System, method and computer program product for an authentication management infrastructure
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/00
H04L-029/06
출원번호
US-0187887
(2014-02-24)
등록번호
US-9398013
(2016-07-19)
발명자
/ 주소
Bianco, Peter Garrett
Boon, William Taylor
Rochon, Anthony C.
Sherman, Marc A.
Sterling, Robert Brewster
Ware, Karl Roger
출원인 / 주소
Citibank, N.A.
대리인 / 주소
Sophir, Eric L.
인용정보
피인용 횟수 :
1인용 특허 :
134
초록▼
A system and method for allowing a user to access enterprise resources comprising authentication devices and an authentication server. The authentication devices allow a user to enter authentication data. The authentication server is in communication with the authentication devices. The authenticati
A system and method for allowing a user to access enterprise resources comprising authentication devices and an authentication server. The authentication devices allow a user to enter authentication data. The authentication server is in communication with the authentication devices. The authentication server comprises a policy database storing a policy. The policy comprises guidelines including a first guideline establishes a qualification necessary for the user to access enterprise resources and a second guideline establishes a qualification necessary for the user to activate a silent signal. The authentication server is adapted to request assistance for the user if the silent signal is activated.
대표청구항▼
1. A method for allowing a user to access enterprise resources, the method comprising: implementing, by an authentication server, a policy that sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wher
1. A method for allowing a user to access enterprise resources, the method comprising: implementing, by an authentication server, a policy that sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to activate a silent signal for requesting assistance under emergency conditions;requiring, by the authentication server, the user to establish authentication using at least one device associated with the policy;receiving, by the authentication server, one or more qualifications from the at least one device via one or more networks;creating, by the authentication server, a template for each device associated with the policy, wherein said template includes data unique to the user, and wherein the template is stored in memory coupled to the authentication server;determining, by the authentication server, that the user has activated the silent signal upon identifying the at least one predetermined second qualification in the one or more qualifications received from the at least one device according to the template of the at least one device stored in the memory coupled to the authentication server; andrequesting, by the authentication server, assistance for the user if the silent signal is activated. 2. The method of claim 1, further comprising: requiring, by the authentication server, the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;(ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;(iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;(iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices; or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices. 3. The method of claim 1, further comprising requiring, by the authentication server, the user to establish authentication with at least two devices; determining, by the authentication server, whether the user is authenticated when the user attains the at least one predetermined first qualification; andallowing, by the authentication server, the user to access the enterprise resources. 4. The method of claim 1, wherein the silent signal is activated by receiving a password entered by the user. 5. The method of claim 1, wherein the silent signal is activated by receiving biometric data entered by the user. 6. The method of claim 1, wherein requesting assistance for the user comprises notifying a law enforcement agency. 7. The method of claim 3, wherein each at least one predetermined second qualification has a corresponding first predetermined qualification based on the same one of the at least one device. 8. A method for allowing a user to access enterprise resources, the method comprising: implementing, by an authentication server, a policy that sets forth a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources and wherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to attain to pass the policy, and wherein the policy is formed by selecting one or more devices that the user must be tested on in order to activate a silent signal;generating, by the authentication server, a template for a device, the template containing the least one predetermined first qualification and the at least one second qualification;determining, by the authentication server, that the user has activated the silent signal upon receiving from the device the at least one predetermined second qualification based upon the template of the device stored in a memory coupled to authentication server; andrequesting, by the authentication server, assistance for the user if the silent signal is activated under emergency conditions, in response to identifying the at least one predetermined second qualification in the template of the device stored in the memory coupled to the authentication server. 9. The method of claim 8, further comprising: requiring, by the authentication server, the user to establish authentication using at least two devices associated with the policy to meet the second qualification, wherein(i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two devices;(ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two devices;(iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second device;(iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two devices; or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two devices. 10. The method of claim 8, further comprising: requiring, by the authentication server, the user to establish authentication with at least two devices;determining, by the authentication server, whether the user is authenticated when the user attains the at least one predetermined first qualification; andallowing, by the authentication server, the authenticated user to access the enterprise resources. 11. The method of claim 8, wherein the silent signal is activated by receiving a password entered by the user. 12. The method of claim 8, wherein the silent signal is activated by receiving biometric data entered by the user. 13. The method of claim 8, wherein requesting assistance for the user comprises notifying a law enforcement agency. 14. The method of claim 10, wherein each at least one predetermined second qualification has a corresponding predetermined first qualification based on the same one of the selected one or more devices. 15. A system for allowing a user to access enterprise resources comprising: one or more authentication devices that allow a user to enter authentication data; andan authentication server in communication with the one or more authentication devices that authenticates the authentication data, the authentication server comprising a policy database storing a policy, the policy implemented by the authentication server; wherein the policy comprises a plurality of guidelines for determining whether to authenticate the user and to allow the user to gain access to the enterprise resources, wherein at least one first guideline establishes at least one predetermined first qualification necessary for the user to be authenticated to access the enterprise resources andwherein at least one second guideline establishes at least one predetermined second qualification, different from the at least one first qualification, necessary for the user to attain to pass the policy and wherein the policy is formed by the authentication server selecting from the one or more authentication devices test devices that the user must be tested on in order to activate a silent signal;wherein the authentication server is adapted to request assistance for the user if the silent signal is activated under emergency conditions; andthe authentication server further comprising an authentication unit configured to determine that the user has activated the silent signal in response to receiving the predetermined second qualification and an output from the test devices, according to the policy stored in a memory coupled to the authentication unit of the authentication server. 16. The system of claim 15, the test devices comprising at least two of the one or more authentication devices and the authentication unit requiring the user to establish authentication using at the least two test devices to meet the second qualification, wherein (i) if the policy is an OR policy, then requiring the user to establish authentication on only one of the at least two test devices;(ii) if the policy is an AND policy, then requiring the user to establish authentication on all of the at least two test devices;(iii) if the policy is a CONTINGENT policy, then requiring the user to exceed a minimum threshold associated with a first test device or, if the user exceeds a contingent threshold associated with the first device, then requiring the user to exceed a minimum threshold associated with a second test device;(iv) if the policy is a RANDOM policy, then requiring the user to establish authentication on a randomly selected device from the at least two test devices; or(v) if the policy is a THRESHOLD policy, then requiring the user to exceed a total threshold value for the at least two test devices. 17. The system of claim 15, the authentication unit requiring the user to establish authentication with at least two of the test devices; the authentication unit adapted to determine whether the user is authenticated when the user attains the at least one predetermined first qualification; andthe authentication unit adapted to allow the authenticated user to access the enterprise resources. 18. The system of claim 15, wherein at least one of the test devices is a device for the user to enter a password. 19. The system of claim 15, wherein at least one of the test devices is a device for the user to enter biometric data. 20. The system of claim 17, wherein each at least one predetermined second qualification has a corresponding predetermined first qualification based on the same one of the test devices.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (134)
Wobber Edward (Menlo Park CA) Abadi Martin (Palo Alto CA) Birrell Andrew (Los Altos CA) Lampson Butler (Cambridge MA), Access control subsystem and method for distributed computer system using locally cached authentication credentials.
Cheng Jane (Spring Valley Rockland NY) Martinez Edgar (East White Plains NY) Naik Jayant (Stamford Fairfield CT), Apparatus and accompanying methods for preventing toll fraud through use of centralized caller voice verification.
Kapp Michael A. (New Philadelphia) Protheroe Robert L. (Cambridge) Onega Albert (Lore City OH), Apparatus and method for producing a digitized transaction record including an encrypted signature.
Berson William (Westport CT) Zemlok Kenneth C. (Shelton CT), Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic.
Kao, I-Lung; Milman, Ivan Matthew; Schneider, David J.; Willard, Ronald Gene, Authentication framework for multiple authentication processes and mechanisms.
Regnier Barbara Ann ; Youngers David Nicholas ; Dettinger Richard Dean ; Spors Daniel Arlan ; Thorson John David, Client/server computer system having personalizable and securable views of database data.
Gainsboro Jay L. (5 Bancroft Cir. Framingham MA 01701), Computer-based method and apparatus for controlling, monitoring, recording and reporting telephone access.
Sehr Richard P. (2276 Creek Bed Ct. Santa Clara CA 95054), Computerized theme park information management system utilizing partitioned smart cards and biometric verification.
Matchett Noel D. (1001 Spring St. ; Ste. 123 Silver Spring MD 20910) Kehoe Brian D. (1001 Spring St. ; Ste. 123 Silver Spring MD 20910), Continuous biometric authentication matrix.
Bozzo Ferdinando,ATX, Credit document connected to a document or customized card, independent customized credit card and associated issuance and validation equipment.
Schneider John K. (Snyder NY) Keeney Frank W. (Williamsville NY) Drakes Russell J. (Cheektowaga NY) Gojevic Stephen M. (Buffalo NY) Leszczynski Nicholas G. (Amherst NY) Schneider Mark C. (East Amhers, High resolution ultrasonic imaging apparatus and method.
Abtahi Nooral S. (4924 Carmel Rd. Charlotte NC 28226) Shumate ; Sr. Grady C. (Charlotte NC) Heyward Waddie (Charlotte NC) Yang Hedong (Charlotte NC), Method and apparatus for confirming the identity of an individual presenting an identification card.
Lewis Lundy ; Malik Rajiv ; Sycamore Steve ; Thebaut Suzanne ; Scott Walter ; Rustici Eric ; Kaikini Prasan, Method and apparatus for defining and enforcing policies for configuration management in communications networks.
Lewis Lundy ; Malik Rajiv ; Sycamore Steve ; Thebaut Suzanne ; Scott Walter ; Rustici Eric ; Kaikini Prasan, Method and apparatus for defining and enforcing policies for configuration management in communications networks.
Lang Gerald S. (812 Downs Dr. Silver Spring MD 20904), Method and apparatus for protecting material on storage media and for transferring material on storage media to various.
Penzias Arno A. (Chatham NJ), Method and apparatus for restrospectively identifying an individual who had engaged in a commercial or retail transactio.
Tomko George J.,CAX ; Stoianov Alexei,CAX, Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniq.
Tal Peter (53 Driftwood Dr. Port Washington NY 11050), Method and apparatus for uniquely identifying individuals by particular physical characteristics and security system uti.
Smithies Christopher Paul Kenneth (Corfe Mullen ; Wimborne GB2) Newman Jeremy Mark (Frome ; Somerset GB2), Method and system for the verification of handwritten signatures.
Leslie D. Owens ; Mark S. Plecity ; Alvah B. Davis ; David T. Kiswani ; I-Hsiang Yu, Method and system for validating subscriber identities in a communications network.
Ugon Michel (Maurepas FRX) Oisel Andr (Elancourt FRX), Method for checking the integrity of a program or data, and apparatus for implementing this method.
Gasser Morrie (Saugus MA) Goldstein Andrew C. (Hudson MA) Kaufman Charles W. (Northborough MA) Lampson Butler W. (Cambridge MA), Method for delegating authorization from one entity to another through the use of session encryption keys.
Prokoski Francine J. (1510 Inlet Ct. Reston VA 22090) Coffin Jeffrey S. (Sterling VA) Riedel Robert B. (Great Falls VA), Method for identifying individuals from analysis of elemental shapes derived from biosensor data.
Monroe Midori J. (Vancouver IL CAX) Huang George Y. (Chicago IL) Martin Tony D. (Arlington Heights IL), Method of verifying fake-proof video identification data.
Puhl Larry C. (Sleepy Hollow IL) Comroe Richard A. (Dundee IL) Furtaw Robert W. (Arlington Heights IL) Cantarutti Tracey L. (Barrington IL), Portable authentification system.
Turner Stephen J. (Saffron Walden GB2) Lilley John B. (Brentwood GB2), Recognition procedure and an apparatus for carrying out the recognition procedure.
McAllister Alex (Wheaton MD) Cheston Frank (Potomac MD) Young David E. (Silver Spring MD) Hanle John P. (Silver Spring MD), Selection of a voice recognition data base responsive to video data.
Schwalm Robert C. (Plano TX) Deffner Gerhard P. H. (Dallas TX), System and method for authenticating transmission and receipt of electronic information.
Houvener Robert C. ; Hoenisch Ian P., System and method of providing system integrity and positive audit capabilities to a positive identification system.
Monroe Midori J. (Vancouver IL CAX) Huang George Y. (Chicago IL) Martin Tony D. (Arlington Heights IL), System for encoding personalized identification for storage on memory storage devices.
Bogosian ; Jr. Charles A. (Warwick RI), System for verifying use of a credit/identification card including recording of physical attributes of unauthorized user.
Bianco Peter Garrett ; Boon William Taylor ; Sterling Robert Brewster ; Ware Karl Roger, System, method and computer program product for allowing access to enterprise resources using biometric devices.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
Andrew T. Busey ; Peter Novosel ; Govind Balakrishnan ; Peter Bunyan ; Brett Morrison ; Dwight M Moore ; Kirschen Alcyone Seah ; Rickey E. Chevrie ; George Currie ; Yuan Sylvia Tien, Web response unit including computer network based communication.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.