System and method to authenticate users to computer systems

US 7,941,534 B2
Filed: 07/26/2004
Issued: 05/10/2011
Est. Priority Date: 04/14/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for use with a computer system containing information, the method comprising the steps of:

a. providing a separate portable security device for each of a plurality of computer users;

b. providing a terminal including a display screen for presenting information to computer users where the terminal is separate from the portable security devices;

c. communicating system authentication protocol information from at least one of the security devices to the computer system;

d. authenticating the at least one of the security devices with the computer system using the authentication protocol information;

e. upon successful completion of the authenticating step, initiating a first access by the computer user associated with the at least one of the security devices to the computer system via the terminal;

f. creating, sending, and storing a reauthentication code to the at least one of the security devices, where the reauthentication code is related to a time limit;

g. logging the computer user off the terminal; and

h. initiating a second access by the computer user associated with the at least one of the security devices to the computer system via the terminal by communicating the reauthentication code to the computer system from the security device and when the reauthentication code is within the time limit allowing the second access, the step of initiating the second access by the computer user to the computer system further including verifying that the reauthentication code includes a neighborhood identifier that matches a neighborhood identifier of the terminal that the computer user is attempting to use to access the computer system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system utilizing a personal security device to provide access to a computer terminal where the personal security device includes circuitry and transceiver components for transmitting identification information and exchanging other digital information with a computer terminal and other compatible devices and the personal security device establishes a communication link with a computer terminal to allow a user to logon to the terminal so that when a user leaves the computer terminal, the communication link is terminated, causing the computer terminal to lock the keyboard, blank the monitor, and/or logoff the user if the communication link is not restored within a sufficient time period and also allowing the personal security device to facilitate subsequent computer access within a time range by providing time related access codes to the terminal that can be used to reestablish computer terminal access.

193 Citations

47 Claims

1. A method for use with a computer system containing information, the method comprising the steps of:
- a. providing a separate portable security device for each of a plurality of computer users;
  
  b. providing a terminal including a display screen for presenting information to computer users where the terminal is separate from the portable security devices;
  
  c. communicating system authentication protocol information from at least one of the security devices to the computer system;
  
  d. authenticating the at least one of the security devices with the computer system using the authentication protocol information;
  
  e. upon successful completion of the authenticating step, initiating a first access by the computer user associated with the at least one of the security devices to the computer system via the terminal;
  
  f. creating, sending, and storing a reauthentication code to the at least one of the security devices, where the reauthentication code is related to a time limit;
  
  g. logging the computer user off the terminal; and
  
  h. initiating a second access by the computer user associated with the at least one of the security devices to the computer system via the terminal by communicating the reauthentication code to the computer system from the security device and when the reauthentication code is within the time limit allowing the second access, the step of initiating the second access by the computer user to the computer system further including verifying that the reauthentication code includes a neighborhood identifier that matches a neighborhood identifier of the terminal that the computer user is attempting to use to access the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 46)
- - 2. The method according to claim 1, further including the step of communicating signals generated by the security device to the computer system and when the computer system fails to receive a signal from the security device after a first preset time period the system performing a system security function.
  - 3. The method according to claim 2, further including the step of limiting access to the computer system information as part of performing a system security function.
  - 4. The method according to claim 3, where the step of limiting access includes causing information presented on the terminal display to be removed from the display.
  - 5. The method according to claim 2, where the step of limiting access includes disabling the use of the terminal.
  - 6. The method according to claim 3, further including the step of further limiting access to the computer system after a second preset time period is exceeded.
  - 7. The method according to claim 6 where the step of further limiting access includes logging a user off the computer system.
  - 8. The method according to claim 6, where the step of initiating either a first or second access by the computer user includes recording in a database that the computer user is using the terminal and the step of further limiting access includes removing from the database that the computer user is using the terminal.
  - 9. The method according to claim 1, where the reauthentication signal is validated by at least one of the terminal which is proximal to the security device and the computer system.
  - 10. The method according to claim 9, further including the step of comparing a time component of the reauthentication signal and the current time and determining that the current time is within a specified time limit of the time component.
  - 11. The method according to claim 10, including the step of when the current time is not within a specified time limit requiring the security device be authenticated with the computer system by communicating the system authentication protocol information from the security device to the computer system.
  - 12. The method according to claim 11, wherein prior to the step of authenticating the security device with the computer system, the method further includes the step of authenticating the computer user to the security device by the computer user providing response information to the security device selected from the list of a response to a question and a biometric indicia, and wherein the provided response information must match device authentication protocol information stored in the security device prior to authenticating the security device with the computer system.
  - 13. The method according to claim 12 wherein, when biometric indicia is provided, the indicia is provided by the computer user using a biometric sensor in the security device to sense the indicia.
  - 14. The method according to claim 12, further including the step of incrementing a count in the security device when the computer user is not authenticated to the security device, the count recording the inability of the security device to authenticate the computer user.
  - 15. The method according to claim 14, further including the step of activating a security device security function selected from the list of (i) erasing a portion of the memory of the security device, (ii) transmitting an alert message to the computer system, and (iii) disabling the security device, when the count exceeds a limit.
  - 16. The method according to claim 15, including the step of storing the count in the memory of the security device.
  - 17. The method according to claim 16, further including the step of resetting the count to zero when the count is less than or equal to a limit and the computer user is able to authenticate himself to the security device.
  - 18. The method according to claim 1, further including the step of receiving a computer system identifier by the security device and positively matching the received system identifier to a trusted computer system identifier prior to authenticating the security device to the computer system.
  - 46. The method of claim 1 wherein the security device is an externally powered electronic device.

19. A method for use with a computer system containing information, the method comprising the steps of:
- a. providing a terminal including a display screen for presenting information to the computer user where the terminal is separate from the security device;
  
  b. communicating system authentication protocol information from the security device to the computer system;
  
  c. authenticating the security device with the computer system using the authentication protocol information;
  
  d. upon successful completion of the authenticating step, initiating a first access by the computer user to the computer system via the terminal;
  
  e. storing a reauthentication code in the computer system and associating the code with user identification information associated with the computer user;
  
  f. logging the computer user off the computer system;
  
  g. initiating a second access between the computer system and the computer user via the terminal by using the security device to communicate at least a portion of system authentication protocol information to the computer system, the computer system determining that access is to be provided by using the at least a portion of system authentication protocol information to retrieve the reauthorization code and determining that the code allows access, where the step of initiating the second access is only performed when the reauthentication code includes a neighborhood identifier that matches a neighborhood identifier of the terminal the computer user is attempting to use to access the computer system; and
  
  h. the security device receiving a computer system identifier and positively matching the computer system identifier to a trusted computer system identifier prior to authenticating the security device with the computer system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 47)
- - 20. The method according to claim 19, further including the step of communicating signals generated from the security device to the computer system and when the computer system fails to receive a signal from the security device after a first preset time period the system performing a system security function.
  - 21. The method according to claim 20, where performing a system security function includes limiting access to the computer system information via the terminal.
  - 22. The method according to claim 21, where the step of limiting access includes causing information presented on the terminal display to be removed from the display.
  - 23. The method according to claim 20, where the step of limiting access includes disabling use of the terminal.
  - 24. The method according to claim 21, where after a second preset time period the computer system further limiting access to the computer system.
  - 25. The method according to claim 24 where the step of further limiting access includes logging a user off the terminal.
  - 26. The method according to claim 24, further including the step of entering in a database that the computer user is using the terminal when access is to computer system is initiated and wherein the step of further limiting access includes removing from the database that the computer user is using the terminal.
  - 27. The method according to claim 19, further including the step of determining that the reauthentication code includes a time component and the step of determining that the reauthentication code allows access includes comparing the time component to the current time to determine that a specified time limit has not been exceeded.
  - 28. The method according to claim 27, including the step of authenticating the security device with the computer system by communicating system authentication protocol information from the security device to the computer system when the current time is not within the specified time limit.
  - 29. The method according to claim 19, further including the step authenticating the computer user to the security device by the computer user providing information to the security device selected from the list of a response to a question and a biometric indicia, and wherein the provided information must match device authentication protocol information stored in the security device prior to authenticating the security device with the computer system.
  - 30. The method according to claim 29 wherein, when biometric indicia is provided, the indicia is provided by the computer user using a biometric sensor in the security device to sense the indicia.
  - 31. The method according to claim 29, further including the step of incrementing a count in the security device when the computer user is not authenticated to the security device, the count recording the inability of the security device to authenticate the computer user.
  - 32. The method according to claim 31, further including the step of activating a security device security function selected from the list including (i) erasing a portion of the memory of the security device,(ii) transmitting an alert message to the computer system, and (iii) disabling the security device when the count exceeds a limit.
  - 33. The method according to claim 32, including the step of storing the count in the memory of the security device.
  - 34. The method according to claim 33, further including the step of resetting the count to zero when the count is less than or equal to a limit and the computer user is able to authenticate himself to the security device.
  - 47. The method of claim 19 wherein the security device is an externally powered electronic device.

35. A method of initiating access between a computer user having a security device and a computer system containing information, the method comprising the steps of:
- a. providing a first terminal including a display screen for presenting information to the computer user where the first terminal is separate from the security device;
  
  b. communicating system authentication protocol information from the security device to the computer system at a first time;
  
  c. authenticating the security device with the computer system using the authentication protocol information;
  
  d. upon successful completion of the authenticating step, initiating a first access by the computer user to the computer system via the first terminal;
  
  e. creating and storing a reauthentication code that is related to a time limit;
  
  f. logging the computer user off the first terminal;
  
  g. facilitating a second access by the computer user to the computer system via the first terminal using the reauthentication code at a second time that is within the time limit;
  
  h. providing a second terminal where a neighborhood terminal is selected from a list including the first terminal and the second terminal;
  
  i. presenting the security device at the neighborhood computer terminal and obtaining the authentication code at a third time subsequent to the second time;
  
  j. determining that the third time is subsequent to the time limit; and
  
  k. where the third time is subsequent to the time limit, granting access to the computer system only after the user provides authentication protocol information via the neighborhood computer terminal and the provided information is matched to stored system authentication protocol information.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 36. The method of claim 35 wherein the terminal is a first terminal and the method further includes providing a second terminal including a second display screen for presenting information to the computer user where the second terminal is separate from the security device, the first and second terminals in a common neighborhood of the computer system and wherein the step of initiating a first access to the computer system at the first time includes using the first terminal to obtain authentication protocol information and the step of facilitating a second access includes using the second terminal to obtain the reauthentication code.
  - 37. The method of claim 35 wherein the security device is an externally powered electronic device.
  - 38. The method of claim 36, wherein each of the first and second terminals includes at least one of a card reader, electrical contacts, radio frequency identification antenna, an infrared transceiver and a bar code reader.
  - 39. The method of claim 36, wherein the step of facilitating a second access includes bringing the security device proximate to the second terminal so as to contact the terminal.
  - 40. The method of claim 35 wherein step of communicating system authentication protocol information includes the step of providing a user identifier and a password.
  - 41. The method of claim 35 wherein step of communicating system authentication protocol information includes providing a user biometric indicia.
  - 42. The method of claim 35 wherein the step of facilitating a second access includes initiating a second access by the computer user to the computer system via the terminal by communicating the reauthentication code to the computer system from the security device and when the reauthentication code is within the time limit allowing the second access.
  - 43. The method of claim 35 wherein the reauthentication code is stored by the computer system.
  - 44. The method of claim 43 wherein the reauthentication code is associated with a security device identifier within the computer system.
  - 45. The method of claim 35 wherein the security device must be proximate to the terminal to communicate with the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dlh Technology LLC
Original Assignee
Carlos De La Huerga
Inventors
de la Huerga, Carlos
Primary Examiner(s)
VU, VIET DUY

Application Number

US10/899,520
Publication Number

US 20050091338A1
Time in Patent Office

2,479 Days
Field of Search

709/217, 709/219, 709/223, 709/224, 709/225, 709/227, 709/228, 709/250
US Class Current

709/225
CPC Class Codes

A61J 1/1437   Locking means requiring key...

A61J 2200/30   Compliance analysis for tak...

A61J 2205/70   Audible labels, e.g. for pr...

A61J 7/0084   for multiple medicaments

G06F 21/35   communicating wirelessly

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 10/10   Office automation; Time man...

G07C 9/28   the pass enabling tracking ...

G16H 10/60   for patient-specific data, ...

G16H 10/65   stored on portable record c...

G16H 20/13   delivered from dispensers

G16H 40/20   for the management or admin...

G16H 40/67   for remote operation

G16H 70/60   relating to pathologies

H04L 63/0492   by using a location-limited...

H04L 63/0853   using an additional device,...

H04L 63/105   Multiple levels of security

H04L 63/108   when the policy decisions a...

System and method to authenticate users to computer systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

193 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to authenticate users to computer systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

193 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links