×

System and method for authentication of users in a secure computer system

  • US 8,230,490 B2
  • Filed: 07/31/2007
  • Issued: 07/24/2012
  • Est. Priority Date: 07/31/2007
  • Status: Active Grant
First Claim
Patent Images

1. A method of authenticating a user in a secure computer system comprising the steps of:

  • in an enrollment session between the computer system and a client computer of a user,creating and storing a first user identifier at the computer system, and associating the first user identifier with the user,creating and storing a second user identifier, unique to the user and selected by the computer system and that is not related to the client computer, at the computer system, and associating the second user identifier with the user,creating a persistent object containing the second user identifier, encrypting the persistent object and storing the encrypted object at the client computer,andstoring request header attributes from the client computer received during the enrollment session at the computer system but not at the client computer, and associating the request header attributes received during the enrollment process with the first and second user identifiers; and

    in a subsequent sign on session between the computer system and the client computer,transmitting from the client computer to the computer system a request for a sign-on page;

    transmitting from the computer system to the client computer a prompt for the first user identifier;

    in response to said prompt, transmitting from the client computer to the computer system a request includingthe first user identifier,the second user identifier stored in the object stored at the client computer anda plurality of current request header attributes;

    authenticating at the computer system the first user identifier;

    authenticating at the computer system the second user identifier;

    comparing the transmitted plurality of current request header attributes with a the plurality of request header attributes received during the enrollment session, stored at the computer system and associated with the first user identifier; and

    if the first and second user identifiers are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the user and allowing the user into the secure computer system, wherein the secure computer system does not modify the persistent object created in the enrollment session or create a new persistent object.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×