Data processing system for application to access by accreditation

US 7,320,139 B2
Filed: 10/20/2005
Issued: 01/15/2008
Est. Priority Date: 12/17/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for executing at least one application to which access by a user is controlled by the provision of credentials assigned to said user, said method including:

(a) determining whether a match exists between first credentials stored in a first memory section and second credentials supplied by a user; and

(b) authorizing access to said application in response to an identified match between said first credentials stored in said first memory unit and said second credentials supplied by the user via a security device that is personal to the user and that includes a second memory section for storage of the second credentials; and

(c) performing at least some credentials management comprising;

reading said second credentials stored in said second memory section in response to presentation of a request to access said application,selectively activating automatic generation and automatic loading into said first and second memory section of new credentials replacing previously stored versions of said first and second credentials, andactivating automatically said credentials updating each time a match of said first and second credentials has been identified.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This system for executing a program to which access by a user is controlled by credentials includes a terminal (T), first memory means (F) associated with said program for storing at least first credentials specific to said user, access control means for authorizing access to said program in response to a match between said first credentials and second credentials applied via said terminal, and a security device (PSD) personal to said user, associated with said terminal and including second memory means (M) for secure storage of said second credentials. The terminal (T) includes at least some of credentials management means (CMP) including means for reading said second credentials and transmitting them to said access control means in response to presentation of a request to access said program, and credentials updating; means for selectively commanding the generation and loading into said first and second memory means (F, M) of new credentials replacing the credentials previously stored.

Citations

26 Claims

1. A method for executing at least one application to which access by a user is controlled by the provision of credentials assigned to said user, said method including:
- (a) determining whether a match exists between first credentials stored in a first memory section and second credentials supplied by a user; and
  
  (b) authorizing access to said application in response to an identified match between said first credentials stored in said first memory unit and said second credentials supplied by the user via a security device that is personal to the user and that includes a second memory section for storage of the second credentials; and
  
  (c) performing at least some credentials management comprising;
  
  reading said second credentials stored in said second memory section in response to presentation of a request to access said application,selectively activating automatic generation and automatic loading into said first and second memory section of new credentials replacing previously stored versions of said first and second credentials, andactivating automatically said credentials updating each time a match of said first and second credentials has been identified.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein step (b) includes authorizing access to said application in response to identification in step (a) of a match between said first and second credentials.
  - 3. The method according to claim 1, wherein said second memory section stores a first identification code of said user, said personal security device comprises an identification code validation section, said method further comprising:
    - applying a second identification code to said personal security device, and authorizing access to said personal security device in response to identification of a match between said first and second identification codes.
  - 4. The method according to claim 1, wherein said credentials management includes activating said automatic generation and said automatic loading of said new credentials without communicating said new credentials to said user.
  - 5. The method according to claim 1, wherein said credentials management includes activating said automatic generation and said automatic loading of said new credentials upon authorization of access by said access control section.
  - 6. The method according to claim 5, wherein said credentials management includes:
    - dating and loading into at least one of said first and second memory sections the date at which said credentials are generated, andinhibiting generation of said new credentials until a particular time has elapsed since the generation of previous versions of said credentials stored in said first and second memory sections.

7. A data processing system for executing at least one program to which access by a user is controlled by the provision of credentials assigned to said user, said system including:
- at least one terminal including a data processor that executes at least part of said program,a first memory associated with said program that stores at least first credentials specific to said user, andan access control section that authorizes access to said program in response to an identified match between said first credentials stored in said first memory and second credentials applied via said terminal to said program,at least one security device personal to said user that is associated with said terminal and includes a second memory that provides secure storage of said second credentials or a secret for protecting said second credentials,said terminal including at least some of credentials management sections including;
  
  a reading and transmitting credentials section that reads said second credentials stored in said second memory and transmits the read second credentials to said access control section in response to presentation of a request to access said program, anda credentials updating section that selectively commands the generation and loading, into said first and second memories, of new credentials replacing, in response to the identified match of said first and second credentials, said first and second credentials previously stored.

8. The system of 7, wherein said system performs additional processing on the second credentials before presenting them to the access control section.

9. The system of 8, wherein the additional processing is a digest process.

10. The system of 8, wherein the additional processing is an OTP algorithm.

11. The system of 7, wherein the security device is a smart card.

12. The system of 7, wherein the security device is a software program and file.

13. The system of 7, wherein the security device is a secure storage and encryption device permanently attached to a computing terminal.

14. The system of 7, wherein the second credentials are protected by a secret stored on the security device, but the second credentials are not stored on the security device.

15. The system of 7, wherein the first credentials comprise a password or a login name.

16. The system of 7, wherein the second credentials comprise a password or a login name.

17. A data processing method for executing at least one program to which access by a user is controlled by the provision of credentials assigned to said user, said method including:
- executing at least part of said program with at least one terminal including a data processor,storing at least first credentials specific to said user in a first memory associated with said program,authorizing access, with an access control section, to said program in response to an identified match between said first credentials stored in said first memory and second credentials applied via said terminal to said program,associating at least one security device that is personal to said user with said terminal, said security device including a second memory that provides secure storage of said second credentials or a secret for protecting said second credentials, andeither;
  
  (1) reading, with a reading and transmitting credentials section of a credentials management section of said terminal, said second credentials stored in said second memory and transmitting the read second credentials to said access control section in response to presentation of a request to access said program, or (2) selectively commanding, with a credentials updating section of said credentials management section, the generation and loading, into said first and second memories, of new credentials replacing, in response to the identified match of said first and second credentials, said first and second credentials previously stored.

18. The method of 17, wherein said method includes steps which perform additional processing on the second credentials before presenting them to the access control section.

19. The method of 18, wherein the additional processing is a digest process.

20. The method of 18, wherein the additional processing is an OTP algorithm.

21. The method of 17, wherein the security device is a smart card.

22. The method of 17, wherein the security device is a software program and file.

23. The method of 17, wherein the security device is a secure storage and encryption device permanently attached to a computing terminal.

24. The method of 17, wherein the second credentials are protected by a secret stored on the security device, but the second credentials are not stored on the security device.

25. The method of 17, wherein the first credentials comprise a password or a login name.

26. The method of 17, wherein the second credentials comprise a password or a login name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
ActivCard Co.
Inventors
Audebert, Yves
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Powers; William S

Application Number

US11/253,559
Publication Number

US 20060037066A1
Time in Patent Office

817 Days
Field of Search

726/5, 726/2, 713/155
US Class Current

726/5
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 21/123   by using dedicated hardware...

G06F 2221/2135   Metering

Data processing system for application to access by accreditation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing system for application to access by accreditation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links