Access control system for information services based on a hardware and software signature of a requesting device
First Claim
Patent Images
1. A method for identifying devices and controlling access to a service, comprising the steps of:
- collecting data related to software and hardware configurations from a device through a software agent installed on the device;
generating a digital signature for the device by hashing the software and hardware configuration data, wherein the resulting hashes are used to generate the digital signature are changed with every attempt to access a service;
sending the digital signature of the device to an authentication server, wherein the authentication server compares the digital signature sent with one or more previously-stored digital signatures; and
determines whether the device has been excluded from accessing or enrolling in the service through the authentication server by determining whether the device is on a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for the authorization of access to a service by a computational device or devices. A software agent generates a digital signature for the device each time it attempts to access the service and send it to an authentication server, which compares the digital signature sent with one or more digital signatures on file to determine whether access to the service is permitted. The digital signature is generated by using hashes based on software and hardware configuration data collected from the device. The system may be used in conjunction with other authorization methods and devices.
-
Citations
13 Claims
-
1. A method for identifying devices and controlling access to a service, comprising the steps of:
-
collecting data related to software and hardware configurations from a device through a software agent installed on the device; generating a digital signature for the device by hashing the software and hardware configuration data, wherein the resulting hashes are used to generate the digital signature are changed with every attempt to access a service; sending the digital signature of the device to an authentication server, wherein the authentication server compares the digital signature sent with one or more previously-stored digital signatures; and determines whether the device has been excluded from accessing or enrolling in the service through the authentication server by determining whether the device is on a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for identifying devices and controlling access to a service, comprising the steps of:
-
collecting data related to software and hardware configurations from the device through a software agent installed on the device; generating a digital signature for the device by hashing the software and hardware configuration data, wherein the resulting hashes used to generate the digital signature are changed with every attempt to access the service; sending the digital signature of the device to the authentication server; verifying with the authentication server through a comparison of the digital signature sent with one or more previously-stored digital signature to determine that the device is not on a list or in a group of devices not allowed to access the service, or is not a device with a maximum number of enrollments set to zero; and
registering the device as authorized to access the service. - View Dependent Claims (12)
-
-
13. A system for identifying devices and controlling access to a service, comprising:
-
a software agent installed on a device, adapted to collect data related to software and hardware configuration of the device; a digital signature for the device, generated by the software agent by hashing the software and hardware configuration data which is changed with every attempt to access the service; and an authentication server that determines whether the device can access the service based upon the digital signature of the device being compared with one or more previously-stored digital signatures; wherein the authentication server verifies that the device is not a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service, or is not a device with a maximum number of enrollments set to zero.
-
Specification