System and method for automated login

US 7,660,880 B2
Filed: 03/21/2003
Issued: 02/09/2010
Est. Priority Date: 03/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access by a user operating a client computer to one or more server-based applications communicating with the client over a computer network, the method comprising the steps of:

a. storing, on an identification server communicating with the client over a computer network, authentication information for the user in connection with a plurality of server-based applications;

b. identifying the user;

c. based on the user'"'"'s identity, causing the identification server to automatically supply the authentication information to the client computer; and

d. causing the client computer to (i) recognize data indicative of a screen displayed to the user as relating to one of the plurality of server-based applications, and in response to the recognized screen, and (ii) enter user profile information into at least one field and causing transmission of the entered information to the one of the plurality of server-based applications, thereby granting the user application.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User access to applications is controlled by associating an alias for an individual with a user profile for the individual; the user profile typically contains data referring to one or more applications. Access to an application is obtained using the data in the user profile, e.g., through automatic completion of forms or screens within an application. In addition, the user profile may be employed to limit user access to parts of an application, or to terminate a user'"'"'s access to an application.

105 Citations

View as Search Results

22 Claims

1. A method of controlling access by a user operating a client computer to one or more server-based applications communicating with the client over a computer network, the method comprising the steps of:
- a. storing, on an identification server communicating with the client over a computer network, authentication information for the user in connection with a plurality of server-based applications;
  
  b. identifying the user;
  
  c. based on the user'"'"'s identity, causing the identification server to automatically supply the authentication information to the client computer; and
  
  d. causing the client computer to (i) recognize data indicative of a screen displayed to the user as relating to one of the plurality of server-based applications, and in response to the recognized screen, and (ii) enter user profile information into at least one field and causing transmission of the entered information to the one of the plurality of server-based applications, thereby granting the user application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16, 17, 18, 22)
- - 2. The method of claim 1 wherein the authentication information includes at least one of a password, a user identification code, a secure access code, a set of user privileges and a set of trigger events.
  - 3. The method of claim 2 wherein the authentication information includes a set of user privileges and further comprising the step of limiting the user'"'"'s operation of the application in accordance with the user privileges.
  - 4. The method of claim 1 wherein the authentication information comprises reference biometric data identifying the user, the user being identified according to steps comprising:
    - a. receiving, at the client computer, biometric data from the user;
      
      b. transmitting the received biometric data from the client computer to the identification server over the network; and
      
      c. if the received biometric data sufficiently matches the reference biometric data, authenticating the identity of the user.
  - 5. The method of claim 1 further comprising the step of causing the identification server to revoke the user'"'"'s access to one or more applications.
  - 6. The method of claim 5 wherein the user'"'"'s access rights are revoked in response to one or more trigger events.
  - 7. The method of claim 6 where a trigger event is any of a broken communication connection, the expiration of a password, a changed password, the passage of time, and a sequence of events.
  - 8. The method of claim 6 further comprising the step of transmitting to the client, following the revocation, a request for the user to authenticate the user'"'"'s identity to the identification server.
  - 9. The method of claim 1 further comprising the step of erasing, on the client computer, the profile information upon termination of a user session.
  - 15. The method of claim 1 wherein the authentication information comprises profile information.
  - 16. The method of claim 1 wherein the recognized screen comprises a plurality of fields.
  - 17. The method of claim 1 wherein the transmission of the entered profile information to the application is done in a manner dictated by instructions defining the screen.
  - 18. The method of claim 1 wherein the user profile information is stored on the client computer.
  - 22. The system of claim 1 wherein the user profile information is stored on the client computer.

10. A system for controlling access by a user operating a client computer to one or more server-based applications communicating with the client over a computer network, the system comprising:
- a. an identification server connected to a computer network for storing user authentication information in connection with a plurality of server-based applications and authenticating the user;
  
  b. a web server module for transmitting the user authentication information from the identification server to the client computer, and;
  
  c. a single-sign-on agent residing on the client computer for;
  
  (i) receiving the user authentication information;
  
  (ii) recognizing data indicative of a screen displayed to the user as relating to at least one of the plurality of server-based applications;
  
  (iii) automatically entering user profile information into at least one field on the recognized screen; and
  
  (iv) transmitting the entered user profile information to one or more server-based applications.
- View Dependent Claims (11, 12, 13, 19, 20, 21)
- - 11. The system of claim 10 wherein the authentication information stored on the identification server includes at least one of a password, a user identification code, a secure access code, a set of user privileges and trigger events.
  - 12. The system of claim 11 wherein the user authentication information includes user privileges and wherein the single-sign-on agent limits the user'"'"'s operation of the application in accordance with the user privileges.
  - 13. The system of claim 10 wherein the authentication information stored on the identification server comprises reference biometric data identifying the user, the system further comprising:
    - a. a biometric input device for receiving, at the client computer, biometric data from the user;
      
      b. a communications module for transmitting the received biometric data from the client computer to the identification server over the network; and
      
      c. an authentication server for comparing the received biometric data to reference biometric data.
  - 19. The system of claim 10 wherein the authentication information comprises profile information.
  - 20. The system of claim 10 wherein the recognized screen comprises a plurality of fields.
  - 21. The system of claim 10 wherein single-sign-on agent transmits the entered profile information to the application is done in a manner dictated by instructions defining the screen.

14. A system, operable on a user'"'"'s client computer connected to a computer network, for controlling access by the user to one or more applications communicating with the client over a computer network, the system comprising:
- a. means for receiving, from an identification server communicating with the client over a computer network, authentication information for the user in connection with a plurality of server-based applications;
  
  b. means for identifying the user;
  
  c. means for causing the identification server to automatically supply the authentication information to the client computer based on the user'"'"'s identity;
  
  d. means for causing the client computer to recognize data indicative of a screen displayed to the user as relating to at least one of the plurality of server-based applications;
  
  e. means for causing the client computer to automatically enter user profile information into at least one field on the recognized screen; and
  
  f. means for causing the client computer to use the entered profile information to obtain access to the one or more applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Byragani, Bushan Yadav, Shah, Parind, Ho, Chen, Ting, David M. T.
Primary Examiner(s)
Vaughn, Jr.; William C.
Assistant Examiner(s)
BENGZON, GREG C

Application Number

US10/395,043
Publication Number

US 20040205176A1
Time in Patent Office

2,517 Days
Field of Search

713/201, 713/202, 713/185, 705/51, 705/14, 707/9, 709/229, 709/250, 709/219, 709/223, 711/163, 726 4- 10
US Class Current

709/223
CPC Class Codes

H04L 67/306 User profiles

H04L 69/329 in the application layer [O...

System and method for automated login

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for automated login

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links