sequence of steps in a generic conversation function including an interpreter/processor in an authentication framework coupled to the user display and input device, for selectively re-configuring the user display and input device layouts and a command line in response to said first programmed sequence of steps or said second programmed sequence of steps;
  
  said generic conversation function receiving said first programmed sequence of steps from the first conversation driver, to re- configure the user display and input device for authenticating a user during the first authentication process;
  
  said generic conversation function receiving said second programmed sequence of steps from the second conversation driver, to re-configure the user display and input device for authenticating a user during the second authentication process.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The authentication method of claim 8, wherein said first authentication process is selected from the group consisting of a userid/password authentication process, a smart card authentication process, a fingerprint authentication process, a biometric authentication process, a voice print scanning authentication process, a hand and face geometry scanning authentication process, a body odor profiling authentication process, a vein scanning authentication process, and a signature recognition authentication process.
  - 10. The authentication method of claim 9, wherein said second authentication process is selected from the group consisting of a userid/password authentication process, a smart card authentication process, a fingerprint authentication process, a biometric authentication process, a voice print scanning authentication process, a hand and face geometry scanning authentication process, a body odor profiling authentication process, a vein scanning authentication process, and a signature recognition authentication process.
  - 11. The authentication method of claim 8, wherein said display device includes a graphical user interface.
  - 12. The authentication method of claim 8, wherein said display device includes a command line interface.
  - 13. The authentication method of claim 8, wherein said input device is a keyboard.
  - 14. The authentication method of claim 8, wherein said first authentication module provides credentials derived from authentication to a single sign-on system.

15. A computer program product in a computer-readable medium for enabling a computer system to authenticate a user with a selected one of a plurality of authentication processes, each having a distinct sequence of steps and a unique input/output (I/O) interface for exchanging authentication information with the computer system, the computer program product comprising:
- program code for defining a first programmed sequence of steps in a first conversation function driver coupled to a first authentication module, to authenticate a user with a first authentication process, said first driver having access to first display configuration information and first input device configuration information used during said first authentication process, to configure a user display and input device for the first authentication process;
  
  program code for defining a second programmed sequence of steps in a second conversation function driver coupled to a second authentication module, to authenticate a user with a second authentication process, said second driver having access to second display configuration information and second input device configuration information used during said second authentication process, to configure the user display and input device for the second authentication process; and
  
  program code for defining a generic programmed sequence of steps in a generic conversation function including an interpreter/processor an authentication framework coupled to the user display and input device, for selectively re-configuring the user display and input device layouts and a command line in response to said first programmed sequence of steps or said second programmed sequence of steps;
  
  said generic conversation function receiving said first programmed sequence of steps from the first conversation driver, to re-configure the user display and input device for authenticating a user during the first authentication process;
  
  said generic conversation function receiving said second programmed sequence of steps from the second conversation driver, to re-configure the user display and input device for authenticating a user during the second authentication process.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product of claim 15, wherein said first authentication process is selected from the group consisting of a userid/password authentication process, a smart card authentication process, a fingerprint authentication process, a biometric authentication process, a voice print scanning authentication process, a hand and face geometry scanning authentication process, a body odor profiling authentication process, a vein scanning authentication process, and a signature recognition authentication process.
  - 17. The computer program product of claim 16, wherein said second authentication process is selected from the group consisting of a userid/password authentication process, a smart card authentication process, a fingerprint authentication process, a biometric authentication process, a voice print scanning authentication process, a hand and face geometry scanning authentication process, a body odor profiling authentication process, a vein scanning authentication process, and a signature recognition authentication process.
  - 18. The computer program product of claim 15, wherein said display device includes a graphical user interface.
  - 19. The computer program product of claim 15, wherein said display device includes a command line interface.
  - 20. The computer program product of claim 15, wherein said input device is a keyboard.
  - 21. The computer program product of claim 15, wherein said first authentication module provides credentials derived from authentication to a single sign-on system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Schneider, David J., Kao, I-Lung, Willard, Ronald Gene, Milman, Ivan Matthew
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
MEISLAHN, DOUGLAS J

Application Number

US09/240,492
Time in Patent Office

1,754 Days
Field of Search

713/155, 713/182-186, 380/25
US Class Current

713/185
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/41   where a single sign-on prov...

Authentication framework for multiple authentication processes and mechanisms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication framework for multiple authentication processes and mechanisms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links