Access control system for information services based on a hardware and software signature of a requesting device

US 8,171,287 B2
Filed: 03/10/2005
Issued: 05/01/2012
Est. Priority Date: 03/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method for identifying devices and controlling access to a service, comprising the steps of:

collecting data related to software and hardware configurations from a device through a software agent installed on the device;

generating a digital signature for the device by hashing the software and hardware configuration data, wherein the resulting hashes are used to generate the digital signature are changed with every attempt to access a service;

sending the digital signature of the device to an authentication server, wherein the authentication server compares the digital signature sent with one or more previously-stored digital signatures; and

determines whether the device has been excluded from accessing or enrolling in the service through the authentication server by determining whether the device is on a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for the authorization of access to a service by a computational device or devices. A software agent generates a digital signature for the device each time it attempts to access the service and send it to an authentication server, which compares the digital signature sent with one or more digital signatures on file to determine whether access to the service is permitted. The digital signature is generated by using hashes based on software and hardware configuration data collected from the device. The system may be used in conjunction with other authorization methods and devices.

Citations

13 Claims

1. A method for identifying devices and controlling access to a service, comprising the steps of:
- collecting data related to software and hardware configurations from a device through a software agent installed on the device;
  
  generating a digital signature for the device by hashing the software and hardware configuration data, wherein the resulting hashes are used to generate the digital signature are changed with every attempt to access a service;
  
  sending the digital signature of the device to an authentication server, wherein the authentication server compares the digital signature sent with one or more previously-stored digital signatures; and
  
  determines whether the device has been excluded from accessing or enrolling in the service through the authentication server by determining whether the device is on a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the digital signature sent to the authentication server is encrypted.
  - 3. The method of claim 1, wherein the hashes used to generate the digital signature are changed with every attempt to access a service, wherein the hashes cannot be reversed.
  - 4. The method of claim 1, wherein authenticating the digital signature is at least one of multiple is one of several stages of a framework of authorization and authentication processes governing access to the service by the device.
  - 5. The method of claim 1, wherein the authentication server allows a maximum number of enrollments for a particular device.
  - 6. The method of claim 1, wherein the authentication server allows minor modifications to the software or hardware configurations of a previously-enrolled device so as to preserve access or denial of access for the device.
  - 7. The method of claim 6, wherein the previously-stored digital signature of the device is updated to reflect the modifications.
  - 8. The method of claim 1, wherein the authentication server logs all accesses or attempted accesses by a device to the service.
  - 9. The method of claim 1, wherein multiple devices can be registered for a single user with the authentication server to create a registration hierarchy.
  - 10. The method of claim 9, wherein a user can unregister a device only through the device itself, or another device within the registration hierarchy registered earlier than the device to be unregistered.

11. A method for identifying devices and controlling access to a service, comprising the steps of:
- collecting data related to software and hardware configurations from the device through a software agent installed on the device;
  
  generating a digital signature for the device by hashing the software and hardware configuration data, wherein the resulting hashes used to generate the digital signature are changed with every attempt to access the service;
  
  sending the digital signature of the device to the authentication server;
  
  verifying with the authentication server through a comparison of the digital signature sent with one or more previously-stored digital signature to determine that the device is not on a list or in a group of devices not allowed to access the service, or is not a device with a maximum number of enrollments set to zero; and
  
  registering the device as authorized to access the service.
- View Dependent Claims (12)
- - 12. The method of claim 11, further comprising the step of verifying the identity of the device each time it subsequently attempts to access the service.

13. A system for identifying devices and controlling access to a service, comprising:
- a software agent installed on a device, adapted to collect data related to software and hardware configuration of the device;
  
  a digital signature for the device, generated by the software agent by hashing the software and hardware configuration data which is changed with every attempt to access the service; and
  
  an authentication server that determines whether the device can access the service based upon the digital signature of the device being compared with one or more previously-stored digital signatures;
  
  wherein the authentication server verifies that the device is not a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service, or is not a device with a maximum number of enrollments set to zero.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authentik Technologies Incorporated
Original Assignee
Dnabolt Incorporated
Inventors
Villela, Agostinho de Arruda
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US10/598,719
Publication Number

US 20070192608A1
Time in Patent Office

2,609 Days
Field of Search

726/5
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

G06F 21/73   by creating or determining ...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/104   Grouping of entities

H04L 63/12   Applying verification of th...

H04L 9/3247   involving digital signatures

Access control system for information services based on a hardware and software signature of a requesting device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Access control system for information services based on a hardware and software signature of a requesting device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links