WO2003093942A2 - System for configuring client computers to a secure host using smart cards - Google Patents

System for configuring client computers to a secure host using smart cards Download PDF

Info

Publication number
WO2003093942A2
WO2003093942A2 PCT/US2003/013799 US0313799W WO03093942A2 WO 2003093942 A2 WO2003093942 A2 WO 2003093942A2 US 0313799 W US0313799 W US 0313799W WO 03093942 A2 WO03093942 A2 WO 03093942A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
smart card
access
information
biometric information
Prior art date
Application number
PCT/US2003/013799
Other languages
French (fr)
Other versions
WO2003093942A3 (en
Inventor
Bruce Eric Ross
Original Assignee
Bruce Eric Ross
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bruce Eric Ross filed Critical Bruce Eric Ross
Priority to AU2003239343A priority Critical patent/AU2003239343A1/en
Publication of WO2003093942A2 publication Critical patent/WO2003093942A2/en
Publication of WO2003093942A3 publication Critical patent/WO2003093942A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Definitions

  • Smart card technology is increasingly used for retail, e-commerce, and enterprise data security applications. More particularly, smart card technology is improving upon the traditional magnetic stripe currently in use on many plastic cards, permitting a smart card to act as a miniature personal computer with its own processor/memory architecture, using an operating system on which applications may be executed; or it can be a secure storage device that limits access to its contents by its on board logic.
  • the invention relates to a system and method for integrating various data platforms using smart cards.
  • the smart card may be used to securely contain digital credentials and/or access a network or website, and may be used to retain and secure a Virtual Private Network (VPN) or Remote Access Server (RAS) configuration.
  • the configuration may include, for example, an Internet Protocol (IP) address, type of encryption, encryption keys, digital certificates, etc.
  • IP Internet Protocol
  • the invention further combines dedicated phone lines in combination with biometric or other identification methodologies.
  • FIG. 1 is a block diagram of a system for ensuring user identity and providing secure user access to a computer network
  • FIG. 2 is a systematic diagram of a system of one embodiment of the invention.
  • FIG. 3 is block diagram of a system for accessing a disparate system using a smart card.
  • FIGS. 1 and 2 show a block diagram of a system for ensuring user identity and providing secure user access to a computer network or website from a variety of locations using a smart card to ensure user identity.
  • the computer network comprises a plurality of computer systems utilizing the same operating systems and programs.
  • the computer network comprises any number of computers running a variety of computer operating systems and programs.
  • the various computer forming the network may be located at various locations throughout the world, or in the alternative, may be centrally located.
  • the smart card may enable authorized access to one or more data systems.
  • the data systems may include, but are not limited to, casinos, on-line gambling internet sites, etc.
  • a user establishes an account with a service provider, step 100.
  • the user is issued a smart card, step 102, which contains or otherwise stores identity information relating to a specific user.
  • the identity information may include contact information, such as, personal information, one or more types of biometric information, security information (e.g. passwords and/or biometric information, etc.) and/or any other desired information.
  • the biometric information may include, for example, fingerprint scans, voice samples, facial pictures, retinal scans, and/or any other biometric information unique to a user.
  • the service provider may provide the user with an account number or identity number, password, and/or other information.
  • the contact information is programmed on, saved on, or otherwise stored on/or within a semiconductor device embedded in the smart card.
  • the smart card may include at least one encryption algorithm configured to encrypt information sent to and from the smart card to the user's computer and/or network servers.
  • Exemplary encryption algorithms used to encrypt the contact information may include, for example, PGP, AES, DES, RSA, Diffie Helman, Blowfish, various symmetric algorithms, various asymmetric algorithms, combinations of symmetric and asymmetric algorithms, and other non-published algorithms which could be regarded as trade secrets.
  • the smart card may store a unique set of encryption keys and digital certificates specific to each user, thereby ensuring should the smart card be lost or otherwise compromised the network infrastructure will remain secure and intact.
  • the smart card may include a variety of information stored thereon, including, without limitation, VPN configuration, RAS configuration, IP address, encryption identification information, private encryption keys, public encryption keys, public/private certificates, and digital signatures.
  • a software suite may be provided to, downloaded to, or otherwise stored on the user's computer, step 104.
  • the software may comprise an application configured to access a secured website accessible by the user's computer.
  • the software suite may manage the communication between the user's computer peripherals, the smart card, as well as communication with the network or severs.
  • the software suite may embedded within a common software element located on the network computers and the user's computer.
  • the software suite may be embedded within any variety of "middleware", including, without limitation, DLL, Active X control, OCX, and/or a library files.
  • the user may be requested to enter a session specific and/or time/date specific access number (SSAN) to access the service provider's website or servers, step 106.
  • SSAN session specific and/or time/date specific access number
  • the SSAN is variable and changes for each session the user wishes to access the service provider's website or servers.
  • the user may be required to further verify his identity prior to the issuance of a SSAN.
  • the user may be provided a SSAN automatically when connecting to the service provider's network or website using a dial-up system or modem.
  • the user may be required to call a geographically specific telephone number and obtain a SSAN to access the service provider's servers using a cable or wireless modem.
  • the geographically specific telephone number permits the service provider to determine the location of the user.
  • the system of the present invention may not require a SSAN to access a server or website.
  • the identity of the user may be verified by the smart card.
  • the smart card may be inserted into a card reader, step 108, coupled to or otherwise in communication with the user's computer.
  • the user may be requested to provide specific information, step 110, to be compared with the specific information stored on the smart card, step 112.
  • a user created username and password may be used as an authenticator.
  • biometric information may be requested from the user and used to authenticate the user's identity when compared with similar biometric information stored on the smart card.
  • the biometric information may be, for example, a fingerprint scan, voice sample, facial recognition, retina scan, etc.
  • the biometric information may be input using any device capable of obtaining such biometric information.
  • a fingerprint scanner may be used for obtaining a fingerprint scan
  • a retina scanner may be used for obtaining a retina scan, etc.
  • multiple devices may be used to receive a plurality of biometric information.
  • the device(s) are in communication with the client device being used by the user. Should the biometric information stored on the smart card not match the biometric inputted by the user, access to the network or secured areas will be denied, step 115. Once the smart card has verified the user's identity or digital credentials, step 114, the host or server may further verify the authenticity of the smart card.
  • the server may verify the digital credentials and require a secondary authentication of the user in any number of ways. For example, the server may compare stored secondary authentication information provided by the user when enrolling in the service with the information received from the smart card during the smart card's verification and authentication process or check the validity of a certificate as part of this process. A comparison between the entered secondary authentication information entered by the user or stored on the server and the digital credentials retrieved from the smart card is then made, step 116.
  • the user may login by, for example, by inputting a username and password that was created when the user established the account with the service provider.
  • the user may enter a customer number or account number, and a password to gain access to the system, step 118.
  • the username, password, or biometric sample inputted by the user may then be received. Thereafter, a determination is made regarding whether the user has inputted a valid username and password. Should an invalid username, password, and/or biometric information be inputted or retrieved, the user may be denied access, step 119. Optionally, the user may be requested to again enter a valid username and password. Should an invalid user name, password, and/or biometric information again be entered access to the system will again be denied, step 119. This process may be repeated indefinitely or, for security reasons, for a predetermined number of attempts. If after the user has entered an invalid username and/or password a predetermined number of attempts, the system may disable access to, for example, a user with a particular account or a particular client device.
  • the client device may be identified using and number of identifiers, including, for example, an Internet Protocol (IP) address, and account number, a customer number, a credit card account, or any other device identifying mechanism.
  • IP Internet Protocol
  • the server may transmit a variety of information to the user's computer for the user's use, step 124, to configure/reconfigure the user's computer, and/or distribute updates and applications.
  • the server may update information or applications stored on the user's smart card. As those skilled in the art will appreciate, an update of the server's applications and/or configuration will be distributed to each remote user's computer's software, configuration, and/or smart card information, thereby reducing related errors and limiting unauthorized usage.
  • the server permits the user to gain access to data, applications, URLs, and secured areas, step 126.
  • a session identifier and other information relating to the user's identity, geographical location, activity, and/or date/time stamp may be obtained and stored on the service providers systems, step 128.
  • the user may be presented with one or more options provided by the system, step 130.
  • an on-line gambling Internet site may provide the user with the following options: "Play Poker,” “Play Blackjack,” “Play Keno,” “Play Roulette,” “Make Reservations,” etc.
  • the user may then select an option presented, step 132.
  • the selection of the option by the user is then communicated to and received by the system, step 134.
  • FIG. 3 illustrates a system 200 for accessing a disparate system using a smart card according to one embodiment of the invention.
  • the system 200 includes an access requesting module 202 configured to enable a user to request access to a particular system.
  • Exemplary access requesting modules include, for example, telephones, modules, computers, and network cards.
  • the access requesting module 202 may use, for example, a geographically specific telephone number that the user may telephone to request access to a particular system.
  • the system 200 further includes an authentication information requesting module 204.
  • a biometric information device from the user using the secondary authentication information requesting module 204.
  • the biometric information device may be, for example, fingerprint indicia, retina indicia, facial recognition, voice recognition, etc.
  • a biometric information device may be in communication with, for example, a personal computer, portable computer, personal digital assistant, or other client device that the user may be using to gain access to the system 200. The user may use the biometric information device to input the biometric information.
  • An authentication information providing module 206 may be coupled to the access requesting module 202.
  • the authentication information providing module 206 is configured to provide authentication information from the authentication information requesting module 204 to a smart card in communication with a user's computer through a smart card reader.
  • a smart card comparator module 208 located within the smart card's operating system, is configured to access authentication information stored on the smart card and compares the authentication information from the authentication information requesting module 204 to the authentication information stored on the smart card. For example, if the user has input fingerprint indicia, fingerprint indicia stored on the smart card is compared to the input fingerprint indicia from the authentication information providing module 206. Similarly, if the user input a voice sample, a voice sample stored on the smart card is compared to the input voice sample received from the authentication information providing module 206.
  • a user authentication determining module 210 located within the smart card's operating system, determines if the authentication information received at the smart card comparator module 208 matches. If the information does not match, the user's access may be terminated using access terminating module 212. Alternatively, if the authentication information received at the smart card comparator module 224 is a match, the user's may be permitted to access the service provider's website or servers through a server communication module 214.
  • a server authentication module 216 compares the authentication information received from the smart card comparator module 208 through a smart card information receiving module 218 to authentication information stored on the server or input by the user during the authentication process or method. For example, a server authentication module 216 may access and retrieve authentication information stored on the server.
  • the server authentication module 216 may prompt the user to input a username and password to gain access to the server. Thereafter, a server comparator module 208 compares the information received by the smart card information receiving module 218 to information retrieved by the server authentication module 216. In addition, the geographic location of the user as determined by the SSAN and is compared with the authentication information received from the smart card comparator module 208 through a smart card information receiving module 218 and the authentication information stored on the server or input by the user. If the information correlates, the user is advanced to a valid login determining module 220 which determines the validity of the user login information.
  • a session identifier is generated by a session identifier module 224.
  • the session identifier may include the identity of the user, the location of the user, a date/time stamp of any transactions, etc.
  • the user may be presented with a number of options generated by a option presenting module 226.
  • the options may be, "Play Poker,” “Play Blackjack,” “Play Keno,” “Play Roulette,” “Make Reservations,” etc.
  • the user may select an option using any input device such as, for example, a computer keyboard or mouse, light pen, voice recognition software, touch-pad, etc.
  • the option selected may be communicate to and received by the options receiving module 226.

Abstract

The invention relates to a system and method for integrating various data platforms using smart cards. The smart card may be used to securely contain digital credentials and/or access a network or website, and may be used to retain and secure a Virtual Private Network (VPN) or Remote Access Server (RAS) configuration. The configuration may include, for example, an Internet Protocol (IP) address, type of encryption, encryption keys, digital certificates, etc. The invention further combines dedicated phone lines in combination with biometric or other identification methodologies.

Description

SYSTEM FOR CONFIGURING CLIENT COMPUTERS To A SECURE HOST OR WEBSITE USING SMART CARDS
CROSS REFERENCE TO RELATED APPLICATIONS [0001] This application claims priority to United States Provisional Patent Application No. 60/377,279, filed May 1 , 2002, entitled "System for Configuring Clients Computers to a Secure Host Using Smart Cards," the entire contents of which are hereby incorporated by reference in its entirety. it
BACKGROUND OF THE INVENTION [0002] Various consumer industries, particularly, the Gaming and Hospitality industries, face many challenges today. These challenges include enhancing customer experience and building brand loyalty while increasing security and privacy. One method for overcoming these challenges includes using smart card technology. Smart card technology is increasingly used for retail, e-commerce, and enterprise data security applications. More particularly, smart card technology is improving upon the traditional magnetic stripe currently in use on many plastic cards, permitting a smart card to act as a miniature personal computer with its own processor/memory architecture, using an operating system on which applications may be executed; or it can be a secure storage device that limits access to its contents by its on board logic.
SUMMARY OF THE INVENTION [0003] The invention relates to a system and method for integrating various data platforms using smart cards. The smart card may be used to securely contain digital credentials and/or access a network or website, and may be used to retain and secure a Virtual Private Network (VPN) or Remote Access Server (RAS) configuration. The configuration may include, for example, an Internet Protocol (IP) address, type of encryption, encryption keys, digital certificates, etc. The invention further combines dedicated phone lines in combination with biometric or other identification methodologies.
BRIEF DESCRIPTION OF THE DRAWINGS [0004] The apparatus of the present invention will be explained in more detail by way of the accompanying drawings, wherein: [0005] FIG. 1 is a block diagram of a system for ensuring user identity and providing secure user access to a computer network;
[0006] FIG. 2 is a systematic diagram of a system of one embodiment of the invention;
[0007] FIG. 3 is block diagram of a system for accessing a disparate system using a smart card.
DETAILED DESCRIPTION [0008] FIGS. 1 and 2 show a block diagram of a system for ensuring user identity and providing secure user access to a computer network or website from a variety of locations using a smart card to ensure user identity. In one embodiment, the computer network comprises a plurality of computer systems utilizing the same operating systems and programs. In an alternate embodiment, the computer network comprises any number of computers running a variety of computer operating systems and programs. The various computer forming the network may be located at various locations throughout the world, or in the alternative, may be centrally located. For example, the smart card may enable authorized access to one or more data systems. The data systems may include, but are not limited to, casinos, on-line gambling internet sites, etc.
[0009] Initially, a user establishes an account with a service provider, step 100. In return, the user is issued a smart card, step 102, which contains or otherwise stores identity information relating to a specific user. For example, the identity information may include contact information, such as, personal information, one or more types of biometric information, security information (e.g. passwords and/or biometric information, etc.) and/or any other desired information. For example, the biometric information may include, for example, fingerprint scans, voice samples, facial pictures, retinal scans, and/or any other biometric information unique to a user. In an alternate embodiment, the service provider may provide the user with an account number or identity number, password, and/or other information. Thereafter, the contact information is programmed on, saved on, or otherwise stored on/or within a semiconductor device embedded in the smart card. In one embodiment, the smart card may include at least one encryption algorithm configured to encrypt information sent to and from the smart card to the user's computer and/or network servers. Exemplary encryption algorithms used to encrypt the contact information may include, for example, PGP, AES, DES, RSA, Diffie Helman, Blowfish, various symmetric algorithms, various asymmetric algorithms, combinations of symmetric and asymmetric algorithms, and other non-published algorithms which could be regarded as trade secrets. In addition to the contact information, the smart card may store a unique set of encryption keys and digital certificates specific to each user, thereby ensuring should the smart card be lost or otherwise compromised the network infrastructure will remain secure and intact. Optionally, the smart card may include a variety of information stored thereon, including, without limitation, VPN configuration, RAS configuration, IP address, encryption identification information, private encryption keys, public encryption keys, public/private certificates, and digital signatures.
[0010] Optionally, a software suite may be provided to, downloaded to, or otherwise stored on the user's computer, step 104. For example, the software may comprise an application configured to access a secured website accessible by the user's computer. The software suite may manage the communication between the user's computer peripherals, the smart card, as well as communication with the network or severs. In one embodiment, the software suite may embedded within a common software element located on the network computers and the user's computer. For example, the software suite may be embedded within any variety of "middleware", including, without limitation, DLL, Active X control, OCX, and/or a library files.
[0011] In one embodiment, the user may be requested to enter a session specific and/or time/date specific access number (SSAN) to access the service provider's website or servers, step 106. In one embodiment, the SSAN is variable and changes for each session the user wishes to access the service provider's website or servers. Optionally, the user may be required to further verify his identity prior to the issuance of a SSAN. For example, the user may be provided a SSAN automatically when connecting to the service provider's network or website using a dial-up system or modem. In the alternative, the user may be required to call a geographically specific telephone number and obtain a SSAN to access the service provider's servers using a cable or wireless modem. The geographically specific telephone number permits the service provider to determine the location of the user. In another embodiment, the system of the present invention may not require a SSAN to access a server or website. [0012] Once the software suite is installed on the user's computer, the identity of the user may be verified by the smart card. The smart card may be inserted into a card reader, step 108, coupled to or otherwise in communication with the user's computer. The user may be requested to provide specific information, step 110, to be compared with the specific information stored on the smart card, step 112. In one embodiment, a user created username and password may be used as an authenticator. In an alternate embodiment, biometric information may be requested from the user and used to authenticate the user's identity when compared with similar biometric information stored on the smart card. The biometric information may be, for example, a fingerprint scan, voice sample, facial recognition, retina scan, etc. The biometric information may be input using any device capable of obtaining such biometric information. For example, a fingerprint scanner may be used for obtaining a fingerprint scan, a retina scanner may be used for obtaining a retina scan, etc. It is to be understood that multiple devices may be used to receive a plurality of biometric information. The device(s) are in communication with the client device being used by the user. Should the biometric information stored on the smart card not match the biometric inputted by the user, access to the network or secured areas will be denied, step 115. Once the smart card has verified the user's identity or digital credentials, step 114, the host or server may further verify the authenticity of the smart card.
[0013] The server may verify the digital credentials and require a secondary authentication of the user in any number of ways. For example, the server may compare stored secondary authentication information provided by the user when enrolling in the service with the information received from the smart card during the smart card's verification and authentication process or check the validity of a certificate as part of this process. A comparison between the entered secondary authentication information entered by the user or stored on the server and the digital credentials retrieved from the smart card is then made, step 116. For example, the user may login by, for example, by inputting a username and password that was created when the user established the account with the service provider. In an alternate embodiment, the user may enter a customer number or account number, and a password to gain access to the system, step 118. The username, password, or biometric sample inputted by the user may then be received. Thereafter, a determination is made regarding whether the user has inputted a valid username and password. Should an invalid username, password, and/or biometric information be inputted or retrieved, the user may be denied access, step 119. Optionally, the user may be requested to again enter a valid username and password. Should an invalid user name, password, and/or biometric information again be entered access to the system will again be denied, step 119. This process may be repeated indefinitely or, for security reasons, for a predetermined number of attempts. If after the user has entered an invalid username and/or password a predetermined number of attempts, the system may disable access to, for example, a user with a particular account or a particular client device. The client device may be identified using and number of identifiers, including, for example, an Internet Protocol (IP) address, and account number, a customer number, a credit card account, or any other device identifying mechanism.
[0014] Once the smart card has verified the identity of the user, step 114, the server has verified the validity of the smart card, step 120, and the validity of the certificate and/or the location of the user via the SSAN, step 122, the server may transmit a variety of information to the user's computer for the user's use, step 124, to configure/reconfigure the user's computer, and/or distribute updates and applications. In an alternate embodiment, the server may update information or applications stored on the user's smart card. As those skilled in the art will appreciate, an update of the server's applications and/or configuration will be distributed to each remote user's computer's software, configuration, and/or smart card information, thereby reducing related errors and limiting unauthorized usage. [0015] With the identity of the user verified, the server permits the user to gain access to data, applications, URLs, and secured areas, step 126. In addition, a session identifier and other information relating to the user's identity, geographical location, activity, and/or date/time stamp may be obtained and stored on the service providers systems, step 128. Thereafter, the user may be presented with one or more options provided by the system, step 130. For example, an on-line gambling Internet site may provide the user with the following options: "Play Poker," "Play Blackjack," "Play Keno," "Play Roulette," "Make Reservations," etc. The user may then select an option presented, step 132. Thereafter, the selection of the option by the user is then communicated to and received by the system, step 134. [0016] FIG. 3 illustrates a system 200 for accessing a disparate system using a smart card according to one embodiment of the invention. The system 200 includes an access requesting module 202 configured to enable a user to request access to a particular system. Exemplary access requesting modules include, for example, telephones, modules, computers, and network cards. For example, the access requesting module 202 may use, for example, a geographically specific telephone number that the user may telephone to request access to a particular system. [0017] The system 200 further includes an authentication information requesting module 204. For example, a biometric information device from the user using the secondary authentication information requesting module 204. The biometric information device may be, for example, fingerprint indicia, retina indicia, facial recognition, voice recognition, etc. A biometric information device may be in communication with, for example, a personal computer, portable computer, personal digital assistant, or other client device that the user may be using to gain access to the system 200. The user may use the biometric information device to input the biometric information.
[0018] An authentication information providing module 206 may be coupled to the access requesting module 202. The authentication information providing module 206 is configured to provide authentication information from the authentication information requesting module 204 to a smart card in communication with a user's computer through a smart card reader. A smart card comparator module 208, located within the smart card's operating system, is configured to access authentication information stored on the smart card and compares the authentication information from the authentication information requesting module 204 to the authentication information stored on the smart card. For example, if the user has input fingerprint indicia, fingerprint indicia stored on the smart card is compared to the input fingerprint indicia from the authentication information providing module 206. Similarly, if the user input a voice sample, a voice sample stored on the smart card is compared to the input voice sample received from the authentication information providing module 206.
[0019] A user authentication determining module 210, located within the smart card's operating system, determines if the authentication information received at the smart card comparator module 208 matches. If the information does not match, the user's access may be terminated using access terminating module 212. Alternatively, if the authentication information received at the smart card comparator module 224 is a match, the user's may be permitted to access the service provider's website or servers through a server communication module 214. [0020] A server authentication module 216 compares the authentication information received from the smart card comparator module 208 through a smart card information receiving module 218 to authentication information stored on the server or input by the user during the authentication process or method. For example, a server authentication module 216 may access and retrieve authentication information stored on the server. In the alternative, the server authentication module 216 may prompt the user to input a username and password to gain access to the server. Thereafter, a server comparator module 208 compares the information received by the smart card information receiving module 218 to information retrieved by the server authentication module 216. In addition, the geographic location of the user as determined by the SSAN and is compared with the authentication information received from the smart card comparator module 208 through a smart card information receiving module 218 and the authentication information stored on the server or input by the user. If the information correlates, the user is advanced to a valid login determining module 220 which determines the validity of the user login information. In the alternative, if the information from the smart card information receiving module 222 to information retrieved by the server authentication module 218 differs, access is terminated by a secondary access terminating module 222. [0021] Once the validity of the login in determined by the valid login determining module 220, a session identifier is generated by a session identifier module 224. The session identifier may include the identity of the user, the location of the user, a date/time stamp of any transactions, etc.
[0022] Thereafter, the user may be presented with a number of options generated by a option presenting module 226. For example, if the user accesses an on-line gambling Internet site, the options may be, "Play Poker," "Play Blackjack," "Play Keno," "Play Roulette," "Make Reservations," etc. The user may select an option using any input device such as, for example, a computer keyboard or mouse, light pen, voice recognition software, touch-pad, etc. The option selected may be communicate to and received by the options receiving module 226.

Claims

ClaimsWhat is claimed is:
1. A method for integrating various data systems comprising the steps of: enabling a user to request access to at least one data system from a remote device; receiving login information from the user; validating the login information; obtaining initial biometric information about the user; retrieving stored biometric information about the user; comparing the initial biometric information and the stored biometric information; authenticating the user; providing the user with access to the at least one data system.
2. The method of claim 1 , further comprising the step of: generating a digital signature.
3. The method of claim 1 , wherein the stored biometric information is stored on a smart card.
4. The method of claim 1 , further comprising the step of: establishing a session that enables the user to conduct at least one activity with the at least one system.
5. The method of claim 1 , wherein the initial biometric information comprises one of the group of fingerprint indicia, retina indicia, voice recognition, and facial recognition.
6. The method of claim 1 , wherein the step of enabling a user to request access is performed using a toll-free telephone number.
7. The method of claim 6, further comprising the step of: determining whether the user is requesting access from an authorized location.
8. The method of claim 1 , further comprising the step of: transmitting a session identifier to the remote device.
PCT/US2003/013799 2002-05-01 2003-05-01 System for configuring client computers to a secure host using smart cards WO2003093942A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003239343A AU2003239343A1 (en) 2002-05-01 2003-05-01 System for configuring client computers to a secure host using smart cards

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US37727902P 2002-05-01 2002-05-01
US60/377,279 2002-05-01

Publications (2)

Publication Number Publication Date
WO2003093942A2 true WO2003093942A2 (en) 2003-11-13
WO2003093942A3 WO2003093942A3 (en) 2004-06-10

Family

ID=29401472

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/013799 WO2003093942A2 (en) 2002-05-01 2003-05-01 System for configuring client computers to a secure host using smart cards

Country Status (2)

Country Link
AU (1) AU2003239343A1 (en)
WO (1) WO2003093942A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004075097A1 (en) * 2003-02-18 2004-09-02 Biometrics Ltd Biometric identity verification system
US20060075221A1 (en) * 2004-09-30 2006-04-06 Moore Keith E Communications methods and appliances
US8732451B2 (en) 2009-05-20 2014-05-20 Microsoft Corporation Portable secure computing network
GB2544739A (en) * 2015-11-24 2017-05-31 Nokia Technologies Oy Method and apparatus for device setup

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5469506A (en) * 1994-06-27 1995-11-21 Pitney Bowes Inc. Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic
US5578808A (en) * 1993-12-22 1996-11-26 Datamark Services, Inc. Data card that can be used for transactions involving separate card issuers
US5875432A (en) * 1994-08-05 1999-02-23 Sehr; Richard Peter Computerized voting information system having predefined content and voting templates

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5578808A (en) * 1993-12-22 1996-11-26 Datamark Services, Inc. Data card that can be used for transactions involving separate card issuers
US5469506A (en) * 1994-06-27 1995-11-21 Pitney Bowes Inc. Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic
US5875432A (en) * 1994-08-05 1999-02-23 Sehr; Richard Peter Computerized voting information system having predefined content and voting templates

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004075097A1 (en) * 2003-02-18 2004-09-02 Biometrics Ltd Biometric identity verification system
US20060075221A1 (en) * 2004-09-30 2006-04-06 Moore Keith E Communications methods and appliances
US8375202B2 (en) * 2004-09-30 2013-02-12 Hewlett-Packard Development Company, L.P. Communications methods and appliances
US9894048B2 (en) 2004-09-30 2018-02-13 Hewlett Packard Enterprise Development Lp Communications methods and appliances
US8732451B2 (en) 2009-05-20 2014-05-20 Microsoft Corporation Portable secure computing network
GB2544739A (en) * 2015-11-24 2017-05-31 Nokia Technologies Oy Method and apparatus for device setup
US10372462B2 (en) 2015-11-24 2019-08-06 Nokia Technologies Oy Method and apparatus for device setup

Also Published As

Publication number Publication date
AU2003239343A1 (en) 2003-11-17
AU2003239343A8 (en) 2003-11-17
WO2003093942A3 (en) 2004-06-10

Similar Documents

Publication Publication Date Title
KR100464755B1 (en) User authentication method using user's e-mail address and hardware information
US8341698B2 (en) Transforming static password systems to become 2-factor authentication
US7181762B2 (en) Apparatus for pre-authentication of users using one-time passwords
EP3065366B1 (en) Identification and/or authentication system and method
US8041954B2 (en) Method and system for providing a secure login solution using one-time passwords
KR101574838B1 (en) Personal portable secured network access system
US20110185181A1 (en) Network authentication method and device for implementing the same
US20120204245A1 (en) Secure authentication using one-time passwords
US20060037066A1 (en) Data processing system for application to access by accreditation
US20120185697A1 (en) Universal Authentication Token
US20070022196A1 (en) Single token multifactor authentication system and method
US9667626B2 (en) Network authentication method and device for implementing the same
JP2003534589A (en) Authentication system and method
GB2345232A (en) Remote administration of smart cards for secure access systems
US9124571B1 (en) Network authentication method for secure user identity verification
CA2516718A1 (en) Secure object for convenient identification
US20110289567A1 (en) Service access control
KR20050053967A (en) Authorization system and method for utilizing one time password based on time synchronization
KR101696571B1 (en) Personal portable secured network access system
JP2004528624A (en) A device for pre-authenticating a user using a one-time password
KR102372503B1 (en) Method for providing authentification service by using decentralized identity and server using the same
US20070204167A1 (en) Method for serving a plurality of applications by a security token
JP2002073556A (en) Authentication system
WO2003093942A2 (en) System for configuring client computers to a secure host using smart cards
US20080184356A1 (en) Method for conducting real-time execution of transactions in a network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP