Automated security token administrative services

US 9,215,224 B2
Filed: 04/08/2013
Issued: 12/15/2015
Est. Priority Date: 11/27/2002
Status: Expired due to Term

First Claim

Patent Images

1. A local client device in processing communications with a server, the local client device comprising:

one or more functionally connected user input devices;

a user interface that handles input and output with a user;

a memory for storing computer executable instructions;

a hardware processor coupled with the memory, the processor configured to execute the computer executable instructions to perform the operation comprising;

displaying available administrative security functions on the local client device;

receiving a selection from the user for an administrative security function from the displayed administrative security functions;

generating and sending an administrative access request to a server to perform the at least one administrative security function on a security token;

wherein the security token is separate from the local client device;

prompting the user for at least one user credential;

authenticating the user to the remote server, based on the at least one user credential;

in response to the server authenticating the user;

mediating the at least one administrative security function between the server, the client and the security token, wherein the server responds to the administrative access request by retrieving the at least one administrative function and sending the at least one administrative function to said local client device for routing into said security token and performing the at least one administrative function on the security token the at least one administrative security functionand wherein the at least one administrative access request includes authenticating the user to the server using the at least one credential without requiring the user to log on to an operating environment associated with the local client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.

13 Citations

28 Claims

1. A local client device in processing communications with a server, the local client device comprising:
- one or more functionally connected user input devices;
  
  a user interface that handles input and output with a user;
  
  a memory for storing computer executable instructions;
  
  a hardware processor coupled with the memory, the processor configured to execute the computer executable instructions to perform the operation comprising;
  
  displaying available administrative security functions on the local client device;
  
  receiving a selection from the user for an administrative security function from the displayed administrative security functions;
  
  generating and sending an administrative access request to a server to perform the at least one administrative security function on a security token;
  
  wherein the security token is separate from the local client device;
  
  prompting the user for at least one user credential;
  
  authenticating the user to the remote server, based on the at least one user credential;
  
  in response to the server authenticating the user;
  
  mediating the at least one administrative security function between the server, the client and the security token, wherein the server responds to the administrative access request by retrieving the at least one administrative function and sending the at least one administrative function to said local client device for routing into said security token and performing the at least one administrative function on the security token the at least one administrative security functionand wherein the at least one administrative access request includes authenticating the user to the server using the at least one credential without requiring the user to log on to an operating environment associated with the local client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The local client, according to claim 1 wherein the server and the local client mutually authenticate to each other.
  - 3. The local client, according to claim 2 wherein the server is authenticated to the local client using a public key infrastructure methodology.
  - 4. The local client, according to claim 2 wherein the security token is unlocked.
  - 5. The local client, according to claim 2 wherein diagnostics are performed on the security token.
  - 6. The local client, according to claim 2 wherein the security token is reactivated and deactivated.
  - 7. The local client, according to claim 2 wherein a replacement security token is requested.
  - 8. The local client, according to claim 2 wherein a temporary password is enabled.
  - 9. The local client, according to claim 2 wherein the user is automatically allowed access to the system resources and services.
  - 10. The local client, according to claim 2 wherein the user reports that the security token has been lost, damaged or stolen.
  - 11. The local client, according to claim 2 wherein the processing communications includes a secure communications protocol.
  - 12. The local client, according to claim 11 wherein the secure communications protocol includes SSL, SSH, TLS, WAP or IPSEC.
  - 13. The local client, according to claim 3 wherein the public key infrastructure methodology includes challenge/response authentication or digital certificate exchange.
  - 14. The local client, according to claim 2 wherein the at least one credential includes at least one of:
    - a passphrase, password, PIN, biometric scan, question and answer session.

15. A non-transitory computer readable medium containing software and provided in a local client device in processing communications with a server, the software performing a method comprising:
- displaying available administrative security functions on the local client device;
  
  receiving a selection from the user for an administrative security function from the displayed administrative security functions;
  
  generating and sending an administrative access request to the server to perform the at least one administrative security function to on a security token;
  
  wherein the security token is separate from the local client device;
  
  prompting the user for at least one user credential;
  
  authenticating the user to the remote server, based on the at least one user credential;
  
  in response to the server authenticating the user;
  
  mediating the at least one administrative security function between the server, the client and the security token, wherein the server responds to the administrative access request by retrieving the at least one administrative function and sending the at least one administrative function to said local client device for routing into said security token and performing the at least one administrative function on the security token the at least one administrative security functionand wherein the at least one administrative access request includes authenticating the user to the server using at least one credential without requiring the user to log on to an operating environment associated with the local client device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The non-transitory computer readable medium, according to claim 15 wherein the server and the local client mutually authenticate to each other.
  - 17. The non-transitory computer readable medium, according to claim 16 wherein the server is authenticated to the local client using a public key infrastructure methodology.
  - 18. The non-transitory computer readable medium, according to claim 17 wherein the public key infrastructure methodology includes challenge/response authentication or digital certificate exchange.
  - 19. The non-transitory computer readable medium, according to claim 16 wherein the security token is unlocked.
  - 20. The non-transitory computer readable medium, according to claim 16 wherein diagnostics are performed on the security token.
  - 21. The non-transitory computer readable medium, according to claim 16 wherein the security token is reactivated and deactivated.
  - 22. The non-transitory computer readable medium, according to claim 16 wherein a replacement security token is requested.
  - 23. The non-transitory computer readable medium, according to claim 16 wherein a temporary password is enabled.
  - 24. The non-transitory computer readable medium, according to claim 16 wherein the user is automatically allowed access to the system resources and services.
  - 25. The non-transitory computer readable medium, according to claim 16 wherein the user reports that the security token has been lost, damaged or stolen.
  - 26. The non-transitory computer readable medium, according to claim 16 wherein the processing communications includes a secure communications protocol.
  - 27. The non-transitory computer readable medium, according to claim 26 wherein the secure communications protocol includes SSL, SSH, TLS, WAP or IPSEC.
  - 28. The non-transitory computer readable medium, according to claim 16 wherein the at least one credential includes at least one of:
    - a passphrase, password, PIN, biometric scan, question and answer session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Band, Jamie Angus
Primary Examiner(s)
Tolentino, Roderick

Application Number

US13/858,464
Publication Number

US 20140096223A1
Time in Patent Office

981 Days
Field of Search

726 16- 20, 726 26- 29, 726 4- 9
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 21/45   Structures or tools for the...

G06F 21/604   Tools and structures for ma...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/4097   using mutual authentication...

G07F 7/1008   Active credit-cards provide...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/102 : Entity profiles

View All

Automated security token administrative services

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Automated security token administrative services

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links