Automated security token administrative services

US 8,438,623 B2
Filed: 10/18/2011
Issued: 05/07/2013
Est. Priority Date: 11/27/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system which performs at least one administrative security function which facilitates alternative access to system resources and services comprising:

at least one credential associated with a user;

a local client in processing communications with an authenticating computer system including;

one or more functionally connected user input devices;

a user interface means for handling input from and output to said user;

software that generates and sends an administrative access request to said authenticating computer system to perform at least one administrative security function, wherein said administrative access request includes said at least one credential;

software that mediates said at least one administrative security function between said authenticating computer system, said client and said user; and

said authenticating computer system including;

means responsive to said administrative access request for performing said at least one administrative security function, wherein said at least one administrative security function includes means for authenticating said user to said authenticating computer system using said at least one credential and means for allowing access to system resources and services,without requiring said user to log on to an operating environment associated with said local client.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

4 Citations

24 Claims

1. A system which performs at least one administrative security function which facilitates alternative access to system resources and services comprising:
- at least one credential associated with a user;
  
  a local client in processing communications with an authenticating computer system including;
  
  one or more functionally connected user input devices;
  
  a user interface means for handling input from and output to said user;
  
  software that generates and sends an administrative access request to said authenticating computer system to perform at least one administrative security function, wherein said administrative access request includes said at least one credential;
  
  software that mediates said at least one administrative security function between said authenticating computer system, said client and said user; and
  
  said authenticating computer system including;
  
  means responsive to said administrative access request for performing said at least one administrative security function, wherein said at least one administrative security function includes means for authenticating said user to said authenticating computer system using said at least one credential and means for allowing access to system resources and services,without requiring said user to log on to an operating environment associated with said local client.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system according to claim 1 wherein said authenticating computer system is a remote server.
  - 3. The system according to claim 1 wherein said authenticating computer system is a locally connected security token.
  - 4. The system according to claim 3 wherein said means responsive to said administrative access request for performing said at least one administrative security function is a security token application.
  - 6. The system according to claim 2 further including mutual authentication means.
  - 7. The system according to claim 6 wherein said server is authenticated to said client using a public key infrastructure methodology.
  - 8. The system according to claim 6 wherein said at least one administrative security function further includes means for unlocking said security token.
  - 9. The system according to claim 6 wherein said at least one administrative security function further includes means for performing diagnostics on said security token.
  - 10. The system according to claim 6 wherein said at least one administrative security function further includes means for reactivating or deactivating said security token.
  - 11. The system according to claim 6 wherein said at least one administrative security function further includes means for requesting a replacement security token.
  - 12. The system according to claim 6 wherein said at least one administrative security function further includes means for enabling a temporary password.
  - 13. The system according to claim 6 wherein said at least one administrative security function further includes means for automatically allowing said user access to said system resources and services.
  - 14. The system according to claim 6 wherein said at least one administrative security function further includes means for reporting that said security token has been lost, damaged or stolen.
  - 15. The system according to claim 6 wherein said processing communications includes a secure communications protocol.
  - 16. The system according to claim 15 wherein said secure communications protocol includes SSL, SSH, TLS, WAP or IPSEC.
  - 17. The system according to claim 7 wherein said public key infrastructure methodology includes challenge/response authentication or digital certificate exchange.
  - 18. The system according to claim 6 wherein said at least one credential includes a passphrase, password, PIN, biometric scan, question and answer session or a combination thereof.

5. A system which performs at least one administrative security function which facilitates alternative access to system resources and services comprising:
- at least one credential associated with a user;
  
  a security token functionally connected to a local client including a user authentication mechanism, wherein said user authentication mechanism includes a changeable security state, said changeable security state operative to mediate access to system resources and services;
  
  said local client in processing communications with a server including;
  
  one or more functionally connected user input devices;
  
  a user interface means for handling input from and output to said user;
  
  software that generates and sends an administrative access request to said server to perform at least one administrative security function, wherein said administrative access request includes said at least one credential;
  
  software that mediates at least one administrative security function between said server, said client and said security token; and
  
  said server including;
  
  means responsive to said administrative access request for performing said at least one administrative security function, wherein said at least one administrative security function includes means for authenticating said user to said server using said at least one credential and means for altering said changeable security state,without requiring said user to log on to an operating environment associated with said local client.

19. A method for performing at least one administrative security function on his security token which facilitates alternative access to system resources whereby said user does not need to login in an operating system, and services comprising the steps of:
- displaying at least one administrative security function on a user interface display,receiving a credential from a user interface input device without logging on to an operating environment associated with said local client,causing a request to perform said at least one administrative security function to be sentto an authenticating computer system, wherein said request includes said credential, attempting to authenticate said user using said credential,if said user is authenticated, retrieving said at least one administrative security function, sending said at least one administrative security function to said local client for routing into said security token, and performing said at least one administrative function on the security token, andending the attempt to perform said at least one administrative function on the security token if said user authentication fails.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method according to claim 19 further including the step of authenticating said authenticating computer system to said client.
  - 21. The method according to claim 19 wherein said authenticating computer system is a locally connected security token.
  - 22. The method according to claim 19 wherein said authenticating computer system is a server.
  - 23. The method according to claim 19 wherein said at least one administrative function is performed on a security token associated with said user.

24. A computer program product embodied in a tangible form readable by a computer system having executable instructions stored thereon for causing the computer system to perform at least one administrative security function between a security token and a remote server using a local client as an intermediary, said executable instructions comprising the actions of:
- causing a client application to display at least one administrative security function on a user interface display associated with said local client,causing said client application to receive said user'"'"'s request for said at least one administrative security function from a user input device,causing an credential input by a user in combination with said user'"'"'s request to perform said at least one administrative security function to be transmitted over a network to said remote server,causing a server application to receive said request and said credential from said network,causing said server application to authenticate said user using said credential against a stored reference,causing said server application to execute said user'"'"'s request if said user is authenticated,or causing said server application to end execution if said user is not authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
ActivCard Co.
Inventors
Band, Jamie Angus
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US13/275,665
Publication Number

US 20120124657A1
Time in Patent Office

567 Days
Field of Search

726 1- 20, 380/229, 705 65- 69
US Class Current

726/9
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 21/45   Structures or tools for the...

G06F 21/604   Tools and structures for ma...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/4097   using mutual authentication...

G07F 7/1008   Active credit-cards provide...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/102 : Entity profiles

View All

Automated security token administrative services

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Automated security token administrative services

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links