System and method for controlling user's access to protected resources using multi-level authentication

US 8,769,657 B2
Filed: 09/15/2012
Issued: 07/01/2014
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for controlling user'"'"'s access to a protected resource, the method comprising:

detecting, by a hardware processor, a plug-in token connected to a device that controls user access to the protected resource, wherein the token is associated with one or more authorized users including at least one supervising user;

identifying one or more authorized users associated with the detected token who are authorized to access the protected resource, including identifying at least one supervising user;

authenticating whether a first user requesting access to the protected resource is associated with the detected token and authorized to access the protected resource;

detecting, by the hardware processor, one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user and a transponder of the supervising user of said first user;

applying a plurality of rules that specify a set of conditions under which the first user is allowed to access different types of protected resources when all the conditions are satisfied, and the first user is prohibited to access of the protected resources when at least one condition is not satisfied;

identifying rules in response to receiving a request from the first user to access to the protected resource; and

providing the first user to access to the protected resource, or blocking the first user to access to the protected resource based on the rules;

wherein the conditions for the rule in accessing the protected recourse are based on accessing the protected resources during a predetermined period of the day, accessing the protected resources from a certain location, successfully authenticating the first user, and successfully detecting the transponder of the first user and of the transponder of the supervising user; and

wherein different types of protected resources include one or more of protected applications, protected data and protected devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, methods and computer program products for multi-level user authentication. In one example, method includes detecting a plug-in token connected to a device that controls user access to a protected resource; identifying one or more authorized users associated with the detected token who are authorized to access the protected resource; authenticating whether a first user requesting accessing the protected resource is associated with the detected token and authorized to access the protected resource; detecting presence of one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user; and providing access to the protected resource to the first user when the first user is authenticated as an authorized user associated with the detected token and the transponder of at least the first user is detected.

Citations

17 Claims

1. A computer-implemented method for controlling user'"'"'s access to a protected resource, the method comprising:
- detecting, by a hardware processor, a plug-in token connected to a device that controls user access to the protected resource, wherein the token is associated with one or more authorized users including at least one supervising user;
  
  identifying one or more authorized users associated with the detected token who are authorized to access the protected resource, including identifying at least one supervising user;
  
  authenticating whether a first user requesting access to the protected resource is associated with the detected token and authorized to access the protected resource;
  
  detecting, by the hardware processor, one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user and a transponder of the supervising user of said first user;
  
  applying a plurality of rules that specify a set of conditions under which the first user is allowed to access different types of protected resources when all the conditions are satisfied, and the first user is prohibited to access of the protected resources when at least one condition is not satisfied;
  
  identifying rules in response to receiving a request from the first user to access to the protected resource; and
  
  providing the first user to access to the protected resource, or blocking the first user to access to the protected resource based on the rules;
  
  wherein the conditions for the rule in accessing the protected recourse are based on accessing the protected resources during a predetermined period of the day, accessing the protected resources from a certain location, successfully authenticating the first user, and successfully detecting the transponder of the first user and of the transponder of the supervising user; and
  
  wherein different types of protected resources include one or more of protected applications, protected data and protected devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the wireless transponder is operable to communicate wirelessly with one of the token and the device, and wherein detecting one or more wireless transponders of one or more authorized users associated with the token, includes detecting wireless signal transmissions from one or more transponders.
  - 3. The method of claim 2, wherein wireless signal transmissions from the transponder are encrypted.
  - 4. The method of claim 2, further comprising:
    - measuring signal strength or transmission delay of the wireless signal transmission from the transponder; and
      
      determining approximate location of the wireless transponder based on the measured signal strength or transmission delay.
  - 5. The method of claim 1, wherein providing access to the protected resource to the first user further includes:
    - determining whether at least one of the transponder of the first user and the transponder of the supervising user was active for less or more than a predetermined period of time; and
      
      blocking access to the protected resource to the first user when at least one of the transponder of the first user and the transponder of the supervising user was active for less or more than a predetermined period of time.
  - 6. The method of claim 1, wherein providing access to the protected resource to the first user further includes:
    - determining whether at least one of the transponder of the first user and the transponder of the supervising user was inactive for less or more than a predetermined period of time; and
      
      blocking access to the protected resources to the first user when at least one of the transponder of the first user and the transponder of the supervising user was inactive for less or more than the predetermined period of time.

7. A system for controlling user'"'"'s access to a protected resource, the system comprising:
- a communication interface; and
  
  a hardware processor coupled to the communication interface, and being configured to;
  
  detect a plug-in token connected to the communication interface, wherein the token is associated with one or more authorized users;
  
  identify one or more authorized users associated with the detected token who are authorized to access the protected resource, including identifying at least one supervising user;
  
  authenticate whether a first user requesting access to the protected resource is associated with the detected token and authorized to access the protected resource;
  
  detect one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user and a transponder of the supervising user of said first user;
  
  apply a plurality of rules that specify a set of conditions under which the first user is allowed to access different types of protected resources when all the conditions are satisfied, and the first user prohibited to access of the protected resources when at least one condition is not satisfied;
  
  identify rules in response to receiving a request from the first user to access to the protected resource; and
  
  provide the first user to access to the protected resource, or block the first user to access to the protected resource based on the rules;
  
  wherein the conditions for the rules in accessing the protected recourse are based on accessing the protected resources during a predetermined period of the day, accessing the protected resources from a certain location, successfully authenticating the first user, and successfully detecting the transponder of the first user and of the transponder of the supervising user; and
  
  wherein different types of protected resources include one or more of protected applications, protected data and protected devices.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the wireless transponder is operable to communicate wirelessly with the token, and wherein to detect one or more wireless transponders of one or more authorized users associated with the token, the processor further configured to detect wireless signal transmissions from one or more transponders.
  - 9. The system of claim 8, wherein wireless signal transmissions from the transponder are encrypted.
  - 10. The system of claim 8, wherein the processor further configured to:
    - measure signal strength or transmission delay of the wireless signal transmission from the transponder; and
      
      determine approximate location of the wireless transponder based on the measured signal strength or transmission delay.
  - 11. The system of claim 7, wherein to provide access to the protected resource to the first user, the processor further configured to determine whether at least one of the transponder of the first user and the transponder of the supervising user was active for less or more than a predetermined period of time;
    - andblock access to the protected resource to the first user when at least one of the transponder of the first user and the transponder of the supervising user was active for less or more than the predetermined period of time.
  - 12. The system of claim 7, wherein to provide access to the protected resource to the first user, the processor further configured to:
    - determine whether at least one of the transponder of the first user and the transponder of the supervising user was inactive for less or more than a predetermined period of time; and
      
      block access to the protected resource to the first user when at least one of the transponder of the first user and the transponder of the supervising user was inactive for less or more than the predetermined period of time.

13. A computer program product stored on a non-transitory computer-readable storage medium, tile computer program product comprising computer-executable instructions for controlling user'"'"'s access to a protected resource, including instructions for:
- detecting a plug-in token connected to a device that controls user access to the protected resource, wherein the token is associated with one or more authorized users including at least one supervising user;
  
  identifying one or more authorized users associated with the detected token who are authorized to access the protected resource, including identifying at least one supervising user;
  
  authenticating whether a first user requesting access to the protected resource is associated with the detected token and authorized to access the protected resource;
  
  detecting one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user and a transponder of the supervising user of said first user;
  
  applying a plurality of rules that specify a set of conditions under which the first user is allowed to access different types of protected resources when all the conditions are satisfied, and the first user is prohibited to access of the protected resources when at least one condition is not satisfied;
  
  identifying rules in response to receiving a request from the first user to access to the protected resource; and
  
  providing the first user to access to the protected resource, or blocking the first user to access to the protected resource based on the rules;
  
  wherein the conditions for the rules in accessing the protected recourse are based on accessing the protected resources during a predetermined period of the day, accessing the protected resources from a certain location, successfully authenticating the first user, and successfully detecting the transponder of the first user and of the transponder of the supervising user; and
  
  wherein different types of protected resources include one or more of protected applications, protected data and protected devices.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The product of claim 13, wherein the wireless transponder is operable to communicate wirelessly with one of the token and the device, and wherein detecting one or more wireless transponders of one or more authorized users associated with the token, includes detecting wireless signal transmissions from one or more transponders.
  - 15. The product of claim 14, further comprising instructions for:
    - measuring signal strength or transmission delay of the wireless signal transmission from the transponder; and
      
      determining approximate location of the wireless transponder based on the measured signal strength or transmission delay.
  - 16. The product of claim 13, wherein instructions for providing access to the protected resource to the first user include instructions for:
    - determining whether at least one of the transponder of the first user and the transponder of the supervising use as active for less or more than a predetermined period of time; and
      
      blocking access to the protected resource to the first user when at least one of the transponder of the first user and the transponder of the supervising user was active for less or more than the predetermined period of time.
  - 17. The product of claim 13, wherein instructions for providing access to the protected resource to the first user further include instructions for:
    - determining whether at least one of the transponder of the first user and the transponder of the supervising user was inactive for less or more than a predetermined period of time; and
      
      blocking access to the protected resource to the first user when at least one of the transponder of the first user and the transponder of the supervising user was active for less or more than the predetermined period of time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Kaspersky Lab ZAO
Inventors
Zaitsev, Oleg V.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Kabir, Jahangir

Application Number

US13/620,770
Publication Number

US 20140047531A1
Time in Patent Office

654 Days
Field of Search

726/4, 726/9, 726/17, 726/20, 726/27, 726/28
US Class Current

726/9
CPC Class Codes

G06F 21/123   by using dedicated hardware...

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

System and method for controlling user's access to protected resources using multi-level authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling user's access to protected resources using multi-level authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links