System, method and computer program product for an authentication management infrastructure

US 8,707,388 B1
Filed: 01/26/2012
Issued: 04/22/2014
Est. Priority Date: 03/09/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for allowing a user to access enterprise resources, the method comprising:

implementing a policy on an authentication server, wherein the policy sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification necessary for the user to activate a silent signal for requesting assistance;

requiring the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;

(ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;

(iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;

(iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices;

or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices;

creating a template for each device, wherein said template includes data unique to the user;

determining whether the user has activated the silent signal when the user attains the at least one predetermined second qualification; and

requesting assistance for the user if the silent signal is activated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing a user to access enterprise resources comprising authentication devices and an authentication server. The authentication devices allow a user to enter authentication data. The authentication server is in communication with the authentication devices. The authentication server comprises a policy database storing a policy. The policy comprises guidelines including a first guideline establishes a qualification necessary for the user to access enterprise resources and a second guideline establishes a qualification necessary for the user to activate a silent signal. The authentication server is adapted to request assistance for the user if the silent signal is activated.

137 Citations

14 Claims

1. A method for allowing a user to access enterprise resources, the method comprising:
- implementing a policy on an authentication server, wherein the policy sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification necessary for the user to activate a silent signal for requesting assistance;
  
  requiring the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;
  
  (ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;
  
  (iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;
  
  (iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices;
  
  or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices;
  
  creating a template for each device, wherein said template includes data unique to the user;
  
  determining whether the user has activated the silent signal when the user attains the at least one predetermined second qualification; and
  
  requesting assistance for the user if the silent signal is activated.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the silent signal is activated by receiving a password entered by the user.
  - 3. The method of claim 1, wherein the silent signal is activated by receiving biometric data entered by the user.
  - 4. The method of claim 1, wherein requesting assistance for the user comprises notifying a law enforcement agency.
  - 5. The method of claim 1, wherein each at least one predetermined second qualification has a corresponding first predetermined qualification based on the same one of the at least one device.

6. A method for allowing a user to access enterprise resources, the method comprising:
- implementing a policy on an authentication server, wherein the policy sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification necessary for the user to attain to pass the policy, and wherein the policy is formed by selecting one or more devices that the user must be tested on in order to activate a silent signal;
  
  requiring the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;
  
  (ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;
  
  (iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;
  
  (iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices;
  
  or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices;
  
  determining whether the user has activated the silent signal when the user attains the at least one predetermined second qualification; and
  
  requesting assistance for the user if the silent signal is activated.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the silent signal is activated by receiving a password entered by the user.
  - 8. The method of claim 6, wherein the silent signal is activated by receiving biometric data entered by the user.
  - 9. The method of claim 6, wherein requesting assistance for the user comprises notifying a law enforcement agency.
  - 10. The method of claim 6, wherein each at least one predetermined second qualification has a corresponding predetermined first qualification based on the same one of the selected one or more devices.

11. A system for allowing a user to access enterprise resources comprising:
- one or more authentication test devices that allow a user to enter authentication data; and
  
  an authentication server in communication with the one or more authentication test devices that authenticates the authentication data, the authentication server comprising a policy database storing a policy, the policy implemented by the authentication server;
  
  wherein the policy comprises a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification necessary for the user to attain to pass the policy and wherein the policy is formed by the authentication server selecting two of the one or more authentication devices test devices that the user must be tested on in order to activate a silent signal;
  
  wherein the authentication server is adapted to request assistance for the user if the silent signal is activated; and
  
  the authentication server further comprising an authentication unit that determines whether the user has activated the silent signal based on the predetermined second qualification and an output from the test devices and requiring the user to establish authentication using at the least two test devices to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two test devices;
  
  (ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two test devices;
  
  (iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first test device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second test device;
  
  (iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two test devices;
  
  or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two test devices.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein at least one of the test devices is a device for the user to enter a password.
  - 13. The system of claim 11, wherein at least one of the test devices is a device for the user to enter biometric data.
  - 14. The system of claim 11, wherein each at least one predetermined second qualification has a corresponding predetermined first qualification based on the same one of the test devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Bianco, Peter Garrett, Boon, William Taylor, Rochon, Anthony C., Sherman, Marc A., Sterling, Robert Brewster, Ware, Karl Roger
Primary Examiner(s)
Pyzocha, Michael

Application Number

US13/358,614
Time in Patent Office

817 Days
Field of Search

726/1, 713/186, 713/155
US Class Current

726/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

System, method and computer program product for an authentication management infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for an authentication management infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links