Methods and systems for secure shared smartcard access

US 7,992,203 B2
Filed: 05/24/2006
Issued: 08/02/2011
Est. Priority Date: 05/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method of secure access, the method comprising:

capturing, by a security daemon in a computer system, an authentication state of a security token in response to a verification of user authentication information;

receiving a request for authentication from at least one application requiring authentication with the security token;

providing, by the security daemon in response to the request, the authentication state to the at least one application requiring authentication with the security token, wherein the security daemon utilizes the authentication state to represent the security token in authentication requests; and

allowing access to the at least one application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment generally relates to a method of accessing a secure computer. The method includes capturing an authentication state of a security token in response to a verification of user authentication information. The method also includes providing the authentication state to at least one application requiring authentication with the security token and accessing the at least one application.

216 Citations

22 Claims

1. A method of secure access, the method comprising:
- capturing, by a security daemon in a computer system, an authentication state of a security token in response to a verification of user authentication information;
  
  receiving a request for authentication from at least one application requiring authentication with the security token;
  
  providing, by the security daemon in response to the request, the authentication state to the at least one application requiring authentication with the security token, wherein the security daemon utilizes the authentication state to represent the security token in authentication requests; and
  
  allowing access to the at least one application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - prompting, using the computer system, for user authentication information in response to the insertion of the security token into the computer system;
      
      receiving the user authentication information; and
      
      verifying the user authentication information.
  - 3. The method of claim 1, further comprising:
    - using a PKCS #11 interface to allow the at least one application to access the authentication state.
  - 4. The method of claim 1, further comprising:
    - connecting with a remote secure computer from the computer system;
      
      providing the authentication state to access the remote computer; and
      
      accessing at least one remote application on the remote computer in response to the remote computer authenticating with the authentication state.
  - 5. The method of claim 1, wherein the security token is a token which does not contain separate authentication states for processes.
  - 6. The method of claim 5, further comprising locking the authentication state of the token with a session state.
  - 7. The method of claim 5, wherein the security token is a personal identity verification (PIV) token.
  - 8. The method of claim 1, wherein the security token is shared among multiple users.
  - 9. The method of claim 8, further comprising:
    - creating a respective session state for each user;
      
      creating an associated authentication state for each respective session state based on the security token; and
      
      binding the associated authentication state with each respective session.
  - 10. An apparatus comprising:
    - a memory containing instructions; and
      
      a processor, communicatively connected to the memory, that executes the instructions to perform the method of claim 1.
  - 11. A non-transitory computer readable medium comprising executable code for performing the method of claim 1.

12. A system for secure access, comprising:
- a computing machine configured to access a multi user multi-machine system;
  
  a security device interface with the computing machine, the security device interface configured to accept a security token for accessing the computing machine; and
  
  a security daemon configured to be executing on the computing machine, wherein the security daemon is configured to;
  
  initiate a session and capture an authentication state of the security token in response to a verification of user inputted authentication information;
  
  bind the authentication state to the session;
  
  receive a request for authentication from an application requiring authentication with the security token, wherein the security daemon utilizes the authentication state to represent the security token in authentication requests; and
  
  provide the authentication state to the application requiring authentication with the security token.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the security daemon is further configured to provide the authentication state to requesting applications requesting authorization.
  - 14. The system of claim 12, wherein the security daemon is further configured to prompt a user for the authentication information in response to detecting a presence of the security token in the security device.
  - 15. The system of claim 12, wherein the security daemon is further configured to verify received authentication information.
  - 16. The system of claim 13, wherein the security daemon is further configured to store the authentication state of the security token in response to the verification of the authentication information.
  - 17. The system of claim 12,wherein the computing machine is configured to access a remote computing machine using a secure shell protocol connection.
  - 18. The system of claim 17, wherein the remote computing machine is configured to forward queries for authentication through a local port created by the secure shell protocol.
  - 19. The system of claim 18, wherein the security daemon is configured to present the authentication state to respond to the queries for authentication.
  - 20. The system of claim 19, wherein the remote computing machine is configured to make available resources to the computing machine as though the security token is authenticated at the remote computing machine.
  - 21. The system of claim 12, wherein the security daemon is configured to interface with applications and process with a PKCS #11 compliant interface.

22. A method of sharing a security token among a plurality of users, each user assigned respective initial authentication information that in combination with the security token identifies each user, the method comprising:
- creating a respective session state for each user;
  
  creating, by a security daemon a computer system, an associated authentication state for each respective session state in response to verification of the respective initial authentication information with the security token; and
  
  binding, by the security daemon, the respective session state for each user with the associated authentication state to provide access to secure applications,wherein the security daemon utilizes the associated authentication state to represent the security token to provide access to secure applications cleared for access for the respective user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US11/439,175
Publication Number

US 20070277032A1
Time in Patent Office

1,896 Days
Field of Search

726/9, 726/20, 713/185, 719/321
US Class Current

726/20
CPC Class Codes

H04L 63/0853 using an additional device,...

Methods and systems for secure shared smartcard access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

216 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure shared smartcard access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

216 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links