Flexible system and method of user authentication for password based system

US 7,191,466 B1
Filed: 07/25/2000
Issued: 03/13/2007
Est. Priority Date: 07/25/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of providing improved security for systems or files accessible by password data entry comprising:

determining a secure password;

providing a system or file;

providing the secure password to a password database independent of the system and the file storage therein in association with a security level;

providing the secure password to a password sub-system for securing the determined system or file;

determining a user authorization method having an associated security level sufficient for accessing the secure password, the user authorization method determined in dependence upon the security level and some user authorization having different associated security levels than others;

authorizing an individual according to the determined user authorization method; and

when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to the system or file password subsystem for accessing the system or file wherein the system or file is accessible by manually entering the secure password to the password sub-system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of implementing password level security is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds. Once registration is complete, a password is passed from a password database to a password entry sub-system to provide access to that system.

106 Citations

View as Search Results

38 Claims

1. A method of providing improved security for systems or files accessible by password data entry comprising:
- determining a secure password;
  
  providing a system or file;
  
  providing the secure password to a password database independent of the system and the file storage therein in association with a security level;
  
  providing the secure password to a password sub-system for securing the determined system or file;
  
  determining a user authorization method having an associated security level sufficient for accessing the secure password, the user authorization method determined in dependence upon the security level and some user authorization having different associated security levels than others;
  
  authorizing an individual according to the determined user authorization method; and
  
  when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to the system or file password subsystem for accessing the system or file wherein the system or file is accessible by manually entering the secure password to the password sub-system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of providing improved security for systems or files accessible by password data entry as defined in claim 1 wherein determining the secure password comprises automatically determining the secure password.
  - 3. The method of providing improved security for systems or files accessible by password data entry as defined in claim 2 wherein the determined secure password is secret and remains inaccessible to users of the system.
  - 4. The method of providing improved security for systems or files accessible by password data entry as defined in claim 1 wherein the password database comprises a key data file.
  - 5. The method of providing improved security for systems or files accessible by password data entry as defined in claim 4 wherein the password database is stored within a portable storage medium.
  - 6. The method of providing improved security for systems or files accessible by password data entry as defined in claim 1 wherein determining the secure password comprises manually providing the secure password to a password entry sub-system;
    - and recording the password during entry.
  - 7. The method of providing improved security for systems or files accessible by password data entry as defined in claim 1 wherein the password is stored in association with data indicative of the determined system or file.
  - 8. The method of providing improved security for systems or files accessible by password data entry as defined in claim 1 wherein the determined system or file is stored in association with data indicative of the password.

9. A method of providing improved security for files accessible by password data entry comprising:
- selecting a secured data file;
  
  providing a password database;
  
  automatically determining a secure password identifier associated with the secured data file;
  
  determining a user authorization method having an associated security level sufficient for accessing the secure password identifier, some user authorization methods having different associated security levels than others;
  
  authorizing an individual according to the determined user authorization method; and
  
  when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to a selected secured file password entry subsystem.
- View Dependent Claims (10)
- - 10. The method of providing improved security for files accessible by password data entry as defined in claim 9 wherein the password database comprises a plurality of passwords and wherein determining a secure password identifier comprises determining a password from the plurality of passwords for use in accessing data within the secured data file.

11. A method of changing a first password for securing files accessible by password data entry comprising:
- determining a plurality of files secured with the first password;
  
  authorizing an individual requesting a change of the first password prior to changing the first password by determining a user authorization method having an associated security level sufficient for accessing the secured first password, where some user authorization methods have different associated security levels than others, and authorizing an individual according to the determined user authorization method;
  
  when the individual is authorized, providing a second other password for securing the plurality of files;
  
  for each file secured with the first password, accessing the file with the first password and securing the file with the second other password; and
  
  ,storing the second other password in a password database.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of changing a first password for securing files accessible by password data entry as defined in claim 11 comprising:
    - archiving the first password for use in accessing archival files secured with the first password.
  - 13. The method of changing a first password for securing files accessible by password data entry as defined in claim 11 wherein determining a plurality of files secured with the first password comprises determining from the password database, files associated with the first password.
  - 14. The method of changing a first password for securing files accessible by password data entry as defined in claim 13 wherein those files associated with the first password are identified because they are identified by an identifier associated with the first password.
  - 15. The method of changing a first password for securing files accessible by password data entry as defined in claim 11 wherein determining a plurality of files secured with the first password comprises determining from accessible files, those files associated with the first password.
  - 16. The method of changing a first password for securing files accessible by password data entry as defined in claim 11 wherein providing a second other password includes automatically generating the second other password.
  - 17. The method of changing a first password for securing files accessible by password data entry as defined in claim 16 wherein the method is automatically repeated at intervals.
  - 18. The method of changing a first password for securing files accessible by password data entry as defined in claim 17 wherein the method is automatically repeated upon detection of a breach of the first password and upon expiry of the first password.

19. A security system that provides improved security for systems or files stored in a file storage that is accessible by password data entry, comprising:
- a password sub-system that secures a determined system or file with a secure password;
  
  a password database that stores the secure password independent of the security system and the file storage therein in association with a security level; and
  
  processing means for determining a user authorization method having an associated security level sufficient for accessing the secure password, the user authorization method determined in dependence upon the security level and some user authorization having different associated security levels than others, for authorizing an individual according to the determined user authorization method; and
  
  when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to the file password sub-system for accessing the system or file wherein the system or file is accessible by manually entering the secure password to the password sub-system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The security system as defined in claim 19 further comprising means for automatically determining the secure password.
  - 21. The security system as defined in claim 20 wherein the determined secure password is secret and remains inaccessible to users of the system.
  - 22. The security system as defined in claim 19 wherein the password database comprises a key data file.
  - 23. The security system as defined in claim 22 wherein the password database is stored within a portable storage medium.
  - 24. The security system as defined in claim 19 further comprising a password entry sub-system to which the secure password is manually provided, the password entry sub-system recording the secure password during entry.
  - 25. The security system as defined in claim 19 wherein the secure password is stored in association with data indicative of the determined system or file.
  - 26. The security system as defined in claim 19 wherein the determined system or file is stored in association with data indicative of the secure password.

27. A security system that provides improved security for a secured data file stored in a file storage that is accessible by password data entry, comprising:
- a password database that stores a secure password;
  
  a secured file password entry subsystem; and
  
  processing means for automatically determining a secure password identifier associated with the secured data file, for determining a user authorization method having an associated security level sufficient for accessing the secure password identifier, some user authorization methods having different associated security levels than others, for authorizing an individual according to the determined user authorization method, and when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to the secured file password entry subsystem.
- View Dependent Claims (28)
- - 28. The security system as defined in claim 27 wherein the password database comprises a plurality of passwords and wherein the processing means determines a secure password identifier by determining a password from the plurality of passwords for use in accessing data within the secured data file.

29. A security system that changes a first password for securing files accessible by password data entry, comprising:
- a plurality of files secured with the first password;
  
  processing means for authorizing an individual requesting a change of the first password prior to changing the first password by determining a user authorization method having an associated security level sufficient for accessing the secured first password, where some user authorization methods have different associated security levels than others, for authorizing an individual according to the determined user authorization method, when the individual is authorized, for providing a second other password for securing the plurality of files, and for each file secured with the first password, for accessing the file with the first password and securing the file with the second other password; and
  
  a password database that stores the second other password.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The security system as defined in claim 29 comprising:
    - archive storage that archives the first password for use in accessing archival files secured with the first password.
  - 31. The security system as defined in claim 29 wherein the first password is stored in the password database and the plurality of files secured with the first password is determined from the files associated with the first password in the password database.
  - 32. The security system as defined in claim 31 wherein those files associated with the first password are identified by an identifier associated with the first password.
  - 33. The security system as defined in claim 29 wherein the processing means automatically generates the second other password.
  - 34. The security system as defined in claim 33 wherein the processing means automatically generates the second other password at repeated intervals.
  - 35. The security system as defined in claim 33 wherein the processing means automatically generates the second other password upon detection of a breach of the first password and upon expiry of the first password.

36. Computer software for providing improved security for systems or files accessible by password data entry comprising:
- computer-executable instructions for determining a secure password;
  
  computer-executable instructions for providing a system or file;
  
  computer-executable instructions for providing the secure password to a password database independent of the system and the file storage therein in association with a security level;
  
  computer-executable instructions for providing the secure password to a password sub-system for securing the determined system or file;
  
  computer-executable instructions for determining a user authorization method having an associated security level sufficient for accessing the secure password, the user authorization method determined in dependence upon the security level and some user authorization having different associated security levels than others;
  
  computer-executable instructions for authorizing an individual according to the determined user authorization method; and
  
  computer-executable instructions for, when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to the system or file password subsystem for accessing the system or file wherein the system or file is accessible by manually entering the secure password to the password sub-system.

37. Computer software for providing improved security for files accessible by password data entry comprising:
- computer-executable instructions for selecting a secured data file;
  
  computer-executable instructions for providing a password database;
  
  computer-executable instructions for automatically determining a secure password identifier associated with the secured data file;
  
  computer-executable instructions for determining a user authorization method having an associated security level sufficient for accessing the secure password identifier, some user authorization methods having different associated security levels than others;
  
  computer-executable instructions for authorizing an individual according to the determined user authorization method; and
  
  computer-executable instructions for, when the individual is authorized, retrieving the secure password from the password database and automatically providing the secure password to a selected secured file password entry subsystem.

38. Computer software for changing a first password for securing files accessible by password data entry comprising:
- computer-executable instructions for determining a plurality of files secured with the first password;
  
  computer-executable instructions for authorizing an individual requesting a change of the first password prior to changing the first password by determining a user authorization method having an associated security level sufficient for accessing the secured first password, where some user authorization methods have different associated security levels than others, and authorizing an individual according to the determined user authorization method;
  
  computer-executable instructions for, when the individual is authorized, providing a second other password for securing the plurality of files;
  
  computer-executable instructions for accessing the file with the first password and securing the file with the second other password for each file secured with the first password; and
  
  computer-executable instructions for storing the second other password in a password database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activcard Ireland, Limited
Original Assignee
Activcard Ireland, Limited
Inventors
Hillhouse, Robert D., Hamid, Laurence
Primary Examiner(s)
Zand; Kambiz

Application Number

US09/625,547
Time in Patent Office

2,422 Days
Field of Search

713/202, 713/183, 713/184, 713/200, 713/172, 380/268, 380/277, 380/278, 380/259, 705/71, 705/72, 726/3
US Class Current

726/3
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/46   by designing passwords or c...

G06F 21/83   input devices, e.g. keyboar...

Flexible system and method of user authentication for password based system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

38 Claims

Specification

Use Cases

Quick Links

Others

Flexible system and method of user authentication for password based system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

38 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others