Computer security system
First Claim
1. A method of providing individual access to each of a plurality of protected physical resources on a network, said method comprising the steps of:
- establishing a security system physically intermediate to a user access point and the plurality of protected physical resources on the network;
determining, by the security system, whether a user is authenticated to connect to an individual one or individual ones of the plurality of protected physical resources on the network to establish physical access by the user to the individual one or individual ones of the plurality of protected resources on the network;
establishing, by the security system, a client identifier and a session identifier, transparent to the user access point and the security system, to enable a session for establishing a connection between the user access point and the individual one or individual ones of the plurality of protected physical resources, if the user is authenticated by the security system for physical access to the individual one or individual ones of the plurality of protected physical resources;
changing the session identifier each time the user completes an interaction during the session, each changed session identifier being derived from a user identifier corresponding to the authenticated user;
determining, by the security system, whether the session identifier received with the interaction is derived from the user identifier and whether the received session identifier and the user identifier correlate to data included in a data source accessible by the security system, as the session identifier is changed;
providing, by the security system, the user physical access to the individual one or individual ones of the protected physical resources by establishing the connection therebetween if the received session identifier is associated with the user identifier and the received session identifier and the associated user identifier correlate to the data included in the data source; and
terminating the connection between the user and the individual one or individual ones of the protected physical resources by disabling the connection therebetween, if the received session identifier is not derived from the user identifier or the received session identifier and the associated user identifier do not correlate to the data included in the data source.
9 Assignments
0 Petitions
Accused Products
Abstract
A method of providing access to an authenticated user, and restricting access to an unauthorized user, of a computer system, is provided. The method includes determining whether a user is authenticated to access at least one resource included in the computer system. The method also includes establishing a session and a session identifier such that the user has access to the at least one resource if the user is authenticated to access the at least one resource. The method also includes changing the session identifier each time the user completes an interaction with the computer system during the session.
49 Citations
33 Claims
-
1. A method of providing individual access to each of a plurality of protected physical resources on a network, said method comprising the steps of:
-
establishing a security system physically intermediate to a user access point and the plurality of protected physical resources on the network; determining, by the security system, whether a user is authenticated to connect to an individual one or individual ones of the plurality of protected physical resources on the network to establish physical access by the user to the individual one or individual ones of the plurality of protected resources on the network; establishing, by the security system, a client identifier and a session identifier, transparent to the user access point and the security system, to enable a session for establishing a connection between the user access point and the individual one or individual ones of the plurality of protected physical resources, if the user is authenticated by the security system for physical access to the individual one or individual ones of the plurality of protected physical resources; changing the session identifier each time the user completes an interaction during the session, each changed session identifier being derived from a user identifier corresponding to the authenticated user; determining, by the security system, whether the session identifier received with the interaction is derived from the user identifier and whether the received session identifier and the user identifier correlate to data included in a data source accessible by the security system, as the session identifier is changed; providing, by the security system, the user physical access to the individual one or individual ones of the protected physical resources by establishing the connection therebetween if the received session identifier is associated with the user identifier and the received session identifier and the associated user identifier correlate to the data included in the data source; and terminating the connection between the user and the individual one or individual ones of the protected physical resources by disabling the connection therebetween, if the received session identifier is not derived from the user identifier or the received session identifier and the associated user identifier do not correlate to the data included in the data source. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 21, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
15. A computer system comprising;
-
a microprocessor; and a computer readable medium executing on the microprocessor and including computer program instructions which cause a security device to implement a method of providing individual, physical access to each of a plurality of protected physical resources, the security device being physically intermediate to a user access point and the plurality of protected physical resources on a network, the method comprising the steps of; determining, by the security device, whether a user is authenticated to connect to an individual one or individual ones of the plurality of protected physical resources to establish physical access by the user to the individual one or individual ones of the plurality of protected resources on the network; establishing a client identifier and a session identifier, transparent to the user access point and the security system, to enable a session for establishing a connection between the user access point and the individual one or individual ones of the plurality of protected physical resources, if the user is authenticated by the security device for physical access to the individual one or individual ones of the plurality of protected physical resources; changing the session identifier each time the user completes an interaction during the session, each changed session identifier being derived from a user identifier corresponding to the authenticated user; determining, by the security device, whether the session identifier received with the interaction is derived from the user identifier and whether the received session identifier and the user identifier correlate to data included in a data source accessible by the security device, as the session identifier is changed; providing, by the security device, the user physical access to the individual one or individual ones of the protected physical resources by establishing the connection therebetween if the received session identifier is associated with the user identifier and the received session identifier and the associated user identifier correlate to the data included in the data source; and terminating the connection between the user and the individual one or individual ones of the protected physical resources by disabling the connection therebetween, if the received session identifier is not derived from the user identifier or the received session identifier and the associated user identifier do not correlate to the data included in the data source. - View Dependent Claims (16, 17)
-
-
18. A physical computer readable storage medium storing computer program instructions which cause a computer to implement a method of providing individual, physical access to each of a plurality of protected physical resources using a security device physically intermediate to a user access point and the plurality of protected physical resources on a network, the method comprising the steps of:
-
determining, by the security device, whether a user is authenticated to connect to an individual one or individual ones of the plurality of protected physical resources to establish physical access by the user to the individual one or individual ones of the plurality of protected resources on the network; establishing a client identifier and a session identifier, transparent to the user access point and the security system, to enable a session for establishing a connection between the user access point and the individual one or individual ones of the plurality of protected physical resources, if the user is authenticated by the security device for physical access to the individual one or individual ones of the plurality of protected physical resources; changing the session identifier each time the user completes an interaction during the session, each changed session identifier being derived from a user identifier corresponding to the authenticated user; determining, by the security device, whether the session identifier received with the interaction is derived from the user identifier and whether the received session identifier and the user identifier correlate to data included in a data source accessible by the security device, as the session identifier is changed; providing, by the security device, the user physical access to the individual one or individual ones of the resources by establishing the connection therebetween if the received session identifier is associated with the user identifier and the received session identifier and the associated user identifier correlate to the data included in the data source; and terminating the connection between the user and the individual one or individual ones of the resources by disabling the connection therebetween, if the received session identifier is not derived from the user identifier or the received session identifier and the associated user identifier do not correlate to the data included in the data source. - View Dependent Claims (19, 20)
-
-
22. A method of providing access to an authenticated user of a client device using a server device that is intermediate to the client device and a plurality of protected resources, the client and server devices, each using multi-layer security including a firewall layer, a security system layer and an application layer, said method comprising the steps of:
-
establishing the server device physically intermediate to a client device and the plurality of protected physical resources on a network; authenticating, by the security system layer of the server device, a user request to connect to an individual one or individual ones of the plurality of protected physical resources on the network to establish physical access by a user to the individual one or individual ones of the plurality of protected resources on the network; establishing a client identifier and a session identifier, transparent to the client device and the security system, to enable a session and to establish a connection between the client device and the individual one or individual ones of the plurality of protected physical resources; verifying, by the firewall layer of the server device, that the session identifier is derived from a user identifier associated with the authenticated user; determining, by the firewall layer of the server device, whether the user request is authorized to physically access the individual one or individual ones of the plurality of protected physical resources, if the session identifier is verified in the verifying step; establishing physical access to the individual one or individual ones of the protected physical resources by the user by establishing the connection therebetween, if the user request is authorized in the determining step; communicating, by the user via the application layer of the server device different from the system security and firewall layers, with the individual one or individual ones of the plurality of protected physical resources after the physical access is established in the establishing physical access step; and changing, by the system security layer of the server device, the session identifier responsive to predetermined interactions during a session.
-
-
32. A method of providing individual physical access to a plurality of protected physical resources on a network using a multi-layer protocol including an application layer and one or more layers beneath the application layer, said method comprising the steps of:
-
establishing a security system physically intermediate to a user access point and the plurality of protected physical resources on the network for connecting the user access point to an individual one or individual ones of the protected physical resources via the security system; for each interaction between a user and the security system, determining, at one of the layers beneath the application layer by the security system, whether the user is authenticated for physical access to an individual one or individual ones of the plurality of protected physical resources on the network; generating and sending a single use token different from a previously sent single use token to the user access point from the security system, the single use token including a client identifier and a session identifier, transparent to the user access point and the security system, such that the user has physical access to connect the user access point to the individual one or individual ones of the plurality of protected physical resources, if the user is authenticated by the security system to access the individual one or individual ones of the plurality of protected resources; determining, at the one of the layers beneath the application layer by the security system, whether the session identifier in the single use token received from the user access point is authenticated by the security system, as the session identifier is changed; providing, by the security system, physical access to the individual one or individual ones of the plurality of protected physical resources if the received session identifier corresponding to a respective interaction is associated with the user identifier and the received session identifier and the associated user identifier correlate to the data included in the data source; and terminating the physical access, when any one of the received session identifiers associated with one of the interactions by the user is not derived from the user identifier or the received session identifier and the associated user identifier do not correlate to the data included in the data source. - View Dependent Claims (33)
-
Specification