Controlling access to a secure resource based on user credentials and location

US 9,237,139 B2
Filed: 11/02/2007
Issued: 01/12/2016
Est. Priority Date: 11/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a protected network resource comprising the steps of:

receiving a request for access to the protected network resource and user credentials from a user connected to a network via a network access point located within a restricted area;

checking the user credentials against predetermined user information so as to authenticate the user;

checking whether the user is recorded as being within the restricted area;

allowing the user access to the protected network resource if the user credentials are authenticated and the user is recorded as being within the restricted area;

monitoring, using a computer, the user'"'"'s network connection and on detection that the user is disconnected from the network, recording the user as not located within the restricted area.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to a protected network resource is provided. Access is controlled as follows. User credentials received with a request from a user for access to the protected network resource are checked against predetermined user information so as to authenticate the user; The request is made via a network access point located within a restricted area. The recorded location of the user is checked to determine whether the user is recorded as being within the restricted area. Access to the protected network resource is allowed if the user credentials are authenticated and the user is recorded as being within the restricted area. The user'"'"'s network connection is monitored and, on detection that the user is disconnected from the network, the user is recorded as not located within the restricted area. Additional credentials are required from the user to support the user'"'"'s request when the user is not recorded as being within the restricted area.

20 Citations

View as Search Results

21 Claims

1. A method for controlling access to a protected network resource comprising the steps of:
- receiving a request for access to the protected network resource and user credentials from a user connected to a network via a network access point located within a restricted area;
  
  checking the user credentials against predetermined user information so as to authenticate the user;
  
  checking whether the user is recorded as being within the restricted area;
  
  allowing the user access to the protected network resource if the user credentials are authenticated and the user is recorded as being within the restricted area;
  
  monitoring, using a computer, the user'"'"'s network connection and on detection that the user is disconnected from the network, recording the user as not located within the restricted area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 16)
- - 2. A method as claimed in claim 1 including consulting an access control system for the restricted area as to whether the user is within the restricted area and recording the user'"'"'s location accordingly.
  - 3. A method as claimed in claim 2 including, on detection that the user is disconnected from the network, overwriting the record of the user'"'"'s location to indicate that the user is no longer within the restricted area.
  - 4. A method as claimed in claim 1 including establishing a database including information on the user'"'"'s location and network authentication status in which checking whether the user is recorded as being within the restricted area includes checking the database.
  - 5. A method as claimed in claim 1 including comparing the time of the recorded entry into the restricted area with the time of the request and allowing the user access to the protected network resource if the request occurs within a set time period after the recorded entry.
  - 6. A method as claimed in claim 1 including requiring additional credentials from the user to support the user'"'"'s request when the user is recorded as not being within the restricted area.
  - 7. A method as claimed in claim 1 in which the restricted area access control system records the user as having entered the restricted area following a successful challenge, in which the challenge comprises one or more of:
    - verifying a physical security token; and
      
      verifying security information provided by the user via a terminal.
  - 8. A method as claimed in claim 1 including the steps of detecting that the user is disconnected, receiving a new request for access and allowing the user access to the protected network resource if the user is recorded as re-entering the restricted area.
  - 9. A method as claimed in claim 1 in which the step of checking whether the user is recorded as being within the restricted area precedes checking the user credentials.
  - 16. A non-transitory computer-readable storage medium storing a computer program or suite of computer programs, which upon execution by one or more computers, performs the method steps as set out in claim 1.

10. An access controller for controlling access to a protected network resource in which the access controller is arranged for connection to a network access point located within a restricted area;
- in which the access controller is arranged to receive a request for access to the protected network resource and user credentials from a user connected to a network via the network access point;
  
  in which the access controller is arranged to check the user credentials against predetermined user information so as to authenticate the user and to check information from a restricted area access control system as to whether the user is recorded as being within the restricted area;
  
  in which the access controller is arranged to allow the user access to the protected network resource if the user credentials are authenticated and the user is recorded as being within the restricted area;
  
  in which the access controller is arranged to monitor the user'"'"'s network connection and on detecting disconnection of the user from the network, the access controller is arranged to record the user as not located within the restricted area.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. An access controller as claimed in claim 10 comprising a unit configured to access storage for storing user status information, in which the user status information comprises:
    - information from the restricted area access control system indicating that the user has registered their entry into the restricted area; and
      
      information from an authentication system indicating that the credentials supplied by the user have been accepted in which the access controller is arranged to update, upon detecting disconnection of the user from the network, the information from the restricted area access control system to indicate that the user has left the restricted area.
  - 12. An access controller as claimed in claim 10 which the information from the restricted area access control system indicating that the user has registered their entry into the restricted area derives from one of:
    - the user passing an access control point to enter the restricted area; and
      
      the user communicating with the restricted area access control system via a terminal.
  - 13. An access controller as claimed claim 10 arranged, upon determining that the user is recorded as not being within the restricted area, to require additional credentials from the user to support the user'"'"'s request.
  - 14. An access controller as claimed in claim 10 arranged to record the time of the user'"'"'s entry into the restricted area and the time of the request and to allow the user access to the protected network resource if the request occurs within a set time period after the entry.
  - 15. A computer network comprising the access controller of claim 10.

17. A system configured to control access to a protected network resource in which the system is arranged for connection to a network access point located within a restricted area, the system comprising:
- a computer configured to;
  
  receive a request for access to the protected network resource and user credentials from a user connected to a network via the network access point;
  
  check the user credentials against predetermined user information so as to authenticate the user and check information from a restricted area access control system as to whether the user is recorded as being within the restricted area;
  
  allow the user access to the protected network resource if the user credentials are authenticated and the user is recorded as being within the restricted area;
  
  monitor the user'"'"'s network connection; and
  
  on detecting disconnection of the user from the network, record the user as not located within the restricted area.
- View Dependent Claims (18, 19, 20, 21)
- - 18. A system as in claim 17 wherein the computer is further configured to:
    - access storage for storing user status information, in which the user status information comprises;
      
      information from the restricted area access control system indicating that the user has registered their entry into the restricted area; and
      
      information from an authentication system indicating that the credentials supplied by the user have been accepted in which the computer is further configured to update, upon detecting disconnection of the user from the network, the information from the restricted area access control system to indicate that the user has left the restricted area.
  - 19. The system as in claim 17 wherein the information from the restricted area access control system indicating that the user has registered their entry into the restricted area derives from one of:
    - the user passing an access control point to enter the restricted area, and the user communicating with the restricted area access control system via a terminal.
  - 20. The system as in claim 17 wherein the computer is further configured to, upon determining that the user is recorded as not being within the restricted area, require additional credentials from the user to support the user'"'"'s request.
  - 21. The system as in claim 17 wherein the computer is further configured to record the time of the user'"'"'s entry into the restricted area and the time of the request and allow the user access to the protected network resource if the request occurs within a set time period after the entry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Shaikh, Imran
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US12/516,419
Publication Number

US 20100031334A1
Time in Patent Office

2,993 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

G06F 2221/2151   Time stamp

G07C 9/27   with central registration

G07C 9/33   by means of a password

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04W 12/084   using delegated authorisati...

H04W 48/04   based on user or terminal l...

Controlling access to a secure resource based on user credentials and location

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Controlling access to a secure resource based on user credentials and location

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others