System and method for authentication of users in a secure computer system
First Claim
1. A method of authenticating a user in a secure computer system comprising the steps of:
- in an enrollment session between the computer system and a client computer of a user,creating and storing a first user identifier at the computer system, and associating the first user identifier with the user,creating and storing a second user identifier, unique to the user and selected by the computer system and that is not related to the client computer, at the computer system, and associating the second user identifier with the user,creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted object at the client computer,andstoring request header attributes from the client computer received during the enrollment session at the computer system but not at the client computer, and associating the request header attributes received during the enrollment process with the first and second user identifiers; and
in a subsequent sign on session between the computer system and the client computer,transmitting from the client computer to the computer system a request for a sign-on page;
transmitting from the computer system to the client computer a prompt for the first user identifier;
in response to said prompt, transmitting from the client computer to the computer system a request includingthe first user identifier,the second user identifier stored in the object stored at the client computer anda plurality of current request header attributes;
authenticating at the computer system the first user identifier;
authenticating at the computer system the second user identifier;
comparing the transmitted plurality of current request header attributes with a the plurality of request header attributes received during the enrollment session, stored at the computer system and associated with the first user identifier; and
if the first and second user identifiers are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the user and allowing the user into the secure computer system, wherein the secure computer system does not modify the persistent object created in the enrollment session or create a new persistent object.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of authenticating a user in a secure computer system in which a client computer transmits to the secure computer system a request for a sign-on page, the computer system transmits to the client computer a prompt for a first user identifier, and in response to the prompt, the client computer transmits to the computer system a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. The computer system includes a server software module that authenticates the first user identifier and the second user identifier, and compares the transmitted plurality of request header attributes with a plurality of request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if the transmitted request header attributes match stored request header attributes, the server software module transmits a success message to the client computer to be viewed by the user, and the user is allowed to access the secure computer system. In one embodiment, each transmitted request header attribute is given a numerical weighted value and the comparison of request header attributes includes adding the assigned numerical values of matching attributes to arrive at a total value, then transmitting the success message to the client computer only if the total value of matching request header attributes is at least a certain predetermined numerical total.
44 Citations
21 Claims
-
1. A method of authenticating a user in a secure computer system comprising the steps of:
-
in an enrollment session between the computer system and a client computer of a user, creating and storing a first user identifier at the computer system, and associating the first user identifier with the user, creating and storing a second user identifier, unique to the user and selected by the computer system and that is not related to the client computer, at the computer system, and associating the second user identifier with the user, creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted object at the client computer, and storing request header attributes from the client computer received during the enrollment session at the computer system but not at the client computer, and associating the request header attributes received during the enrollment process with the first and second user identifiers; and in a subsequent sign on session between the computer system and the client computer, transmitting from the client computer to the computer system a request for a sign-on page; transmitting from the computer system to the client computer a prompt for the first user identifier; in response to said prompt, transmitting from the client computer to the computer system a request including the first user identifier, the second user identifier stored in the object stored at the client computer and a plurality of current request header attributes; authenticating at the computer system the first user identifier; authenticating at the computer system the second user identifier; comparing the transmitted plurality of current request header attributes with a the plurality of request header attributes received during the enrollment session, stored at the computer system and associated with the first user identifier; and if the first and second user identifiers are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the user and allowing the user into the secure computer system, wherein the secure computer system does not modify the persistent object created in the enrollment session or create a new persistent object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of authenticating a banking customer to allow the banking customer access to a secure banking computer system comprising the steps of:
-
in an enrollment session between the computer system and a client computer of the banking customer, creating and storing a first user identifier at the banking computer system, including a banking customer identification and password, and associating the first user identifier with the banking customer at the banking computer system, creating and storing a second user identifier, unique to the banking customer and selected by the banking computer system and that is not related to the client computer, at the banking computer system, and associating the second user identifier with the banking customer at the banking computer system, creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted object at the banking client computer, and storing request header attributes from the client computer received during the enrollment session at the banking computer system but not at the client computer, and associating the request header attributes received during the enrollment process with the first and second user identifiers; and in a subsequent sign on session between the banking computer system and the client computer, transmitting from a client computer of the banking customer to the banking computer system a request for a sign-on page; transmitting from the banking computer system to the client computer a prompt for a customer identification number and password; in response to said prompt, transmitting from the client computer to the banking computer system a request including the banking customer identification and password, the second user identifier stored at the client computer and a plurality of current request header attributes; authenticating at the banking computer system the banking customer identification and password; authenticating at the banking computer system the second user identifier; comparing the transmitted plurality of current request header attributes with the plurality of request header attributes stored at the banking computer system and associated with the banking customer identification, password and second user identifier; and if the banking customer identification, password and second user identifier are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the banking customer and allowing the client computer into the secure banking computer system, wherein the secure banking computer system does not modify the persistent object created in the enrollment session or create a new persistent object.
-
Specification