System and method for securing transactions and computer resources with an untrusted network

US 20030046589A1
Filed: 08/29/2002
Published: 03/06/2003
Est. Priority Date: 06/11/1997
Status: Active Grant

First Claim

Patent Images

1. A system for securing and tracking usage of transaction services or computer resources by at least one client computer from a first server computer providing the services or resources via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and other client computers, comprising:

clearinghouse means for storing identity data of said first server computer and the identity data of each of said client computers;

server software means installed on said first server computer adapted to forward its identity data and identity data of each client computer to said clearinghouse means at the beginning of an operating session in which access to selected services or resources of said first server computer is requested;

client software means installed on each of said client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected services or resources is requested; and

, at least one hardware key connected to the client computer, said key being adapted to generate a digital identification, which identification is part of said identity data;

said server software means installed on the first server computer being adapted to selectively request the client computer to forward said digital identification to the first server computer to thereby confirm that said hardware key is connected to said client computer;

said clearinghouse means being adapted to authenticate the identity of said client computer responsive to a request for selected services or resources of said first server computer by a client computer;

said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said client computer making the request for selected services or resources of said first server computer; and

, said clearinghouse means being adapted to permit access to said selected services or resources responsive to successful initial authentication of said first server computer and of said client computer making said request;

wherein said at least one hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

315 Citations

21 Claims

1. A system for securing and tracking usage of transaction services or computer resources by at least one client computer from a first server computer providing the services or resources via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and other client computers, comprising:
- clearinghouse means for storing identity data of said first server computer and the identity data of each of said client computers;
  
  server software means installed on said first server computer adapted to forward its identity data and identity data of each client computer to said clearinghouse means at the beginning of an operating session in which access to selected services or resources of said first server computer is requested;
  
  client software means installed on each of said client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected services or resources is requested; and
  
  , at least one hardware key connected to the client computer, said key being adapted to generate a digital identification, which identification is part of said identity data;
  
  said server software means installed on the first server computer being adapted to selectively request the client computer to forward said digital identification to the first server computer to thereby confirm that said hardware key is connected to said client computer;
  
  said clearinghouse means being adapted to authenticate the identity of said client computer responsive to a request for selected services or resources of said first server computer by a client computer;
  
  said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said client computer making the request for selected services or resources of said first server computer; and
  
  , said clearinghouse means being adapted to permit access to said selected services or resources responsive to successful initial authentication of said first server computer and of said client computer making said request;
  
  wherein said at least one hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A system as defined in claim 1 wherein the untrusted network is the Internet.
  - 3. A system as defined in claim 1 wherein said client computer identity data includes at least one of a username, a password, a personal identification number (PIN) and said digital identification.
  - 4. A system as defined in claim 1 wherein said digital identification is any one from the group of a predetermined digital identification, a magnetic card identification data, a smart card identification data and a biometric identification data.
  - 5. A system as defined in claim 1 further including at least two server computers and at least two clearinghouse means, said server computers and clearinghouse means being capable of being at separate physical locations.
  - 6. A system as defined in claim 1 wherein said clearinghouse means is adapted to operate as an independent entity and can provide said authentication operations for multiple server computers being capable of being at separate physical locations.
  - 7. A system defined in claim 1 wherein said predetermined digital identification includes at least one of a unique digital serial number, a digital certificate or an account number.
  - 8. A system defined in claim 1 wherein said client computer identity can be forwarded to said clearinghouse means to authorize and authenticate access to computer resources contained on multiple computers.
  - 9. A system as defined in claim 1 wherein said first server computer intermittently requests said client computer to forward said predetermined digital identification to said first server computer to thereby confirm that said hardware key is connected to said client computer.
  - 10. A system as defined in claim 9 wherein successive ones of said intermittent requests occur at predetermined time intervals.
  - 11. A system as defined in claim 1 wherein said clearinghouse means provides authentication confirmation data to said client computers and to said first server computer when the identities of the same are authenticated, said authentication confirmation data being encrypted in subsequent communications from each of said first server computer, client computer and clearinghouse means to another of said first server computer, client computer and clearinghouse means.
  - 12. A system as defined in claim 1 wherein when said hardware key is implemented with the hardware token access system, the magnetic card access system, the smart card access system or the central processing unit with a unique embedded digital identification, said first server computer has the ability to change said digital identification of the hardware key connected to each of said client computers, said changed digital identification being transmitted to said clearinghouse means.
  - 13. A system as defined in claim 1 further characterized in that it is adapted to monitor the communications between said first server computer and each client computer during operating sessions and acquire and store demographic data for each client computer.
  - 14. A system as defined in claim 13 wherein said demographic data comprises personal profile information, including at least two of the following items of information including:
    - e-mail address, username, password, personal identification number, billing name, billing address, billing city, billing state, billing zip code, billing country, shipping name, shipping address, shipping city, shipping state, shipping zip code, shipping country, shipping method, home phone number, work phone number, cellular phone number, facsimile phone number, credit card number, credit card expiration date, credit card type, debit card number, debit card expiration date, debit card type, card-holders name, date of birth, and social security number.
  - 15. A system as defined in claim 1 further characterized in that it is adapted to monitor the communications between said first server component and each client computer during operating sessions and acquire and store transaction data based upon the client computers usage of server computer resources.
  - 16. A system as defined in claim 1 wherein said server computer is adapted to selectively query each of said client computers to generate said digital identification during an operating session, each of said client computers generating said digital identification in response to said query.
  - 17. A system as defined in claim 16 wherein said server computer'"'"'s selective querying of client computers occurs by operation of query algorithms, said server computer being adapted to change said query algorithms.
  - 18. A system as defined in claim 1 wherein said server computer is adapted to selectively prompt said client computers to enter its identity data including at least one of a username, a password or a personal identification number (PIN) in the beginning of an operating session.
  - 19. A system as defined in claim 1 wherein said first server computer is adapted to assign one of a plurality of authorization levels to the transaction services or computer resources provided by said first server computer, said identity data of each of said client computers including a particular authorization level, said first server computer only permitting access to particular transaction services or computer resources by a client computer that are permitted by said particular authorization level.
  - 20. A system as defined in claim 19 wherein said transaction services or computer resources are contained in a plurality of directories containing files, said authorization levels being assigned on a directory level.
  - 21. A system as defined in claim 19 wherein said computer resources are contained in a plurality of directories containing files, said authorization levels being assigned on a file level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Gregg, Richard L.

Granted Patent

US 7,290,288 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2135   Metering

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 2220/00   Business processing using c...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

System and method for securing transactions and computer resources with an untrusted network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

315 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing transactions and computer resources with an untrusted network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

315 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links