System and Method For Authentication Of Users In A Secure Computer System
First Claim
1. A method of authenticating a user in a secure computer system comprising the steps of:
- transmitting from a client computer of a user to the computer system a request for a sign-on page;
transmitting from the computer system to the client computer a prompt for a first user identifier;
in response to said prompt, transmitting from the client computer to the computer system a request includingthe first user identifier,a second user identifier stored in an object stored at the client computer anda plurality of request header attributes;
authenticating at the computer system the first user identifier;
authenticating at the computer system the second user identifier;
comparing the transmitted plurality of request header attributes with a plurality of request header attributes stored at the computer system and associated with the first user identifier; and
if the first and second user identifiers are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of authenticating a user in a secure computer system in which a client computer transmits to the secure computer system a request for a sign-on page, the computer system transmits to the client computer a prompt for a first user identifier, and in response to the prompt, the client computer transmits to the computer system a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. The computer system includes a server software module that authenticates the first user identifier and the second user identifier, and compares the transmitted plurality of request header attributes with a plurality of request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if the transmitted request header attributes match stored request header attributes, the server software module transmits a success message to the client computer to be viewed by the user, and the user is allowed to access the secure computer system. In one embodiment, each transmitted request header attribute is given a numerical weighted value and the comparison of request header attributes includes adding the assigned numerical values of matching attributes to arrive at a total value, then transmitting the success message to the client computer only if the total value of matching request header attributes is at least a certain predetermined numerical total.
75 Citations
72 Claims
-
1. A method of authenticating a user in a secure computer system comprising the steps of:
-
transmitting from a client computer of a user to the computer system a request for a sign-on page; transmitting from the computer system to the client computer a prompt for a first user identifier; in response to said prompt, transmitting from the client computer to the computer system a request including the first user identifier, a second user identifier stored in an object stored at the client computer and a plurality of request header attributes; authenticating at the computer system the first user identifier; authenticating at the computer system the second user identifier; comparing the transmitted plurality of request header attributes with a plurality of request header attributes stored at the computer system and associated with the first user identifier; and if the first and second user identifiers are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of authenticating a user in a secure computer system comprising the steps of:
-
transmitting from a client computer of a user to the computer system a request for a sign-on page; receiving from the client computer a prompt for an enrollment; in response to said prompt, the computer system collecting a plurality of device attributes of the client computer and transmitting to the client computer a request for information pertaining to a user of the client computer including a user account number; receiving from the client computer the information pertaining to the user including the user account number; authenticating the information pertaining to said user including matching said received user account number with a stored user account number; if a match of the received and stored account numbers exists, transmitting to the client computer a request for a first user identifier; receiving the first user identifier from the client computer, associating the first user identifier with the user and storing the first user identifier and the plurality of device attributes on the computer system; and transmitting a success message to the client computer to be viewed by the user.
-
-
21. A method of authenticating a user in a secure computer system comprising the steps of:
-
transmitting from a client computer of a user to the computer system a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to said client computer; transmitting from the computer system to the client computer a prompt for a user identifier; transmitting from the client computer the user identifier validating the user identifier; authenticating the user identifier; transmitting from the computer system a request for a user identification and password; receiving from the client computer a user identification and password, validating the user identification and password and storing the user identification and password in storage associated with the computer system; transmitting from the client computer of a user to the computer system a request to register the client computer; creating a serial number unique to the user and saving the serial number and request header in the storage associated with the user identification and password; storing the serial number on the client computer; and allowing the user access to the secure computer system. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of enrolling a user in a secure computer system comprising the steps of:
-
transmitting from a client computer of a user to the computer system a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to said client computer; transmitting from the computer system to the client computer a prompt for a user identifier; transmitting from the client computer the user identifier; validating the user identifier; authenticating the user identifier; transmitting from the computer system to the client computer a request for a user identification and password; authenticating the user identification and password; storing the user identification and password in storage associated with the computer system in a file containing the device attributes and user identifier; creating a serial number and saving the serial number in the file; encrypting the serial number; creating a browser cookie containing the encrypted serial number and storing the browser cookie on the client computer; creating a local shared object containing the encrypted serial number and storing the local shared object on the client computer. - View Dependent Claims (34, 35, 36, 37)
-
-
38. A method of authenticating a user in a secure computer system comprising the steps of:
-
transmitting from a client computer of a user to the computer system a request for a sign-on page; transmitting from the computer system to the client computer a prompt for a first user identifier; in response to said prompt, transmitting from the client computer to the computer system a request including the first user identifier, a second user identifier stored in at least one of a browser cookie and a local shared object stored at the client computer and a plurality of request header attributes; authenticating at the computer system the first user identifier; authenticating at the computer system the second user identifier; comparing the transmitted plurality of request header attributes with a plurality of request header attributes stored at the computer system and associated with the first and second identifiers; and if the first and second user identifiers are validated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the user and allowing the user computer to access the computer system. - View Dependent Claims (39)
-
-
40. A method of authenticating a banking customer to allow the customer access to a secure banking computer system comprising the steps of:
-
transmitting from a client computer of the customer to the banking computer system a request for a sign-on page; transmitting from the computer system to the client computer a prompt for a customer identification number and password; in response to said prompt, transmitting from the client computer to the banking computer system a request including the customer identification and password, a serial number stored in at least one of a browser cookie and a local shared object stored at the client computer and a plurality of request header attributes; authenticating at the computer system the customer identification number and password; authenticating at the computer system the serial number; comparing the transmitted plurality of request header attributes with a plurality of request header attributes stored at the banking computer system and associated with the customer identification number, customer password and serial number; and if the customer number, customer password and serial number are authenticated, and if the transmitted request header attributes correspond to the stored request header attributes, transmitting a success message to the client computer to be viewed by the banking customer and allowing the banking customer computer access to the secure banking computer system.
-
-
41. A system for authenticating a user in a secure computer system comprising:
-
a client computer operable by a user; a server associated with a secure computer system in communication with the client computer and having storage; a client software module utilized by the client computer for sending to the server a request for a sign on page; a server software module utilized by the server for transmitting from the server to the client computer a prompt for a first user identifier; the client software module, in response to the prompt, transmits from the client computer to the server a request including the first user identifier, a second user identifier stored in an object stored at the client computer and a plurality of request header attributes; and the server software module validates the first user identifier and the second user identifier and compares the transmitted plurality of request header attributes with a plurality of request header attributes in the storage at the server and associated with the first identifier; whereby, if the first and second user identifiers are validated by the server software module, and if the transmitted request header attributes correspond to the stored request header attributes, the server software module allows the client computer access to the secure computer system. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. A system for authenticating a user in a secure computer system comprising:
-
a client computer operable by a user; a server associated with a secure computer system in communication with the client computer and having storage containing user information; a client software module utilized by the client computer for sending to the server a request for a sign on page; a server software module utilized by the server to transmit from the server to the client computer a prompt for an enrollment of the user, and in response to acknowledgement from the client software module, collects a plurality of device attributes of the client computer and transmits to the client computer a request for information pertaining to a user of the client computer including a user account number; the client software module transmits to the server the information pertaining to the user including the user account number; the server software module authenticates the information pertaining to the and matches the received user account number with a user account number in the storage; whereby, if a match of the received and stored account numbers exists, the server transmits to the client computer a request for a first user identifier and receives the first user identifier from the client computer, associates the first user identifier with the user and stores the first user identifier and the plurality of device attributes on the computer system and allows the client computer access to the secure computer system.
-
-
66. A system of authenticating a user in a secure computer system comprising:
-
a client computer operable by a user; a server associated with a secure computer system in communication with the client computer and having storage containing user information; a client software module utilized by the client computer for transmitting from the client computer of a user to the computer system a request for an enrollment page, the request including a request header containing a plurality of device attributes specific to the client computer; a server software module for transmitting from the server to the client computer a prompt for a user identifier, receiving the user identifier from the client computer, validating the user identifier, authenticating the user identifier, transmitting from the server a request for a user identification and password, validating the user identification and password received from the client computer and storing the user identification and password in the storage; the client software module transmitting from the client computer of a user to the server a request to register the client computer; in response to the request to register, the server software module creates a serial number unique to the user and saves the serial number and request header in the storage associated with the user identification and password, stores the serial number on the client computer, and allows the user access to the secure computer system. - View Dependent Claims (67, 68, 69, 70, 71, 72)
-
Specification