Controlling access to a protected network

US 8,225,103 B2
Filed: 10/24/2006
Issued: 07/17/2012
Est. Priority Date: 10/24/2006
Status: Active Grant

First Claim

Patent Images

1. A system for controlling access to a protected network via a computer, the system comprising:

a network access control module coupled to the protected network, the network access control module configured to restrict access to the network to a user via the computer coupled to the protected network; and

a communication device associated with the computer, the communication device configured to automatically transmit a unique identifier in response to activation of a dedicated log-on button on said communication device to request access, via the computer, to the protected network, the unique identifier identifying the communication device to the network access control module,wherein the network access control module is further configured to authenticate the communication device based on the unique identifier in response to the network access control module receiving the unique identifier,wherein said network access control module is further configured to authenticate and authorize the user via the communication device subsequent to authenticating the communication device, andwherein said network access control module is further configured to establish a secure communication channel with said computer and subsequently submit log-on information of the user directly to a log-on interface of the computer subsequent to authenticating and authorizing the user, wherein said submitting log-on information to said computer causes said computer to use said log-on information to provide to said user access to said protected network so that the user can use the protected network via the computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for controlling access to a protected network includes a network access control module that is coupled to the protected network and which is configured to restrict access to the network to an authorized user through a computer coupled to the protected network. The system also includes a communication device associated with the computer. The communication device automatically transmits a unique identifier corresponding to the communication device to the network access control module when a user uses the communication device to request access to the protected network via the computer. When the network access control module receives the unique identifier, the network access control module is configured to authenticate the communication device based on the unique identifier, to authenticate the user via the communication device when the communication device is authenticated, and when the user is authenticated, to submit log-on information directly to a log-on interface of the computer associated with the communication device so that the user can access the protected network via the computer.

24 Citations

View as Search Results

24 Claims

1. A system for controlling access to a protected network via a computer, the system comprising:
- a network access control module coupled to the protected network, the network access control module configured to restrict access to the network to a user via the computer coupled to the protected network; and
  
  a communication device associated with the computer, the communication device configured to automatically transmit a unique identifier in response to activation of a dedicated log-on button on said communication device to request access, via the computer, to the protected network, the unique identifier identifying the communication device to the network access control module,wherein the network access control module is further configured to authenticate the communication device based on the unique identifier in response to the network access control module receiving the unique identifier,wherein said network access control module is further configured to authenticate and authorize the user via the communication device subsequent to authenticating the communication device, andwherein said network access control module is further configured to establish a secure communication channel with said computer and subsequently submit log-on information of the user directly to a log-on interface of the computer subsequent to authenticating and authorizing the user, wherein said submitting log-on information to said computer causes said computer to use said log-on information to provide to said user access to said protected network so that the user can use the protected network via the computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 further comprising a data store coupled to the network access control module, the data store configured to store information comprising communication device information, user information and log-on information of the computer.
  - 3. The system of claim 2 wherein the data store includes access control rules that indicate whether the user is authorized to use the computer and wherein the network access control module is further configured to verify whether the user is authorized to use the computer associated with the communication device based on the access control rules prior to submitting the log-on information directly to the computer.
  - 4. The system of claim 2 wherein the user information comprises biometric data associated with the user.
  - 5. The system of claim 4 wherein the biometric data associated with the user includes voice data and wherein the network access control module is configured to authenticate the user by prompting the user to provide voice data via the communication device and is configured to subsequently compare the provided voice data to the voice data stored in said data store.
  - 6. The system of claim 1 wherein the communication device is a telephone comprising a keypad for allowing the user to enter a phone number, and wherein the dedicated log-on button is separate from the keypad.
  - 7. The system of claim 1 wherein the communication device is a telephone and the unique identifier is at least one of a phone number, an IP address, a MAC address and a serial number.
  - 8. The system of claim 1 wherein the network access control module is a web service that is configured to communicate with the computer and the communication device over a network.
  - 9. The system of claim 8 wherein the log-on interface is a web-service enabled identification and authentication module.

10. A method for controlling access to a protected network, the method comprising:
- receiving by a network access control module coupled to the protected network a unique identifier from a communication device, said unique identifier corresponding to said communication device, wherein said communication device is associated with a computer, wherein said unique identifier is transmitted by said communication device in response to a user activating a dedicated log-on button on the communication device to request access to the protected network;
  
  using, by said network access control module, the unique identifier to authenticate the communication device;
  
  in response to successfully authenticating the communication device, said network access control module authenticating the user via the communication device; and
  
  in response to successfully authenticating the user, said network access control module establishing a secure communication channel with said computer and subsequently submitting log-on information of the user directly to a log-on interface of the computer, said submitting log-on information to said computer causing said computer to use said log-on information to provide to said user access to said protected network so that the user can use the protected network via the computer.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 further comprising storing information including communication device information, user information and log-on information of the computer in a data store coupled to the network access control module.
  - 12. The method of claim 11 further comprising:
    - storing access control rules that indicate whether the user is authorized to use the computer in the data store; and
      
      verifying whether the user is authorized to use the computer associated with the communication device based on the access control rules prior to submitting the log-on information directly to the computer.
  - 13. The method of claim 11 wherein the user information comprises biometric data associated with the user.
  - 14. The method of claim 13 wherein the biometric data associated with the user includes voice data and wherein authenticating the user includes prompting the user to provide voice data via the communication device, and comparing, by the network access control module, the provided voice data to the stored voice data.
  - 15. The method of claim 10 wherein the communication device is a telephone comprising a keypad for allowing the user to enter a phone number, and wherein the dedicated log-on button is separate from the keypad.
  - 16. The method of claim 10 wherein the communication device is a telephone and receiving the unique identifier includes receiving at least one of a phone number, an IP address, a MAC address and a serial number associated with the communication device.
  - 17. The method of claim 10 wherein the network access control module is a web service that is configured to communicate with the computer and the communication device over a network.

18. A non-transitory computer readable storage medium containing program instructions which when executed perform a method for controlling access to a protected network, the computer readable storage medium comprising program instructions for:
- receiving over a secure communication channel a unique identifier that identifies a communication device associated with a computer when said user uses the communication device to request access to a protected network by activating a dedicated log-on button on the communication device;
  
  using the unique identifier to authenticate the communication device;
  
  in response to successfully authenticating the communication device, authenticating the user via the communication device; and
  
  in response to successfully authenticating the user, establishing a secure communication channel with said computer and subsequently submitting log-on information of the user directly to a log-on interface of the computer, said submitting log-on information to said computer causing said computer to use said log-on information to provide to said user access to said protected network associated with the communication device so that the user can use the protected network via the computer.
- View Dependent Claims (19)
- - 19. The non-transitory computer readable storage medium of claim 18 wherein the communication device is a telephone and instructions for receiving the unique identifier includes receiving at least one of a phone number, an IP address, a MAC address and a serial number associated with the communication device.

20. A server for controlling access to a protected network, the server comprising:
- a network access module configured to restrict access to the protected network to a user;
  
  a data store communicatively coupled to the network access control module for storing information comprising authentication information and log-on information of a computer coupled to a protected network; and
  
  a communication interface communicatively coupled to the network access control module and configured to receive over a first secure communication channel from a separate communication device a unique identifier that identifies the separate communication device, said communication device associated with the computer, wherein said communication device is configured to transmit said unique identifier in response to a dedicated log-on button on said communication device being activated;
  
  wherein the network access control module is further configured to authenticate the communication device based on the unique identifier in response to receiving the unique identifier;
  
  wherein the network access control module is further configured to authenticate the user via the communication device over the first secure communication channel when the communication device is successfully authenticated; and
  
  wherein the network access control module is further configured to establish, in response to authenticating the user, a second secure communication channel and transmit over said second secure communication channel log-on information of the user to a log-on interface of the computer associated with the communication device, said transmitting said log-on information to said log-on interface of the computer causing said computer to use said log-on information to provide to said user access to the protected network so that the user can use the protected network via the computer.
- View Dependent Claims (21, 22, 23)
- - 21. The server of claim 20 wherein the communication device is a telephone and the communication interface is configured to receive the unique identifier over a telephone network.
  - 22. The server of claim 20 wherein the server is a web server and the communication interface is configured to send the log-on information to the computer using an internet communication protocol.
  - 23. The server of claim 20 wherein the server is controlled by an application service provider.

24. A computer-implemented method for controlling access to a protected network, the method comprising:
- receiving, by a processor, over a secure communication channel a unique identifier that identifies a communication device and that is transmitted by said communication device in response to a log-on button thereon being activated, said communication device associated with a computer;
  
  using, by a processor, the unique identifier to authenticate the communication device;
  
  subsequently authenticating, by a processor, the user via the successfully authenticated communication device;
  
  establishing, by a processor, a secure communication channel with said computer in response to successfully authenticating the user; and
  
  subsequently submitting log-on information of the user directly to a log-on interface of the computer, said submitting log-on information to said computer causing said computer to use said log-on information to provide to said user access to said protected network so that the user can use the protected network via the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avatier Corporation
Original Assignee
Avatier Corporation
Inventors
Chiou, Scott L., Cicchitto, Nelson A.
Primary Examiner(s)
Davis, Zachary A

Application Number

US11/552,313
Publication Number

US 20080098461A1
Time in Patent Office

2,093 Days
Field of Search

726 3- 5, 726/7, 726 26- 29, 726/6, 726/9, 713/168, 713/182, 713/185, 713/186, 709/217, 709/219, 709/229, 709/225, 705/51, 707/1, 707/9, 707/10, 704/273, 704/246
US Class Current

713/186
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/85   interconnection devices, e....

G06F 2221/2129   Authenticate client device ...

Controlling access to a protected network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Controlling access to a protected network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others