ABDS system and verification status for authenticating entity access
First Claim
1. A system for authenticating a requesting entity for access to a controlled resource, comprising:
- (a) a device possessed by the requesting entity, the device maintaining securely therein pre-stored verification data of the requesting entity, the device configured to generate, upon receipt of suspect verification data input into the device, a verification status indicator based on a comparison of the suspect verification data with the pre-stored verification data of the requesting entity, the device also maintaining securely therein a private key of a public-private key pair and adapted to generate a digital signature of a message using the private key, the digitally-signed message comprising;
(i) a unique identifier, (ii) a request by the requesting entity for access to the controlled resource, and (iii) the verification status indicator generated by the device;
(b) an access authentication component having authority to allow or deny the request for access to the controlled resource, the access authentication component separate from the device but in electronic communication over a communications medium with the device for receipt of the digitally-signed message; and
(c) a database accessible by the access authentication component, the database containing predetermined authorization rights of the requesting entity and the public key of the public-private key pair but not containing the private key or the verification data of the requesting entity, wherein the unique identifier is associated with the public key in the database prior to receipt of the digitally-signed message and wherein the public key is accessible from the database based on the unique identifier;
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature using the public key obtained from the database, and if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for access to the controlled resource as a function of (i) the verification status indicator obtained from the digitally-signed message and (ii) the predetermined authorization rights of the requesting entity.
8 Assignments
0 Petitions
Accused Products
Abstract
A system in which a requesting entity seeking access to a controlled resource is authenticated by an access authentication component includes the requesting entity initially opening a security account with the access authentication component, the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with record; the requesting entity originating an electronic message and generating a digital signature using a provide key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource. A digitally signed verification status is included with the electronic message.
-
Citations
40 Claims
-
1. A system for authenticating a requesting entity for access to a controlled resource, comprising:
-
(a) a device possessed by the requesting entity, the device maintaining securely therein pre-stored verification data of the requesting entity, the device configured to generate, upon receipt of suspect verification data input into the device, a verification status indicator based on a comparison of the suspect verification data with the pre-stored verification data of the requesting entity, the device also maintaining securely therein a private key of a public-private key pair and adapted to generate a digital signature of a message using the private key, the digitally-signed message comprising;
(i) a unique identifier, (ii) a request by the requesting entity for access to the controlled resource, and (iii) the verification status indicator generated by the device;
(b) an access authentication component having authority to allow or deny the request for access to the controlled resource, the access authentication component separate from the device but in electronic communication over a communications medium with the device for receipt of the digitally-signed message; and
(c) a database accessible by the access authentication component, the database containing predetermined authorization rights of the requesting entity and the public key of the public-private key pair but not containing the private key or the verification data of the requesting entity, wherein the unique identifier is associated with the public key in the database prior to receipt of the digitally-signed message and wherein the public key is accessible from the database based on the unique identifier;
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature using the public key obtained from the database, and if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for access to the controlled resource as a function of (i) the verification status indicator obtained from the digitally-signed message and (ii) the predetermined authorization rights of the requesting entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for providing a requesting entity with access to a controlled resource, comprising:
-
(a) a device possessed by the requesting entity, the device maintaining securely therein pre-stored verification data of the requesting entity, the device configured to generate a verification status indicator based on a comparison of the suspect verification data input into the device with the pre-stored verification data of the requesting entity, the device also maintaining securely therein a private key of a public-private key pair and adapted to generate digital signatures of a message using the private key, the digitally-signed message comprising;
(i) a unique identifier, (ii) a request by the requesting entity for access to the controlled resource, and (iii) the verification status indicator generated by the device;
(b) an access authentication component having authority to allow or deny the request for access to the controlled resource, the access authentication component maintaining in a database a security account of the requesting entity, the security account including information accessible by the access authentication component based on the unique identifier, the information including the public key of the public-private key pair and predetermined authorization of the requesting entity to access the controlled resource; and
(c) a transmitter component in electronic communication of a communication medium with the device and with the access authentication component, the transmitter component configured to transmit the digitally-signed message from the device to the access authentication component;
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key by decrypting the digital signature using the public key obtained from the database, such verification not requiring a digital certificate and, upon successful verification of the message, the access authentication component grants the requesting entity with access to the controlled resource as a function of the verification status indicator obtained from the digitally-signed message and the predetermined authorization of the requesting entity. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for authenticating a requesting entity for access to a controlled resource, wherein, prior to a request for access to the controlled resource, the requesting entity is provided with a secure device, verification data of the requesting entity is input into and stored securely within the secure device, a private key of a public-private key pair is stored securely within the secure device, the public key of the public-private key is stored in a database of an access authentication component having authority to allow or deny the request for access to the controlled resource, a unique identifier is associated with the public key such that the public key is retrievable from the database by the access authentication component based on the unique identifier, and authorization rights of the requesting entity to access the controlled resource are assigned to the requesting entity, the system further comprising:
-
(a) the secure device which receives suspect verification data, generates a verification status indicator based on a comparison of the suspect verification data with the pre-stored verification data of the requesting entity, and digitally signs a message that includes;
(i) the unique identifier, (ii) the request by the requesting entity for access to the controlled resource, and (iii) the verification status indicator;
(b) a data transmission component in electronic communication with the secure device and in electronic communication over a communications medium with the access authentication component, the data transmission component receives the digital signature of the message from the device and transmits the message and digital signature of the message to the access authentication component;
(c) upon receipt of the message and digital signature of the message, the access authentication component retrieves the public key from the database based on the unique identifier obtained from the message and verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature with the public key; and
(d) upon successful verification of the message and without need of a digital certificate to attest to the validity of the private key or to attest to the integrity of the secure device, the access authentication component grants the requesting entity with access to the controlled resource solely as a function of the verification status indicator obtained from the digitally-signed message and the pre-assigned authorization rights of the requesting entity.
-
-
28. A system for authenticating a requesting entity for continued access to a controlled resource, wherein the requesting entity already has been granted access to and is currently accessing the controlled resource, wherein an access authentication component has authority to allow or deny the continued access to the controlled resource, wherein the access authentication component has access to a database in which, prior to an original grant of access to the controlled resource for the requesting entity, a unique identifier has been associated with a public key of a public-private key pair and wherein the public key is accessible from the database based on the unique identifier, comprising:
-
(a) the access authentication component maintains business rules regarding continued access to the controlled resource, and wherein the access authentication component sends a confirmation request to the requesting entity in accordance with the business rules;
(b) a device possessed by the requesting entity and maintaining securely therein pre-stored verification data of the requesting entity, the device configured to generate a verification status indicator based on a comparison of suspect verification data input into the device with the pre-stored verification data of the requesting entity, the device also maintaining securely therein the private key of the public-private key pair and adapted to generate digital signatures using the private key, wherein, in response to the confirmation request, the requesting entity inputs suspect verification data into the device and wherein, in response to the input of suspect verification data, the device (i) generates the verification status indicator, (ii) includes the verification status indicator in a message, and (iii) digitally-signs the message using the private key; and
wherein the digitally-signed message is provided to the access authentication component;
(c) in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature using the public key obtained from the database; and
(d) if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for continued access to the controlled resource as a function of the verification status indicator obtained from the digitally-signed message. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification