WO2003075135A1 - Delegation d'ouverture de session utilisateur - Google Patents

Delegation d'ouverture de session utilisateur Download PDF

Info

Publication number
WO2003075135A1
WO2003075135A1 PCT/US2002/006536 US0206536W WO03075135A1 WO 2003075135 A1 WO2003075135 A1 WO 2003075135A1 US 0206536 W US0206536 W US 0206536W WO 03075135 A1 WO03075135 A1 WO 03075135A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
principal
authentication code
account
delegate
Prior art date
Application number
PCT/US2002/006536
Other languages
English (en)
Inventor
Dwayne Mercredi
Rod Frey
Gregory C. Jensen
Original Assignee
Saflink Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Saflink Corporation filed Critical Saflink Corporation
Priority to US10/398,356 priority Critical patent/US20040015702A1/en
Priority to PCT/US2002/006536 priority patent/WO2003075135A1/fr
Priority to EP02723315A priority patent/EP1481304A1/fr
Priority to AU2002254100A priority patent/AU2002254100A1/en
Publication of WO2003075135A1 publication Critical patent/WO2003075135A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Definitions

  • the present invention relates generally to identity authentication
  • Typical security measures require a user to sign on (i.e., log in) to a computer or
  • a user ID by providing a user ID and an authentication code, such as a password, identification card, smart card, token device, or biometric data (fingerprint,
  • a principal user may simply tell the delegate the principal user's password which thus allows
  • principal user may simply loan the principal user's identification card to the
  • biometric systems generally preclude the ability for a principal user to allow a
  • biometric data simply does not lend itself to "sharing”. Moreover, when a delegate accesses the system as if he were the principal user by using a shared password, identification card, or other authentication code, there is no audit trail to show who was actually accessing the system.
  • the present invention provides an authentication mechanism
  • both a principal user's authentication code and an authorized delegate's authentication code are associated with the principal user's ID.
  • the authentication code given by that user may
  • the delegate is given access as if the delegate were the principal user, or
  • delegate to a principal may also be a separate principal on the system
  • a log may be created to record that
  • the log may also record data or program access events, lock/unlock events, logout events, and otherwise track the usage by the delegate on behalf of the principal.
  • Fig. 1 is a block diagram of a networked computer system
  • Fig. 2 is a block diagram of an exemplary hardware
  • Fig. 3 is a flowchart outlining method steps suited for execution
  • Fig. 4 is a dialog box having application within the process
  • Fig. 5 is a flowchart illustrate process steps associated with the
  • the exemplary system 10 configured to allow a delegate user to access an account of a principal user in the name of that principal user. More particularly, the exemplary system 10
  • Capture authentication code refers
  • such capture authentication code comprises a biometric identification record (BIR) of the delegate user.
  • BIR biometric identification record
  • the delegate user may use a keypad, mouse, microphone, electronic notepad and/or some other input device to designate a principal user in response to a computer prompt or other interface.
  • biometric device or other authenticating teclinique used to verify the identity
  • the delegate may be programmatically determined as product of prior use and network/user preference. Additional considerations may include system and/or hardware mandates and stipulations.
  • the account of the principal user contains data, programs, or other resources to be accessed by the delegate user on behalf of the principal user. Morever, the delegate may have been approved or granted a privilege to access the account as the principal. To this end, an administrator or the principal may add login
  • mformation preferably includes stored BIR data, but may alternatively
  • the stored BIR or other authentication code may be recalled in response to the delegate presenting capture BIR data.
  • the capture BIR data may be recalled in response to the delegate presenting capture BIR data.
  • the capture BIR data may be sequentially evaluated against the stored authentication codes, which are recalled for the purpose of finding a match.
  • the delegate is permitted to enter the account of the principal as the principal user.
  • a log or other record of actions taken by the delegate during the session is maintained
  • the principal may share data and other resources with the delegate in a secure
  • Fig. 1 shows an exemplary computer system 10 suitable for
  • system 10 is illustrated as a networked system that includes one or more client computers 12, 14 and 20 (e.g., lap top, desktop or PC-based computers, workstations, etc.) coupled to server 16 (e.g., a PC-based server, a
  • minicomputer a midrange computer, a mainframe computer, etc.
  • Network 18 represents a networked interconnection, including, but not limited to local-area, wide-area, wireless, and public networks (e.g., the Internet). Moreover, any number of computers and other devices may be
  • the present invention may have particular application when a computer 12, 14, 20
  • a central processing unit CPU
  • peripheral components such as a computer display 22
  • storage device 23 a printer 24
  • suitable input devices may comprise any mechanism configured
  • suitable input devices to user computer 20 may
  • Server computer 16 may be similarly configured, albeit typically
  • FIG. 2 illustrates a hardware and software environment for an
  • apparatus 30 suited to delegate access to electronic data by using an account of a principal in a manner consistent with the principles of the invention.
  • apparatus 30
  • a client computer e.g., similar to computers 12, 14 and 20
  • a server computer e.g., similar to server 16 of Fig. 1
  • a portable portable device e.g., a portable music player, a portable music player, or a portable music player.
  • PDA Personal Digital Assistant
  • embedded controller etc.
  • Apparatus 30 will hereinafter also be referred to as a "computer,” although it
  • Appatus may also include other suitable components
  • Computer 30 typically includes at least one processor 31
  • Processor 31 may represent one or more processors (e.g., microprocessors), and memory 32 may represent the random access
  • RAM random access memory
  • any supplemental levels of memory e.g., cache memories, non-volatile or
  • backup memories e.g., programmable or flash memories
  • read-only memory e.g., read-only memory
  • memory 32 may be considered to include memory storage physically located elsewhere in computer 30, e.g., any cache memory in a processor 31, as well as any storage capacity used as a virtual memory, e.g., as stored within a database 37 or on another computer coupled to
  • Computer 30 also may receive a number of inputs and outputs
  • computer 30 typically includes one or more input devices 33 (e.g., a keyboard, a mouse,
  • a trackball a joystick, a touchpad, smartcard slot, retinal/fingerprint scanner,
  • a token detector and/or a microphone, among others and/or a display 34 (e.g., a
  • direct user input and output may not be
  • computer 30 may also include one oi ⁇ more mass storage devices 36 configured to store a biometric database 37.
  • Exemplary devices 36 can include: a floppy or other removable disk drive, a
  • computer 30 may include an interface with one or more networks 38 (e.g., a
  • computer 30 typically includes suitable analog and/or digital interfaces between processor 31 and each of components
  • Computer 30 operates under the control of an operating system
  • delegate program 42 programs, objects, modules, etc. (e.g., delegate program 42, biometric authentication program 43, delegate profile program 44, Human
  • HA- API Authentication Application Programming Interface
  • API 51 regards an exemplary programming interface supplied by biometric
  • the computer programs typically comprise one or more
  • signal bearing media include, but are not limited to recordable type media
  • volatile and non- volatile memory devices such as volatile and non- volatile memory devices, floppy and other removable disks, hard disk drives, optical disks (e.g., CD-ROM's, DVD's, etc.), among
  • the delegate accesses the account and
  • a delegate profile is established for the principal user.
  • a suitable profile may contain a listing of preapproved delegates, or users privileged to enter the account of the principal.
  • an authentication code correlated to each of the delegates may be stored in a manner accessible to the local computer or networked server
  • program code may initiate a comparison of this stored authentication code against the capture authentication code of a user attempting to login as a delegate. The result of the comparison may determine whether or not the user
  • the computer may activate
  • the program may initially query a server, operating system, or user input to determine if user delegation
  • the program may initiate a display or display option
  • a user desiring to login to the account of a
  • the program code initiates a display of program options at
  • One such option may include a listing of principal users. That is, a drop-down list of principal users having profiles allowing for
  • the program at block 56 may retrieve at the top of the list of
  • statistics compiled for this purpose can be measured locally on the machine at which the delegate user attempts to access the account, or they may
  • the computer may display
  • An administrator may set the number of user ID's displayed according to application and performance considerations.
  • a delegate user may scroll down the drop-down box to
  • the embodiment may present the user with the option of typing the principal's name into a text field.
  • Fig. 3 another figure in which the principal's name is entered.
  • Fig. 4 shows a suitable dialog box having such a text field 77
  • the user may submit the name of the principal 85 by depressing the "OK" button 83.
  • the user may alternatively
  • the dialog box may further include a password login option 79.
  • a delegate user may access the account of the principal using the conventional
  • Another embodiment may require users to access the account of a principal using their
  • One embodiment may programmatically dete ⁇ nine which, if
  • program code determines a set of allowable biometric login devices based on settings relating to the computer, principal
  • steps 60-72 represent one exemplary sequence for
  • the program code may initially access a local area network
  • Such a policy may be stored on the local hard drive or may be accessible via
  • Program code at block 60 may evaluate the accessed infonnation to determine if a policy has been established for the accessed computer.
  • policy may include a preprogrammed preference or mandate for a biometric testing device established by an administrator or a prior user for that machine.
  • the computer may similarly
  • the program may substitute a default preference.
  • the default setting may track a compilation of available biometric devices on
  • the policy may further be specific to user delegation applications.
  • the absence of a setting may cause the program to force the user to provide a conventional password or other non- biometric instrument of authentication.
  • the BIR policy for the principal user may
  • a user BIR policy may be preset in a database field associated with
  • the field or other indicator may mandate one or more devices that are suitable for login with regard to the
  • Such a setting can act as a default, or statistical preference for a
  • An administrator, security or account manager can designate groupings of machines or users having particular security requirements. Tags relating to
  • Program code at block 64 can
  • program code may evaluate which biometric devices are installed and available on the local machine at block 66 of Fig. 3. For instance, the local computer of the user
  • This registry provides a mechanism for the embodiment to assess available devices at block 66. In an instance where the computer is in
  • the computer may alternatively check the
  • an embodiment of the software may, as above, relegate the user to login using a conventional password if the option is available at
  • Another factor that can determine which, if any, biometric device will be made available to capture BIR data of the user concerns whether
  • program code may initiate such a
  • the computer may determine whether
  • user delegation program may next determine whether more than one biometric
  • login device is available on the machine at block 70. Of note, should only one
  • the program may initiate authentication processes directly at block 88. If none of the available biometric device be available and previously accessed, the program may initiate authentication processes directly at block 88. If none of the available biometric device be available and previously accessed, the program may initiate authentication processes directly at block 88. If none of the available biometric device be available and previously accessed, the program may initiate authentication processes directly at block 88. If none of the available biometric device be available and previously accessed, the program may initiate authentication processes directly at block 88. If none of the available
  • the login session may be ended at block 86.
  • a display may appear on the screen viewed by the user informing them that the login session was
  • biometric processes associated with that device are initiated at block 88.
  • the user may be presented with a
  • biometric interface configured to guide the user through a process of submitting a capture BIR. Should the program code alternatively determine
  • Another database field may be checked to see if a preference for one of the available devices has been designated at block 72.
  • a database For example, a database
  • a retinal seamier will be a default
  • login interface applicable to the preferred login device may be presented directly to the user at block 88. That is, should the program detect a preferred
  • one embodiment may prompt the user to select a biometric testing sequence at block 76 from a listing displayed at the terminal at block 74. More specifically, program code may initiate the display at block
  • the user may select one or more biometric verification processes by typing in or clicking on a device displayed at block 60-68.
  • the user may also set a login device 74.
  • the user may also set a login device 74.
  • a user may stipulate a
  • the program code can recall the preference at block 72 of a subsequent session.
  • the user may not
  • biometric login device selected at block 76 presents itself to the user at block 88.
  • Program code may retrieve software associated with the
  • biometric in preparation of the biometric challenge at block 88.
  • the program then launches the designated/preferred biometric test according
  • the program may initiate and display a user interface screen
  • a fingerprint authentication application may prompt the user, "Please place finger on pad.”
  • the user may provide the appropriate capture BIR data.
  • the computer collects the capture BIR data according to the
  • the user submits a capture BIR according to the applicable BIR
  • devices suited to receive such data can include a fingerprint or retinal scanner, DNA sampler,
  • FIG. 3 basically concerns biometric logins, another embodiment may
  • the stored BIR data will not match the capture BIR data at block
  • program code consistent with the principles of the present invention may nonetheless allow for such a comparison to accommodate
  • program code will check a database field associated with the principal to see if the profile of
  • the session may be ended in a manner analogous to that
  • the program code may retrieve stored BIR data correlated to a first delegate at block 98.
  • the delegate is a user privileged by the principal or a system administrator to
  • the delegate can in
  • program code may be the delegate who most frequently accesses the account
  • the program code may attempt to verify the capture BIR data using a retrieved history of recent logins. That is, the program may
  • the program may sequentially evaluate stored BIR data
  • Another embodiment in accordance with the invention may select stored BIR data of the delegate user to login based on
  • the stored BIR data of the first delegate is compared against
  • the program code may retrieve stored BIR data correlated to another delegate user
  • this second set of stored BIR data could relate to a delegate
  • blocks 98-102 may repeat as necessary until it has either sequenced through the stored BIR data of all potential delegate users
  • one embodiment of the program code may relegate the user to any available password login procedures back at block 82, or the
  • login session may end altogether at block 86.
  • Another embodiment may send
  • the respective login protocol may allow for multiple authentication attempts at block 102 before ending a session.
  • delegate user is granted access to the account of the principal at block 84 as the
  • an embodiment of the program code may transparently
  • successful delegate user can be recorded within a log or other memory for
  • the times associated with the login and logout of the accessing delegate user may be recorded within the
  • FIG. 5 The flowchart of Fig. 5 includes processes suited to establish
  • such a profile may be stored in association with a
  • principal user within local or network memory and may include a listing of delegate users privileged to access their account as the principal user.
  • profile can additionally contain links or memory structure configured to recall
  • sequenced steps outlined in Fig. 5 represent an exemplary session for adding or deleting delegates to a profile of a principal
  • the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may initialize system processes. For instance, the individual may
  • a programmatic object configured to update a profile of a principal may be initiated, accordingly.
  • the user may select a programmatic object or
  • program code may display properties of the account to the user at block 124. From among
  • program code may initiate a display of all
  • the display may comprise a drop-down list of names or other descriptors
  • a grouping of delegates assigned to an account may comprise participants in a project
  • the principal, administrator, or other authorized user may add a
  • program code may evaluate at block 131 whether the intended delegate is already registered on the operating system or network. If so, the
  • Such identifying information retrieved at block 133 preferably includes a stored BIR in addition to other login data. This feature promotes efficient and
  • the administrator or other authorized user can alternatively enroll the delegate in the system at block 134 and 135.
  • the user may cause enrolhnent BIR data of the delegate to be
  • This enrollment can be stored at block 134.
  • steps 134 and 135 with an enor message to the user that effectively ends the session and instructs them to consult system regulations or management/administrative personnel to first register as a user on the
  • the user may remove a delegate from a principal's profile as required by persom el and project status developments at block 132.
  • an administrator may click or otherwise select a listed identifier correlated to the delegate user and displayed within the delegate window.
  • the administrator may click on button that deletes the name of the former delegate user from the profile listing at block 140.
  • the fonner delegate user can no
  • the profile of the principal user may be updated to remain current with project and system security requirements. As above, any action taken with the principal user
  • a program of the invention may encrypt biometric data, conventional passwords and other infonnation at any step delineated in the flowcharts of
  • a delegate user could proffer their identity to the operating system prior to logging in as a delegate. As such, the user could select their
  • BIR data in response to a successful login may be complimented by the present invention.
  • Such a program may cause an accessing user to provide capture BIR data to a local computer when accessing a network server.
  • One embodiment of the present invention may retrieve and locally store the
  • present invention allows a delegate user to biometrically access a computer on behalf of a principal user without first providing another source of
  • a delegate user's first interaction with a machine may comprise the
  • a microphone coupled to the computer may recognize
  • Program software ranning on the computer compares capture BIR data to stored enrollment BIR data and determines if a match is present.
  • the program may retrieve and configure an ID and password associated with the enrollment BIR data to verify privileged

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un appareil (10), un procédé et un logiciel (42) connectant un utilisateur délégué dans le compte d'un utilisateur principal pour le compte de cet utilisateur en réponse à un code d'authentification, tel que des données biométriques, corrélé à l'utilisateur délégué. Des actions prises par le délégué alors qu'il se trouve dans le compte de l'utilisateur principal peuvent être enregistrées en raison de considérations d'évaluation et de responsabilisation. Le ou les utilisateurs délégués ayant le privilège d'accéder au compte de l'utilisateur principal sont ajoutés et éliminés d'un profil (44), selon nécessité, afin de faciliter le partage administré des ressources.
PCT/US2002/006536 2002-03-01 2002-03-01 Delegation d'ouverture de session utilisateur WO2003075135A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US10/398,356 US20040015702A1 (en) 2002-03-01 2002-03-01 User login delegation
PCT/US2002/006536 WO2003075135A1 (fr) 2002-03-01 2002-03-01 Delegation d'ouverture de session utilisateur
EP02723315A EP1481304A1 (fr) 2002-03-01 2002-03-01 Delegation d'ouverture de session utilisateur
AU2002254100A AU2002254100A1 (en) 2002-03-01 2002-03-01 User login delegation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2002/006536 WO2003075135A1 (fr) 2002-03-01 2002-03-01 Delegation d'ouverture de session utilisateur

Publications (1)

Publication Number Publication Date
WO2003075135A1 true WO2003075135A1 (fr) 2003-09-12

Family

ID=27787373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/006536 WO2003075135A1 (fr) 2002-03-01 2002-03-01 Delegation d'ouverture de session utilisateur

Country Status (3)

Country Link
EP (1) EP1481304A1 (fr)
AU (1) AU2002254100A1 (fr)
WO (1) WO2003075135A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006051051A1 (fr) * 2004-11-12 2006-05-18 International Business Machines Corporation Appareil, systeme et procede permettant d'etablir une relation de mandataire pour la realisation de taches informatiques deleguees

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0426595A2 (fr) * 1989-11-02 1991-05-08 International Business Machines Corporation Méthode pour permettre l'accès à des ressources en commun en utilisant une definition d'ensemble d'utilisateurs pour supporteur des relations d'affinité et de substitution entre utilisateurs
US5581700A (en) * 1995-08-11 1996-12-03 Dell U.S.A., L.P. Hierarchical multiple password acceptance system
US5931948A (en) * 1992-09-17 1999-08-03 Kabushiki Kaisha Toshiba Portable computer system having password control means for holding one or more passwords such that the passwords are unreadable by direct access from a main processor
EP1176489A2 (fr) * 2000-07-25 2002-01-30 Dew Engineering and Development Limited Un procédé flexible d'authentification d'utilisateur

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0426595A2 (fr) * 1989-11-02 1991-05-08 International Business Machines Corporation Méthode pour permettre l'accès à des ressources en commun en utilisant une definition d'ensemble d'utilisateurs pour supporteur des relations d'affinité et de substitution entre utilisateurs
US5931948A (en) * 1992-09-17 1999-08-03 Kabushiki Kaisha Toshiba Portable computer system having password control means for holding one or more passwords such that the passwords are unreadable by direct access from a main processor
US5581700A (en) * 1995-08-11 1996-12-03 Dell U.S.A., L.P. Hierarchical multiple password acceptance system
EP1176489A2 (fr) * 2000-07-25 2002-01-30 Dew Engineering and Development Limited Un procédé flexible d'authentification d'utilisateur

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006051051A1 (fr) * 2004-11-12 2006-05-18 International Business Machines Corporation Appareil, systeme et procede permettant d'etablir une relation de mandataire pour la realisation de taches informatiques deleguees
US7774462B2 (en) 2004-11-12 2010-08-10 International Business Machines Corporation Apparatus, system, and method for establishing an agency relationship to perform delegated computing tasks
US8327425B2 (en) 2004-11-12 2012-12-04 International Business Machines Corporation Method for establishing an agency relationship to perform delegated computing tasks

Also Published As

Publication number Publication date
AU2002254100A1 (en) 2003-09-16
EP1481304A1 (fr) 2004-12-01

Similar Documents

Publication Publication Date Title
US20040015702A1 (en) User login delegation
US20130133042A1 (en) Biometric authentication
US20040059590A1 (en) Credential promotion
US7908648B2 (en) Method and system for enabling remote access to a computer system
US6636973B1 (en) Secure and dynamic biometrics-based token generation for access control and authentication
EP1672557A1 (fr) Identification à deux facteurs par jeton
US7134138B2 (en) Methods and apparatus for providing security for a data storage system
US7117529B1 (en) Identification and authentication management
US20060021003A1 (en) Biometric authentication system
US8756667B2 (en) Management of hardware passwords
CN1985260A (zh) 使用外部设备的计算机控制方法及计算机控制系统
US20080052526A1 (en) System and Method for Enrolling Users in a Pre-Boot Authentication Feature
JP2009258820A (ja) アカウント管理システム、アカウント管理装置、アカウント管理方法
WO2007124095A2 (fr) Système et procédé de gestion à distance et pour faciliter l'installation et l'enregistrement de logiciel
EP4084401A1 (fr) Procédé et appareil de gestion sécurisée de processus d'accès de processus informatiques à des ressources de réseau par l'intermédiaire de justificatifs d'identité de système délégué
RU2691201C1 (ru) Система, способ и устройство непрерывной аутентификации пользователя и защиты ресурсов автоматизированного рабочего места от несанкционированного доступа
US7540032B2 (en) User objects for authenticating the use of electronic data
JP2004355318A (ja) コンピュータ利用管理システム、コンピュータ利用管理方法、視聴覚機器利用管理システムおよび視聴覚機器利用管理方法
US20080046750A1 (en) Authentication method
JP2005208993A (ja) 利用者認証システム
US20030221120A1 (en) Automatic password configuration during error reporting
EP1481304A1 (fr) Delegation d'ouverture de session utilisateur
KR101445708B1 (ko) 보안 시스템, 이를 위한 단말기 및 보안 방법
EP1430372B1 (fr) Authentification biometrique
GB2423396A (en) Use of a token to retrieve user authentication information

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 10398356

Country of ref document: US

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002723315

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002723315

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP