Network access protection

US 9,047,458 B2
Filed: 05/20/2010
Issued: 06/02/2015
Est. Priority Date: 06/19/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a server, an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password;

serving an executable object to the client machine operable to generate a client machine identifier comprising a machine fingerprint in response to receiving the access request, wherein the machine fingerprint is generated using at least one user-configurable machine parameter of the client machine, and at least one non-user-configurable machine parameter of the client machine;

obtaining the client machine identifier from the client machine; and

controlling access to the network resource in response to the access request, by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information;

wherein the at least one non-user-configurable machine parameter includes at least one selected from a group consisting essentially of;

a measure of carbon degradation of a component of the client machine, a measure of silicon degradation of a component of the client machine, data representing one or more failures of one or more components of the client machine, and data representing one or more bad sectors of a component of the client machine.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system or method for network access protection executes steps for receiving, at a server, an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password, obtaining a client machine identifier from the client machine in response to receiving the request for access, and controlling access to the network resource in response to the access request by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information.

195 Citations

17 Claims

1. A method comprising:
- receiving, at a server, an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password;
  
  serving an executable object to the client machine operable to generate a client machine identifier comprising a machine fingerprint in response to receiving the access request, wherein the machine fingerprint is generated using at least one user-configurable machine parameter of the client machine, and at least one non-user-configurable machine parameter of the client machine;
  
  obtaining the client machine identifier from the client machine; and
  
  controlling access to the network resource in response to the access request, by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information;
  
  wherein the at least one non-user-configurable machine parameter includes at least one selected from a group consisting essentially of;
  
  a measure of carbon degradation of a component of the client machine, a measure of silicon degradation of a component of the client machine, data representing one or more failures of one or more components of the client machine, and data representing one or more bad sectors of a component of the client machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising registering a client machine identifier received from the client machine in an initial registration session.
  - 3. The method of claim 1, further comprising maintaining a registry of account identifiers and client machine identifiers for use by the server in authorizing access to the network resource, wherein the registry associates each of the client machine identifiers with an at least one account identifier.
  - 4. The method of claim 1, wherein the executable object on the client machine is operable to generate the client machine identifier by reading system data indicating a current system configuration of the client machine.
  - 5. The method of claim 4, wherein the executable object activated on the client machine is further operable to process the system data to develop the client machine identifier.
  - 6. The method of claim 1, further comprising activating the executable object by transmitting an activation signal from the server to the client machine, the activation signal operable to activate the executable object stored in a memory of the client machine.
  - 7. The method of claim 1, further comprising maintaining a registry of addresses for different network resources, including the at least one network resource, identifying one or more account identifiers authorized for access to one or more different network resources.

8. A system for controlling access to network resources in response to access requests, the system comprising:
- a processor;
  
  at least one computer-readable medium that is operatively coupled to the processor;
  
  an access management application that is stored in the computer-readable medium, is at least partially executable by the processor from the memory, and, when executed by the processor, causes the system to control access to the network resources in response to access requests by at least;
  
  processing an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password;
  
  serving an executable object to the client machine operable to generate a client machine identifier comprising a machine fingerprint in response to receiving the access request, wherein the machine fingerprint is generated using at least one user-configurable machine parameter of the client machine, and at least one non-user-configurable machine parameter of the client machine;
  
  obtaining the client machine identifier from the client machine;
  
  controlling access to the network resource in response to the access request, responsive to determining whether or not the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account;
  
  wherein the at least one non-user-configurable machine parameter includes at least one selected from a group consisting essentially of;
  
  a measure of carbon degradation of a component of the client machine, a measure of silicon degradation of a component of the client machine, data representing one or more failures of one or more components of the client machine, and data representing one or more bad sectors of a component of the client machine.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8 wherein the access management application, when executed by the processor, causes the system to control access to the network resources in response to access requests by at least also:
    - registering a client machine identifier received from the client machine in an initial registration session.
  - 10. The system of claim 8 wherein the access management application, when executed by the processor, causes the system to control access to the network resources in response to access requests by at least also:
    - maintaining a registry of account identifiers and client machine identifiers for use by the means for authorizing access to the network resource, wherein the registry associates each of the client machine identifiers with an at least one account identifier.
  - 11. The system of claim 8 wherein the executable object on the client machine is operable to generate the client machine identifier by reading system data indicating a current system configuration of the client machine.

12. Anon-transitory computer-readable medium encoded with software, that when executed by a processor, causes a computer to perform the functions of:
- receiving an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password;
  
  serving an executable object to the client machine operable to generate a client machine identifier comprising a machine fingerprint in response to receiving the access request, wherein the machine fingerprint is generated using at least one user-configurable machine parameter of the client machine, and at least one non-user-configurable machine parameter of the client machine;
  
  obtaining the client machine identifier from the client machine; and
  
  controlling access to the network resource in response to the access request, by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information;
  
  wherein the at least one non-user-configurable machine parameter includes at least one selected from a group consisting essentially of;
  
  a measure of carbon degradation of a component of the client machine, a measure of silicon degradation of a component of the client machine, data representing one or more failures of one or more components of the client machine, and data representing one or more bad sectors of a component of the client machine.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer-readable medium of claim 12, further encoded with software configured to cause the computer to register a client machine identifier received from the client machine in an initial registration session.
  - 14. The computer-readable medium of claim 12, further encoded with software configured to cause the computer to access a registry of account identifiers and client machine identifiers when authorizing access to the network resource, wherein the registry associates each of the client machine identifiers with an at least one account identifier.
  - 15. The computer-readable medium of claim 12, wherein the executable object on the client machine is operable to generate the client machine identifier by reading system data indicating a current system configuration of the client machine.
  - 16. The computer-readable medium of claim 12, further encoded with software configured to cause the computer to activate the executable object by transmitting an activation signal from the computer to the client machine, the activation signal operable to activate the executable object stored in a memory of the client machine.
  - 17. The computer-readable medium of claim 12, further encoded with software configured to cause the computer to access a registry of addresses for different network resources, including the at least one network resource, associated with particular account identifiers, to determine if the access request should be authorized for access to one or more different network resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptosoft Limited
Original Assignee
DeviceAuthority Inc. (f/k/a NetAuthority, Inc.) (Device Authority Ltd.)
Inventors
Etchegoyen, Craig S.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US12/784,455
Publication Number

US 20100325710A1
Time in Patent Office

1,839 Days
Field of Search

726/2, 726/7, 726 27- 29
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/73   by creating or determining ...

Network access protection

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

195 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Network access protection

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links