Flexible method of user authentication

US 8,775,819 B2
Filed: 08/31/2012
Issued: 07/08/2014
Est. Priority Date: 07/25/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-readable storage device storing instructions for authorizing a user, wherein the instructions, when executed by a computing system, cause the computing system to perform operations comprising:

receiving user authorization information from at least two available user information entry devices in communication with the computing system, wherein each of the at least two available user information entry devices in communication with the computing system is associated with a corresponding security value;

determining a user authorization method, the user authorization method requiring data from the at least two available user information entry devices, and the user authorization method having a corresponding authorization level, the authorization level resulting from a combination of the security values corresponding to the at least two available user information entry devices; and

registering the user at the authorization level according to the determined authorization method.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.

Citations

20 Claims

1. A computer-readable storage device storing instructions for authorizing a user, wherein the instructions, when executed by a computing system, cause the computing system to perform operations comprising:
- receiving user authorization information from at least two available user information entry devices in communication with the computing system, wherein each of the at least two available user information entry devices in communication with the computing system is associated with a corresponding security value;
  
  determining a user authorization method, the user authorization method requiring data from the at least two available user information entry devices, and the user authorization method having a corresponding authorization level, the authorization level resulting from a combination of the security values corresponding to the at least two available user information entry devices; and
  
  registering the user at the authorization level according to the determined authorization method.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-readable storage device of claim 1 storing instructions that, when executed by the computing system, cause the computing system to further perform operations comprising:
    - determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the received user authorization information;
      
      wherein determining the authorization method is based on the determined security policy.
  - 3. The computer-readable storage device of claim 2 wherein determining a security policy is further based on data indicating whether a component of the computing system is in a secure location.
  - 4. The computer-readable storage device of claim 1 wherein at least one of the at least two available user information entry devices comprises a retinal scanner, a smart card authorization device, a token authorization device, a fingerprint scanner, a microphone, or a keyboard.
  - 5. The computer-readable storage device of claim 1 wherein at least two of the available user information entry devices are different types of user information entry devices.
  - 6. The computer-readable storage device of claim 1 wherein registering the user at the authorization level includes retrieving a secure password associated with the authorization level.
  - 7. The computer-readable storage device of claim 6 wherein the secure password is transferred to a recipient authorization process without presenting the secure password to the user.
  - 8. The computer-readable storage device of claim 6 wherein the secure password is one of a plurality of stored secure passwords, and wherein each of the stored secure passwords is associated with an authorization level.
  - 9. The computer-readable storage device of claim 6 wherein the retrieved secure password is determined based on a resource requested by the user.

10. A system for authorizing a user, the system comprising:
- at least one memory and processor;
  
  an entry device detector configured to determine two or more available user information entry devices from a plurality of different user information entry devices in communication with the system, wherein each of the determined two or more available user information entry devices is associated with a corresponding security level;
  
  a security interface configured to receive and verify authorization information from the determined two or more available user information entry devices;
  
  a combining component configured to determine an authorization level, the authorization level resulting from a combination of the security levels corresponding to the determined two or more available user information entry devices; and
  
  an access component configured to register the user at the authorization level, allowing the user access to resources at or below the authorization level.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10 wherein the entry device detector is configured to determine the two or more available user information entry devices based on identifying a type of resource the user is requesting.
  - 12. The system of claim 10 wherein the security interface is configured to prompt the user to provide the authorization information at random time intervals.
  - 13. The system of claim 10 wherein at least one of the determined two or more available user information entry devices comprises:
    - a retinal scanner, a smart card authorization device, a token authorization device, a fingerprint scanner, a microphone, or a keyboard.
  - 14. The system of claim 10 wherein the determined two or more available user information entry devices are different types of user information entry devices.
  - 15. The system of claim 10 wherein the access component is configured to allow the user access to resources at or below the authorization level by retrieving one or more secure passwords associated with an authorization value at or below the authorization level.
  - 16. The system of claim 15 wherein the access component transfers the one or more secure passwords to a recipient authorization component without presenting the one or more secure passwords to the user and wherein each of the one or more secure passwords is a subset of a plurality of stored secure passwords and each of the plurality of stored secure passwords is associated with an authorization level.
  - 17. The system of claim 16 wherein the subset of the plurality of stored secure passwords is determined based on a resource requested by the user.

18. A system for authorizing a user, the system comprising:
- at least one memory and processor;
  
  means for determining two or more available user information entry devices from a plurality of different user information entry devices in communication with the system, wherein each of the determined two or more available user information entry devices is associated with a corresponding security level;
  
  means for receiving and verifying authorization information from the determined two or more available user information entry devices; and
  
  means for determining an authorization level, the authorization level resulting from combining the security levels corresponding to the determined two or more available user information entry devices.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, further comprising access means for allowing the user to access resources in accordance with the authorization level.
  - 20. The system according to claim 18 wherein at least one of the determined two or more available user information entry devices comprises a biometric authentication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Original Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Inventors
Hamid, Laurence, Hillhouse, Robert D.
Primary Examiner(s)
Darrow, Justin T

Application Number

US13/601,758
Publication Number

US 20120324234A1
Time in Patent Office

676 Days
Field of Search

713/166, 713/182, 713/184, 713/185, 713/186, 713/193, 380/286, 726/5, 726/6, 726/9, 726 16- 20
US Class Current

713/182
CPC Class Codes

G06F 21/31 User authentication

Flexible method of user authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible method of user authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links