Registers – Systems controlled by data bearing records – Credit or identification card systems
Reexamination Certificate
2001-06-29
2004-12-28
Le, Thien M. (Department: 2876)
Registers
Systems controlled by data bearing records
Credit or identification card systems
Reexamination Certificate
active
06834795
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to the field of computer security. More particularly, this invention relates to use of smart cards to provide access to computing resources.
BACKGROUND OF THE INVENTION
Smart cards are currently used in some environments to provide secure access to high security computing resources. Typically, a user receives a smart card and PIN (Personal Identification Number) from a network administrator. The smart card is then activated by the network administrator after a sequence of communications between the network administrator and the user. The current procedures can be time consuming for both the user and the network administrator.
Once the smart card is activated, the user obtains access to computing resources by inserting the smart card into a smart card reader at a computer workstation or the like and enters a PIN code on a touchpad or from a keyboard. Such use of smart cards provides a relatively high level of security against unauthorized use of a computing resource, but is not without drawbacks.
As previously mentioned, the process of activating smart cards is currently a time consuming manual process. Moreover, since the smart card often resides in the smart card reader during the course of a user's session, the user is prone to forgetting the smart card—leaving it in the reader and thus compromising security. Although smart cards are currently used primarily in very high security environments, the cost of these smart cards is dropping rapidly, making them suitable for use in environments with less stringent security requirements, and often with less sophisticated users.
SUMMARY OF THE INVENTION
The present invention relates generally to computer security. Objects, advantages and features of the invention will become apparent to those skilled in the art upon consideration of the following detailed description of the invention.
In one embodiment of the present invention a simplified user authentication to a computer resource is provided utilizing a smart card. When a new user is issued a smart card, he or she is also issued a user name (ID) and password to be used during a first use to activate the smart card. The user then connects the smart card and enters the user ID and password. The user is authenticated using the user ID and password and identifying information from the smart card. The network administration server then requests a public key from the workstation. The workstation instructs the smart card to generate public and private keys. The public key is transmitted to the server. A digital certificate is created and the smart card is activated. Once the smart card is activated a simplified login procedure can be used wherein connecting the smart card to a workstation initiates a login process not requiring use of a PIN number or other user input.
In one embodiment consistent with the present invention, a method of using a smart card, includes issuing a smart card to a user; issuing manual authentication information to the user; authenticating the user and the smart card using the manual authentication information; obtaining a public key from the smart card; and issuing a digital certificate using the public key to the smart card to activate the smart card.
Another method, consistent with an embodiment of the present invention, of using a smart card includes receiving a smart card; receiving manual authentication information; authenticating the smart card using the manual authentication information; generating a public key using the smart card; sending the public key to an administration server; and receiving a digital certificate generated using the public key to activate the smart card.
Another method, consistent with an embodiment of the present invention, of using a smart card, includes connecting the smart card to a workstation; sending a login request to a server; authenticating a digital certificate for the smart card; and if authenticated, permitting a login to a computer resource.
The above summaries are intended to illustrate exemplary embodiments of the invention, which will be best understood in conjunction with the detailed description to follow, and are not intended to limit the scope of the appended claims.
REFERENCES:
patent: 5120939 (1992-06-01), Claus et al.
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5799086 (1998-08-01), Sudia
patent: 5872844 (1999-02-01), Yacobi
patent: 5889941 (1999-03-01), Tushie et al.
patent: 5910989 (1999-06-01), Naccache
patent: 5943423 (1999-08-01), Muftic
patent: 6233683 (2001-05-01), Chan et al.
patent: 6257486 (2001-07-01), Teicher et al.
patent: 6260111 (2001-07-01), Craig et al.
patent: 6308268 (2001-10-01), Audebert
patent: 6327659 (2001-12-01), Boroditsky et al.
patent: 6332192 (2001-12-01), Boroditsky et al.
patent: 6401206 (2002-06-01), Khan et al.
patent: 6402028 (2002-06-01), Graham et al.
patent: 6481632 (2002-11-01), Wentker et al.
patent: 6588673 (2003-07-01), Chan et al.
patent: 6612486 (2003-09-01), Sato et al.
Harmsen Matthew
Rasmussen Brian
Labaze Edwyn
Le Thien M.
Osha & May L.L.P.
Sun Microsystems Inc.
LandOfFree
Secure user authentication to computing resource via smart card does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure user authentication to computing resource via smart card, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure user authentication to computing resource via smart card will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3283025