Data processing system for application to access by accreditation
First Claim
1. A method for executing at least one application to which access by a user is controlled by the provision of credentials assigned to said user, said method including:
- (a) determining whether a match exists between first credentials stored in a first memory section and second credentials supplied by a user; and
(b) authorizing access to said application in response to an identified match between said first credentials stored in said first memory unit and said second credentials supplied by the user via a security device that is personal to the user and that includes a second memory section for storage of the second credentials; and
(c) performing at least some credentials management comprising;
reading said second credentials stored in said second memory section in response to presentation of a request to access said application,selectively activating automatic generation and automatic loading into said first and second memory section of new credentials replacing previously stored versions of said first and second credentials, andactivating automatically said credentials updating each time a match of said first and second credentials has been identified.
4 Assignments
0 Petitions
Accused Products
Abstract
This system for executing a program to which access by a user is controlled by credentials includes a terminal (T), first memory means (F) associated with said program for storing at least first credentials specific to said user, access control means for authorizing access to said program in response to a match between said first credentials and second credentials applied via said terminal, and a security device (PSD) personal to said user, associated with said terminal and including second memory means (M) for secure storage of said second credentials. The terminal (T) includes at least some of credentials management means (CMP) including means for reading said second credentials and transmitting them to said access control means in response to presentation of a request to access said program, and credentials updating; means for selectively commanding the generation and loading into said first and second memory means (F, M) of new credentials replacing the credentials previously stored.
-
Citations
26 Claims
-
1. A method for executing at least one application to which access by a user is controlled by the provision of credentials assigned to said user, said method including:
-
(a) determining whether a match exists between first credentials stored in a first memory section and second credentials supplied by a user; and (b) authorizing access to said application in response to an identified match between said first credentials stored in said first memory unit and said second credentials supplied by the user via a security device that is personal to the user and that includes a second memory section for storage of the second credentials; and (c) performing at least some credentials management comprising; reading said second credentials stored in said second memory section in response to presentation of a request to access said application, selectively activating automatic generation and automatic loading into said first and second memory section of new credentials replacing previously stored versions of said first and second credentials, and activating automatically said credentials updating each time a match of said first and second credentials has been identified. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data processing system for executing at least one program to which access by a user is controlled by the provision of credentials assigned to said user, said system including:
-
at least one terminal including a data processor that executes at least part of said program, a first memory associated with said program that stores at least first credentials specific to said user, and an access control section that authorizes access to said program in response to an identified match between said first credentials stored in said first memory and second credentials applied via said terminal to said program, at least one security device personal to said user that is associated with said terminal and includes a second memory that provides secure storage of said second credentials or a secret for protecting said second credentials, said terminal including at least some of credentials management sections including; a reading and transmitting credentials section that reads said second credentials stored in said second memory and transmits the read second credentials to said access control section in response to presentation of a request to access said program, and a credentials updating section that selectively commands the generation and loading, into said first and second memories, of new credentials replacing, in response to the identified match of said first and second credentials, said first and second credentials previously stored.
-
-
8. The system of 7, wherein said system performs additional processing on the second credentials before presenting them to the access control section.
-
9. The system of 8, wherein the additional processing is a digest process.
-
10. The system of 8, wherein the additional processing is an OTP algorithm.
-
11. The system of 7, wherein the security device is a smart card.
-
12. The system of 7, wherein the security device is a software program and file.
-
13. The system of 7, wherein the security device is a secure storage and encryption device permanently attached to a computing terminal.
-
14. The system of 7, wherein the second credentials are protected by a secret stored on the security device, but the second credentials are not stored on the security device.
-
15. The system of 7, wherein the first credentials comprise a password or a login name.
-
16. The system of 7, wherein the second credentials comprise a password or a login name.
-
17. A data processing method for executing at least one program to which access by a user is controlled by the provision of credentials assigned to said user, said method including:
-
executing at least part of said program with at least one terminal including a data processor, storing at least first credentials specific to said user in a first memory associated with said program, authorizing access, with an access control section, to said program in response to an identified match between said first credentials stored in said first memory and second credentials applied via said terminal to said program, associating at least one security device that is personal to said user with said terminal, said security device including a second memory that provides secure storage of said second credentials or a secret for protecting said second credentials, and either;
(1) reading, with a reading and transmitting credentials section of a credentials management section of said terminal, said second credentials stored in said second memory and transmitting the read second credentials to said access control section in response to presentation of a request to access said program, or (2) selectively commanding, with a credentials updating section of said credentials management section, the generation and loading, into said first and second memories, of new credentials replacing, in response to the identified match of said first and second credentials, said first and second credentials previously stored.
-
-
18. The method of 17, wherein said method includes steps which perform additional processing on the second credentials before presenting them to the access control section.
-
19. The method of 18, wherein the additional processing is a digest process.
-
20. The method of 18, wherein the additional processing is an OTP algorithm.
-
21. The method of 17, wherein the security device is a smart card.
-
22. The method of 17, wherein the security device is a software program and file.
-
23. The method of 17, wherein the security device is a secure storage and encryption device permanently attached to a computing terminal.
-
24. The method of 17, wherein the second credentials are protected by a secret stored on the security device, but the second credentials are not stored on the security device.
-
25. The method of 17, wherein the first credentials comprise a password or a login name.
-
26. The method of 17, wherein the second credentials comprise a password or a login name.
Specification