Method for managing access to protected computer resources

US 9,544,314 B2
Filed: 05/26/2016
Issued: 01/10/2017
Est. Priority Date: 06/11/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling access to selected computer resources using at least one of a transmission control protocol and a user datagram protocol, the method comprising:

provisioning, with at least one associated database of at least one authentication server, identity data associated with at least one client computer device;

storing, by the at least one authentication server in the at least one associated database, the identity data associated with the at least one client computer device;

receiving, by at least one access server from the at least one client computer device, (i) the identity data associated with the at least one client computer device, and (ii) a request for the selected computer resources by the at least one client computer device;

forwarding, by the at least one access server to the at least one authentication server, the identity data associated with the at least one client computer device and the request for the selected computer resources by the at least one client computer device;

authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device in response to the request for the selected computer resources by the at least one client computer device;

authorizing, by at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the selected computer resources; and

permitting access, by the at least one authentication server, to the at least a portion of the selected computer resources (i) upon successfully authenticating the identity data associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

Citations

57 Claims

1. A method for controlling access to selected computer resources using at least one of a transmission control protocol and a user datagram protocol, the method comprising:
- provisioning, with at least one associated database of at least one authentication server, identity data associated with at least one client computer device;
  
  storing, by the at least one authentication server in the at least one associated database, the identity data associated with the at least one client computer device;
  
  receiving, by at least one access server from the at least one client computer device, (i) the identity data associated with the at least one client computer device, and (ii) a request for the selected computer resources by the at least one client computer device;
  
  forwarding, by the at least one access server to the at least one authentication server, the identity data associated with the at least one client computer device and the request for the selected computer resources by the at least one client computer device;
  
  authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device in response to the request for the selected computer resources by the at least one client computer device;
  
  authorizing, by at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the selected computer resources; and
  
  permitting access, by the at least one authentication server, to the at least a portion of the selected computer resources (i) upon successfully authenticating the identity data associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, further comprising acquiring, by another at least one server associated with the at least one authentication server, usage data associated with the at least a portion of the selected computer resources provided to the at least one client computer device.
  - 3. The method of claim 1, further comprising storing, by the at least one server associated with the at least one authentication server in the at least one associated database, authorization data associated with the selected computer resources.
  - 4. The method of claim 1, further comprising storing, by the at least one server associated with the at least one authentication server, in another at least one associated database, authorization data associated with the selected computer resources.
  - 5. The method of claim 1, further comprising storing, by the at least one authentication server in another at least one associated database, the identity data associated with the at least one client computer device.
  - 6. The method of claim 1, further comprising forwarding, by the at least one access server to the at least one client computer device, an acknowledgement of the request for selected computer resources of the at least one client computer device.
  - 7. The method of claim 1, further comprising operating the at least one authentication server on a single computer with the at least one access server.
  - 8. The method of claim 1, further comprising operating the at least one authentication server and the at least one server associated with the authentication server on a single computer with the at least one access server.
  - 9. The method of claim 1, further comprising operating the at least one authentication server on a different computer than the at least one access server.
  - 10. The method of claim 1, further comprising operating the at least one server associated with the authentication server on a different computer than the at least one access server.
  - 11. The method of claim 1, further comprising operating the at least one authentication server and the at least one server associated with the authentication server on a different computer than the at least one access server.
  - 12. The method of claim 1, further comprising performing at least one of the functions of the at least one authentication server by another at least one server associated with the at least one authentication server.
  - 13. The method of claim 1, wherein the at least a portion of the selected computer resources is encrypted.
  - 14. The method of claim 1, further comprising authenticating, by the at least one authentication server, the at least one access server.
  - 15. The method of claim 1, further comprising receiving, by the at least one server associated with the at least one authentication server, a request for authorization data from the at least one client computer device.
  - 16. The method of claim 1, wherein the at least one server associated with the at least one authentication server is adapted to assign one of a plurality of authorization levels to the at least a portion of the selected computer resources.
  - 17. The method of claim 1, further comprising re-authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device.
  - 18. The method of claim 1, further comprising re-authorizing by the at least one server associated with the at least one authentication server, the at least one client computer device to receive the at least a portion of the selected computer resources.
  - 19. The method of claim 1, further comprising authenticating, by the at least one client computer device, the at least one access server.
  - 20. The method of claim 1, wherein the identity data associated with the at least one client computer device is a unique identifier.
  - 21. The method of claim 1, further comprising receiving, at the at least one authentication server, the identity data associated with the at least one client computer device read from a digital certificate.
  - 22. The method of claim 1, further comprising receiving, at the at least one authentication server, the identity data associated with the at least one client computer device derived from a digital certificate.
  - 23. The method of claim 1, further comprising receiving, by the at least one authentication server, a request for an authentication server network address from the at least one client computer device.
  - 24. The method of claim 23, further comprising sending, by the at least one authentication server, the authentication server network address in response to the request for an authentication server network address from the at least one client computer device.
  - 25. The method of claim 1, further comprising encapsulating the at least one of a transmission control protocol and a user datagram protocol in at least another protocol.
  - 26. The method of claim 1, wherein the at least a portion of the selected computer resources is an IP address, and the IP address affords Internet access.

27. A method for controlling access to selected computer resources using at least one of a transmission control protocol and a user datagram protocol, the method comprising:
- receiving, by at least one access server from at least one client computer device, (i) identity data associated with the at least one client computer device, and (ii) a request for the selected computer resources by the at least one client computer device;
  
  forwarding, by the at least one access server to at least one authentication server, the identity data associated with the at least one client computer device and the request for the selected computer resources;
  
  authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device in response to the request for the selected computer resources;
  
  authorizing, by at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the selected computer resources;
  
  controlling access, by the at least one authentication server, to the at least a portion of the selected computer resources (i) upon successfully authenticating the identity data associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 28. The method of claim 27, further comprising acquiring, by another at least one server associated with the at least one authentication server, usage data associated with the at least a portion of the selected computer resources provided to the at least one client computer device.
  - 29. The method of claim 27, further comprising storing, by the at least one authentication server in at least one associated database, the identity data associated with the at least one client computer device.
  - 30. The method of claim 29, further comprising storing, by the at least one server associated with the at least one authentication server in the at least one associated database, authorization data associated with the selected computer resources.
  - 31. The method of claim 29, further comprising storing, by the at least one server associated with the at least one authentication server in another at least one associated database, authorization data associated with the selected computer resources.
  - 32. The method of claim 29, further comprising storing, by the at least one authentication server in another at least one associated database, the identity data associated with the at least one client computer device.
  - 33. The method of claim 27, further comprising storing, by the at least one server associated with the at least one authentication server in at least one associated database, authorization data associated with the selected computer resources.
  - 34. The method of claim 27, further comprising forwarding, by the at least one access server to the at least one client computer device, an acknowledgement of the request for selected computer resources of the at least one client computer device.
  - 35. The method of claim 27, further comprising operating the at least one authentication server on a single computer with the at least one access server.
  - 36. The method of claim 27, further comprising operating the at least one authentication server and the at least one server associated with the authentication server on a single computer with the at least one access server.
  - 37. The method of claim 27, further comprising operating the at least one authentication server on a different computer than the at least one access server.
  - 38. The method of claim 27, further comprising operating the at least one server associated with the authentication server on a different computer than the at least one access server.
  - 39. The method of claim 27, further comprising operating the at least one authentication server and the at least one server associated with the authentication server on a different computer than the at least one access server.
  - 40. The method of claim 27, further comprising performing at least one of the functions of the at least one authentication server by another at least one server associated with the at least one authentication server.
  - 41. The method of claim 27, wherein the at least a portion of the selected computer resources is encrypted.
  - 42. The method of claim 27, further comprising authenticating, by the at least one authentication server, the at least one access server.
  - 43. The method of claim 27, further comprising receiving, by the at least one server associated with the at least one authentication server, a request for authorization data from the at least one client computer device.
  - 44. The method of claim 27, wherein the at least one server associated with the at least one authentication server is adapted to assign one of a plurality of authorization levels to the at least a portion of the selected computer resources.
  - 45. The method of claim 27, further comprising re-authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device.
  - 46. The method of claim 27, further comprising re-authorizing by the at least one server associated with the at least one authentication server, the at least one client computer device to receive the at least a portion of the selected computer resources.
  - 47. The method of claim 27, further comprising authenticating, by the at least one client computer device, the at least one access server.
  - 48. The method of claim 27, wherein the identity data associated with the at least one client computer device is a unique identifier.
  - 49. The method of claim 27, further comprising receiving, at the at least one authentication server, the identity data associated with the at least one client computer device derived from a digital certificate.
  - 50. The method of claim 27, further comprising receiving, at the at least one authentication server, the identity data associated with the at least one client computer device read from a digital certificate.
  - 51. The method of claim 27, further comprising receiving, by the at least one authentication server, a request for an authentication server network address from the at least one client computer device.
  - 52. The method of claim 51, further comprising sending, by the at least one authentication server, the authentication server network address in response to the request for an authentication server network address from the at least one client computer device.
  - 53. The method of claim 27, further comprising encapsulating the at least one of a transmission control protocol and a user datagram protocol in at least another protocol.
  - 54. The method of claim 27, wherein the at least a portion of the selected computer resources is an IP address, and the IP address affords Internet access.

55. A method for controlling access to selected computer resources using at least one of a transmission control protocol and a user datagram protocol, the method comprising:
- receiving, by at least one access server from at least one client computer device, identity data associated with the at least one client computer device;
  
  receiving, by the at least one access server from the at least one client computer device, a request for the selected computer resources by the at least one client computer device;
  
  forwarding, by the at least one access server to at least one authentication server, the identity data associated with the at least one client computer device and the request for the selected computer resources;
  
  authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device in response to the request for the selected computer resources;
  
  authorizing, by at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the selected computer resources;
  
  permitting access, by the at least one authentication server, to the at least a portion of the selected computer resources (i) upon successfully authenticating the identity data associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.
- View Dependent Claims (56)
- - 56. The method of claim 55, wherein the at least a portion of the selected computer resources is an IP address, and the IP address permits Internet access.

57. A method for controlling access to selected computer resources using at least one of a transmission control protocol and a user datagram protocol, the method comprising:
- encapsulating the at least one of a transmission control protocol and a user datagram protocol in at least another protocol;
  
  receiving, by at least one access server from at least one client computer device, (i) identity data associated with the at least one client computer device, and (ii) a request for the selected computer resources by the at least one client computer device;
  
  forwarding, by the at least one access server to at least one authentication server, the identity data associated with the at least one client computer device and the request for the selected computer resources;
  
  authenticating, by the at least one authentication server, the identity data associated with the at least one client computer device in response to the request for the selected computer resources;
  
  receiving, by at least one server associated with the at least one authentication server, a request for authorization data from the at least one client computer device;
  
  authorizing, by the at least one server associated with the at least one authentication server, the at least one client computer device to receive at least a portion of the selected computer resources;
  
  permitting access, by the at least one authentication server, to the at least a portion of the selected computer resources upon (i) successfully authenticating the identity data associated with the at least one client computer device, and (ii) successfully authorizing the at least one client computer device;
  
  re-authorizing by the at least one server associated with the at least one authentication server, the at least one client computer device to receive a portion of the selected computer resources; and
  
  acquiring, by another at least one server associated with the at least one authentication server, usage data associated with the at least a portion of the selected computer resources provided to the at least one client computer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Gregg, Richard L., Giri, Sandeep, Goeke, Timothy C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US15/165,436
Publication Number

US 20160277398A1
Time in Patent Office

229 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2135   Metering

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 2220/00   Business processing using c...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

Method for managing access to protected computer resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing access to protected computer resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links