Information security – Access control or authentication – Network
Reexamination Certificate
2011-07-12
2011-07-12
Homayounmehr, Farid (Department: 2434)
Information security
Access control or authentication
Network
C726S005000, C726S020000
Reexamination Certificate
active
07979899
ABSTRACT:
An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.
REFERENCES:
patent: 6510236 (2003-01-01), Crane et al.
patent: 7181507 (2007-02-01), Lavelle et al.
patent: 7350074 (2008-03-01), Gupta et al.
patent: 7373515 (2008-05-01), Owen et al.
patent: 7574731 (2009-08-01), Fascenda
patent: 7610617 (2009-10-01), Kelly et al.
patent: 7703128 (2010-04-01), Cross et al.
patent: 7706778 (2010-04-01), Lowe
patent: 7765298 (2010-07-01), Villavicencio
patent: 7856659 (2010-12-01), Keeler et al.
patent: 2002/0112186 (2002-08-01), Ford et al.
patent: 2004/0187018 (2004-09-01), Owen et al.
patent: 2005/0091539 (2005-04-01), Wang et al.
patent: 2006/0022048 (2006-02-01), Johnson
patent: 2006/0070125 (2006-03-01), Pritchard et al.
patent: 2006/0206709 (2006-09-01), Labrou et al.
patent: 2006/0206924 (2006-09-01), Wendling et al.
patent: 2006/0265598 (2006-11-01), Plaquin et al.
patent: 2006/0282662 (2006-12-01), Whitcomb
patent: 2007/0067831 (2007-03-01), Matsuda et al.
patent: 2007/0107050 (2007-05-01), Selvarajan
patent: 2007/0136471 (2007-06-01), Jardin
patent: 2007/0136472 (2007-06-01), Jardin
patent: 2007/0186103 (2007-08-01), Randle et al.
patent: 2007/0192601 (2007-08-01), Spain et al.
patent: 2007/0198435 (2007-08-01), Siegal et al.
patent: 2007/0220594 (2007-09-01), Tulsyan
patent: 2008/0046983 (2008-02-01), Lester et al.
patent: 2008/0176536 (2008-07-01), Galluzzo et al.
patent: 2008/0196088 (2008-08-01), Vinokurov et al.
patent: 2009/0143104 (2009-06-01), Loh et al.
patent: 2009/0228962 (2009-09-01), Pathak
patent: 2010/0188975 (2010-07-01), Raleigh
patent: 2010/0188992 (2010-07-01), Raleigh
patent: 2010/0192212 (2010-07-01), Raleigh
patent: 2011/0029782 (2011-02-01), Havercan
patent: 2005-323070 (2005-11-01), None
International Search Report and Written Opinion for PCT Application No. PCT/US2009/042667, mailed on Jan. 25, 2010, 12 pages.
“Authentication in an Internet Banking Environment”, Federal Financial Institutions Examination Council. 2002. pp. 1-14.
“Managing Strong Authentication: A Guide to Creating an Effective Management System”, Technology Brief: Identity and Access Management. 2007. 16 Pages.
Wuest, “Phishing in the Middle of the Stream”—Today's Threats to Online Banking. White Paper: Symantec Security Response. From the proceedings of the AVAR 2005 conference. 28 Pages.
Chen Rui
Guo Wei-Qiang (Michael)
Rouskov Yordan
Wong Pui-Yin Winfred
Hensley Kim & Holzer LLC
Homayounmehr Farid
Microsoft Corporation
LandOfFree
Trusted device-specific authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Trusted device-specific authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Trusted device-specific authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2735955