Controlling access to a process using a separate hardware device
First Claim
Patent Images
1. A method for controlling access to a process to be executed on a data processing system, comprising:
- detecting a coupling of a security device to the data processing system, wherein the security device is a portable hand-held separate hardware device from the data processing system and stores a plurality of authentication data items for a plurality of processes that are executable on the data processing system, wherein each authentication data item is stored in the security device in association with an indicator of a corresponding process in the plurality of processes;
identifying, by an access agent executing on the data processing system, the process to be executed on the data processing system;
determining, by the access agent, whether an access script exists for the identified process in a corresponding authentication data item stored in the security device;
retrieving, by the access agent from the security device, in response to determining that an access script does exist for the process in the authentication data item, the authentication data item that is associated with the identified process to be executed on the data processing system based on an identifier of the process to be executed on the data processing system;
in response to retrieving the authentication data item, injecting, by the access agent, the retrieved authentication data item into the identified process, wherein each authentication data item comprises an access script defining a set of operations to be played back to automatically authenticate a user to a corresponding process; and
in response to determining that the access script does not exist for the identified process in a corresponding authentication data item, capturing, by the access agent, logon information entered by the user for the identified process and storing the logon information in a corresponding authentication data item in the security device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for automatic user authentication are described. The method includes receiving information at a device, the device including a credential container; storing the information at the credential container and performing cryptographic calculations on the received information and providing the encrypted information upon request.
-
Citations
18 Claims
-
1. A method for controlling access to a process to be executed on a data processing system, comprising:
-
detecting a coupling of a security device to the data processing system, wherein the security device is a portable hand-held separate hardware device from the data processing system and stores a plurality of authentication data items for a plurality of processes that are executable on the data processing system, wherein each authentication data item is stored in the security device in association with an indicator of a corresponding process in the plurality of processes; identifying, by an access agent executing on the data processing system, the process to be executed on the data processing system; determining, by the access agent, whether an access script exists for the identified process in a corresponding authentication data item stored in the security device; retrieving, by the access agent from the security device, in response to determining that an access script does exist for the process in the authentication data item, the authentication data item that is associated with the identified process to be executed on the data processing system based on an identifier of the process to be executed on the data processing system; in response to retrieving the authentication data item, injecting, by the access agent, the retrieved authentication data item into the identified process, wherein each authentication data item comprises an access script defining a set of operations to be played back to automatically authenticate a user to a corresponding process; and in response to determining that the access script does not exist for the identified process in a corresponding authentication data item, capturing, by the access agent, logon information entered by the user for the identified process and storing the logon information in a corresponding authentication data item in the security device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for controlling access to a process to be executed on a data processing system, comprising:
-
detecting a coupling of a security device to the data processing system, wherein the security device is a portable hand-held separate hardware device from the data processing system and stores a plurality of authentication data items for a plurality of processes that are executable on the data processing system, wherein each authentication data item is stored in the security device in association with an indicator of a corresponding process in the plurality of processes; identifying, by an access agent executing on the data processing system, the process to be executed on the data processing system; determining, by the access agent, whether the access script exists for the identified process in a corresponding authentication data item stored in the security device; retrieving, by the access agent from the security device, in response to determining that an access script does exist for the process in the authentication data item, the authentication data item that is associated with the identified process to be executed on the data processing system based on an identifier of the process to be executed on the data processing system; in response to retrieving the authentication data item, injecting, by the access agent, the retrieved authentication data item into the identified process, wherein the process to be executed is an application, and wherein injecting the retrieved authentication data item into the identified process comprises injecting the authentication data item into a login process associated with the application to automatically authenticate a user to the application; and in response to determining that the access script does not exist for the identified process in a corresponding authentication data item, capturing, by the access agent, logon information entered by the user for the identified process and storing the logon information in a corresponding authentication data item in the security device, wherein injecting the retrieved authentication data item into the login process comprises playing back the access script to thereby inject the user authentication data into the login process of the application. - View Dependent Claims (8)
-
-
9. A method for controlling access to a process to be executed on a data processing system, comprising:
-
detecting a coupling of a security device to the data processing system, wherein the security device is a portable hand-held separate hardware device from the data processing system and stores a plurality of authentication data items for a plurality of processes that are executable on the data processing system, wherein each authentication data item is stored in the security device in association with an indicator of a corresponding process in the plurality of processes; identifying, by the access agent executing on the data processing system, the process to be executed on the data processing system; determining, by the access agent, whether the access script exists for the identified process in a corresponding authentication data item stored in the security device; retrieving, by the access agent from the security device, in response to determining that an access script does exist for the process in the authentication data item, the authentication data item that is associated with the identified process to be executed on the data processing system based on an identifier of the process to be executed on the data processing system; in response to retrieving the authentication data item, injecting, by the access agent, the retrieved authentication data item into the identified process; and in response to determining that the access script does not exist for the identified process in a corresponding authentication data item; automatically capturing user authentication data input by a user into the data processing system for the identified process; automatically converting the user authentication data into a stronger form of user authentication data to be presented to the identified process; and automatically storing the stronger form of user authentication data in the security device as an authentication data item associated with the identified process, wherein automatically converting the user authentication data into a stronger form of user authentication data comprises at least one of automatically generating a longer password by adding alpha-numeric characters into a password of the user authentication data or generating a random password to be used instead of a password in the user authentication data. - View Dependent Claims (10)
-
-
11. A method for controlling access to a process to be executed on a data processing system, comprising:
-
detecting a coupling of a security device to the data processing system, wherein the security device is a portable hand-held separate hardware device from the data processing system and stores a plurality of authentication data items for a plurality of processes that are executable on the data processing system, wherein each authentication data item is stored in the security device in association with an indicator of a corresponding process in the plurality of processes; identifying, by the access agent executing on the data processing system, the process to be executed on the data processing system; determining, by the access agent, whether an access script exists for the identified process in a corresponding authentication data item stored in the security device; retrieving, by the access agent from the security device, in response to determining that the access script does exist for the process in the authentication data item, the authentication data item that is associated with the identified process to be executed on the data processing system based on an identifier of the process to be executed on the data processing system; in response to retrieving the authentication data item, injecting, by the access agent, the retrieved authentication data item into the identified process; and in response to determining that the access script does not exist for the identified process in a corresponding authentication data item, capturing, by the access agent, logon information entered by the user for the identified process and storing the logon information in a corresponding authentication data item in the security device, wherein the security device stores a trusted host list identifying remote computing devices with which the security device may operate, and wherein use of the security device is limited to processes associated with only remote computing devices identified in the trusted host list.
-
-
12. A portable hand-held security device for coupling to a computing device to authenticate a user of the portable hand-held security device to one or more processes via the computing device, comprising:
-
a first storage device that stores a plurality of authentication data items for a plurality of processes that are executable on a computing device, wherein each authentication data item is stored in the first storage device in association with an indicator of a corresponding process in the plurality of processes; a communication controller through which the computing device accesses the authentication data items stored in the first storage device; and an application program interface through which the computing device may access security device services, wherein the application program interface determines whether an access script exists for an identified process in a corresponding authentication data item stored in the portable hand-held security device and provides the corresponding authentication data item, from the first storage, to the computing device via the communication controller in response to determining that the access script exists for the identified process and wherein the application program interface injects the authentication data item, received from the security device, into the process to be executed on the computing device, wherein each authentication data item comprises the access script defining a set of operations to be played back to automatically authenticate a user to a corresponding process, and wherein in response to the application program interface determining that the access script does not exist for the identified process in a corresponding authentication data item, the application program interface captures logon information entered by the user for the identified process and stores the logon information in a corresponding authentication data item in the portable hand-held security device. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification