Ongoing authentication and access control with network access device

US 9,092,605 B2
Filed: 03/15/2013
Issued: 07/28/2015
Est. Priority Date: 04/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for securing network access, the method comprising:

granting, by a server, access to a user after authenticating a login request from the user sent from a secured computer device to the server to validate an identification of the user, wherein the secured computer device is connected via the Internet to a network access device that controls network access from the Internet to an intranet that provides network connectivity to the server;

receiving, by the server via the intranet, a network access request from the network access device for allowing the user to access the server through the network access device;

sending from the server a network access granted for the user to the network access device, wherein the secured computer device performs periodic authentication operations to validate the identification of the user based on biometric data taken of the user;

receiving at the network access device notification from the secured computer device that one of the periodic authentication operations has failed;

disabling, by the network access device, network access for the secured computer device to the intranet and the server in response to the notification, wherein access from the secured computer device to the Internet is not disabled;

recording images of the user taken while the user is operating the secured computer device;

recording screen captures of a display coupled to the secured computer device while access is granted to the user;

recording user inputs to the secured computer device while access is granted to the user; and

performing optical character recognition (OCR) to identify text in the screen captures, wherein operations of the method are executed by a processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are presented for securing network access. One method includes operations for granting a user access to remote computer resources after authenticating a login request from the user sent from a secured computer device, and for receiving a network access request from a network access device to allow the user access through the network access device. A network access granted message is sent to the network access device when the user currently has been granted access to the remote computer resources, where the secured computer device performs periodic authentication operations to validate an identification of the user based on biometric data taken of the user. Further, the method includes operations for receiving notification from the secured computer device that one of the authentication operations has failed, and for sending a network access denied for the user to the network access device in response to the notification.

Citations

18 Claims

1. A method for securing network access, the method comprising:
- granting, by a server, access to a user after authenticating a login request from the user sent from a secured computer device to the server to validate an identification of the user, wherein the secured computer device is connected via the Internet to a network access device that controls network access from the Internet to an intranet that provides network connectivity to the server;
  
  receiving, by the server via the intranet, a network access request from the network access device for allowing the user to access the server through the network access device;
  
  sending from the server a network access granted for the user to the network access device, wherein the secured computer device performs periodic authentication operations to validate the identification of the user based on biometric data taken of the user;
  
  receiving at the network access device notification from the secured computer device that one of the periodic authentication operations has failed;
  
  disabling, by the network access device, network access for the secured computer device to the intranet and the server in response to the notification, wherein access from the secured computer device to the Internet is not disabled;
  
  recording images of the user taken while the user is operating the secured computer device;
  
  recording screen captures of a display coupled to the secured computer device while access is granted to the user;
  
  recording user inputs to the secured computer device while access is granted to the user; and
  
  performing optical character recognition (OCR) to identify text in the screen captures, wherein operations of the method are executed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein the biometric data includes images of the user taken while the user is operating the secured computer device.
  - 3. The method as recited in claim 2, wherein the authentication operations include performing face recognition of the images of the user.
  - 4. The method as recited in claim 1, wherein the network access device enables network communications from the secured computer device to the server for the login request before receiving the network access granted and the network access device disables network communications from the secured computer device to the server that are not for the login request.
  - 5. The method as recited in claim 1, wherein the login request entered in the secured computer device further includes performing one or more of face recognition on an image of the user to validate an identity of the user, or receiving biometric signals authentication including one or more of iris or brain signals.
  - 6. The method as recited in claim 1, wherein a first authentication operation fails when the user looks away from a monitor coupled to the secured computer device.
  - 7. The method as recited in claim 6, wherein a second authentication operation is successful when the user looks back to the monitor.
  - 8. The method as recited in claim 6, wherein a third authentication operation fails when a second user is detected looking at the monitor.
  - 9. The method as recited in claim 1, wherein the periodic authentication operations are performed at an interval in a range from thirty-times-per-second to 120 seconds.
  - 10. The method as recited in claim 1, further including:
    - binding the recorded images, the recorded screen captures, the recorded user inputs, and the identified text to define audit data for actions taken by the user while access is granted.

11. A method for securing network access, the method comprising:
- granting, by a server, access to a user after authenticating a login request from the user sent from a secured computer device to the server to validate an identification of the user, wherein the secured computer device is connected via the Internet to a network access device that controls network access from the Internet to an intranet that provides network connectivity to the server;
  
  receiving, by the server via the intranet, a network access request from the network access device for allowing the user to access the server through the network access device;
  
  sending from the server a network access granted for the user to the network access device, wherein the secured computer device performs periodic authentication operations to validate the identification of the user based on biometric data taken of the user, wherein the secured computer device notifies the network access device when one of the authentication operations has failed, wherein the network access device denies intranet access and server access for the user in response to the notification, wherein access from the secured computer device to the Internet is not disabled;
  
  recording images of the user taken while the user is operating the secured computer device;
  
  recording screen captures of a display coupled to the secured computer device while access is granted to the user; and
  
  recording user inputs to the secured computer device while access is granted to the user; and
  
  performing optical character recognition (OCR) to identify text in the screen captures, wherein operations of the method are executed by a processor.
- View Dependent Claims (12)
- - 12. The method as recited in claim 11, further including:
    - binding the recorded images, the recorded screen captures, the recorded user inputs, and the identified text to define audit data for actions taken by the user while access is granted.

13. A non-transitory computer-readable storage medium embedded with a computer program to be executed by one or more processors for securing network access, the computer program comprising:
- program instructions for granting, by a server, access to a user after authenticating a login request from the user sent from a secured computer device to the server to validate an identification of the user, wherein the secured computer device is connected via the Internet to a network access device that controls network access from the Internet to an intranet that provides network connectivity to the server;
  
  program instructions for receiving, by the server via the intranet, a network access request from the network access device for allowing the user to access the server through the network access device;
  
  program instructions for sending from the server a network access granted for the user to the network access device, wherein the secured computer device performs periodic authentication operations to validate the identification of the user based on biometric data taken of the user;
  
  program instructions for receiving at the network access device notification from the secured computer device that one of the periodic authentication operations has failed;
  
  program instructions for disabling, by the network access device, network access for the secured computer device to the intranet and the server in response to the notification, wherein access from the secured computer device to the Internet is not disabled;
  
  program instructions for recording images of the user taken while the user is operating the secured computer device;
  
  program instructions for recording screen captures of a display coupled to the secured computer device while access is granted to the user;
  
  program instructions for recording user inputs to the secured computer device while access is granted to the user; and
  
  program instructions for performing optical character recognition (OCR) to identify text in the screen captures.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The storage medium as recited in claim 13, wherein the biometric data includes images of the user taken while the user is operating the secured computer device.
  - 15. The storage medium as recited in claim 14, wherein the authentication operations include performing face recognition of the images of the user.
  - 16. The storage medium as recited in claim 13, wherein the network access device enables network communications from the secured computer device to the server for the login request before receiving the network access granted and the network access device disables network communications from the secured computer device to the server that are not for the login request.
  - 17. The storage medium as recited in claim 13, wherein the login request entered in the secured computer device further includes performing face recognition on an image of the user to validate an identity of the user.
  - 18. The storage medium as recited in claim 13, further including:
    - program instructions for binding the recorded images, the recorded screen captures, the recorded user inputs, and the identified text to define audit data for actions taken by the user while access is granted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NSS Lab Works LLC
Original Assignee
NSS Lab Works LLC
Inventors
Sambamurthy, Namakkal S., Krishnan, Parthasarathy
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
MURPHY, JOSEPH B

Application Number

US13/844,427
Publication Number

US 20140282965A1
Time in Patent Office

865 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2139   Recurrent verification

H04L 63/0861   using biometrical features,...

Ongoing authentication and access control with network access device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Ongoing authentication and access control with network access device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links