Access control method

US 7,454,794 B1
Filed: 09/13/2000
Issued: 11/18/2008
Est. Priority Date: 09/13/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An access control method performed by an access control system, including:

receiving an access request for a service from a data processing apparatus;

sending unique identification data to said apparatus in response to said access request;

applying an access rate limit for verifying access to said service, using an access request queue, until said identification data is received from a user of said apparatus and verified by said access control system, wherein verifying said identification data corresponds to a first level of access control; and

applying at least one additional different level of access control following a predetermined number of failed attempts to verify said identification data by said user of said apparatus, including invoking sequentially the different levels of access control depending on the number of failed attempts to verify said identification data by said user for access requests over predetermined periods of time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control method executed by a computer system, including applying an access rate limit until a user issuing access requests is verified, a first control level involving verifying the user, a second control level applying hack program detection tests to the access requests and verifying the user, a third control level requiring use of predetermined download software for transmitting the access requests and verifying the user, a fourth control level blocking access to the service on the basis of at least one communications address corresponding to the access requests, and invoking the control levels sequentially depending on a number of failed attempts to verify the user.

75 Citations

View as Search Results

28 Claims

1. An access control method performed by an access control system, including:
- receiving an access request for a service from a data processing apparatus;
  
  sending unique identification data to said apparatus in response to said access request;
  
  applying an access rate limit for verifying access to said service, using an access request queue, until said identification data is received from a user of said apparatus and verified by said access control system, wherein verifying said identification data corresponds to a first level of access control; and
  
  applying at least one additional different level of access control following a predetermined number of failed attempts to verify said identification data by said user of said apparatus, including invoking sequentially the different levels of access control depending on the number of failed attempts to verify said identification data by said user for access requests over predetermined periods of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. An access control method as claimed in claim 1, wherein said identification data is a random unique security code;
    - andsaid apparatus is sent a unique identification number for the apparatus, for sending with subsequent access requests and which expires if the security code is not verified within a predetermined period of time.
  - 3. An access control method as claimed in claim 1, wherein said identification data is verified by contacting an independent communications device with a known association to said user and said data processing apparatus, and having said user provide said identification data using said device.
  - 4. An access control method as claimed in claim 1, wherein said identification data is verified by said access control system by receiving said identification data from said user using an independent communication means having a known association to said user and said data processing apparatus.
  - 5. An access control method as claimed in claim 2, wherein said at least one additional level includes detecting generation of access requests for said service under control of a program instead of under control of said user.
  - 6. An access control method as claimed in claim 5, wherein said at least one additional level of access control includes sending communication software to said apparatus to receive access requests for said service under an additional communication protocol and said at least one additional level of access control includes blocking all access requests by said data processing apparatus, and wherein said detecting is a second level of access control, said sending of said communication software and execution of said additional communication protocol is a third level of access control, and said blocking is a fourth level of access control.
  - 7. An access control method as claimed in claim 1, wherein said at least one additional level of access control includes sending communication software to said apparatus to receive access requests for said service under an additional communication protocol.
  - 8. An access control method as claimed in claim 7, wherein said communication software encrypts said access requests.
  - 9. An access control method as claimed in claim 6, wherein said blocking involves denying all access requests that include address data or said unique identification number that corresponds to said data processing apparatus.
  - 10. An access control system having components for executing the steps of the access control method as claimed in claim 1.
  - 11. Access control software stored on a computer system, having code for executing the steps of the access control method as claimed in claim 1.
  - 12. An access control method as claimed in claim 4, wherein said independent communications means is a telephone of the user.
  - 13. An access control method as claimed in claim 1, wherein said unique identification data is sent in a graphic format and received from said user in a different format.
  - 14. An access control method as claimed in claim 5, wherein said detecting includes sending the unique identification data in a graphic format, and requesting a response in a different format.
  - 15. The access control method of claim 1, wherein the step of applying the access rate limit for verifying access to said service comprises placing the access request in the access request queue when the rate limit is exceeded.
  - 16. The access control method of claim 1, wherein the access rate limit limits a number of access requests from said data processing apparatus over a period of time, until said user of said apparatus sends said unique identification data, and said unique identification data is verified.

17. An access control method performed by an access control system, including:
- receiving an access request for a service from a data processing apparatus;
  
  sending unique identification data to said apparatus in response to said access request, wherein said identification data is a random unique security code, and said apparatus is sent a unique identification number for the apparatus, for sending with subsequent access requests and which expires if the security code is not verified within a predetermined period of time;
  
  applying an access rate limit for verifying access to said service, using an access request queue, until said identification data is received from a user of said apparatus and verified by said access control system, wherein verifying said identification data corresponds to a first level of access control; and
  
  applying at least one additional different level of access control following a predetermined number of failed attempts to verify said identification data by said user of said apparatus;
  
  wherein said at least one additional level includes detecting generation of access requests for said service under control of a program instead of under control of said user, and said at least one additional level of access control includes sending communication software to said apparatus to receive access requests for said service under an additional communication protocol, and wherein said detecting is a second level of access control, and said sending of said communication software and execution of said additional communication protocol is a third level of access control.
- View Dependent Claims (18, 19, 20, 21)
- - 18. An access control method as claimed in claim 17, wherein said at least one additional level of access control includes a fourth level of access control involving blocking all access requests by said data processing apparatus.
  - 19. An access control method as claimed in claim 18, wherein said blocking involves denying all access requests that include address data or said unique identification number that corresponds to said data processing apparatus.
  - 20. An access control method as claimed in claim 19, wherein the address data is an IP address or segment.
  - 21. An access control method as claimed in claim 18, wherein said blocking is at a router level close to said apparatus.

22. An access control method executed by a computer system, including:
- invoking a first control level applying an access rate limit, using an access request queue, and attempting to verify said user;
  
  invoking a second control level applying hack program detection tests to said access requests and attempting to verify said user;
  
  invoking a third control level requiring use of predetermined download software for transmitting said access requests and attempting to verify said user;
  
  invoking a fourth control level blocking access to said service on the basis of at least one communications address corresponding to said access requests; and
  
  invoking said control levels sequentially depending on a number of failed attempts to verify said user;
  
  wherein attempting to verify said user comprises sending unique identification data to said user, receiving identification data from said user in response to the sent identification data, and verifying the received identification data.
- View Dependent Claims (23, 24, 25)
- - 23. An access control method as claimed in claim 22, wherein said user is verified by contacting an independent communications device with a known association to said user and said data processing apparatus, and having said user provide identification data using said device.
  - 24. An access control method as claimed in claim 3 or 23, wherein said independent device is a telephone of the user.
  - 25. The access control method of claim 22, wherein the rate limit limits a number of access requests from said data processing apparatus over a period of time, until said user of said apparatus sends said unique identification data, and said unique identification data is verified.

26. An access control system, including:
- an access control server for receiving access requests for a service from a data processing apparatus, rate limiting access to the server, using an access request queue, until a user of said apparatus is verified, and sending to said data processing apparatus unique identification data; and
  
  an interactive voice response system for contacting an independent communications device having an association with said user and said data processing apparatus, issuing a request for said identification data, and providing the identification data received from said user in response to said request to said access server in order to verify said user.
- View Dependent Claims (27, 28)
- - 27. An access control system as claimed in claim 26, wherein said independent device is a telephone of said user.
  - 28. The access control method of claim 26, wherein the rate limit limits a number of access requests from said data processing apparatus over a period of time, until said user of said apparatus sends said unique identification data, and said unique identification data is verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telstra Corporation Limited (Telstra Group Ltd.)
Original Assignee
Telstra Corporation Limited (Telstra Group Ltd.)
Inventors
Hibberd, Timothy Winston
Primary Examiner(s)
Lanier; Benjamin E.
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US10/088,034
Time in Patent Office

2,988 Days
Field of Search

726/27, 726/2, 726/5, 726/26, 726/28, 713/168, 713/182, 713/193, 709/217, 709/219, 709/225, 709/229, 379/88.02, 379/91.01, 379/142.05, 379/142.06
US Class Current

726/27
CPC Class Codes

G06F 21/313   using a call-back technique...

H04L 63/104   Grouping of entities

H04L 63/108   when the policy decisions a...

Access control method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Access control method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links