WO2001080017A1 - System for logging into multiple network systems - Google Patents

System for logging into multiple network systems Download PDF

Info

Publication number
WO2001080017A1
WO2001080017A1 PCT/US2001/011892 US0111892W WO0180017A1 WO 2001080017 A1 WO2001080017 A1 WO 2001080017A1 US 0111892 W US0111892 W US 0111892W WO 0180017 A1 WO0180017 A1 WO 0180017A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
computer
biometrics
input
Prior art date
Application number
PCT/US2001/011892
Other languages
French (fr)
Inventor
Donald E. Harris
Scott L. Braam
Richard S. Dale
William L. Ricci
Original Assignee
Bioconx, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bioconx, Inc. filed Critical Bioconx, Inc.
Priority to AU2001249968A priority Critical patent/AU2001249968A1/en
Publication of WO2001080017A1 publication Critical patent/WO2001080017A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • This invention relates to computer network systems, and more particularly to
  • each network operating system requires
  • the user could set each password for each network operating system to the
  • the typical computer user may write down the username and password information for each network operating system on a sheet of paper. By obtaining access to the sheet of paper, an unauthorized user can obtain access to all of the network operating systems. The unauthorized user could damage and/or destroy the authorized user's account, workstation and possibly the computer network itself.
  • the present invention provides a user of a computer system with the ability to log into multiple network operating systems upon entering a single piece of biometrics information.
  • the present invention also provides a user of a computer system with the ability to log into multiple network operating systems upon entering a single password.
  • a desktop locking Screensaver is provided.
  • the screensaver may be unlocked by an authorized computer user upon entering a single piece of biometrics and/or other information.
  • requested computer applications are launched and authentication information is provided to the computer applications at the request of the user and upon inputting single biometrics or password information.
  • the present invention relates to a method for logging a computer user into multiple computer network operating systems.
  • the method includes inputting information identifying the user.
  • the information may be biometrics information (e.g., fingerprint, retinal or voice information), a single password, or other information.
  • the method determines if the user is an authorized user of the computer system based on the input information. If it is determined that the user is an authorized user, the user is logged into a first operating system based on the input information, authentication information is retrieved for remaining operating systems based on the input information, and the user is logged into the remaining operating systems using the retrieved authentication information and without further user interaction or involvement.
  • at least one computer application associated with the user is launched without further interaction with the user.
  • authentication information is provided to one of the at least one launched computer application if necessary to access the application.
  • the authentication information may be provided without further user interaction.
  • a desktop locking screensaver is launched automatically. If desired, the screensaver may be unlocked only when an authorized computer user enters registered biometrics information or password information.
  • a computer program launches a computer application and provides authentication information to the application upon a request of the user. The user request may be correlated to biometrics or password information inputted by the user.
  • the present invention also relates to a computer system for logging a user into multiple operating systems.
  • the system includes a programmed processor for inputting information identifying the user, and for determining if the user is an authorized user based on the input information. If it is determined that the user is an authorized user, the user may be logged into a first operating system based on the input information. In addition, authentication information for remaining operating systems may be retrieved based on the input information. The retrieved authentication information may be used to log the user into the remaining operating systems without further user interaction.
  • FIG. 1 illustrates a computer network system constructed in accordance with an embodiment of the present invention
  • FIG. 2 illustrates a computer workstation used in the system illustrated in FIG. 1;
  • FIG. 3 illustrates in flowchart form a one touch login process performed by the system illustrated in FIG. 1
  • FIG. 4 illustrates in flowchart form a user tool process performed by the system illustrated in FIG. 1;
  • FIG. 5 illustrates in flowchart form a one password login process performed by the system illustrated in FIG. 1.
  • FIG. 1 an exemplary computer network system constructed in accordance with an embodiment of the present invention is shown. As will become apparent, the system will allow a user to login into multiple network operating systems
  • biometrics information e.g., a fingerprint
  • a fingerprint scanning device 40 is used to obtain the biometrics information.
  • biometrics information and/or biometrics devices may be used to practice the invention. That is, the present invention could utilize voice or retina image information to identify a user. Similarly, the invention could utilize a voice processing system or retinal scanner to obtain the user's biometrics information.
  • the system shown in FIG. 1 includes a computer workstation 10 connected to the fingerprint scanning device 40.
  • the computer workstation 10 is preferably configured with a network operating system such as a WINDOWS 9x, NT or 2000 operating system (OS) by MICROSOFT®.
  • a network operating system such as a WINDOWS 9x, NT or 2000 operating system (OS) by MICROSOFT®.
  • OS operating system
  • computer workstation encompasses any computer, personal computer, lap top computer or computer system that may be connected to a network and configured for multiple network operating systems.
  • the workstation 10 may be a computer system, a process control system, or a system employing a processor and associated memory, or another suitable system.
  • the workstation 10 shown in FIG. 2 includes a central processing unit (CPU) 302, e.g., a microprocessor, that communicates with a random access memory (RAM) circuit 308 and an input/output (I/O) device 304 over a bus 320.
  • the bus 320 may be a series of buses and bridges commonly used in a processor-based system, but for convenience purposes only, the bus 320 has been illustrated as a single bus.
  • the I/O devices 304, 306 may include a keyboard, mouse or a display terminal.
  • the workstation 10 also includes a read-only memory
  • ROM read only memory
  • peripheral devices such as a floppy disk drive 312 and a compact disk (CD) ROM drive 314.
  • the peripheral devices may communicate with the CPU 302 over the bus 320.
  • the CPU 302 can be combined on a single chip with one or more RAM memory circuits 308 and ROM circuits 310.
  • the illustrated workstation 10 is configured to communicate with multiple network operating systems. Some network operating systems, such as WINDOWS NT, require a user to enter a username and password to obtain login access. Since there are multiple NOSs, the user would need to enter multiple username and password combinations to log into each NOS.
  • the present invention allows a user to login into the multiple network operating systems by entering a single piece of biometrics information (e.g., a fingerprint) or a single password.
  • a suitable scanning device 40 may include the SacCat Reader by SAC.
  • the system will include a plurality of workstations 10 with each workstation 10 being connected to an associated scanning device 40. It should be appreciated that any number of workstations 10 and scanning devices 40 may be used to practice the invention.
  • the workstation 10 has a suitable biometrics interface 12.
  • the scanning device 40 is connected to the interface 12.
  • the biometrics interface 12 serves as an interface between the fingerprint scanning device 40 and other components of the system.
  • the biometrics interface 12 initiates an open application program interface (API) 14 that interfaces with an administrative tool 16 and a user tool 18.
  • API application program interface
  • the functions performed by the biometrics interface 12 and API 14 may be implemented using dynamic link libraries (DLL) (not illustrated) and OLE custom controls (OCX).
  • DLL dynamic link libraries
  • OCX OLE custom controls
  • the libraries and/or controls are supported by the OS running on the workstation computer 10.
  • the biometrics interface 12 and API 14 operate as a client interface when communicating with other components of the system.
  • the biometrics interface 12 is connected to a plurality of network login components 20a, 20b (collectively referred to herein as “login components 20") located on the computer workstation 10.
  • These login components 20 allow a registered user to log into the multiple network operating systems by using a fingerprint (i.e., "one touch login”) or a common dialog display (i.e., "one password login”).
  • the login components 20 will access fingerprint or user profile information respectively stored on fingerprint and user profile databases 52, 54 to authenticate the user and automatically log the user into all of the desired network operating systems.
  • the login components 20 may be network providers (NPs) if the workstation is running a WINDOWS 9x operating system.
  • a network provider is installed on a computer workstation running a WINDOWS 9x OS to provide an interface between the workstation OS and another network OS.
  • a network provider allows a user to logon to the associated NOS with a username and password.
  • Each network provider communicates with a multiple provider router (MPR) DLL. The MPR routes network requests to the appropriate network provider so that the appropriate NOS handles the request.
  • MPR multiple provider router
  • WINDOWS logon function or handler communicates with a graphical identification and authentication (GINA) DLL to perform identification and authentication for user interactions in a manner similar to the WINDOWS 9x OS.
  • the present invention can make use of the MPR, NP and GINA DLLs (depending upon the operating system) so that the login components 20 are biometrics and/or one password login enabled. That is, as will be explained below with reference to FIGS. 3-5, with modification of the MPR, NP and GINA DLLs software or registry files, the login components 20 will have the capability to log a user into multiple network operating systems by entering a single piece of biometrics information (e.g., a fingerprint) or a single password.
  • biometrics information e.g., a fingerprint
  • the MPR and WINDOWS login function will be referred to as an "OS login handler" and the NP and GINA are referred to as login components 20.
  • the first login component 20a is illustrated as a GINA and the second login component 20b is illustrated as an NP.
  • the biometrics interface 12 may be connected to a database server 50 via a communication network 30.
  • the server 50 is connected to the fingerprint database 52 and the user profile database 54.
  • the network 30 may be a TCP/IP network, or other suitable network.
  • the server 50 may reside at a local or remote location from the computer workstation 10.
  • the biometrics interface 12 provides secure communications with the database server 50. If the network 30 is a TCP/IP network, then the server 50 communicates with the biometrics interface 12 via a TCP/IP socket connection. The connection is requested by the client processes on the workstation (i.e., the biometrics interface 12 and API 14) when one of the system components needs to access the fingerprint or user profile databases 52, 54.
  • the databases 52, 54 reside on a computer readable storage medium and may be part of, or connected to, the server 50. If desired, the databases 52, 54 may reside on the same computer readable storage medium.
  • the fingerprint database 52 contains the fingerprint information associated with registered users of the system. The entries in the fingerprint database 52 are indexed by username and/or other suitable index.
  • the user profile database 54 contains a user profile for each registered user of the system.
  • the entries in the database 54 are cross-indexed with the entries of the fingerprint database 52. That is, the fingerprints stored in the fingerprint database 52 are linked (via username or like index) to the user profiles stored in the user profile database 54. This way, once a fingerprint is identified and associated with a registered user, the appropriate user profile may be retrieved even though it is not stored in the same database.
  • the administration tool 16 ensures that the two databases 52, 54 are properly cross-indexed.
  • the administration tool 16 which in a preferred embodiment may only be accessed by a system administrator or other qualified individual, will create, maintain and delete user profiles.
  • the administration tool 16 may be used to register users and their fingerprints.
  • the administration tool 16 may be used to associate a user's fingerprint information with his or her user profile. This way, when the system identifies a registered fingerprint, it will be able to retrieve the appropriate user profile.
  • the administration tool 16 comprise a graphical user interface (GUI) so that the system administrator may efficiently register and maintain users and their entries into the fingerprint and user profile databases 52, 54.
  • the administration tool 16 is capable of entering into the databases 52, 54 additional information required by the system.
  • the tool 16 may also be used to generate reports concerning the user profiles (if desired). If a network operating system requires that the user change his or her password, then the administration tool 16 will change and enter the new password into the user profile. According to a preferred embodiment of the invention, this can be done with or without the user's knowledge and is application specific. Thus, new passwords can be implemented without requiring the user to remember them, in contrast to prior art systems.
  • each user profile may contain a username and password associated with every network operating system that the user may log into and for which the workstation is configured.
  • each user profile will contain a list of startup applications for each network operating system.
  • the list of startup applications is entered into the user profile via the administration tool 16.
  • the user profile will contain an indicator (e.g., a software flag) associated with each startup application in the list that indicates whether the application requires a password.
  • the user tool 18 retrieves the information from the user profile, starts the appropriate startup applications ) and if a password is required, gives the password to the application. The user gains access to the startup application automatically and without entering a username and password.
  • the user tool 18 can provide a user interface to the scanning device 40 (via the biometrics interface 12 and API 14) for entering username and password information for applications launched after the workstation initialization process. That is, any application launched by the user that requires a username and password will be supplied with the username and password by the user tool 18 based on the user's fingerprint.
  • each user profile may also contain username and password combination for predefined applications that the user may launch after initialization.
  • the user profile can contain a generic username and password.
  • the generic username and password can be used for new applications that are not listed in the user profile. This way, the user can always supply a username and password using the fingerprint scanning device 40 to any application launched after the workstation initialization process.
  • the user tool 18 has a desktop locking screensaver function. After a predetermined period of user inactivity, the user tool 18 will initiate a screensaver program. The screensaver program will deny access to the workstation 10 unless the correct username and password are entered. Moreover, the user tool 18 provides an interface in which the username and password required to unlock the desktop are provided based on the user's fingerprint. Each user profile may contain a screensaver username and password that the user tool 18 can retrieve based on the user's fingerprint information. A desktop locking screensaver will prevent an unauthorized user from accessing the network operating systems that the user is logged into when the user has walked away from the workstation. Thus, the present invention provides increased security for the user workstation and network. Moreover, the security is further bolstered if the desktop can only be unlocked by the user's biometrics information.
  • FIG. 3 illustrates in flowchart form an exemplary one touch login method 100 performed in accordance with the present invention.
  • the method 100 is implemented in software and executed on the workstation 10.
  • the method 100 will run whenever the workstation 10 is powered-on, restarted or any time after a user has logged out of the workstation 10 without turning off its power or rebooting it.
  • the method 100 begins when the OS login handler launches the appropriate biometrics enabled login component stored on the workstation (step 102). As noted earlier, the OS login handler and the login component are dependent upon the operating system installed on the workstation.
  • the login component inputs the user's biometrics information.
  • the biometrics information is the user's fingerprint information.
  • the login component is connected to the database server (via the biometrics interface). Once connected, the login component compares the input fingerprint information to the fingerprint information stored on the fingerprint database. At step 108, the login component authenticates the user. That is, the login component determines if the input fingerprint information matches stored fingerprint information. If there is a match, then the user is authenticated and logged into the OS running on the workstation. Otherwise, the user is not authenticated.
  • Unauthorized user processing can include allowing the user to re-enter his or her fingerprint information, alerting security personnel that an unauthorized user is attempting to access the system or any other process deemed suitable.
  • the method continues at step 112. At this point, the user is logged into the first network operating system and must be logged into the remaining network operating systems.
  • the username and password combinations for the remaining NOSs are retrieved from the user profile database based upon the input fingerprint information.
  • the retrieved username and password combinations are passed to the OS login handler, which then automatically logs the user into the remaining NOSs (step 116) without further user interaction.
  • the method in which the OS login handler automatically logs the user into the remaining NOSs is dependent upon the OS installed on the workstation. For a WINDOWS 9x system, the MPR will pass the username and password information to the respective NP residing on the workstation.
  • FIG. 4 illustrates an exemplary user tool method 120 performed in accordance with the present invention.
  • the user tool retrieves the user profile associated with the user (via the fingerprint). It should be noted that if the user were logged into the system using the one password feature of the present invention (described below with reference to FIG. 5), the user tool would retrieve the user's user profile based on the username.
  • the user tool launches each startup application listed in the user profile. If the user profile indicates that a username and password is required for the application, the user tool passes the appropriate username and password.
  • FIG. 5 illustrates in flowchart form an exemplary one password login method
  • the method 200 performed in accordance with the present invention.
  • the method 200 is implemented in software and executed on the workstation.
  • the method 200 will run whenever the workstation is powered-on, restarted or any time after a user has logged out of the workstation without turning off its power or rebooting it.
  • the method 200 begins when the OS login handler launches the appropriate login component stored on the workstation (step 202). As noted earlier, the OS login handler and the login component are dependent upon the operating system installed on the workstation. At step 204, the login component inputs the user's username and password information.
  • the login component is connected to the database server (via the biometrics interface). Once connected, the login component compares the input username and password information to the username and password information stored on the user profile database. At step 208, the login component authenticates the user. That is, the login component determines if the input username and password information match stored username and password information. If there is a match, then the user is authenticated and logged into the OS running on the workstation.
  • unauthorized user processing can include allowing the user to re-enter his or her fingerprint information, which may alert security personnel that an unauthorized user is attempting to access the system.
  • the method continues at step 212.
  • the user must be logged into the remaining network operating systems.
  • the username and password combinations for the remaining NOSs are retrieved from the user profile database based upon the input username and password information.
  • the retrieved username and password combinations are passed to the OS login handler, which then automatically logs the user into the remaining NOSs (step 216) without further user interaction.
  • the method in which the OS login handler automatically logs the user into the remaining NOSs is dependent upon the OS installed on the workstation. For a WINDOWS 9x system, the MPR will pass the username and password information to the respective NP residing on the workstation.
  • the WINDOWS logon function can be used to handle the remaining logins.
  • the user tool workstation initialization process is initiated (step 120). The user tool initialization process is described above with reference to FIG. 4.
  • the present invention allows a user to log into multiple network operating systems with the single touch of a fingerprint scanning device or by entering a single password. As such, the present invention speeds up the login process, reduces the inconvenience to the user, yet provides improved system security.

Abstract

Disclosed is a method (100) of logging a user of a computer system into multiple operating systems. The method comprises the steps of: inputting (104) biometrics information identifying the user; determining (108) if the user is an authorized user of the computer system based on the input biometrics information; logging the user into a first operating system based on the input biometrics information; retrieving (112) authentication information for remaining operating systems based on the input biometrics information; logging (116) the user into the remaining operating systems using the retrieved authentication information; and launching (120) at least one computer application associated with the user without further interaction with the user.

Description

SYSTEM FOR LOGGING INTO MULTIPLE NETWORK SYSTEMS
BACKGROUND OF THE INVENTION
This invention relates to computer network systems, and more particularly to
a method and system for logging a computer user into multiple computer network
operating systems upon inputting a single piece of biometrics information (e.g., a single
fingerprint, retinal or voice image) or a single password.
It is not uncommon for a single computer workstation to be configured for
multiple network operating systems. Typically, each network operating system requires
its own authentication information such as a username and password. Thus, to gain
access to the multiple network operating systems, the user will be required to enter
multiple sets of username and password information. This means that the user must
remember the multiple sets of username and password combinations. Moreover, the
user is required to remember which network operating system is associated with a
particular username and password.
The user could set each password for each network operating system to the
same value. However, this presents a problem where a user is required to change one
password due to system administration requirements. The user must then change all of
the remaining passwords to keep them consistent. This is burdensome to the user.
Moreover, if the user forgets to change a password, then the passwords will diverge and
the user must remember multiple passwords once again. This can be an inconvenience
to the computer user. The use of multiple passwords may also result in security problems. When faced with multiple username and password combinations, the typical computer user may write down the username and password information for each network operating system on a sheet of paper. By obtaining access to the sheet of paper, an unauthorized user can obtain access to all of the network operating systems. The unauthorized user could damage and/or destroy the authorized user's account, workstation and possibly the computer network itself.
Accordingly, there is a need for an integrated system for logging a computer user into multiple network operating systems. It would be desirable to arrange the system such that a user can log into multiple systems upon inputting only a single piece of information. This will decrease the inconvenience to the user while improving overall system security.
In addition, it would be desirable to launch frequently used computer applications on a network operating system immediately after a user has successfully logged into the network. In the prior art, some of these frequently used applications require a password before the user can access them. This means that the user must remember additional passwords. Moreover, the user must enter the password every time the application is launched. The prior art system is inconvenient and could lead to the same security problems identified above. Accordingly, it would be desirable to launch frequently used computer applications automatically and to provide authentication information to such applications after the user is successfully logged into a network operating system and without further interaction of the user. SUMMARY OF THE INVENTION
The present invention provides a user of a computer system with the ability to log into multiple network operating systems upon entering a single piece of biometrics information. The present invention also provides a user of a computer system with the ability to log into multiple network operating systems upon entering a single password.
According to another aspect of the invention, frequently used computer applications are launched and authentication information is provided to the applications without the interaction of the user. In a preferred embodiment of the invention, a desktop locking Screensaver is provided. The screensaver may be unlocked by an authorized computer user upon entering a single piece of biometrics and/or other information.
According to yet another aspect of the invention, requested computer applications are launched and authentication information is provided to the computer applications at the request of the user and upon inputting single biometrics or password information.
The present invention relates to a method for logging a computer user into multiple computer network operating systems. The method includes inputting information identifying the user. The information may be biometrics information (e.g., fingerprint, retinal or voice information), a single password, or other information. The method determines if the user is an authorized user of the computer system based on the input information. If it is determined that the user is an authorized user, the user is logged into a first operating system based on the input information, authentication information is retrieved for remaining operating systems based on the input information, and the user is logged into the remaining operating systems using the retrieved authentication information and without further user interaction or involvement. According to another aspect of the invention, at least one computer application associated with the user is launched without further interaction with the user. Further, authentication information is provided to one of the at least one launched computer application if necessary to access the application. The authentication information may be provided without further user interaction. In a preferred embodiment of the invention, a desktop locking screensaver is launched automatically. If desired, the screensaver may be unlocked only when an authorized computer user enters registered biometrics information or password information. The present invention should not be limited, however, to the preferred embodiments shown and described herein. In another aspect of the invention, a computer program launches a computer application and provides authentication information to the application upon a request of the user. The user request may be correlated to biometrics or password information inputted by the user.
The present invention also relates to a computer system for logging a user into multiple operating systems. The system includes a programmed processor for inputting information identifying the user, and for determining if the user is an authorized user based on the input information. If it is determined that the user is an authorized user, the user may be logged into a first operating system based on the input information. In addition, authentication information for remaining operating systems may be retrieved based on the input information. The retrieved authentication information may be used to log the user into the remaining operating systems without further user interaction. BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other advantages and features of the invention will become more apparent from the detailed description of preferred embodiments given below with reference to the accompanying drawings, in which:
FIG. 1 illustrates a computer network system constructed in accordance with an embodiment of the present invention;
FIG. 2 illustrates a computer workstation used in the system illustrated in FIG. 1;
FIG. 3 illustrates in flowchart form a one touch login process performed by the system illustrated in FIG. 1; FIG. 4 illustrates in flowchart form a user tool process performed by the system illustrated in FIG. 1; and
FIG. 5 illustrates in flowchart form a one password login process performed by the system illustrated in FIG. 1.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS Referring to FIG. 1, an exemplary computer network system constructed in accordance with an embodiment of the present invention is shown. As will become apparent, the system will allow a user to login into multiple network operating systems
(NOS) by entering a single piece of biometrics information (e.g., a fingerprint) or a single password. In the illustrated system, a fingerprint scanning device 40 is used to obtain the biometrics information. However, it should be readily apparent that other biometrics information and/or biometrics devices may be used to practice the invention. That is, the present invention could utilize voice or retina image information to identify a user. Similarly, the invention could utilize a voice processing system or retinal scanner to obtain the user's biometrics information.
The system shown in FIG. 1 includes a computer workstation 10 connected to the fingerprint scanning device 40. The computer workstation 10 is preferably configured with a network operating system such as a WINDOWS 9x, NT or 2000 operating system (OS) by MICROSOFT®. As used herein, the term "computer workstation" encompasses any computer, personal computer, lap top computer or computer system that may be connected to a network and configured for multiple network operating systems.
The workstation 10 may be a computer system, a process control system, or a system employing a processor and associated memory, or another suitable system. The workstation 10 shown in FIG. 2 includes a central processing unit (CPU) 302, e.g., a microprocessor, that communicates with a random access memory (RAM) circuit 308 and an input/output (I/O) device 304 over a bus 320. The bus 320 may be a series of buses and bridges commonly used in a processor-based system, but for convenience purposes only, the bus 320 has been illustrated as a single bus. A second I/O device
306 may also be used, if desired. The I/O devices 304, 306 may include a keyboard, mouse or a display terminal. The workstation 10 also includes a read-only memory
(ROM) circuit 310, and there may be peripheral devices such as a floppy disk drive 312 and a compact disk (CD) ROM drive 314. If desired, the peripheral devices may communicate with the CPU 302 over the bus 320. If desired, the CPU 302 can be combined on a single chip with one or more RAM memory circuits 308 and ROM circuits 310. The illustrated workstation 10 is configured to communicate with multiple network operating systems. Some network operating systems, such as WINDOWS NT, require a user to enter a username and password to obtain login access. Since there are multiple NOSs, the user would need to enter multiple username and password combinations to log into each NOS. The present invention, however, allows a user to login into the multiple network operating systems by entering a single piece of biometrics information (e.g., a fingerprint) or a single password.
A suitable scanning device 40 may include the SacCat Reader by SAC. In a preferred embodiment, the system will include a plurality of workstations 10 with each workstation 10 being connected to an associated scanning device 40. It should be appreciated that any number of workstations 10 and scanning devices 40 may be used to practice the invention.
In the illustrated system, the workstation 10 has a suitable biometrics interface 12. The scanning device 40 is connected to the interface 12. The biometrics interface 12 serves as an interface between the fingerprint scanning device 40 and other components of the system. The biometrics interface 12 initiates an open application program interface (API) 14 that interfaces with an administrative tool 16 and a user tool 18. The functions performed by the biometrics interface 12 and API 14 may be implemented using dynamic link libraries (DLL) (not illustrated) and OLE custom controls (OCX). The libraries and/or controls are supported by the OS running on the workstation computer 10. The biometrics interface 12 and API 14 operate as a client interface when communicating with other components of the system.
The biometrics interface 12 is connected to a plurality of network login components 20a, 20b (collectively referred to herein as "login components 20") located on the computer workstation 10. These login components 20 allow a registered user to log into the multiple network operating systems by using a fingerprint (i.e., "one touch login") or a common dialog display (i.e., "one password login"). The login components 20 will access fingerprint or user profile information respectively stored on fingerprint and user profile databases 52, 54 to authenticate the user and automatically log the user into all of the desired network operating systems.
The login components 20 may be network providers (NPs) if the workstation is running a WINDOWS 9x operating system. A network provider is installed on a computer workstation running a WINDOWS 9x OS to provide an interface between the workstation OS and another network OS. A network provider, among other things, allows a user to logon to the associated NOS with a username and password. Each network provider communicates with a multiple provider router (MPR) DLL. The MPR routes network requests to the appropriate network provider so that the appropriate NOS handles the request. If the workstation operating system is a WINDOWS NT or 2000 OS, a
WINDOWS logon function or handler (currently entitled "Winlogon") communicates with a graphical identification and authentication (GINA) DLL to perform identification and authentication for user interactions in a manner similar to the WINDOWS 9x OS. The present invention can make use of the MPR, NP and GINA DLLs (depending upon the operating system) so that the login components 20 are biometrics and/or one password login enabled. That is, as will be explained below with reference to FIGS. 3-5, with modification of the MPR, NP and GINA DLLs software or registry files, the login components 20 will have the capability to log a user into multiple network operating systems by entering a single piece of biometrics information (e.g., a fingerprint) or a single password. Hereinafter, for simplicity purposes, the MPR and WINDOWS login function will be referred to as an "OS login handler" and the NP and GINA are referred to as login components 20. In FIG. 1, the first login component 20a is illustrated as a GINA and the second login component 20b is illustrated as an NP. It should be noted that only one login component 20 may be required and that the two components 20a, 20b are illustrated merely to show the available alternatives. The operation of the login components 20 will be described below in more detail with reference to FIGS. 3-5. The biometrics interface 12 may be connected to a database server 50 via a communication network 30. The server 50 is connected to the fingerprint database 52 and the user profile database 54. The network 30 may be a TCP/IP network, or other suitable network. The server 50 may reside at a local or remote location from the computer workstation 10. The biometrics interface 12 provides secure communications with the database server 50. If the network 30 is a TCP/IP network, then the server 50 communicates with the biometrics interface 12 via a TCP/IP socket connection. The connection is requested by the client processes on the workstation (i.e., the biometrics interface 12 and API 14) when one of the system components needs to access the fingerprint or user profile databases 52, 54. The databases 52, 54 reside on a computer readable storage medium and may be part of, or connected to, the server 50. If desired, the databases 52, 54 may reside on the same computer readable storage medium. The fingerprint database 52 contains the fingerprint information associated with registered users of the system. The entries in the fingerprint database 52 are indexed by username and/or other suitable index.
The user profile database 54 contains a user profile for each registered user of the system. The entries in the database 54 are cross-indexed with the entries of the fingerprint database 52. That is, the fingerprints stored in the fingerprint database 52 are linked (via username or like index) to the user profiles stored in the user profile database 54. This way, once a fingerprint is identified and associated with a registered user, the appropriate user profile may be retrieved even though it is not stored in the same database.
The administration tool 16 ensures that the two databases 52, 54 are properly cross-indexed. The administration tool 16, which in a preferred embodiment may only be accessed by a system administrator or other qualified individual, will create, maintain and delete user profiles. Moreover, the administration tool 16 may be used to register users and their fingerprints. The administration tool 16 may be used to associate a user's fingerprint information with his or her user profile. This way, when the system identifies a registered fingerprint, it will be able to retrieve the appropriate user profile.
It is desirable that the administration tool 16 comprise a graphical user interface (GUI) so that the system administrator may efficiently register and maintain users and their entries into the fingerprint and user profile databases 52, 54. The administration tool 16 is capable of entering into the databases 52, 54 additional information required by the system. The tool 16 may also be used to generate reports concerning the user profiles (if desired). If a network operating system requires that the user change his or her password, then the administration tool 16 will change and enter the new password into the user profile. According to a preferred embodiment of the invention, this can be done with or without the user's knowledge and is application specific. Thus, new passwords can be implemented without requiring the user to remember them, in contrast to prior art systems. Thus, each user profile may contain a username and password associated with every network operating system that the user may log into and for which the workstation is configured.
After the user is automatically logged into the network operating systems, the user tool 18 will automatically start all applications that have been requested to be launched during the startup process. These applications will hereinafter be referred to as "startup applications." The period in which the startup applications are launched will be referred to as "workstation initialization." Each user profile will contain a list of startup applications for each network operating system. The list of startup applications is entered into the user profile via the administration tool 16. In addition, the user profile will contain an indicator (e.g., a software flag) associated with each startup application in the list that indicates whether the application requires a password. As will be discussed below, during the workstation initialization process, the user tool 18 retrieves the information from the user profile, starts the appropriate startup applications ) and if a password is required, gives the password to the application. The user gains access to the startup application automatically and without entering a username and password. If desired, the user tool 18 can provide a user interface to the scanning device 40 (via the biometrics interface 12 and API 14) for entering username and password information for applications launched after the workstation initialization process. That is, any application launched by the user that requires a username and password will be supplied with the username and password by the user tool 18 based on the user's fingerprint. To do so, each user profile may also contain username and password combination for predefined applications that the user may launch after initialization. Moreover, the user profile can contain a generic username and password. The generic username and password can be used for new applications that are not listed in the user profile. This way, the user can always supply a username and password using the fingerprint scanning device 40 to any application launched after the workstation initialization process.
In a preferred embodiment of the invention, the user tool 18 has a desktop locking screensaver function. After a predetermined period of user inactivity, the user tool 18 will initiate a screensaver program. The screensaver program will deny access to the workstation 10 unless the correct username and password are entered. Moreover, the user tool 18 provides an interface in which the username and password required to unlock the desktop are provided based on the user's fingerprint. Each user profile may contain a screensaver username and password that the user tool 18 can retrieve based on the user's fingerprint information. A desktop locking screensaver will prevent an unauthorized user from accessing the network operating systems that the user is logged into when the user has walked away from the workstation. Thus, the present invention provides increased security for the user workstation and network. Moreover, the security is further bolstered if the desktop can only be unlocked by the user's biometrics information.
FIG. 3 illustrates in flowchart form an exemplary one touch login method 100 performed in accordance with the present invention. Preferably, the method 100 is implemented in software and executed on the workstation 10. The method 100 will run whenever the workstation 10 is powered-on, restarted or any time after a user has logged out of the workstation 10 without turning off its power or rebooting it. The method 100 begins when the OS login handler launches the appropriate biometrics enabled login component stored on the workstation (step 102). As noted earlier, the OS login handler and the login component are dependent upon the operating system installed on the workstation. At step 104, the login component inputs the user's biometrics information. In the illustrated example, the biometrics information is the user's fingerprint information.
At step 106, the login component is connected to the database server (via the biometrics interface). Once connected, the login component compares the input fingerprint information to the fingerprint information stored on the fingerprint database. At step 108, the login component authenticates the user. That is, the login component determines if the input fingerprint information matches stored fingerprint information. If there is a match, then the user is authenticated and logged into the OS running on the workstation. Otherwise, the user is not authenticated.
If the user is not authenticated at step 108, then the method continues at step 110, where unauthorized user processing is performed. Unauthorized user processing can include allowing the user to re-enter his or her fingerprint information, alerting security personnel that an unauthorized user is attempting to access the system or any other process deemed suitable.
If the user is authenticated at step 108, then the method continues at step 112. At this point, the user is logged into the first network operating system and must be logged into the remaining network operating systems. At step 112, the username and password combinations for the remaining NOSs are retrieved from the user profile database based upon the input fingerprint information. At step 114, the retrieved username and password combinations are passed to the OS login handler, which then automatically logs the user into the remaining NOSs (step 116) without further user interaction. The method in which the OS login handler automatically logs the user into the remaining NOSs is dependent upon the OS installed on the workstation. For a WINDOWS 9x system, the MPR will pass the username and password information to the respective NP residing on the workstation. For a WINDOWS NT or 2000 system, the WINDOWS logon function handles the remaining logins. After the login process, the user tool workstation initialization process is initiated (step 120). FIG. 4 illustrates an exemplary user tool method 120 performed in accordance with the present invention. At step 122, the user tool retrieves the user profile associated with the user (via the fingerprint). It should be noted that if the user were logged into the system using the one password feature of the present invention (described below with reference to FIG. 5), the user tool would retrieve the user's user profile based on the username. At step 124, the user tool launches each startup application listed in the user profile. If the user profile indicates that a username and password is required for the application, the user tool passes the appropriate username and password. After the workstation initialization, the user tool will be capable of performing other functions such as launching the screensaver or providing an interface between the fingerprint scanning device and database server (discussed above with reference to FIG. 1). FIG. 5 illustrates in flowchart form an exemplary one password login method
200 performed in accordance with the present invention. Preferably, the method 200 is implemented in software and executed on the workstation. The method 200 will run whenever the workstation is powered-on, restarted or any time after a user has logged out of the workstation without turning off its power or rebooting it. The method 200 begins when the OS login handler launches the appropriate login component stored on the workstation (step 202). As noted earlier, the OS login handler and the login component are dependent upon the operating system installed on the workstation. At step 204, the login component inputs the user's username and password information.
At step 206, the login component is connected to the database server (via the biometrics interface). Once connected, the login component compares the input username and password information to the username and password information stored on the user profile database. At step 208, the login component authenticates the user. That is, the login component determines if the input username and password information match stored username and password information. If there is a match, then the user is authenticated and logged into the OS running on the workstation.
Otherwise, the user is not authenticated.
If the user is not authenticated at step 208, then the method continues at step 210, where unauthorized user processing is performed. As in the system of FIG. 3, unauthorized user processing can include allowing the user to re-enter his or her fingerprint information, which may alert security personnel that an unauthorized user is attempting to access the system.
If the user is authenticated at step 208, then the method continues at step 212. At this point, the user must be logged into the remaining network operating systems. At step 212, the username and password combinations for the remaining NOSs are retrieved from the user profile database based upon the input username and password information. At step 214, the retrieved username and password combinations are passed to the OS login handler, which then automatically logs the user into the remaining NOSs (step 216) without further user interaction. The method in which the OS login handler automatically logs the user into the remaining NOSs is dependent upon the OS installed on the workstation. For a WINDOWS 9x system, the MPR will pass the username and password information to the respective NP residing on the workstation. For a WINDOWS NT or 2000 system, the WINDOWS logon function can be used to handle the remaining logins. After the login process, the user tool workstation initialization process is initiated (step 120). The user tool initialization process is described above with reference to FIG. 4.
Thus, the present invention allows a user to log into multiple network operating systems with the single touch of a fingerprint scanning device or by entering a single password. As such, the present invention speeds up the login process, reduces the inconvenience to the user, yet provides improved system security.
While the invention has been described in detail in connection with the preferred embodiments known at the time, it should be readily understood that the invention is not limited to such disclosed embodiments. Rather, the invention can be modified to incorporate any number of variations, alterations, substitutions or equivalent arrangements not heretofore described, but which are commensurate with the spirit and scope of the invention. Accordingly, the invention is not to be seen as limited by the foregoing description, but is only limited by the scope of the appended claims.
What is claimed is:

Claims

1. A method of logging a user of a computer system into multiple operating systems, said method comprising the steps of: determining if the user is an authorized user of the computer system based on input information; subsequently, logging the user into a first operating system based on the input information; retrieving authentication information for remaining operating systems; and logging the user into the remaining operating systems using the authentication information.
2. The method of claim 1 further comprising the step of launching a computer application associated with the user without further interaction with the user.
3. The method of claim 2 further comprising the step of providing authentication information to the computer application.
4. The method of claim 2 wherein said launching step comprises retrieving an identification of the computer application based upon the input information.
5. The method of claim 2 wherein the computer application is launched on the first operating system and a second computer application is launched on a second operating system.
6. The method of claim 1 wherein the input information is biometrics information received from a biometrics device.
7. The method of claim 6 wherein the biometrics information is fingerprint information.
8. The method of claim 6 wherein the biometrics information is retinal information.
9. The method of claim 6 wherein the biometrics information is voice information.
10. The method of claim 1 wherein the input information is a password associated with the user.
11. The method of claim 1 further comprising the step of storing user information identifying authorized users on a computer readable medium.
12. The method of claim 11 further comprising the step of comparing the input information to the stored information.
13. The method of claim 11 wherein said user information comprises authentication information for additional operating systems in which the user is to be logged into and said retrieving authentication information step comprises retrieving the authentication information from the stored information based on the input information.
14. The method of claim 1 further comprising the step of launching a desktop locking screensaver, wherein said screensaver is unlocked by inputting authentication information concerning the user.
15. The method of claim 14 wherein the authentication information used to unlock the desktop is biometrics information.
16. The method of claim 1 further comprising the step of launching a computer application and providing authentication information to the computer application upon a request of the user and upon inputting single biometrics or password information from the user.
17. A method of logging a user of a computer system into multiple operating systems, said method comprising the steps of: inputting biometrics information identifying the user; determining if the user is an authorized user of the computer system based on the input biometrics information; logging the user into a first operating system based on the input biometrics information; retrieving authentication information for remaining operating systems based on the input biometrics information; logging the user into the remaining operating systems using the retrieved authentication information; and launching at least one computer application associated with the user without further interaction with the user.
18. A computer system for logging a user into multiple operating systems, said computer system comprising: an input for receiving information identifying the user, a component for determining if the user is an authorized user based on the input information, and an output for causing the user to be logged into a first operating system based on the input information, to cause authentication information to be retrieved for remaining operating systems.
19. The computer system of claim 18 further comprising a system for at least one computer application associated with the user without further interaction with the user.
20. The computer system of claim 19 further comprising a system for providing authentication information to one of the at least one launched computer application.
21. The computer system of claim 19 further comprising: a database server coupled to a processor by a communication medium; and a computer readable storage medium coupled to said server, said storage medium comprising stored information concerning authorized users of said system, and wherein said processor launches said at least one computer application by retrieving an identification of the at least one computer application to be launched from the server based upon the input information and launches any identified computer applications.
22. The computer system of claim 19 wherein at least one computer application is launched on the first operating system and a second computer application is launched on a second different operating system.
23. The computer system of claim 18 wherein said system comprises a biometrics device coupled to said processor and wherein the input information is biometrics information.
24. The computer system of claim 23 wherein the biometrics device is a fingerprint scanning device and the biometrics information is fingerprint information.
25. The computer system of claim 18 further comprising: a database server coupled to a processor by a communication medium; and a computer readable storage medium coupled to said server, said storage medium comprising stored information concerning authorized users of said system, and wherein said processor determines if a user is authorized by comparing the input information to the stored information and determining if there is a match between the input information and any of the stored information.
26. The computer system of claim 25 wherein said stored information comprises authentication information for additional operating systems.
27. The computer system of claim 18 wherein said processor launches a desktop locking screensaver, wherein said screensaver is unlocked by inputting authentication information concerning the user.
28. The computer system of claim 18 wherein said processor launches a computer application and provides authentication information to the computer application upon a request of the user and upon inputting single biometrics or password information from the user.
PCT/US2001/011892 2000-04-18 2001-04-12 System for logging into multiple network systems WO2001080017A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001249968A AU2001249968A1 (en) 2000-04-18 2001-04-12 System for logging into multiple network systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US55134800A 2000-04-18 2000-04-18
US09/551,348 2000-04-18

Publications (1)

Publication Number Publication Date
WO2001080017A1 true WO2001080017A1 (en) 2001-10-25

Family

ID=24200901

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/011892 WO2001080017A1 (en) 2000-04-18 2001-04-12 System for logging into multiple network systems

Country Status (2)

Country Link
AU (1) AU2001249968A1 (en)
WO (1) WO2001080017A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2731037A1 (en) * 2007-09-24 2014-05-14 Apple Inc. Embedded authentication systems in an electronic device
US9342674B2 (en) 2003-05-30 2016-05-17 Apple Inc. Man-machine interface for controlling access to electronic devices
US9847999B2 (en) 2016-05-19 2017-12-19 Apple Inc. User interface for a device requesting remote authorization
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US10142835B2 (en) 2011-09-29 2018-11-27 Apple Inc. Authentication with secondary approver
US10395128B2 (en) 2017-09-09 2019-08-27 Apple Inc. Implementation of biometric authentication
US10438205B2 (en) 2014-05-29 2019-10-08 Apple Inc. User interface for payments
US10484384B2 (en) 2011-09-29 2019-11-19 Apple Inc. Indirect authentication
US10521579B2 (en) 2017-09-09 2019-12-31 Apple Inc. Implementation of biometric authentication
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US11209961B2 (en) 2012-05-18 2021-12-28 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US11676373B2 (en) 2008-01-03 2023-06-13 Apple Inc. Personal computing device control using face detection and recognition

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5867646A (en) * 1996-07-12 1999-02-02 Microsoft Corporation Providing secure access for multiple processes having separate directories

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5867646A (en) * 1996-07-12 1999-02-02 Microsoft Corporation Providing secure access for multiple processes having separate directories

Cited By (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9342674B2 (en) 2003-05-30 2016-05-17 Apple Inc. Man-machine interface for controlling access to electronic devices
CN107066862A (en) * 2007-09-24 2017-08-18 苹果公司 Embedded authentication systems in electronic equipment
US10956550B2 (en) 2007-09-24 2021-03-23 Apple Inc. Embedded authentication systems in an electronic device
US9128601B2 (en) 2007-09-24 2015-09-08 Apple Inc. Embedded authentication systems in an electronic device
US9134896B2 (en) 2007-09-24 2015-09-15 Apple Inc. Embedded authentication systems in an electronic device
US9250795B2 (en) 2007-09-24 2016-02-02 Apple Inc. Embedded authentication systems in an electronic device
US9274647B2 (en) 2007-09-24 2016-03-01 Apple Inc. Embedded authentication systems in an electronic device
US9304624B2 (en) 2007-09-24 2016-04-05 Apple Inc. Embedded authentication systems in an electronic device
US9329771B2 (en) 2007-09-24 2016-05-03 Apple Inc Embedded authentication systems in an electronic device
US8943580B2 (en) 2007-09-24 2015-01-27 Apple Inc. Embedded authentication systems in an electronic device
US9495531B2 (en) 2007-09-24 2016-11-15 Apple Inc. Embedded authentication systems in an electronic device
US9519771B2 (en) 2007-09-24 2016-12-13 Apple Inc. Embedded authentication systems in an electronic device
US9038167B2 (en) 2007-09-24 2015-05-19 Apple Inc. Embedded authentication systems in an electronic device
US9953152B2 (en) 2007-09-24 2018-04-24 Apple Inc. Embedded authentication systems in an electronic device
EP2731037A1 (en) * 2007-09-24 2014-05-14 Apple Inc. Embedded authentication systems in an electronic device
US10275585B2 (en) 2007-09-24 2019-04-30 Apple Inc. Embedded authentication systems in an electronic device
US11468155B2 (en) 2007-09-24 2022-10-11 Apple Inc. Embedded authentication systems in an electronic device
US11676373B2 (en) 2008-01-03 2023-06-13 Apple Inc. Personal computing device control using face detection and recognition
US10142835B2 (en) 2011-09-29 2018-11-27 Apple Inc. Authentication with secondary approver
US11755712B2 (en) 2011-09-29 2023-09-12 Apple Inc. Authentication with secondary approver
US11200309B2 (en) 2011-09-29 2021-12-14 Apple Inc. Authentication with secondary approver
US10419933B2 (en) 2011-09-29 2019-09-17 Apple Inc. Authentication with secondary approver
US10516997B2 (en) 2011-09-29 2019-12-24 Apple Inc. Authentication with secondary approver
US10484384B2 (en) 2011-09-29 2019-11-19 Apple Inc. Indirect authentication
US11209961B2 (en) 2012-05-18 2021-12-28 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US10372963B2 (en) 2013-09-09 2019-08-06 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US11768575B2 (en) 2013-09-09 2023-09-26 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on unlock inputs
US10410035B2 (en) 2013-09-09 2019-09-10 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US10055634B2 (en) 2013-09-09 2018-08-21 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US11494046B2 (en) 2013-09-09 2022-11-08 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on unlock inputs
US10262182B2 (en) 2013-09-09 2019-04-16 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on unlock inputs
US11287942B2 (en) 2013-09-09 2022-03-29 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces
US10803281B2 (en) 2013-09-09 2020-10-13 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
US11836725B2 (en) 2014-05-29 2023-12-05 Apple Inc. User interface for payments
US10902424B2 (en) 2014-05-29 2021-01-26 Apple Inc. User interface for payments
US10977651B2 (en) 2014-05-29 2021-04-13 Apple Inc. User interface for payments
US10748153B2 (en) 2014-05-29 2020-08-18 Apple Inc. User interface for payments
US10796309B2 (en) 2014-05-29 2020-10-06 Apple Inc. User interface for payments
US10438205B2 (en) 2014-05-29 2019-10-08 Apple Inc. User interface for payments
US10334054B2 (en) 2016-05-19 2019-06-25 Apple Inc. User interface for a device requesting remote authorization
US9847999B2 (en) 2016-05-19 2017-12-19 Apple Inc. User interface for a device requesting remote authorization
US10749967B2 (en) 2016-05-19 2020-08-18 Apple Inc. User interface for remote authorization
US11206309B2 (en) 2016-05-19 2021-12-21 Apple Inc. User interface for remote authorization
US11386189B2 (en) 2017-09-09 2022-07-12 Apple Inc. Implementation of biometric authentication
US10410076B2 (en) 2017-09-09 2019-09-10 Apple Inc. Implementation of biometric authentication
US10783227B2 (en) 2017-09-09 2020-09-22 Apple Inc. Implementation of biometric authentication
US11393258B2 (en) 2017-09-09 2022-07-19 Apple Inc. Implementation of biometric authentication
US11765163B2 (en) 2017-09-09 2023-09-19 Apple Inc. Implementation of biometric authentication
US10395128B2 (en) 2017-09-09 2019-08-27 Apple Inc. Implementation of biometric authentication
US10872256B2 (en) 2017-09-09 2020-12-22 Apple Inc. Implementation of biometric authentication
US10521579B2 (en) 2017-09-09 2019-12-31 Apple Inc. Implementation of biometric authentication
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US11928200B2 (en) 2018-06-03 2024-03-12 Apple Inc. Implementation of biometric authentication
US11619991B2 (en) 2018-09-28 2023-04-04 Apple Inc. Device control using gaze information
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
US11809784B2 (en) 2018-09-28 2023-11-07 Apple Inc. Audio assisted enrollment
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information

Also Published As

Publication number Publication date
AU2001249968A1 (en) 2001-10-30

Similar Documents

Publication Publication Date Title
US10164969B2 (en) Computer security system and method
US10565383B2 (en) Method and apparatus for secure credential entry without physical entry
US6636973B1 (en) Secure and dynamic biometrics-based token generation for access control and authentication
US8438400B2 (en) Multiple user desktop graphical identification and authentication
US20100017856A1 (en) Biometric record caching
US7577659B2 (en) Interoperable credential gathering and access modularity
US7210166B2 (en) Method and system for secure, one-time password override during password-protected system boot
EP2080146B1 (en) Extensible bios interface to a preboot authentication module
US20040059590A1 (en) Credential promotion
US8756667B2 (en) Management of hardware passwords
WO2001080017A1 (en) System for logging into multiple network systems
US20070214272A1 (en) Light-weight multi-user browser
US20070300077A1 (en) Method and apparatus for biometric verification of secondary authentications
EP1564625A1 (en) Computer security system and method
US20070283424A1 (en) Identity validation
EP1787214A2 (en) Multiple user desktop system
CN100418033C (en) Computer system of bottom identity identification and method therefor
US7568225B2 (en) System and method for remote security enablement
JP3422472B2 (en) Personal computer system
EP1430372B1 (en) Biometric authentication
KR20220169075A (en) Single-Sign-On Service Providing Method by Using Biometric Recognition on Log-On Process
JP2015170318A (en) Information processing apparatus, authentication method and program of the same
WO2004025495A1 (en) Credential promotion

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)