Multichannel device utilizing a centralized out-of-band authentication system (COBAS)
DC CAFCFirst Claim
1. A multichannel security system for accessing a host computer comprising:
- an access channel comprising;
interception means for receiving and verifying a login identification originating from a demand from an accessor for access to said host computer; and
an authentication channel comprising;
a security computer for receiving from said interception means said demand for access together with said login identification and for communicating access information to said host computer and for communicating with a peripheral device of said accessor;
a database having at least one peripheral address record corresponding to said login identification;
prompt means for instructing said accessor to re-enter predetermined data at and retransmit predetermined data from said peripheral device; and
comparator means for authenticating access demands in response to the retransmission of said predetermined data by verifying a match between said predetermined data and said re-entered and retransmitted data,wherein said security computer outputs an instruction to the host computer to either grant access thereto using said access channel or to deny access thereto.
5 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A biometric analyzer—a voice or fingerprint recognition device—operates upon instructions from the authentication program to analyze the monitored parameter of the individual. In the security computer, a comparator matches the biometric sample with stored data, and, upon obtaining a match, provides authentication. The security computer instructs the host computer to grant access and communicates the same to the access-seeker, whereupon access is initiated over the access channel.
141 Citations
34 Claims
-
1. A multichannel security system for accessing a host computer comprising:
-
an access channel comprising; interception means for receiving and verifying a login identification originating from a demand from an accessor for access to said host computer; and an authentication channel comprising; a security computer for receiving from said interception means said demand for access together with said login identification and for communicating access information to said host computer and for communicating with a peripheral device of said accessor; a database having at least one peripheral address record corresponding to said login identification; prompt means for instructing said accessor to re-enter predetermined data at and retransmit predetermined data from said peripheral device; and comparator means for authenticating access demands in response to the retransmission of said predetermined data by verifying a match between said predetermined data and said re-entered and retransmitted data, wherein said security computer outputs an instruction to the host computer to either grant access thereto using said access channel or to deny access thereto. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A multichannel security system for granting and denying access to a host computer, said access in response to a demand from an accessor for access to the host computer, said accessor having a cellular telephone for providing communications to the security system, said multichannel security system comprising:
-
a login identification accompanying said demand from said accessor; interception means for receiving and verifying said login identification, said interception means in an access channel; an authentication channel operating independently from said access channel, said authentication channel comprising; a security computer adapted in an access-channel mode to receive from said interception means said demand for access together with said login identification and to communicate access information to said host computer and in an authentication-channel mode communications with said cellular telephone; a subscriber database for retrieval of peripheral addresses corresponding to said login identification; wherein said security computer is adapted to connect to said associated cellular telephone of said accessor; prompt means for instructing said accessor to re-enter predetermined data at and retransmit predetermined data from said cellular telephone; comparator means for authenticating access demands in response to retransmission of predetermined data from said cellular telephone; said security computer, upon verifying a match between said predetermined data and said re-entered and retransmitted data, providing in the access-channel mode instructions to the host computer to grant access thereto along said access channel; authentication program means, operating independently from said host computer, for authenticating said accessor demanding access to said host computer; a biometric analyzer operating in response to said instructions from said authentication program means to analyze a monitored parameter of said accessor; and
,a biometric parameter database addressable by said biometric analyzer for retrieval of a previously registered sample of said accessor, said sample corresponding to the identification of said accessor. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A multichannel security system for granting and denying access to a host computer, said access in response to a demand over the Internet from an accessor for access to the host computer, said accessor having a personal digital assistant (PDA) for providing communications to the security system, said multichannel security system comprising:
-
a login identification accompanying said demand over the internet from said accessor; interception means for receiving and verifying said login identification, said interception means in an access channel; an authentication channel operating independently from said access channel and, said authentication channel, in turn, comprising; a security computer adapted in an access-channel mode to receive from said interception means said demand together with said login identification and to communicate access information to said host computer and in an authentication-channel mode communications with said PDA; a subscriber database for retrieval of peripheral addresses corresponding to said login identification; said security computer adapted to connect to said PDA; prompt means for instructing said accessor to re-enter predetermined data at and retransmit predetermined data from said PDA; comparator means for authenticating access demands in response to retransmission of predetermined data from said PDA; said security computer, upon verifying a match between said predetermined data and the re-entered and retransmitted data, providing in the access-channel mode instructions to the host computer to grant access thereto along said access channel; authentication program means, operating independently from said host computer, for authenticating an accessor demanding access to said host computer; a biometric analyzer operating in response to instructions from said authentication program means to analyze a monitored parameter of said accessor; and
,a biometric parameter database addressable by said biometric analyzer for retrieval of a previously registered sample of said accessor, said sample corresponding to the identification of said accessor. - View Dependent Claims (19, 20)
-
-
21. A method for accessing a host computer comprising the steps of:
-
in an access channel, receiving at a control module a login identification from an accessor; in an authentication channel that is separate from the access channel; providing a security computer comprising a subscriber database, the database having at least one peripheral address of a peripheral device; receiving in the security computer an intercepted login identification corresponding to the login identification; retrieving a peripheral address corresponding to the intercepted login identification; outputting to the peripheral address a first instruction to re-enter predetermined data at and retransmit the predetermined data from the peripheral device; comparing at the security computer the re-entered and retransmitted data; and outputting a second instruction to the host computer to either grant access thereto using the access channel or to deny access thereto. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An out-of-band computer security system comprising:
-
a security computer in an authentication channel for communicating with a telephonic device and for receiving an intercepted demand for access to a host computer together with a login identification from an accessor in an access channel that is separate from the authentication channel; a subscriber database addressable by the security computer having at least one telephone number corresponding to the intercepted login identification; a device operable in response to a first instruction from the security computer to call the at least one telephone number and connect the telephonic device to the security computer; prompt means for outputting a second instruction at the telephonic device to re-enter predetermined data at and retransmit predetermined data from the telephonic device; and comparator means in said security computer for authenticating the access demand in response to the retransmission of the predetermined data from the telephonic device; wherein the security computer, upon verifying a match between the predetermined data and the re-entered and retransmitted data, authenticates the accessor and instructs the host computer to grant access thereto in the access channel. - View Dependent Claims (33, 34)
-
Specification