Smart card enabled secure computing environment system
First Claim
1. A process for controlling access to a host computer, said process comprising:
- detecting that a transportable memory device is in communication with said host computer;
accessing a first password and a username from said transportable memory device;
accessing a second password entered by a user;
if said first password matches said second password, then;
(i) searching for said username on a stored list of valid users, (ii) retrieving access time intervals associated with said username, and (iii) granting host computer access to said user by unlocking said host computer if the current time is within any of said access time intervals associated with said username;
after said granting, logging said user into a session and permitting data to be transferred from said transportable memory device, wherein said data is encrypted using an encryption key that is resident on said transportable memory device and wherein said data comprises information used to configure said host computer system according to preferences specific to said user;
locking said host computer from user access if said transportable memory device is removed from said host computer;
detecting that said transportable memory device is again in communication with said host computer; and
with said transportable memory device again in communication with said host computer, restoring said session at the point at which said transportable memory device was previously removed and granting host computer access to said user by unlocking said host computer if the current time is within any of said access time intervals associated with said username.
3 Assignments
0 Petitions
Accused Products
Abstract
A smart card enabled secure computing environment system locks the host computer system from user access and waits for a smart card to be inserted into an attached or co-resident smart card reader. When a smart card is inserted into the smart card reader, the invention asks the user to enter his smart card password which is compared to the password on the smart card. If the two passwords match, the invention looks up the user'"'"'s username in an access file of valid users and finds its associated access times and/or cumulative time limits in the access file. if the current time is within any of the valid access times and the user'"'"'s cumulative usage time is within the specified cumulative time limit, then access is granted and the system is unlocked. The invention periodically checks the current time while the user is using the computer. If a blocked time period is entered or a cumulative time limit is exceeded, the user is logged off the machine and the computer is locked from user access. If at any time the user'"'"'s smart card is removed from the smart card reader the invention will shut down all of the user'"'"'s programs and lock the system.
-
Citations
22 Claims
-
1. A process for controlling access to a host computer, said process comprising:
-
detecting that a transportable memory device is in communication with said host computer; accessing a first password and a username from said transportable memory device; accessing a second password entered by a user; if said first password matches said second password, then;
(i) searching for said username on a stored list of valid users, (ii) retrieving access time intervals associated with said username, and (iii) granting host computer access to said user by unlocking said host computer if the current time is within any of said access time intervals associated with said username;after said granting, logging said user into a session and permitting data to be transferred from said transportable memory device, wherein said data is encrypted using an encryption key that is resident on said transportable memory device and wherein said data comprises information used to configure said host computer system according to preferences specific to said user; locking said host computer from user access if said transportable memory device is removed from said host computer; detecting that said transportable memory device is again in communication with said host computer; and with said transportable memory device again in communication with said host computer, restoring said session at the point at which said transportable memory device was previously removed and granting host computer access to said user by unlocking said host computer if the current time is within any of said access time intervals associated with said username. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 21)
-
-
11. An apparatus for controlling access to a host computer, said apparatus comprising a memory storing instructions which, when executed by one or more processors, cause said one or more processors to perform a method comprising:
-
detecting that a transportable memory device is in communication with said host computer; accessing a first password and a username from said transportable memory device; accessing a second password entered by a user; if said first password and said second password match, then;
(i) searching for said username on a stored list of valid usernames, ii) retrieving access time intervals associated with said username, and iii) granting host computer access to said user by unlocking said host computer if the current time is within any of said access time intervals associated with said username; andafter said granting, initiating a session and permitting data to be transferred from said transportable memory device, wherein said data is encrypted using an encryption key that is resident on said transportable memory device and wherein said data comprises information used to configure said host computer system according to preferences specific to said user; locking said host computer from user access if said transportable memory device is removed from said host computer; detecting that said transportable memory device is again in communication with said host computer; and with said transportable memory device again in communication with said host computer, restoring said session at the point at which said transportable memory device was previously removed and granting host computer access to said user by unlocking said host computer if the current time is within any of said access time intervals associated with said username. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 22)
-
Specification