Flexible method of user authentication

DC CAFC

US 9,098,685 B2
Filed: 05/19/2004
Issued: 08/04/2015
Est. Priority Date: 07/25/2000
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of authorizing a user to access a workstation using a security server, the method comprising:

receiving security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation;

determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;

determining an authorization method for authorizing the user, wherein the authorization method is determined from the determined security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;

receiving user identification data; and

registering the user identification data against stored user data in accordance with the determined authorization method, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.

Citations

23 Claims

1. A method of authorizing a user to access a workstation using a security server, the method comprising:
- receiving security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation;
  
  determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
  
  determining an authorization method for authorizing the user, wherein the authorization method is determined from the determined security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
  
  receiving user identification data; and
  
  registering the user identification data against stored user data in accordance with the determined authorization method, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1 wherein the authorization method comprises prompting the user to provide the user identification data at random time intervals.
  - 3. The method according to claim 1 wherein the security data comprises the geographic location of the workstation.
  - 4. The method according to claim 3, further comprising analyzing the geographic location of the workstation and, based on the analysis, determining whether the workstation is in a secure location.
  - 5. The method according to claim 1 wherein the security data further comprises data relating to available user data input devices for providing input to the workstation.
  - 6. The method according to claim 1 wherein the security data further comprises data identifying a type of secured data being requested from the security server by the workstation.
  - 7. The method according to claim 1 wherein the user identification data is biometric data.
  - 8. The method according to claim 1, further comprising allowing the user to access secured data in accordance with the determined authorization method.

9. A method of authorizing a user to access secure data having a predetermined level of security via a workstation, the method comprising:
- acquiring security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the secure data, a geographic location of the workstation, or a time of access of the workstation, and wherein the security data is different for the workstation under different security-affecting operating conditions;
  
  determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the acquired indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
  
  determining an authorization method for authorizing the user, wherein the authorization method is selected from a plurality of authorization methods based on the security data and the determined security policy; and
  
  authorizing the user with the authorization method for providing access to the secure data via the workstation, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method according to claim 9 wherein the authorizing comprises prompting the user to provide user identification data at random time intervals.
  - 11. The method according to claim 9 wherein the security data comprises the geographic location of the workstation.
  - 12. The method according to claim 11, further comprising analyzing the geographic location of the workstation and, based on the analysis, determining whether the workstation is in a secure location.
  - 13. The method according to claim 9 wherein the security data further comprises data relating to available user data input devices for providing input to the workstation.
  - 14. The method according to claim 9 wherein the security data further comprises data identifying a type of secure data being accessed by the user.
  - 15. The method according to claim 9 wherein the authorizing comprises providing biometric data of the user to a biometric authentication device.
  - 16. The method according to claim 9, further comprising allowing the user to access the secure data in accordance with the determined authorization method.

17. A system for authorizing a user to access secure data having a predetermined level of security, the system comprising:
- a workstation configured to provide security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the secure data, a geographic location of the workstation, or a time of access of the workstation, and wherein the security data is different for the workstation under different security-affecting operating conditions;
  
  a security server configured to—
  
  determine a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and
  
  determine an authorization method for a user of the workstation, wherein—
  
  the authorization method provides at least a predetermined level of security corresponding to the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and
  
  the authorization method is selected from a plurality of authorization methods based on the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and
  
  different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user;
  
  wherein the workstation is further configured to provide user identification data in accordance with the determined authorization method; and
  
  wherein the server is further configured to use the user identification data to authorize the user in accordance with the authorization method.
- View Dependent Claims (18)
- - 18. The system according to claim 17 wherein—
    - the determined authorization method specifies a biometric authentication device; and
      
      the workstation comprises the biometric authentication device which the workstation uses to obtain the user identification data in accordance with the determined authorization method.

19. A computer-readable storage device having instructions stored thereon, the instructions comprising:
- instructions for receiving security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation;
  
  instructions for determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
  
  instructions for determining an authorization method for authorizing the user, wherein the authorization method is determined from the security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
  
  instructions for receiving user identification data; and
  
  instructions for registering the user identification data against stored user data in accordance with the determined authorization method to authorize the user, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.

20. A security server for authorizing a user to access secure data having a predetermined level of security via a user workstation, the security server comprising:
- an input device configured to receive security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the user workstation and the secure data, a geographic location of the user workstation, or a time of access of the user workstation, and wherein the security data is different for the user workstation under different security affecting operating conditions; and
  
  a processing device configured to;
  
  determine a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstations;
  
  determine an authorization method for authorizing the user workstation, wherein the authorization method is selected from a plurality of different authorization methods based on receipt of different security data and the determined security policy, and wherein the security data does not include identification information for a particular user, and wherein the provided access has at least the predetermined level of security.
- View Dependent Claims (21)
- - 21. The security server according to claim 20 wherein the input device receives biometric data of the user from a biometric authentication device and provides the biometric data to the processing device for processing in accordance with the authorization method.

22. A security server for authorizing a user to access a workstation, the security server comprising:
- an input device that receives security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation; and
  
  a processing device that—
  
  determines a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
  
  determines an authorization method for authorizing the user, wherein the authorization method is determined from the determined security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and
  
  registers user identification data provided by the user against stored user data in accordance with the determined authorization method to authorize the user, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.
- View Dependent Claims (23)
- - 23. The security server according to claim 22 wherein the input device receives biometric data of the user from a biometric authentication device and provides the biometric data to the processing device as the user identification data for registration in accordance with the determined authorization method.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
HID Global Corporation (Assa Abloy AB)
Original Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Inventors
Hamid, Laurence
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US10/847,884
Publication Number

US 20040215980A1
Time in Patent Office

4,094 Days
Field of Search

726/2, 726/1, 726/26
US Class Current

1/1
CPC Class Codes

G06F 21/31 User authentication

G06F 21/6218 to a system of files or obj...

Flexible method of user authentication

First Claim

8 Assignments

Litigations

1 Petition

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible method of user authentication

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links