Method for managing access to protected computer resources

US 9,369,469 B2
Filed: 11/21/2014
Issued: 06/14/2016
Est. Priority Date: 06/11/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:

receiving, at the at least one authentication server from at least one access server, identity data associated with at least one client computer device;

comparing, by the at least one authentication server, the identity data associated with the at least one client computer device to identity data stored in a database associated with the at least one authentication server;

sending, by the at least one access server to the at least one client computer device, a challenge;

receiving, at the at least one access server, a response from the at least one client computer device;

comparing, at the at least one access server, the challenge and the response;

receiving, by at least one server associated with the at least one authentication server, a request for the protected computer resources from the at least one client computer device;

authorizing, by one of the at least one server associated with the at least one authentication server and another at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device based on data associated with the protected computer resources stored in at least one database associated with one of the at least one server associated with the at least one authentication server and the another at least one server associated with the at least one authentication server; and

controlling access, by one of the at least one server associated with the at least one authentication server, the another at least one server associated with the at least one authentication server, and yet another at least one server associated with the at least one authentication server, to the at least a portion of the protected computer resources upon successfully comparing the identity data associated with the at least one client computer device and the identity data stored in the database associated with the at least one authentication server, and upon successful authorization of the at least one client computer device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

Citations

55 Claims

1. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
- receiving, at the at least one authentication server from at least one access server, identity data associated with at least one client computer device;
  
  comparing, by the at least one authentication server, the identity data associated with the at least one client computer device to identity data stored in a database associated with the at least one authentication server;
  
  sending, by the at least one access server to the at least one client computer device, a challenge;
  
  receiving, at the at least one access server, a response from the at least one client computer device;
  
  comparing, at the at least one access server, the challenge and the response;
  
  receiving, by at least one server associated with the at least one authentication server, a request for the protected computer resources from the at least one client computer device;
  
  authorizing, by one of the at least one server associated with the at least one authentication server and another at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device based on data associated with the protected computer resources stored in at least one database associated with one of the at least one server associated with the at least one authentication server and the another at least one server associated with the at least one authentication server; and
  
  controlling access, by one of the at least one server associated with the at least one authentication server, the another at least one server associated with the at least one authentication server, and yet another at least one server associated with the at least one authentication server, to the at least a portion of the protected computer resources upon successfully comparing the identity data associated with the at least one client computer device and the identity data stored in the database associated with the at least one authentication server, and upon successful authorization of the at least one client computer device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising deriving the identity data associated with the at least one client computer device from one of an external device and an external object connected to the at least one client computer device.
  - 3. The method of claim 2, wherein the one of an external device and an external object is a subscriber identity module.
  - 4. The method of claim 1, wherein the identity data associated with the at least one client computer device is derived from a subscriber identity module.
  - 5. The method of claim 1, wherein at least one of the functions of the at least one authentication server is performed by another server associated with the at least one authentication server.
  - 6. The method of claim 1, further comprising storing at least one phone number in a database associated with the at least one server associated with the at least one authentication server.
  - 7. The method of claim 1, further comprising storing at least one cellular phone number in a database associated with the at least one server associated with the at least one authentication server.
  - 8. The method of claim 7, further comprising comparing, at the at least one server associated with the at least one authentication server, at least a portion of the identity data associated with the at least one client computer device to the at least one cellular phone number stored in the database associated with the at least one server associated with the at least one authentication server.
  - 9. The method of claim 7, further comprising comparing, at the at least one server associated with the at least one authentication server, at least a portion of the identity data associated with the at least one client computer device to a number stored in the database associated with the at least one server associated with the at least one authentication server, the number comprising a portion of the at least one cellular phone number.
  - 10. The method of claim 1, further comprising assigning one of a plurality of authorization levels to the at least a portion of the protected computer resources, assigning a particular authorization level to the identity data associated with the at least one client computer device, and only controlling access to particular protected computer resources by the at least one client computer device controlled by the particular authorization level.
  - 11. The method of claim 1, wherein the Internet Protocol network comprises the Internet.
  - 12. The method of claim 1, further comprising generating the identity data associated with the at least one client computer device from at least one internal hardware component of the at least one client computer device.
  - 13. The method of claim 1, wherein the identity data associated with the at least one client computer device is unique to the at least one client computer device.
  - 14. The method of claim 1, further comprising providing, by at least one of a plurality of multiple servers associated with the at least one access server, the at least the portion of the requested protected computer resources to the at least one client computer device upon the at least one authentication server controlling access to the at least the portion of protected computer resources.
  - 15. The method of claim 1, wherein the at least one client computer device is adapted to authenticate the at least one access server.
  - 16. The method of claim 1, wherein the at least one server associated with the authentication server is adapted to assign one of a plurality of authorization levels to the at least a portion of the protected computer resources, is adapted to assign a particular authorization level to the identity data associated with the at least one client computer device, and is adapted to only control access to particular protected computer resources by the at least one client computer device controlled by the particular authorization level.
  - 17. The method of claim 1, further comprising assigning, by one of the at least one server associated with the at least one authentication server, the another at least one server associated with the at least one authentication server, and the yet another at least one server associated with the at least one authentication server, one of a plurality of authorization levels to the at least a portion of the protected computer resources, and a particular authorization level to the identity data associated with the at least one client computer device, and only controlling access, by one of the at least one server associated with the authentication server, the another at least one server associated with the at least one authentication server, and the yet another at least one server associated with the at least one authentication server, to particular protected computer resources by the at least one client computer device according to the particular authorization level.
  - 18. The method of claim 1, wherein at least one of the at least one access server and a server associated with the at least one authentication server is adapted to acquire, for billing purposes, usage data of the at least a portion of the protected computer resources provided to the at least one client computer device.
  - 19. The method of claim 1, wherein the at least one access server is adapted to receive the identity data associated with the at least one client computer device via a network utilizing at least one Internet Protocol.
  - 20. The method of claim 1, wherein the at least the portion of the protected computer resources are provided via a network utilizing at least one Internet Protocol to the at least one client computer device by at least one server computer associated with the at least one access server upon the at least one authentication server controlling access to the at least the portion of the protected computer resources.
  - 21. The method of claim 1, wherein the authorization function is performed by another server associated with the at least one authentication server.

22. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
- receiving, at the at least one authentication server from at least one access server, identity data associated with the at least one access server;
  
  comparing, by the at least one authentication server, the identity data associated with the at least one access server to identity data stored in a database associated with the at least one authentication server;
  
  receiving, at the at least one authentication server from the at least one access server, identity data associated with at least one client computer device;
  
  comparing, by the at least one authentication server, the identity data associated with the at least one client computer device to identity data stored in another database associated with the at least one authentication server;
  
  sending, by the at least one access server to the at least one client computer device, a challenge;
  
  receiving, at the at least one access server, a response from the at least one client computer device;
  
  comparing, at the at least one access server, the challenge and the response;
  
  receiving, by at least one server associated with the at least one authentication server, a request for the protected computer resources from the at least one client computer device;
  
  authorizing, by one of the at least one server associated with the at least one authentication server and another at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device based on data associated with the protected computer resources stored in at least one database associated with one of the at least one server associated with the at least one authentication server and the another at least one server associated with the at least one authentication server; and
  
  controlling access, by one of the at least one server associated with the at least one authentication server, the another at least one server associated with the at least one authentication server, and yet another at least one server associated with the at least one authentication server, to the at least a portion of the protected computer resources upon successfully comparing the identity data associated with the at least one client computer device and the identity data stored in the another database associated with the at least one authentication server, and upon successful authorization of the at least one client computer device.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 23. The method of claim 22, further comprising deriving the identity data associated with the at least one client computer device from one of an external device and an external object connected to the at least one client computer device.
  - 24. The method of claim 22, further comprising deriving the identity data associated with the at least one client computer device from one of an external device and an external object inserted into a reader.
  - 25. The method of claim 23, wherein the one of an external device and an external object is a subscriber identity module.
  - 26. The method of claim 22, wherein at least one of the functions of the at least one authentication server is performed by another server associated with the at least one authentication server.
  - 27. The method of claim 22, further comprising assigning one of a plurality of authorization levels to the at least a portion of the protected computer resources, assigning a particular authorization level to the identity data associated with the at least one client computer device, and only controlling access to particular protected computer resources by the at least one client computer device controlled by the particular authorization level.
  - 28. The method of claim 22, wherein the Internet Protocol network comprises the Internet.
  - 29. The method of claim 22, further comprising generating the identity data associated with the at least one client computer device from at least one internal hardware component of the at least one client computer device.
  - 30. The method of claim 22, wherein the identity data associated with the at least one client computer device is unique to the at least one client computer device.
  - 31. The method of claim 22, further comprising providing, by at least one of a plurality of multiple servers associated with the at least one access server, the at least the portion of the requested protected computer resources to the at least one client computer device upon the at least one authentication server controlling access to the at least the portion of protected computer resources.
  - 32. The method of claim 22, wherein the at least one client computer device is adapted to authenticate the at least one access server.
  - 33. The method of claim 22, wherein one of the at least one server associated with the at least one authentication server, the another at least one server associated with the at least one authentication server, and the yet another at least one server associated with the at least one authentication server is adapted to assign one of a plurality of authorization levels to the at least a portion of the protected computer resources, is adapted to assign a particular authorization level to the identity data associated with the at least one client computer device, and is adapted to only control access to particular protected computer resources by the at least one client computer device controlled by the particular authorization level.
  - 34. The method of claim 22, further comprising assigning, by one of the at least one server associated with the at least one authentication server, the another at least one server associated with the at least one authentication server, and the yet another at least one server associated with the at least one authentication server, one of a plurality of authorization levels to the at least a portion of the protected computer resources, and a particular authorization level to the identity data associated with the at least one client computer device, and only controlling access, by one of the at least one server associated with the authentication server, the another at least one server associated with the at least one authentication server, and the yet another at least one server associated with the at least one authentication server, to particular protected computer resources by the at least one client computer device according to the particular authorization level.
  - 35. The method of claim 22, wherein at least one of the at least one access server and a server associated with the at least one authentication server is adapted to acquire, for billing purposes, usage data of the at least a portion of the protected computer resources provided to the at least one client computer device.
  - 36. The method of claim 22, wherein the at least one access server is adapted to receive the identity data associated with the at least one client computer device via a network utilizing at least one Internet Protocol.
  - 37. The method of claim 22, wherein the at least the portion of the protected computer resources are provided via a network utilizing at least one Internet Protocol to the at least one client computer device by at least one server computer associated with the at least one access server upon the at least one authentication server controlling access to the at least the portion of the protected computer resources.
  - 38. The method of claim 22 wherein the authorization function is performed by another server associated with the at least one authentication server.

39. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
- receiving, at the at least one authentication server from at least one access server, identity data associated with the at least one access server;
  
  comparing, by the at least one authentication server, the identity data associated with the at least one access server to identity data stored in a database associated with the at least one authentication server;
  
  receiving, at the at least one authentication server from the at least one access server, identity data associated with at least one client computer device;
  
  comparing, by the at least one authentication server, the identity data associated with the at least one client computer device to identity data stored in another database associated with the at least one authentication server;
  
  sending, by the at least one access server to the at least one client computer device, a challenge;
  
  receiving, at the at least one access server, a response from the at least one client computer device;
  
  comparing, at the at least one access server, the challenge and the response;
  
  receiving, by at least one server associated with the at least one authentication server, a request for the protected computer resources from the at least one client computer device;
  
  authorizing, by the at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device; and
  
  controlling access, by the at least one server associated with the at least one authentication server, to the at least a portion of the protected computer resources upon successfully comparing the identity data associated with the at least one client computer device and the identity data stored in the database associated with the at least one authentication server, and upon successful authorization of the at least one client computer device.
- View Dependent Claims (40, 41, 42)
- - 40. The method of claim 39, wherein the authorizing is based on data associated with the protected computer resources stored in at least one database associated with the at least one server associated with the at least one authentication server.
  - 41. The method of claim 39, further comprising assigning one of a plurality of authorization levels to the at least a portion of the protected computer resources, assigning a particular authorization level to the identity data associated with the at least one client computer device, and only controlling access to particular protected computer resources by the at least one client computer device controlled by the particular authorization level.
  - 42. The method of claim 39, wherein the at least one client computer device is adapted to authenticate the at least one access server.

43. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
- receiving, at the at least one authentication server from at least one access server, identity data associated with at least one client computer device;
  
  comparing, by the at least one authentication server, the identity data associated with the at least one client computer device to identity data stored in a database associated with the at least one authentication server;
  
  sending, by the at least one access server to the at least one client computer device, a challenge;
  
  receiving, at the at least one access server, a response from the at least one client computer device;
  
  comparing, at the at least one access server, the challenge and the response;
  
  receiving, by at least one server associated with the at least one authentication server, a request for the protected computer resources from the at least one client computer device;
  
  authorizing, by the at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device; and
  
  controlling access, by the at least one server associated with the at least one authentication server, to the at least a portion of the protected computer resources upon successful comparison of the identity data associated with the at least one client computer device and the identity data stored in the database associated with the at least one authentication server, and upon successful authorization of the at least one client computer device.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 44. The method of claim 43, wherein the identity data associated with the at least one client computer device is derived from a subscriber identity module.
  - 45. The method of claim 43, wherein the identity data associated with the at least one client computer device is derived from at least one internal hardware component of the at least one client computer device.
  - 46. The method of claim 43, further comprising receiving, at the at least one server associated with the at least one authentication server, the identity data associated with the at least one client computer device that is derived from a subscriber identity module.
  - 47. The method of claim 43, further comprising comparing, at the at least one server associated with the at least one authentication server, at least a portion of the identity data associated with the at least one client computer device to a number stored in a database associated with the at least one server associated with the at least one authentication server, the number comprising a portion of at least one cellular phone number.
  - 48. The method of claim 43, wherein the at least one client computer device is adapted to authenticate the at least one access server.
  - 49. The method of claim 43 wherein the authorizing is performed by another server associated with the at least one authentication server.
  - 50. The method of claim 43, wherein the controlling access is performed by another server associated with the at least one authentication server.
  - 51. The method of claim 43, wherein the controlling access is performed by another server associated with the at least one server associated the at least one authentication server.
  - 52. The method of claim 43, wherein at least one of the functions of the at least one authentication server is performed by another server associated with the at least one authentication server.
  - 53. The method of claim 43, wherein at least one of the functions of the at least one access server is performed by another server associated with the at least one access server.
  - 54. The method of claim 43, further comprising assigning one of a plurality of authorization levels to the at least a portion of the protected computer resources, assigning a particular authorization level to the identity data associated with the at least one client computer device, and only controlling access to particular protected computer resources by the at least one client computer device controlled by the particular authorization level.
  - 55. The method of claim 43, wherein the authorizing is based on data associated with the protected computer resources stored in at least one database associated with the at least one server associated with the at least one authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Gregg, Richard L., Giri, Sandeep, Goeke, Timothy C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US14/549,943
Publication Number

US 20150082392A1
Time in Patent Office

571 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2135   Metering

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 2220/00   Business processing using c...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

Method for managing access to protected computer resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing access to protected computer resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links