Method for managing access to protected computer resources

US 9,413,768 B1
Filed: 04/28/2016
Issued: 08/09/2016
Est. Priority Date: 06/11/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A system for controlling access to selected computer resources, the system comprising:

at least one authentication server having at least one associated database to register at least one digital identification of a hardware key associated with at least one client computer device;

said at least one authentication server adapted to store in said at least one associated database (i) said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) authorization data associated with said selected computer resources;

at least one access server adapted to receive from said at least one client computer device (i) said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) a request for said selected computer resources by said at least one client computer device;

said at least one access server adapted to forward to said at least one authentication server said at least one digital identification of said hardware key associated with said at least one client computer device and said request for said selected computer resources by said at least one client computer device;

said at least one authentication server adapted to authenticate said at least one digital identification of said hardware key associated with said at least one client computer device responsive to said request for said selected computer resources by said at least one client computer device;

said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said selected computer resources based on said stored authorization data associated with said selected computer resources;

said at least one authentication server adapted to permit access to said at least a portion of said selected computer resources (i) upon successfully authenticating said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) upon successfully authorizing said at least one client computer device; and

said at least one authentication server adapted to acquire, for billing purposes, usage data associated with said at least a portion of said selected computer resources provided to said at least one client computer device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

455 Citations

45 Claims

1. A system for controlling access to selected computer resources, the system comprising:
- at least one authentication server having at least one associated database to register at least one digital identification of a hardware key associated with at least one client computer device;
  
  said at least one authentication server adapted to store in said at least one associated database (i) said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) authorization data associated with said selected computer resources;
  
  at least one access server adapted to receive from said at least one client computer device (i) said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) a request for said selected computer resources by said at least one client computer device;
  
  said at least one access server adapted to forward to said at least one authentication server said at least one digital identification of said hardware key associated with said at least one client computer device and said request for said selected computer resources by said at least one client computer device;
  
  said at least one authentication server adapted to authenticate said at least one digital identification of said hardware key associated with said at least one client computer device responsive to said request for said selected computer resources by said at least one client computer device;
  
  said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said selected computer resources based on said stored authorization data associated with said selected computer resources;
  
  said at least one authentication server adapted to permit access to said at least a portion of said selected computer resources (i) upon successfully authenticating said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) upon successfully authorizing said at least one client computer device; and
  
  said at least one authentication server adapted to acquire, for billing purposes, usage data associated with said at least a portion of said selected computer resources provided to said at least one client computer device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The system of claim 1, wherein said at least a portion of said selected computer resources is provided to said at least one client computer device via the Internet.
  - 3. The system of claim 1, wherein said at least one access server is adapted to receive said at least one digital identification of said hardware key associated with said at least one client computer device via the Internet.
  - 4. The system of claim 1, wherein said at least a portion of said selected computer resources is provided to said at least one client computer device via an Internet protocol network.
  - 5. The system of claim 1, wherein said at least one access server is adapted to receive said at least one digital identification of said hardware key associated with said at least one client computer device via an Internet protocol network.
  - 6. The system of claim 1, wherein said hardware key is one of an external device and an internal hardware component associated with said at least one client computer device.
  - 7. The system of claim 1, wherein said at least one access server is adapted to receive from said at least one client computer device, at least one of a user name and password.
  - 8. The system of claim 7, wherein said at least one access server is adapted to forward said at least one of a user name and password to said at least one authentication server, and said at least one authentication server is adapted to authenticate said at least one of a user name and password.
  - 9. The system of claim 1, wherein said at least one access server is adapted to forward to said at least one client computer device an acknowledgement of said request for selected computer resources of said at least one client computer device.
  - 10. The system of claim 1, wherein said at least a portion of said selected computer resources is stored in at least one of a plurality of server computers associated with said at least one authentication server.
  - 11. The system of claim 10, wherein said at least one of a plurality of server computers associated with said at least one authentication server provides said at least a portion of said selected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least a portion of said selected computer resources.
  - 12. The system of claim 1, wherein said at least a portion of said selected computer resources is stored in at least one of a plurality of server computers associated with said at least one access server.
  - 13. The system of claim 12, wherein said at least one of a plurality of server computers associated with said at least one access server provides said at least a portion of said selected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least a portion of said selected computer resources.
  - 14. The system of claim 1, wherein said at least one authentication server is located on the same computer as said at least one access server.
  - 15. The system of claim 1, wherein said at least one authentication server is located on a different computer from where said at least one access server is located.
  - 16. The system of claim 1, wherein at least one of the functions of said at least one authentication server is performed by another server associated with said at least one authentication server.
  - 17. The system of claim 1, wherein said authorization data associated with said selected computer resources is stored in a database of a server associated with said at least one authentication server.
  - 18. The system of claim 1, wherein said at least a portion of said selected computer resources is encrypted.
  - 19. The system of claim 1, wherein said at least one authentication server is adapted to (i) assign one of a plurality of authorization levels to said at least a portion of said selected computer resources, (ii) assign a particular authorization level to said at least one digital identification of said hardware key associated with said at least one client computer device, and (iii) permit only access to particular selected computer resources of said selected computer resources by said at least one client computer device permitted by the particular authorization level.
  - 20. The system of claim 1, wherein said at least one access server is adapted to (i) change said at least one digital identification of said hardware key associated with said at least one client computer device received thereby, and (ii) forward said at least one digital identification of said hardware key associated with said at least one client computer device changed thereby to said at least one authentication server.
  - 21. The system of claim 1, wherein said at least one authentication server is adapted to authenticate said at least one access server prior to providing said at least a portion of said selected computer resources to said at least one client computer device.
  - 22. The system of claim 1, wherein said at least one authentication server is adapted to intermittently re-authenticate said at least one digital identification of said hardware key associated with said at least one client computer device.
  - 23. The system of claim 1, wherein, said at least one client computer device is adapted to authenticate said at least one access server.

24. A system for controlling access to selected computer resources, the system comprising:
- at least one authentication server having at least one associated database to register at least one digital identification of a hardware key associated with at least one client computer device;
  
  said at least one authentication server adapted to store in said at least one associated database (i) said at least one digital identification of said hardware key associated with said at least one client computer device, (ii) identity data of at least one access server, and (iii) authorization data associated with said selected computer resources;
  
  at least one access server adapted to receive from said at least one client computer device (i) said at least one digital identification of said hardware key associated with said at least one client computer device, and (ii) a request for said selected computer resources by said at least one client computer device;
  
  said at least one access server adapted to forward to said at least one authentication server said at least one digital identification of said hardware key associated with said at least one client computer device, said request for said selected computer resources by said at least one client computer device, and said identity data of said at least one access server;
  
  said at least one authentication server adapted to authenticate said identity data of at least one access server and said at least one digital identification of said hardware key associated with said at least one client computer device responsive to said request for said selected computer resources by said at least one client computer device;
  
  said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said selected computer resources based on said stored authorization data associated with said selected computer resources;
  
  said at least one authentication server adapted to permit access to said at least a portion of said selected computer resources (i) upon successfully authenticating said at least one digital identification of said hardware key associated with said at least one client computer device and said identity data of at least one access server, and (ii) upon successfully authorizing said at least one client computer device; and
  
  said at least one authentication server adapted to acquire, for billing purposes, usage data associated with said at least a portion of said selected computer resources provided to said at least one client computer device.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 25. The system of claim 24, wherein said at least a portion of said selected computer resources is provided to said at least one client computer device via the Internet.
  - 26. The system of claim 24, wherein said at least one access server is adapted to receive said at least one digital identification of said hardware key associated with said at least one client computer device via the Internet.
  - 27. The system of claim 24, wherein said at least a portion of said selected computer resources is provided to said at least one client computer device via an Internet protocol network.
  - 28. The system of claim 24, wherein said at least one access server is adapted to receive said at least one digital identification of said hardware key associated with said at least one client computer device via an Internet protocol network.
  - 29. The system of claim 24, wherein said hardware key is one of an external device and an internal hardware component associated with said at least one client computer device.
  - 30. The system of claim 24, wherein said at least one access server is adapted to receive from said at least one client computer device, at least one of a user name and password.
  - 31. The system of claim 30, wherein said at least one access server is adapted to forward said at least one of a user name and password to said at least one authentication server, and said at least one authentication server is adapted to authenticate said at least one of a user name and password.
  - 32. The system of claim 24, wherein said at least one access server is adapted to forward to said at least one client computer device an acknowledgement of said request for selected computer resources of said at least one client computer device.
  - 33. The system of claim 24, wherein said at least a portion of said selected computer resources is stored in at least one of a plurality of server computers associated with said at least one authentication server.
  - 34. The system of claim 33, wherein said at least one of a plurality of server computers associated with said at least one authentication server provides said at least a portion of said selected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least a portion of said selected computer resources.
  - 35. The system of claim 24, wherein said at least a portion of said selected computer resources is stored in at least one of a plurality of server computers associated with said at least one access server.
  - 36. The system of claim 35, wherein said at least one of a plurality of server computers associated with said at least one access server provides said at least a portion of said selected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least a portion of said selected computer resources.
  - 37. The system of claim 24, wherein said at least one authentication server is located on the same computer as said at least one access server.
  - 38. The system of claim 24, wherein said at least one authentication server is located on a different computer from where said at least one access server is located.
  - 39. The system of claim 24, wherein at least one of the functions of said at least one authentication server is performed by another server associated with said at least one authentication server.
  - 40. The system of claim 24, wherein said authorization data associated with said selected computer resources is stored in a database of a server associated with said at least one authentication server.
  - 41. The system of claim 24, wherein said at least a portion of said selected computer resources is encrypted.
  - 42. The system of claim 24, wherein said at least one authentication server is adapted to (i) assign one of a plurality of authorization levels to said at least a portion of said selected computer resources, (ii) assign a particular authorization level to said at least one digital identification of said hardware key associated with said at least one client computer device, and (iii) permit only access to particular selected computer resources of said selected computer resources by said at least one client computer device permitted by the particular authorization level.
  - 43. The system of claim 24, wherein said at least one authentication server is adapted to authenticate said at least one access server prior to providing said at least a portion of said selected computer resources to said at least one client computer device.
  - 44. The system of claim 24, wherein said at least one authentication server is adapted to intermittently re-authenticate said at least one digital identification of said hardware key associated with said at least one client computer device.
  - 45. The system of claim 24, wherein, said at least one client computer device is adapted to authenticate said at least one access server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Gregg, Richard L., Giri, Sandeep, Goeke, Timothy C.
Primary Examiner(s)
Tabor, Amare F
Assistant Examiner(s)
Wyszynski, Aubrey

Application Number

US15/141,311
Publication Number

US 20160241545A1
Time in Patent Office

103 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2135   Metering

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 2220/00   Business processing using c...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

Method for managing access to protected computer resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

455 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing access to protected computer resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

455 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links