Remote unblocking with a security agent

US 7,162,736 B2
Filed: 08/20/2001
Issued: 01/09/2007
Est. Priority Date: 08/20/2001
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus to unblock a security device issued to an end user, comprising:

a client-side transfer agent for securely transferring information among an unblocking service, the end user, and the security device;

an agent-side transfer agent for securely transferring information between the unblocking service and a security agent;

an Unblock Authorization Code (UAC) generated after verification by the security agent and securely transferred from the agent-side transfer agent to the unblocking service, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;

an Unblock Code (UBC) securely transferred from the unblocking service to the client-side transfer agent, wherein the client-side transfer agent uses the UBC to unblock the security device; and

the unblocking service for establishing a secure gateway and storing the UAC and UBC,wherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus to unblock a security device issued to an end user includes an unblocking service for establishing a secure gateway. A client-side applet securely transfers information among the unblocking service, the end user, and the security device. An agent-side applet securely transfers information between the unblocking service and a security agent. An Unblock Authorization Code (UAC) is securely transferred from the agent-side applet and the client-side applet to the unblocking service. An Unblock Code (UBC) is securely transferred from the unblocking service to the client-side applet. The client-side applet is set to check at a configurable frequency for determining that the UAC is generated. The client-side applet uses the UBC to unblock the security device.

25 Citations

View as Search Results

32 Claims

1. An apparatus to unblock a security device issued to an end user, comprising:
- a client-side transfer agent for securely transferring information among an unblocking service, the end user, and the security device;
  
  an agent-side transfer agent for securely transferring information between the unblocking service and a security agent;
  
  an Unblock Authorization Code (UAC) generated after verification by the security agent and securely transferred from the agent-side transfer agent to the unblocking service, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  an Unblock Code (UBC) securely transferred from the unblocking service to the client-side transfer agent, wherein the client-side transfer agent uses the UBC to unblock the security device; and
  
  the unblocking service for establishing a secure gateway and storing the UAC and UBC,wherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1, wherein the security agent unblocks the security device from a remote location.
  - 3. The apparatus of claim 1, wherein an end user identifier and a password is presented by the end user for the client-side transfer agent to connect to the unblocking service.
  - 4. The apparatus of claim 3, wherein the end user identifier is an e-mail address.
  - 5. The apparatus of claim 1, wherein the secure gateway is configured to perform an authentication process for every transfer between the client-side transfer agent and the unblocking service.
  - 6. The apparatus of claim 1, wherein the end user is remote.
  - 7. The apparatus of claim 1, wherein the apparatus is accessible via a web interface.
  - 8. The apparatus of claim 1, wherein the client-side transfer agent is configured to check periodically at a configurable frequency for the UAC.
  - 9. The apparatus of claim 1, wherein the UAC is accepted upon correlation of an end user identifier and a security device identifier, wherein the unblocking service transfers the UBC to the client-side transfer agent after acceptance of the UAC by the unblocking service.
  - 10. The apparatus of claim 9, wherein the security device identifier is a serial number.
  - 11. The apparatus of claim 9, wherein the end user identifier is an e-mail address.
  - 12. The apparatus of claim 1, wherein the UBC is provided by the unblocking service to the client-side transfer agent after correlation of an end user identifier, a password, end a security device identifier.
  - 13. The apparatus of claim 12, wherein the security device identifier is a serial number.
  - 14. The apparatus of claim 12, wherein the end user identifier is an e-mail address.

15. A method of unblocking a security device issued to an end user, comprising:
- establishing a secure gateway by an unblocking service;
  
  transferring information among the unblocking service, the end user, and the security device in a secure manner;
  
  transferring information between the unblocking service and the security agent in a secure manner;
  
  generating an Unblock Authorization Code (UAC) after verification by a security agent, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  transferring the UAC securely from an agent-side transfer agent to the unblocking service;
  
  supplying the UAC to the end user by the security agent;
  
  applying the UAC to a client-side transfer agent by the end user;
  
  transferring the UAC securely from the client-side transfer agent to the unblocking service;
  
  verifying the UAC transferred by the client-side transfer agent and the agent-side transfer agent match;
  
  transferring an Unblock Code (UBC) securely from the unblocking service to the client-side transfer agent; and
  
  unblocking the security device using the UBC,wherein the unblocking service stores the UAC and the UBC,wherein the security agent and the agent-side transfer agent are unable to access the UBC,wherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15, wherein the security agent unblocks the security device from a remote location.
  - 17. The method of claim 15, wherein the end user is remote.
  - 18. The method of claim 15, further comprising:
    - presenting an end user identifier and a password by the end user for a client-side transfer agent to connect to the unblocking service.
  - 19. The method of claim 15, further comprising:
    - performing an authentication process for every transfer between a client-side transfer agent and the unblocking service.
  - 20. The method of claim 15, further comprising:
    - checking at a configurable frequency to determine whether the UAC is generated.
  - 21. The method of claim 15, further comprising:
    - correlating an end user identifier and security device identifier prior to acceptance of the UAC, wherein the unblocking service transfers the UBC to the client-side transfer agent after acceptance of the UAC by the unblocking service.
  - 22. The method of claim 15, further comprising:
    - providing the UBC by the unblocking service to the client-side transfer agent after correlation of an end user identifier, a password, and a security device identifier.

23. A method of unblocking a security device issued to an end user, comprising:
- establishing a secure gateway by an unblocking service;
  
  transferring information among the unblocking service, the end user, and the security device in a secure manner;
  
  transferring information between the unblocking service and the security agent in a secure manner;
  
  presenting an end user identifier and a password by the end user for a client-side transfer agent to connect to the unblocking service;
  
  performing an authentication process for every transfer between the client-side transfer agent and the unblocking service;
  
  generating an Unblock Authorization Code (UAC) after verification by a security agent, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  transferring the UAC securely from an agent-side transfer agent to the unblocking service;
  
  supplying the UAC to the end user by the security agent;
  
  applying the UAC to the client-side transfer agent by the end user;
  
  transferring the UAC securely from the client-side transfer agent to the unblocking service;
  
  verifying the UAC transferred by the client-side transfer agent and the agent-side transfer agent match through the unblocking service;
  
  transferring an Unblock Code (UBC) securely from the unblocking service to the client-side transfer agent;
  
  unblocking the security device using the UBC;
  
  checking at a configurable frequency to determine whether the UAC is generated;
  
  correlating the end user identifier and a security device identifier prior to acceptance of the UAC; and
  
  providing the UBC by the unblocking service to the client-side transfer agent after correlation of the end user identifier, the password, and the security device identifier,wherein the unblocking service stores the UAC and the UBC,wherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.

24. A method of unblocking a security device issued to an end user, comprising:
- gathering information from the end user and the security device;
  
  verifying the information gathered from the end user and the security device;
  
  contacting the security agent by the end user;
  
  supplying end user information verbally to the security agent;
  
  verifying identity of the end user by the security agent using an identity verification mechanism;
  
  generating an Unblock Authorization Code (UAC) after verification by the security agent, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  delivering the UAC to an unblocking service;
  
  storing the UAC against a security device record in a directory service;
  
  supplying the UAC from the security agent to the end user;
  
  applying the UAC to a client-side transfer agent by the end user;
  
  delivering the UAC securely from the client-side transfer agent to the unblocking service;
  
  verifying the UAC of the client-side transfer agent and an agent-side transfer agent match through the unblocking service;
  
  requesting an Unblock Code (UBC) from the directory service;
  
  unblocking the security device by transferring the UBC from the directory service to the client-side transfer agent;
  
  wherein the unblocking service stores the UAC and the UBC,wherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The method of claim 24, wherein the security device identifier is a serial number.
  - 26. The method of claim 24, wherein the end user identifier is an e-mail address.
  - 27. The method of claim 24, further comprising:
    - gathering information from the end user using the client-side transfer agent; and
      
      gathering information from the security device using the client-side transfer agent.
  - 28. The method of claim 24, further comprising;
    - generating a new UBC;
      
      setting the security device to the new UBC; and
      
      delivering the new UBC to the directory service.
  - 29. The method of claim 24, further comprising:
    - verifying the security device is not already permanently blocked.

30. A method of unblocking a security device issued to an end user, comprising:
- gathering information from the end user and the security device;
  
  verifying the information gathered from the end user and the security device;
  
  contacting the security agent by the end user;
  
  supplying end user information to the security agent;
  
  verifying identity of the end user by the security agent using an identity verification mechanism;
  
  generating an Unblock Authorization Code (UAC) after verification by the security agent, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  transferring the UAC to an unblocking service;
  
  storing the UAC against a security device record in a directory service;
  
  transferring the UAC to an unblocking service;
  
  storing the UAC against a security device record in a directory service;
  
  supplying the UAC from the security agent to the end user;
  
  applying the UAC to a client-side transfer agent by the end user;
  
  delivering the UAC securely from the client-side transfer agent to the unblocking service;
  
  verifying the UAC transferred by the client-side transfer agent en agent-side transfer agent match through the unblocking service;
  
  requesting an Unblock Code (UBC) from the directory service;
  
  unblocking the security device by transferring the UBC from the directory service to the client-side transfer agent;
  
  gathering information from the end user using the client-side transfer agent;
  
  gathering information from the security device using the client-side transfer agent;
  
  generating a new UBC;
  
  setting the security device to the new UBC;
  
  delivering the new UBC to the directory service; and
  
  verifying the security device is not already permanently blocked,wherein the unblocking service stores the UAC and the UBC,wherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.

31. A computer system adapted to unblock a security device issued to an end user, comprising:
- a processor;
  
  a memory, andsoftware instructions for enabling the computer under control of the processor, to establish a secure gateway by an unblocking service;
  
  transfer information among the unblocking service, the end user, and the security device in a secure manner;
  
  transfer information between the unblocking service and a security agent in a secure manner;
  
  generating an Unblock Authorization Code (UAC) after verification by a security agent, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  transfer the UAC securely from an agent-side transfer agent and a client-side transfer agent to the unblocking service;
  
  transfer an Unblock Code (UBC) securely from the unblocking service to the client-side transfer agent; and
  
  unblock the security device using the UBC;
  
  wherein the unblocking service stores the UAC and the UBC,wherein the security device is configured to be accessed by a security device reader operatively connected to and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.

32. An apparatus for unblocking a security device issued to an end user, comprising;
- means for establishing a secure gateway by an unblocking service;
  
  means for transferring information among the unblocking service, the end user, and the security device in a secure manner;
  
  means for transferring information between the unblocking service and a security agent in a secure manner;
  
  means for generating an Unblock Authorization Code (UAC) after verification by a security agent, wherein verification comprises verifying the end user is assigned the security device while the end user is in possession of the security device;
  
  means for transferring the UAC securely from an agent-side transfer agent and a client-side transfer agent to the unblocking service;
  
  means for transferring an Unblock Code (UBC) securely from the unblocking service to the client-side transfer agent; and
  
  means for unblocking the security device using the UBC;
  
  wherein the unblocking service stores the UAC and the UBC, andwherein the security device is configured to be accessed by a security device reader operatively connected and allowing access to a computer system to provide strong end user authentication, andwherein the security device is a smart card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DEXA Systems Incorporated
Original Assignee
Schlumberger Omnes, Inc. (Schlumberger NV)
Inventors
Koistinen, Martin J., Bazzali, Johann O.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
SCHUBERT, KEVIN R

Application Number

US09/932,882
Publication Number

US 20030037259A1
Time in Patent Office

1,968 Days
Field of Search

713/153, 713/182, 713/183, 713/201, 726/9
US Class Current

726/9
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/71   to assure secure computing ...

H04L 63/0442   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 63/0823   using certificates cryptogr...

Remote unblocking with a security agent

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Remote unblocking with a security agent

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others