Flexible method of user authentication
DC CAFCFirst Claim
Patent Images
1. A method of authorizing a user to access a workstation using a security server, the method comprising:
- receiving security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation;
determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
determining an authorization method for authorizing the user, wherein the authorization method is determined from the determined security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation;
receiving user identification data; and
registering the user identification data against stored user data in accordance with the determined authorization method, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.
8 Assignments
Litigations
1 Petition
Accused Products
Abstract
A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.
-
Citations
23 Claims
-
1. A method of authorizing a user to access a workstation using a security server, the method comprising:
-
receiving security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation; determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; determining an authorization method for authorizing the user, wherein the authorization method is determined from the determined security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; receiving user identification data; and registering the user identification data against stored user data in accordance with the determined authorization method, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of authorizing a user to access secure data having a predetermined level of security via a workstation, the method comprising:
-
acquiring security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the secure data, a geographic location of the workstation, or a time of access of the workstation, and wherein the security data is different for the workstation under different security-affecting operating conditions; determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the acquired indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; determining an authorization method for authorizing the user, wherein the authorization method is selected from a plurality of authorization methods based on the security data and the determined security policy; and authorizing the user with the authorization method for providing access to the secure data via the workstation, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for authorizing a user to access secure data having a predetermined level of security, the system comprising:
-
a workstation configured to provide security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the secure data, a geographic location of the workstation, or a time of access of the workstation, and wherein the security data is different for the workstation under different security-affecting operating conditions; a security server configured to— determine a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and determine an authorization method for a user of the workstation, wherein— the authorization method provides at least a predetermined level of security corresponding to the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and the authorization method is selected from a plurality of authorization methods based on the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user; wherein the workstation is further configured to provide user identification data in accordance with the determined authorization method; and wherein the server is further configured to use the user identification data to authorize the user in accordance with the authorization method. - View Dependent Claims (18)
-
-
19. A computer-readable storage device having instructions stored thereon, the instructions comprising:
-
instructions for receiving security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation; instructions for determining a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; instructions for determining an authorization method for authorizing the user, wherein the authorization method is determined from the security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; instructions for receiving user identification data; and instructions for registering the user identification data against stored user data in accordance with the determined authorization method to authorize the user, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user.
-
-
20. A security server for authorizing a user to access secure data having a predetermined level of security via a user workstation, the security server comprising:
-
an input device configured to receive security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the user workstation and the secure data, a geographic location of the user workstation, or a time of access of the user workstation, and wherein the security data is different for the user workstation under different security affecting operating conditions; and a processing device configured to; determine a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstations; determine an authorization method for authorizing the user workstation, wherein the authorization method is selected from a plurality of different authorization methods based on receipt of different security data and the determined security policy, and wherein the security data does not include identification information for a particular user, and wherein the provided access has at least the predetermined level of security. - View Dependent Claims (21)
-
-
22. A security server for authorizing a user to access a workstation, the security server comprising:
-
an input device that receives security data relating to computing conditions in which an authorization will be performed, wherein the security data comprises at least one indication of a type of communication link between the workstation and the security server, a geographic location of the workstation, or a time of access of the workstation; and a processing device that— determines a security policy from a plurality of predetermined security policies based on previously stored policy data and the indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; determines an authorization method for authorizing the user, wherein the authorization method is determined from the determined security policy in accordance with the received indication of the type of communication link between the workstation and the security server, the geographic location of the workstation, or the time of access of the workstation; and registers user identification data provided by the user against stored user data in accordance with the determined authorization method to authorize the user, wherein different authorization methods for authorizing the user are determined upon receipt of different security data, and wherein the security data does not include identification information for a particular user. - View Dependent Claims (23)
-
Specification