Cryptographic authorization with prioritized and weighted authentication
First Claim
1. A method of authorization of user access to a selected resource, the method comprising the steps of:
- providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1), for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
providing a user response for each of the authentication mechanisms;
computing a sum TS of all the weights wi for which the user satisfies authentication test number i; and
when the sum TS is not at least equal to a threshold value TSthr,1, granting the user access to a selected default subset of the resource, and including the step of associating a numerical cryptographic strength with each of said authentication mechanisms.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and associated method for authorizing, or withholding authorization of, user access to a selected computer application or other resource, based on the user'"'"'s response to one or more user authentication tests. If the user is presented with two or more authentication tests, each with an associated test weight, the system optionally sums the weights of the tests satisfied by the user; and if this sum is greater than a selected test score threshold, the user is granted access to the resource. Alternatively, the user is granted access to selected subsets of the application, including an empty or non-empty default subset, depending upon the sum of the weights of the tests satisfied by the user. An authentication test or its associated weight may change at a selected time, and the selected time may be determined with reference to a time at which the resource changes. A smartcard may be used to respond to one or more authentication tests.
-
Citations
37 Claims
-
1. A method of authorization of user access to a selected resource, the method comprising the steps of:
-
providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1), for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
providing a user response for each of the authentication mechanisms;
computing a sum TS of all the weights wi for which the user satisfies authentication test number i; and
when the sum TS is not at least equal to a threshold value TSthr,1, granting the user access to a selected default subset of the resource, and including the step of associating a numerical cryptographic strength with each of said authentication mechanisms. - View Dependent Claims (2, 3, 4, 5, 8)
-
-
6. A method of authorization of user access to a selected resource, the method comprising the steps of:
-
providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1), for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
providing a user response for each of the authentication mechanisms;
computing a sum TS of all the weights wi for which the user satisfies authentication test number i; and
when the sum TS is not at least equal to a threshold value TSthr,1, granting the user access to a selected default subset of the resource, and including the step of causing a change in at least one of said test and said weight associated with at least one of said authentication mechanisms at a selected time. - View Dependent Claims (7)
-
-
9. A method of authorization of user access to a selected resource, the method comprising the steps of:
-
providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1), for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
providing a user response for each of the authentication mechanisms;
computing a sum TS of all the weights wi for which the user satisfies the ith authentication test;
providing a sequence of threshold values TSthr,j (j=1, 2, . . . J;
J≧
1)) satisfying TSthr,1<
TSthr,2<
. . .<
TSthr,J; and
when the sum TS satisfies the condition TSthr,j≦
TS<
TSthr,j+1 for some integer j in the range 1≦
j≦
J−
1, allowing the user access to a selected subset of the resource corresponding to the value TSthr,j, and including the step of associating a numerical cryptographic strength with each of said authentication mechanisms.- View Dependent Claims (10, 11, 12, 15)
-
-
13. A method of authorization of user access to a selected resource, the method comprising the steps of:
-
providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I>
1), for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
providing a user response for each of the authentication mechanisms;
computing a sum TS of all the weights wi for which the user satisfies the ith authentication test;
providing a sequence of threshold values TSthr,j (j=1, 2, . . . J;
J>
1)) satisfying TSthr,1<
TSthr,2<
. . .<
TSthr,J; and
when the sum TS satisfies the condition TSthr,j≦
TS≦
TSthr,j+1 for some integer j in the range 1<
j<
J−
1, allowing the user access to a selected subset of the resource corresponding to the value TSthr,j, further including the step of causing a change in at least one of said test and said weight associated with at least one of said authentication mechanisms at a selected time.- View Dependent Claims (14)
-
-
16. A system for authorization of user access to a selected resource, the system comprising a computer that is programmed:
-
to provide I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1) for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
to receive or provide a user response for each or the authentication mechanisms;
to compute a sum TS of all the weights wi for which the user satisfies the ith authentication test; and
when the sum TS is not at least equal to a threshold value TSthr,1, to grant the user access to a selected default subset of the resource, wherein said computer is further programmed to associate a numerical cryptographic strength with each of said authentication mechanisms. - View Dependent Claims (17, 18, 19, 20, 23)
-
-
21. A system for authorization of user access to a selected resource, the system comprising a computer that is programmed:
-
to provide I user authentication mechanisms, numbered i=1, 2, . . . , I (I>
1) for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
to receive or provide a user response for each or the authentication mechanisms;
to compute a sum TS of all the weights wi for which the user satisfies the ith authentication test; and
when the sum TS is not at least equal to a threshold value TSthr,1, to grant the user access to a selected default subset of the resource, wherein said computer is further programmed to cause a change in at least one of said test and said weight associated with at least one of said authentication mechanisms at a selected time. - View Dependent Claims (22)
-
-
24. A system for authorization of user access to a selected resource, the system comprising a computer that is programmed:
-
to provide I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1) for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
to receive or provide a user response for each of the authentication mechanisms;
to compute a sum TS of all the weights wi for which the user satisfies the ith authentication test;
providing a sequence of threshold values TSthr,j (j=1, 2, . . . , J;
J≧
1)) satisfying TSthr,1<
TSthr,2<
. . .<
TSthr,J; and
when the sum TS satisfies the condition TSthr,j≦
TS<
TSthr,j+1 for some integer j in the range 1≦
j≦
J−
1, to allow the user access to a selected subset of the resource corresponding to the value TSthr,j, wherein said computer is further programmed to associating a numerical cryptographic strength with each of said authentication mechanisms.- View Dependent Claims (25, 26, 27, 30)
-
-
28. A system for authorization of user access to a selected resource, the system comprising a computer that is programmed:
-
to provide I user authentication mechanisms, numbered i=1, 2, . . . , I (I≧
1) for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
to receive or provide a user response for each of the authentication mechanisms;
to compute a sum TS of all the weights wi for which the user satisfies the ith authentication test;
providing a sequence of threshold values TSthr,j (j=1, 2, . . . , J;
J>
1)) satisfying TSthr,1<
TSthr,2<
. . .<
TSthr,J; and
when the sum TS satisfies the condition TSthr,j<
TS<
TSthr,j+1 for some integer j in the range 1<
j<
J−
1, to allow the user access to a selected subset of the resource corresponding to the value TSthr,j, wherein said computer is further programmed to cause a change in at least one of said test and said weight associated with at least one of said authentication mechanisms at a selected time.- View Dependent Claims (29)
-
-
31. An article of manufacture comprising:
-
a computer usable medium having computer readable program code means embodied in the medium for authorizing access to a resource, the computer readable program code means in the article of manufacture comprising;
computer readable program code means for providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I≦
1) for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
computer readable program code means for receiving or providing a user response for each of the authentication mechanisms;
computer readable program code means for computing a sum TS of all the weights wi for which the user satisfies authentication test number i; and
when the sum TS is not at least equal to a selected threshold value TSthr,1, computer readable program code means for denying the user access to the resource, and further comprising computer readable program code means for associating a numerical cryptographic strength with each of said authentication mechanisms. - View Dependent Claims (32, 33, 34, 37)
-
-
35. An article of manufacture comprising:
-
a computer usable medium having computer readable program code means embodied in the medium for authorizing access to a resource, the computer readable program code means in the article of manufacture comprising;
computer readable program code means for providing I user authentication mechanisms, numbered i=1, 2, . . . , I (I<
1) for authenticating a user who seeks access to a resource, where the ith authentication mechanism has an associated authentication weight wi;
computer readable program code means for receiving or providing a user response for each of the authentication mechanisms;
computer readable program code means for computing a sum TS of all the weights wi for which the user satisfies authentication test number i; and
when the sum TS is not at least equal to a selected threshold value TSthr,1, computer readable program code means for denying the user access to the resource, and further comprising computer readable program code means for causing a change in at least one of said test and said weight associated with at least one of said authentication mechanisms at a selected time. - View Dependent Claims (36)
-
Specification