System, method and computer program product for an authentication management infrastructure

US 9,398,013 B2
Filed: 02/24/2014
Issued: 07/19/2016
Est. Priority Date: 03/09/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for allowing a user to access enterprise resources, the method comprising:

implementing, by an authentication server, a policy that sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to activate a silent signal for requesting assistance under emergency conditions;

requiring, by the authentication server, the user to establish authentication using at least one device associated with the policy;

receiving, by the authentication server, one or more qualifications from the at least one device via one or more networks;

creating, by the authentication server, a template for each device associated with the policy, wherein said template includes data unique to the user, and wherein the template is stored in memory coupled to the authentication server;

determining, by the authentication server, that the user has activated the silent signal upon identifying the at least one predetermined second qualification in the one or more qualifications received from the at least one device according to the template of the at least one device stored in the memory coupled to the authentication server; and

requesting, by the authentication server, assistance for the user if the silent signal is activated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing a user to access enterprise resources comprising authentication devices and an authentication server. The authentication devices allow a user to enter authentication data. The authentication server is in communication with the authentication devices. The authentication server comprises a policy database storing a policy. The policy comprises guidelines including a first guideline establishes a qualification necessary for the user to access enterprise resources and a second guideline establishes a qualification necessary for the user to activate a silent signal. The authentication server is adapted to request assistance for the user if the silent signal is activated.

136 Citations

20 Claims

1. A method for allowing a user to access enterprise resources, the method comprising:
- implementing, by an authentication server, a policy that sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to activate a silent signal for requesting assistance under emergency conditions;
  
  requiring, by the authentication server, the user to establish authentication using at least one device associated with the policy;
  
  receiving, by the authentication server, one or more qualifications from the at least one device via one or more networks;
  
  creating, by the authentication server, a template for each device associated with the policy, wherein said template includes data unique to the user, and wherein the template is stored in memory coupled to the authentication server;
  
  determining, by the authentication server, that the user has activated the silent signal upon identifying the at least one predetermined second qualification in the one or more qualifications received from the at least one device according to the template of the at least one device stored in the memory coupled to the authentication server; and
  
  requesting, by the authentication server, assistance for the user if the silent signal is activated.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - requiring, by the authentication server, the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;
      
      (ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;
      
      (iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;
      
      (iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices;
      
      or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices.
  - 3. The method of claim 1, further comprising requiring, by the authentication server, the user to establish authentication with at least two devices;
    - determining, by the authentication server, whether the user is authenticated when the user attains the at least one predetermined first qualification; and
      
      allowing, by the authentication server, the user to access the enterprise resources.
  - 4. The method of claim 1, wherein the silent signal is activated by receiving a password entered by the user.
  - 5. The method of claim 1, wherein the silent signal is activated by receiving biometric data entered by the user.
  - 6. The method of claim 1, wherein requesting assistance for the user comprises notifying a law enforcement agency.
  - 7. The method of claim 3, wherein each at least one predetermined second qualification has a corresponding first predetermined qualification based on the same one of the at least one device.

8. A method for allowing a user to access enterprise resources, the method comprising:
- implementing, by an authentication server, a policy that sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to attain to pass the policy, and wherein the policy is formed by selecting one or more devices that the user must be tested on in order to activate a silent signal;
  
  generating, by the authentication server, a template for a device, the template containing the least one predetermined first qualification and the at least one second qualification;
  
  determining, by the authentication server, that the user has activated the silent signal upon receiving from the device the at least one predetermined second qualification based upon the template of the device stored in a memory coupled to authentication server; and
  
  requesting, by the authentication server, assistance for the user if the silent signal is activated under emergency conditions, in response to identifying the at least one predetermined second qualification in the template of the device stored in the memory coupled to the authentication server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - requiring, by the authentication server, the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;
      
      (ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;
      
      (iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;
      
      (iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices;
      
      or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices.
  - 10. The method of claim 8, further comprising:
    - requiring, by the authentication server, the user to establish authentication with at least two devices;
      
      determining, by the authentication server, whether the user is authenticated when the user attains the at least one predetermined first qualification; and
      
      allowing, by the authentication server, the authenticated user to access the enterprise resources.
  - 11. The method of claim 8, wherein the silent signal is activated by receiving a password entered by the user.
  - 12. The method of claim 8, wherein the silent signal is activated by receiving biometric data entered by the user.
  - 13. The method of claim 8, wherein requesting assistance for the user comprises notifying a law enforcement agency.
  - 14. The method of claim 10, wherein each at least one predetermined second qualification has a corresponding predetermined first qualification based on the same one of the selected one or more devices.

15. A system for allowing a user to access enterprise resources comprising:
- one or more authentication devices that allow a user to enter authentication data; and
  
  an authentication server in communication with the one or more authentication devices that authenticates the authentication data, the authentication server comprising a policy database storing a policy, the policy implemented by the authentication server;
  
  wherein the policy comprises a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources andwherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to attain to pass the policy and wherein the policy is formed by the authentication server selecting from the one or more authentication devices test devices that the user must be tested on in order to activate a silent signal;
  
  wherein the authentication server is adapted to request assistance for the user if the silent signal is activated under emergency conditions; and
  
  the authentication server further comprising an authentication unit configured to determine that the user has activated the silent signal in response to receiving the predetermined second qualification and an output from the test devices, according to the policy stored in a memory coupled to the authentication unit of the authentication server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, the test devices comprising at least two of the one or more authentication devices and the authentication unit requiring the user to establish authentication using at the least two test devices to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two test devices;
    - (ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two test devices;
      
      (iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first test device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second test device;
      
      (iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two test devices;
      
      or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two test devices.
  - 17. The system of claim 15, the authentication unit requiring the user to establish authentication with at least two of the test devices;
    - the authentication unit adapted to determine whether the user is authenticated when the user attains the at least one predetermined first qualification; and
      
      the authentication unit adapted to allow the authenticated user to access the enterprise resources.
  - 18. The system of claim 15, wherein at least one of the test devices is a device for the user to enter a password.
  - 19. The system of claim 15, wherein at least one of the test devices is a device for the user to enter biometric data.
  - 20. The system of claim 17, wherein each at least one predetermined second qualification has a corresponding predetermined first qualification based on the same one of the test devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Bianco, Peter Garrett, Boon, William Taylor, Rochon, Anthony C., Sherman, Marc A., Sterling, Robert Brewster, Ware, Karl Roger
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US14/187,887
Publication Number

US 20140310766A1
Time in Patent Office

876 Days
Field of Search

726/1, 713/186, 713/155
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

System, method and computer program product for an authentication management infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for an authentication management infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links