System, method and computer program product for an authentication management infrastructure
First Claim
1. A method for providing user authentication to enterprise resources, comprising the steps of:
- (1) setting up an authentication server said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;
(2) determining whether the user is authenticated by executing said policy; and
(3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources;
wherein said policy is an OR policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said OR policy if the user passes one of said devices in said list of devices.
8 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product that utilizes measurements for the authentication of users to enterprise resources. The system includes an authentication server that stores the engine and collections of data required by the system to authenticate users. The collections of data include templates, policies, groups, device IDs, user IDs, computer IDs and application IDs. In the present invention, it is the policies that determine the way or method in which a user is to be authenticated by the system. The pre-defined polices include an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy and a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, and a computer/device specific policy.
294 Citations
30 Claims
-
1. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an OR policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said OR policy if the user passes one of said devices in said list of devices.
-
-
2. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy a THRESHOLD policy, a multi-user policy a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an OR policy having a list of devices, wherein said list of devices includes only one device, and wherein the user passes said OR policy if the user passes said device while being tested with at least two measurements.
-
-
3. A method for providing user authentication to enterprise resources comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an AND policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said AND policy if the user passes all of said devices in said list of devices.
-
-
4. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy a THRESHOLD policy, a multi-user policy a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an AND policy having a list of devices, wherein said list of devices includes only one device, and wherein the user passes said AND policy if the user passes said device while being tested with at least two measurements.
-
-
5. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first device or if the user exceeds a contingent threshold associated with said first device and the user exceeds a minimum threshold associated with a second device.
-
-
6. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes only one device, wherein a first measurement and a second measurement are associated with said device, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with said device and said first measurement or if the user exceeds a contingent threshold associated with said device and said first measurement and the user exceeds a minimum threshold associated with said device and said second measurement.
-
-
7. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a RANDOM policy having a list of devices, wherein said list of devices includes at least two different devices, wherein a random device is determined from said list of devices, and wherein the user passes said RANDOM policy if the user passes said random device.
-
-
8. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a RANDOM policy having a list of devices, wherein said list of devices includes only one device, wherein a random measurement is determined from one or more measurements, and wherein the user passes said RANDOM policy if the user passes said device while being tested with said random measurement.
-
-
9. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said devices in said list of devices.
-
-
10. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a THRESHOLD policy having a list of devices, wherein said list of devices includes only one device, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested with one or more measurements on said device in said list of devices.
-
-
11. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an OR policy having a list of policies, wherein said list of policies includes at least two policies, and wherein the user passes said OR policy if the user passes one of said policies in said list of policies.
-
-
12. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an AND policy having a list of policies, wherein said list of policies includes at least two policies, and wherein the user passes said AND policy if the user passes all of said policies in said list of policies.
-
-
13. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a CONTINGENT policy having a list of policies, wherein said list of policies includes at least two policies, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first policy or if the user exceeds a contingent threshold associated with said first policy and the user exceeds a minimum threshold associated with a second policy.
-
-
14. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a RANDOM policy having a list of policies, wherein said list of policies includes at least two policies, wherein a policy is randomly determined from said list of policies, and wherein the user passes said RANDOM policy if the user passes said randomly determined policy.
-
-
15. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a THRESHOLD policy having a list of policies, wherein said list of policies includes at least two policies, and wherein the user passes said THRESHOLD policy if the user exceeds a total threshold while being tested on one or more of said policies in said list of policies.
-
-
16. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an OR policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said OR policy if the user passes one of said elements in said list of policies or devices.
-
-
17. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is an AND policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said AND policy if the user passes all of said elements in said list of policies or devices.
-
-
18. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a CONTINGENT policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first element or if the user exceeds a contingent threshold associated with said first element and the user exceeds a minimum threshold associated with a second element.
-
-
19. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy has associated therewith at least one device, wherein said policy is one of the following;
an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy, a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, or a computer/device specific policy;(2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources; wherein said policy is a RANDOM policy having a list of policies or devices, wherein said list of policies or devices includes at least two elements, wherein a random element is determined from said elements in said list of policies or devices, and wherein the user passes said RANDOM policy if the user passes said random element.
-
-
20. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a multi-location policy having a list of devices, wherein said list of devices includes at least two different devices, wherein said devices each have a different location associated with it, and whereby the user passes said multi-location policy if the user passes all of the required said devices at their associated locations; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
21. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a multi-location policy having a list of policies, wherein said list of policies includes at least two policies, wherein said policies each have a different location associated with it, and whereby the user passes said multi-location policy if the user passes all of the required said policies at their associated locations; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
22. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a multi-location policy having a list of devices, wherein said list of devices includes only one type of device, wherein said device has at least two measurements associated with it, wherein each said measurement has a different location associated with it, and whereby the user passes said multi-location policy if the user passes said device while being tested with said measurements at their associated locations; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
23. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein if said policy is a multi-template policy having a list of devices, wherein said list of devices includes at least two different devices, wherein said devices each have two or more templates associated with the device and user combination, and whereby the user passes said multi-template policy if the user passes all of the required said devices with at least one of said templates associated with each; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
24. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein if said policy is a multi-template policy having a list of devices, wherein said list of devices includes only one type of device, wherein said device has at least two measurements associated with it, wherein each said measurement has two or more templates associated with it, and whereby the user passes said multi-template policy if the user passes said device while being tested with said measurements with at least one of said templates associated with each; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
25. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein if said policy is a user dependent policy, and whereby the user passes said user dependent policy if at least one different user associated with the user is currently accessing the enterprise resources and the user passes another policy; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
26. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a user dependent policy, and whereby the user passes said user dependent policy if at least one different user associated with the user is currently accessing the enterprise resources; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
27. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a location restriction policy, and whereby the user passes said location restriction policy if the user is attempting authentication from a restricted location and the user passes another policy; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
28. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a computer/device specific policy, wherein said computer/device specific policy determines the devices attached to the computer the user is attempting authentication from, wherein said computer/device specific policy based on said attached devices determines another policy that can be executed to authenticate the user, and whereby the user passes said computer/device specific policy by passing said another policy; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
29. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first device or if the user exceeds a contingent threshold associated with said first device and the user exceeds a minimum threshold associated with a second device, wherein said minimum threshold and said contingent threshold is set by an administrator; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
-
30. A method for providing user authentication to enterprise resources, comprising the steps of:
-
(1) setting up an authentication server, said authentication server having stored therein at least one policy that determines whether the user can gain access to the enterprise resources, wherein said policy is a CONTINGENT policy having a list of devices, wherein said list of devices includes at least two different devices, and wherein the user passes said CONTINGENT policy if either the user exceeds a minimum threshold associated with a first device or if the user exceeds a contingent threshold associated with said first device and the user exceeds a minimum threshold associated with a second device, wherein said second device is selected based on environmental conditions; (2) determining whether the user is authenticated by executing said policy; and (3) allowing the user access to the enterprise resources if the user passes said policy, otherwise denying access to the user to the enterprise resources.
-
Specification