ABDS system utilizing security information in authenticating entity access
First Claim
1. A system for authenticating a requesting entity for access to a controlled resource, comprising:
- (a) a device of the requesting entity, the device maintaining securely therein a private key of a public-private key pair and adapted to generate digital signatures of a message using the private key, the message comprising a unique identifier and a request by the requesting entity for access to the controlled resource;
(b) an access authentication component having authority to allow or deny the request for access to the controlled resource, the access authentication component separate from the device but in electronic communication over a communications medium with the device for receipt of the digitally-signed message; and
(c) at least one database containing information linked together, the information including;
(i) the public key of the public-private key pair, but not the private key, (ii) predetermined authorization rights of the requesting entity to access the controlled resource, and (iii) a security profile of the device, wherein the security profile includes security features and manufacturing history of the device and wherein a security strength of the device relative to other devices is determinable from the security profile;
wherein the unique identifier is associated with the public key in the at least one database prior to receipt of the digitally-signed message and wherein the information is accessible by the access authentication component from the at least one database based on the unique identifier, and wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature using the public key obtained from the database, and if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for access to the controlled resource as a function of (i) the security strength of the device and (ii) the predetermined authorization rights of the requesting entity.
8 Assignments
0 Petitions
Accused Products
Abstract
AA system in which a requesting entity seeking access to a controlled resource is authenticated by an access authentication component includes the requesting entity initially opening a security account with the access authentication component, the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource. Security information is considered in authenticating the requesting entity.
176 Citations
42 Claims
-
1. A system for authenticating a requesting entity for access to a controlled resource, comprising:
-
(a) a device of the requesting entity, the device maintaining securely therein a private key of a public-private key pair and adapted to generate digital signatures of a message using the private key, the message comprising a unique identifier and a request by the requesting entity for access to the controlled resource;
(b) an access authentication component having authority to allow or deny the request for access to the controlled resource, the access authentication component separate from the device but in electronic communication over a communications medium with the device for receipt of the digitally-signed message; and
(c) at least one database containing information linked together, the information including;
(i) the public key of the public-private key pair, but not the private key, (ii) predetermined authorization rights of the requesting entity to access the controlled resource, and (iii) a security profile of the device, wherein the security profile includes security features and manufacturing history of the device and wherein a security strength of the device relative to other devices is determinable from the security profile;
wherein the unique identifier is associated with the public key in the at least one database prior to receipt of the digitally-signed message and wherein the information is accessible by the access authentication component from the at least one database based on the unique identifier, and wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature using the public key obtained from the database, and if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for access to the controlled resource as a function of (i) the security strength of the device and (ii) the predetermined authorization rights of the requesting entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for authenticating a requesting entity for access to a controlled resource, comprising:
-
(a) a device of the requesting entity, the device maintaining therein a private key of a public-private key pair and a security profile of the device, wherein the security profile identifies security features and manufacturing history of the device, the device adapted to generate digital signatures of a message using the private key, the message comprising;
(i) a unique identifier, (ii) a request by the requesting entity for access to the controlled resource, and (iii) the security profile of the device;
(b) an access authentication component having authority to allow or deny the request for access to the controlled resource, the access authentication component separate from the device but in electronic communication over a communications medium with the device for receipt of the digitally-signed message; and
(c) a database containing information linked together, the information including (i) the public key of the public-private key pair, but not the private key and (ii) predetermined authorization rights of the requesting entity to access the controlled resource, wherein the unique identifier is associated with the public key in the database prior to receipt of the digitally-signed message and wherein the information is accessible by the access authentication component from the database based on the unique identifier, and wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key of the device by decrypting the digital signature using the public key obtained from the database, and if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for access to the controlled resource as a function of (i) the predetermined authorization rights of the requesting entity and (ii) a security strength of the device relative to other devices determined dynamically, based upon the security features and manufacturing history of the device obtained from the digitally-signed message. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A system for providing a requesting entity with access to a controlled resource, comprising:
-
(a) a device possessed by the requesting entity, the device maintaining securely therein a private key of a public-private key pair and adapted to generate digital signatures of a message using the private key, the digitally-signed message comprising;
(i) a unique identifier, (ii) a request by the requesting entity for access to the controlled resource, and (iii) a security profile of the device, wherein the security profile includes security features and manufacturing history of the device, (b) an access authentication component having authority to grant or refuse the request for access to the controlled resource, the access authentication component maintaining in a database a security account of the requesting entity, the security account including information accessible by the access authentication component based on the unique identifier, the information including the public key of the public-private key pair and predetermined authorization of the requesting entity to access the controlled resource; and
(c) a transmitter component in electronic communication over a communications medium with the device and with the access authentication component, the transmitter component configured to transmit the digitally-signed message from the device to the access authentication component;
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key by decrypting the digital signature using the public key obtained from the database, such verification not requiring a digital certificate or the security profile and, upon successful verification of the message, the access authentication component grants the requesting entity with access to the controlled resource as a function of (i) the predetermined authorization of the requesting entity and (ii) a security level of the manufactured device relative to other manufactured devices determined dynamically, based upon security features and manufacturing history of the device obtained from the digitally-signed message. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A system for providing a requesting entity with access to a controlled resource, comprising:
-
(a) a device of the requesting entity, the device maintaining securely therein a private key of a public-private key pair and adapted to generate digital signatures of a message using the private key, the message comprising a unique identifier and serving as a request for access to the controlled resource;
(b) an access authentication component having authority to grant or deny the request for access to the controlled resource;
(c) a database containing information linked together, the information including;
(i) the public key of the public-private key pair, but not the private key, (ii) predetermined authorization rights of the requesting entity to access the controlled resource, and (iii) a security profile of the device, wherein the security profile includes security features and manufacturing history of the device and wherein the security profile defines a security level of the device relative to other devices;
wherein the unique identifier is associated with the public key in the database prior to receipt of the digitally-signed message and wherein the information is accessible by the access authentication component from the database based on the unique identifier; and
(d) a transmitter component in electronic communication over a communications medium with the device and with the access authentication component, the transmitter component configured to transmit the digitally-signed message from the device to the access authentication component;
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key by decrypting the digital signature using the public key obtained from the database, such verification not requiring a digital certificate or the security profile and, upon successful verification of the message, the access authentication component grants the requesting entity with access to the controlled resource as a function of (i) the security level of the device, and (ii) the predetermined authorization rights of the requesting entity. - View Dependent Claims (31, 32, 38, 39)
-
-
33. A system for authenticating a requesting entity for access to a controlled resource having a defined security level, wherein, prior to a request for access to the controlled resource, the requesting entity is provided with a device, the device adapted to generate digital signatures using a unique private key of a public-private key pair, the private key being stored securely within the device, the public key of the public-private key pair is stored in a database accessible by an access authentication component, the access authentication component having authority to allow or deny the request for access to the controlled resource, a unique identifier is associated with the public key such that the public key is retrievable from the database by the access authentication component based upon the unique identifier, and authorization rights of the requesting entity to access the controlled resource are assigned to the requesting entity, the system further comprising:
-
(a) a security profile of the device, wherein the security profile is stored in the database and linked together with the public key of the device, wherein the security profile includes at least one of security features and manufacturing history of the device and wherein the security profile defines a security strength of the device relative to other devices adapted to generate digital signatures;
(b) a message digitally-signed by the device using the private key stored therein, the digitally-signed message including the unique identifier and acting as the request for access to the controlled resource;
(c) a data transmission component in electronic communication with the device and in electronic communication over a communications medium with the access authentication component, wherein the data transmission component receives the digitally-signed message from the device and transmits the digitally-signed message to the access authentication component; and
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key maintained within the device by decrypting the digital signature using the public key obtained from the database, such verification not requiring a digital certificate or the security profile and, if the digitally-signed message verifies, the access authentication component authenticates the requesting entity for access to the controlled resource as a function of (i) the security strength of the device;
(ii) the security level of the controlled resource, and (iii) the authorization rights of the requesting entity.- View Dependent Claims (34, 35, 36, 37)
-
-
40. A system for granting a requesting entity with access to a controlled resource, wherein, prior to a request for access to the controlled resource, the requesting entity is provided with a portable device, the portable device securely maintaining there a private key of a public-private key pair, the public key of the public-private key pair is stored in at least one database of an access authentication component, the access authentication component having authority to grant or refuse the request for access to the controlled resource, a unique identifier is associated with the public key such that the public key is retrievable from the database by the access authentication component based upon the unique identifier, and authorization rights of the requesting entity to access the controlled resource are assigned to the requesting entity, the system further comprising:
-
(a) a message digitally-signed by the device using the private key, the digitally-signed message serving as the request by the requesting entity for access to the controlled resource and including;
(i) the unique identifier, and (ii) a security profile of the device, wherein the security profile includes at least one of security features and manufacturing history of the device;
(b) a means for electronically communicating the digitally-signed message from the device to the access authentication component; and
wherein, in response to receipt of the digitally-signed message, the access authentication component verifies that the message was digitally-signed using the private key by decrypting the digital signature using the public key obtained from the database, such verification not requiring a digital certificate or the security profile of the device and, upon successful verification of the message, the access authentication component grants the requesting entity with access to the controlled resource as a function of (i) the authorization rights of the requesting entity and (ii) a relative security strength of the portable device determined dynamically by the access authentication component based upon the security features and manufacturing history of the device obtained from the digitally-signed message. - View Dependent Claims (41, 42)
-
Specification