Access control method
First Claim
1. An access control method performed by an access control system, including:
- receiving an access request for a service from a data processing apparatus;
sending unique identification data to said apparatus in response to said access request;
applying an access rate limit for verifying access to said service, using an access request queue, until said identification data is received from a user of said apparatus and verified by said access control system, wherein verifying said identification data corresponds to a first level of access control; and
applying at least one additional different level of access control following a predetermined number of failed attempts to verify said identification data by said user of said apparatus, including invoking sequentially the different levels of access control depending on the number of failed attempts to verify said identification data by said user for access requests over predetermined periods of time.
2 Assignments
0 Petitions
Accused Products
Abstract
An access control method executed by a computer system, including applying an access rate limit until a user issuing access requests is verified, a first control level involving verifying the user, a second control level applying hack program detection tests to the access requests and verifying the user, a third control level requiring use of predetermined download software for transmitting the access requests and verifying the user, a fourth control level blocking access to the service on the basis of at least one communications address corresponding to the access requests, and invoking the control levels sequentially depending on a number of failed attempts to verify the user.
75 Citations
28 Claims
-
1. An access control method performed by an access control system, including:
-
receiving an access request for a service from a data processing apparatus; sending unique identification data to said apparatus in response to said access request; applying an access rate limit for verifying access to said service, using an access request queue, until said identification data is received from a user of said apparatus and verified by said access control system, wherein verifying said identification data corresponds to a first level of access control; and applying at least one additional different level of access control following a predetermined number of failed attempts to verify said identification data by said user of said apparatus, including invoking sequentially the different levels of access control depending on the number of failed attempts to verify said identification data by said user for access requests over predetermined periods of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An access control method performed by an access control system, including:
-
receiving an access request for a service from a data processing apparatus; sending unique identification data to said apparatus in response to said access request, wherein said identification data is a random unique security code, and said apparatus is sent a unique identification number for the apparatus, for sending with subsequent access requests and which expires if the security code is not verified within a predetermined period of time; applying an access rate limit for verifying access to said service, using an access request queue, until said identification data is received from a user of said apparatus and verified by said access control system, wherein verifying said identification data corresponds to a first level of access control; and applying at least one additional different level of access control following a predetermined number of failed attempts to verify said identification data by said user of said apparatus; wherein said at least one additional level includes detecting generation of access requests for said service under control of a program instead of under control of said user, and said at least one additional level of access control includes sending communication software to said apparatus to receive access requests for said service under an additional communication protocol, and wherein said detecting is a second level of access control, and said sending of said communication software and execution of said additional communication protocol is a third level of access control. - View Dependent Claims (18, 19, 20, 21)
-
-
22. An access control method executed by a computer system, including:
-
invoking a first control level applying an access rate limit, using an access request queue, and attempting to verify said user; invoking a second control level applying hack program detection tests to said access requests and attempting to verify said user; invoking a third control level requiring use of predetermined download software for transmitting said access requests and attempting to verify said user; invoking a fourth control level blocking access to said service on the basis of at least one communications address corresponding to said access requests; and invoking said control levels sequentially depending on a number of failed attempts to verify said user; wherein attempting to verify said user comprises sending unique identification data to said user, receiving identification data from said user in response to the sent identification data, and verifying the received identification data. - View Dependent Claims (23, 24, 25)
-
-
26. An access control system, including:
-
an access control server for receiving access requests for a service from a data processing apparatus, rate limiting access to the server, using an access request queue, until a user of said apparatus is verified, and sending to said data processing apparatus unique identification data; and an interactive voice response system for contacting an independent communications device having an association with said user and said data processing apparatus, issuing a request for said identification data, and providing the identification data received from said user in response to said request to said access server in order to verify said user. - View Dependent Claims (27, 28)
-
Specification