US20100192199A1 - Creating and using a specific user unique id for security login authentication - Google Patents

Creating and using a specific user unique id for security login authentication Download PDF

Info

Publication number
US20100192199A1
US20100192199A1 US12/440,312 US44031207A US2010192199A1 US 20100192199 A1 US20100192199 A1 US 20100192199A1 US 44031207 A US44031207 A US 44031207A US 2010192199 A1 US2010192199 A1 US 2010192199A1
Authority
US
United States
Prior art keywords
computer
unique
media access
hard drive
character string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/440,312
Inventor
Robert F. Terry
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CWI INTERNATIONAL LLC
CW International LLC
Original Assignee
CWI INTERNATIONAL LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CWI INTERNATIONAL LLC filed Critical CWI INTERNATIONAL LLC
Priority to US12/440,312 priority Critical patent/US20100192199A1/en
Assigned to CW INTERNATIONAL, LLC reassignment CW INTERNATIONAL, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BLACK LAB SECURITY SYSTEMS, INC.
Publication of US20100192199A1 publication Critical patent/US20100192199A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • This method of invention relates generally to the field of network utility programming, and more particularly but not exclusively, to monitoring attempted network login connections, methods of intercepting network login activity, authenticating the network login and closing (terminating) those network login connections that are not authenticated to proceed and access a network.
  • PCs mobile lap top personal computers
  • These lap top PCs may be used by individuals/employees/associates, while they are physically inside a facility accessing a host LAN and also while they are outside a facility to remotely access the host LAN via the Internet.
  • Network system names and passwords can be determined using network tools that probe a network, while the network is continuously broadcasting information throughout the network domain. When the broadcast information is obtained, additional programs (i.e., tools) can be used to obtain an actual password to a networked computer.
  • System names and passwords can also be obtained by “social engineering”, such as an individual observing another individual user while they actually login and access the host LAN. Alternatively, an individual user may be provided an authorized system name and password to accomplish a certain task, but then that system name and password are not changed or deleted after the task is completed, so the individual user still has access using this system name and password.
  • a new technology i.e., utility
  • a new technology that has the ability to perform a network user login authentication, in order to insure the security of the (host) LAN during the time the user attempts to login and gain access to the (host) LAN.
  • a method includes (i.e., comprises) executing and performing an analysis of a computer's internal hardware configuration (e.g., a 32/64-bit Microsoft computer's internal hardware configuration), reading the internal device hardware physically installed within the 32/64-bit Microsoft computer and generating a Unique ID based on the internal hardware configuration and the system name and password of the individual user.
  • a computer's internal hardware configuration e.g., a 32/64-bit Microsoft computer's internal hardware configuration
  • FIG. 1 is a general flow diagram of the mechanics and interlinks used to execute and perform a method to authenticate an individual user at the time the individual user attempts to login and gain access to a host, for example, a local area network (LAN), in accordance with one or more embodiments of the present invention.
  • a host for example, a local area network (LAN), in accordance with one or more embodiments of the present invention.
  • LAN local area network
  • FIG. 2 is a detailed flow diagram of the mechanics used to perform an analysis of a computer, retrieve a hard drive serial number and all MAC codes, create a unique ID for an individual user and store the unique ID to an encrypted data file, in accordance with one or more embodiments of the present invention.
  • FIG. 3 is a detailed flow diagram of the mechanics that may occur after a Unique ID has been established for a user and stored to an encrypted data file, each time the user attempts to log into a network host, in accordance with one or more embodiments of the present invention.
  • FIG. 4 is a block diagram of a computer system that may be used in accordance with an embodiment of the present invention.
  • FIG. 8 is a block diagram of a computer system that may be used in accordance with at least one embodiment of the present invention.
  • FIG. 9 is a diagram of a multiple network system that may be used in accordance with at least one embodiment of the present invention.
  • the O/S utility may be developed or implemented in a variety of programming languages ranging from low-level, programming languages (e.g., but not limited to, assembler) to high-level programming languages (e.g., but not limited to, C++, Visual Basic, Java, Java Beans, etc.).
  • low-level, programming languages e.g., but not limited to, assembler
  • high-level programming languages e.g., but not limited to, C++, Visual Basic, Java, Java Beans, etc.
  • the O/S utility may be stored or encoded as an executable file on a machine-readable and/or a computer-readable medium (e.g., but not limited to, a floppy disk, a hard drive, a flash drive, a bubble memory, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like) and/or hardwired into one or more integrated circuits (e.g., an Electrically Erasable Programmable Read Only Memory (EEPROM), an Erasable Programmable Read Only Memory (EPROM), etc.).
  • EEPROM Electrically Erasable Programmable Read Only Memory
  • EPROM Erasable Programmable Read Only Memory
  • FIG. 1 is a general flow diagram of the mechanics and interlinks used to execute and perform an analysis of the internal device hardware configuration and the creation of a Unique ID, based on an internal hard drive, combined Media Address Codes (MAC), at least one hard drive serial number and the individual user system name and password, in order to authenticate the individual user at the time the individual user attempts to login and gain access to a host LAN.
  • MAC Media Address Codes
  • FIG. 1 there is shown an example of a general flow diagram of a service booting and executing ( 110 ) from the time the computer is powered on (i.e., booted-up) and sequentially reading ( 200 ) at least one internal hardware drive serial numbers and performing ( 300 ) an analysis on all Media Access Codes (MAC) and combining all of the Media Access Codes (MAC) into one string, along with the hard drive serial number and establishing ( 400 ) a Unique ID based on the internal hardware device configuration and the individuals system name and password information.
  • at least one serial number may be used with an external hard drive and/or a removable hard drive.
  • FIG. 2 is a detailed flow diagram of the mechanics used to perform an analysis of a computer, retrieve a hard drive serial number and all MAC codes, create a unique ID for an individual user and store the unique ID to an encrypted data file, in accordance with one or more embodiments of the present invention.
  • FIG. 2 there is shown a detailed flow diagram of how a computer performs (i.e., functions) to obtain and create the actual Unique ID and then store the Unique ID into an encrypted data file, for example, a data encryption standard (DES) or an advanced encryption standard (AES) data file.
  • DES data encryption standard
  • AES advanced encryption standard
  • the PIP_ADAPTER_INFO Table is established ( 210 ) in memory and the buffer is filled ( 220 ) with the adapter information.
  • a function is called to enumerate ( 230 ) all adapters and retrieve each specific Media Access Code (MAC).
  • Each Media Access Code is converted ( 240 ) to a string and each code is appended to form a string of all MACs within the computer. For example, if three MACs are recorded within the PIP_ADAPTER_INFO Table, all of the MACs would form a long string such as the following, where the “+” operators used in the equations below are string concatenation operators that operate to append strings together to form a longer string:
  • This STRING (ALL COMBINED Media Access Codes) is combined ( 300 ) with the hard drive serial number, which is also converted to a character string prior to being combined and that may be retrieved by calling the GetVolumelnformation( ) function to create an Unique ID using the following equation:
  • some embodiments of the present invention may only use the primary (i.e., root) hard drive, for example, this is frequently the “C: ⁇ ” drive.
  • the root drive for example, “C: ⁇ ”, will be used in each embodiment to calculate the Unique ID, but embodiments are contemplated in which the root drive may not be used.
  • the Unique ID may be encrypted ( 400 ) by initiating the operating system Crypto API and a DES or an AES Encrypted string that is stored to a data file.
  • FIG. 3 is a detailed flow diagram of the mechanics that may occur after a Unique ID has been established for a user and stored to an encrypted data file, each time the user attempts to log into a network host, in accordance with one or more embodiments of the present invention.
  • FIG. 3 there is shown a detailed flow diagram of how a computer performs (i.e., functions) after the Unique ID has been established (i.e., created) and stored to a DES or an AES encrypted data file within the computer.
  • a function may be executed ( 500 ) to retrieve read and de-encrypt the DES or AES file by activating the operating system Crypto API.
  • the Media Access Codes may again be retrieved ( 600 ) by establishing an interlink/interface into the operating system Winsock and reading the PIP_ADAPTER_INFO Table and enumerating all Media Access Codes (MAC).
  • the hard drive serial number may be retrieved ( 610 ) by executing the GetVolumeInformation( )function.
  • the Unique ID may then be re-calculated and compared ( 700 ) to the Unique ID retrieved from the data file stored within the computer.
  • the user when the user attempts to log into the host, if the Unique ID matches the Unique ID stored on the host, the user is granted access ( 800 ) to the host LAN. If the Unique ID identified by the user (i.e., client) does not exist, because the user does not have an Unique ID stored on the host, or the Unique ID stored on the host for the user does not match the user Unique ID, the login session is terminated ( 900 ) and the IP Address of the attempted login is recorded ( 1000 ) and an alert is sent to network administration. For example, if a user attempts to login on to the host LAN from a different computer from which his/her Unique ID was created, they will not be able to login into the host LAN.
  • FIG. 4 is a block diagram of a computer system that may be used in accordance with an embodiment of the present invention.
  • a computer system 400 may include, but is not limited to, a processing unit (e.g., a processor) 410 connected to a bus 415 to enable processing unit 410 to have two-way communication across bus 415 .
  • Computer system 400 may also include a volatile memory (e.g., a random access memory (RAM)) 420 to store executable instructions and information/data to be used by the executable instructions when executed by processing unit 410 .
  • RAM random access memory
  • Computer system 400 may still further include a non-volatile memory (e.g., a read only memory (ROM)) 430 to store instructions and static information for processing unit 410 , and a mass storage device (e.g., a hard disk drive, a compact disc (CD) and associated CD drive, an optical disk and associated optical disk drive, a floppy disk and associated floppy disk drive, etc.) 940 that each may also be connected to bus 415 to enable each to have two-way communication across bus 415 .
  • a non-volatile memory e.g., a read only memory (ROM)
  • a mass storage device e.g., a hard disk drive, a compact disc (CD) and associated CD drive, an optical disk and associated optical disk drive, a floppy disk and associated floppy disk drive, etc.
  • a mass storage device e.g., a hard disk drive, a compact disc (CD) and associated CD drive, an optical disk and associated optical disk drive, a floppy disk
  • embodiments of the present invention may also be used with computer/server systems that include additional elements not included in computer system 400 in FIG. 4 .
  • these addition elements may include, but are not limited to, additional processing units (e.g., parallel processing units, graphics processing units, etc.), bridges and/or interfaces to a variety of peripherals (e.g., monitor, keyboard, mouse, printer, joystick, biometric devices, speakers, external communications devices (e.g., a LAN, a WAN, a modem, a router, etc.)).
  • additional processing units e.g., parallel processing units, graphics processing units, etc.
  • bridges and/or interfaces to a variety of peripherals e.g., monitor, keyboard, mouse, printer, joystick, biometric devices, speakers, external communications devices (e.g., a LAN, a WAN, a modem, a router, etc.)).
  • peripherals e.g., monitor, keyboard, mouse, printer, joystick, biometric devices, speakers, external
  • any configuration of the computer system in FIG. 4 may be used with the various embodiments of the present invention.
  • the executable instructions (i.e., computer program) implementing the present invention may be stored in any memory or storage device accessible to processing unit 410 , for example, but not limited to, volatile memory 420 , mass storage device 440 , or any other local or remotely connected memory or storage device.
  • An embodiment of the present invention provides one or more means for implementing a programming design, capable of being applied to Microsoft C/C++ programs, that can initiate parallel threads to monitor almost an unlimited amount of events reported by the operating system in a real-time environment, without any noticeable performance degradation by the user and an extremely small impact to the overall computer usage, regarding CPU cycles (percentage) and memory utilization.
  • each of the features of the present invention may be separately and independently claimed.
  • each utility program, program, and/or code segment/module may be substituted for an equivalent means capable of substantially performing the same function(s).
  • FIG. 5 is a diagram of a multiple network system that may be used together and/or separately in accordance with one or more embodiments of the present invention.
  • Internet 510 may have connected to it a variety of computers, servers and communications devices.
  • multiple desktop personal computers (PCs) 515 , servers 520 , lap top PCs 525 , tablet PCs 530 , and personal digital assistants (PDAs) 540 may be connected to Internet 510 via a variety of communications means.
  • PCs personal computers
  • PDAs personal digital assistants
  • the communications means may include wireless access points 545 , such as seen connecting lap top PC 525 , tablet PC 530 , and PDA 540 to Internet 510 ; a router 550 , as seen connecting a desktop PC to Internet 510 ; and a modem 555 , as seen connecting another desktop PC to Internet 510 .
  • Internet 510 may also be connected to a LAN and/or WAN 560 via a firewall 565 and router 550 .
  • LAN and/or WAN 560 in turn may be directly connected to multiple desktop PCs 515 , lap top PCs 525 , multiple printers 570 , one or more servers 520 , and one or more mass storage devices 575 , which may also be connected to one or more servers 520 .
  • each of the features of the present invention may be separately and independently claimed.
  • each utility program, program, and/or code segment/module may be substituted for an equivalent means capable of substantially performing the same function(s).
  • An embodiment of the present invention provides one or more means for executing and performing an analysis of a 32/64-bit Microsoft computer's internal hardware configuration, reading the internal device hardware physically installed within the 32/64-bit Microsoft computer and generating a Unique ID based on the internal hardware configuration and the system name and password of the individual (user).
  • a method of retrieving all Media Access Codes includes retrieving a hard drive serial number and a combined all Media Access Codes with the hard drive serial number and creating a Unique ID.
  • a method includes implementing a Unique ID as part of a user login authentication to a network and verifying that a physical computer logging into the network is a correct computer.

Abstract

A method of monitoring all network login activity, which includes a real-time analysis of intercepting all network login activity, analyzing network login activity, authenticating network login activity and closing (i.e., terminating) those network login connections that are not authenticated to proceed and access the network.

Description

    CROSS REFERENCE TO RELATED INVENTION
  • This application claims benefit of priority to U.S. Provisional Patent Application No. 60/824,835, filed Sep. 7, 2006, which is herein incorporated in its entirety by reference.
    • FIELD OF THE INVENTION
  • This method of invention relates generally to the field of network utility programming, and more particularly but not exclusively, to monitoring attempted network login connections, methods of intercepting network login activity, authenticating the network login and closing (terminating) those network login connections that are not authenticated to proceed and access a network.
    • BACKGROUND OF INVENTION
  • As networking and automation expands in business and organizations, one of the most important new technical capabilities in today's modem network computing is the ability for organizations to establish access to (host) networks via the Internet and other network service providers. In essence, organizations are allowing “connectivity” from their Local Area Network (LAN) from the Internet and any other public network, which can be accessed from the Internet. Many public corporations, private corporations, state and federal government, including the Department Of Defense, have established and made available a host LAN connection login access for employees from almost any place in the world. As an example, it would be very common for an employee working at home, to access the Internet and use the Internet to login to the host LAN made available by their employer. Once the individual user is granted login access to the host LAN, then it may be very possible for that user to have complete (i.e., 100%) access to that organization's Wide Area Network (WAN), or to probe the LAN, in an attempt to gain access to the remaining WAN.
  • Another important issue in today's modem computing environment is that individuals/employees/associates are provided mobile lap top personal computers (PCs), which are just as powerful, if not more powerful, than many standard desktop office computers. These lap top PCs may be used by individuals/employees/associates, while they are physically inside a facility accessing a host LAN and also while they are outside a facility to remotely access the host LAN via the Internet.
  • Because lap top PCs are becoming smaller and more powerful, along with many other computing devices, the theft of these lap top PCs and other computing devices is becoming much more common.
  • Another very important issue/problem is that the “cracking” of network system names and passwords to host LANs has now become a′daily problem. Network system names and passwords can be determined using network tools that probe a network, while the network is continuously broadcasting information throughout the network domain. When the broadcast information is obtained, additional programs (i.e., tools) can be used to obtain an actual password to a networked computer. System names and passwords can also be obtained by “social engineering”, such as an individual observing another individual user while they actually login and access the host LAN. Alternatively, an individual user may be provided an authorized system name and password to accomplish a certain task, but then that system name and password are not changed or deleted after the task is completed, so the individual user still has access using this system name and password.
  • Because of the problems described in the previous paragraphs, a new technology (i.e., utility) is needed, that has the ability to perform a network user login authentication, in order to insure the security of the (host) LAN during the time the user attempts to login and gain access to the (host) LAN.
    • SUMMARY
  • In accordance with an embodiment of the present invention, a method includes (i.e., comprises) executing and performing an analysis of a computer's internal hardware configuration (e.g., a 32/64-bit Microsoft computer's internal hardware configuration), reading the internal device hardware physically installed within the 32/64-bit Microsoft computer and generating a Unique ID based on the internal hardware configuration and the system name and password of the individual user.
    • BRIEF DESCRIPTION OF DRAWINGS
  • Non-limiting and non-exhaustive embodiments of the present invention are described with reference to the following figures, wherein like reference numerals refer to like parts throughout the various views unless otherwise precisely specified.
  • FIG. 1 is a general flow diagram of the mechanics and interlinks used to execute and perform a method to authenticate an individual user at the time the individual user attempts to login and gain access to a host, for example, a local area network (LAN), in accordance with one or more embodiments of the present invention.
  • FIG. 2 is a detailed flow diagram of the mechanics used to perform an analysis of a computer, retrieve a hard drive serial number and all MAC codes, create a unique ID for an individual user and store the unique ID to an encrypted data file, in accordance with one or more embodiments of the present invention.
  • FIG. 3 is a detailed flow diagram of the mechanics that may occur after a Unique ID has been established for a user and stored to an encrypted data file, each time the user attempts to log into a network host, in accordance with one or more embodiments of the present invention.
  • FIG. 4 is a block diagram of a computer system that may be used in accordance with an embodiment of the present invention.
  • FIG. 8 is a block diagram of a computer system that may be used in accordance with at least one embodiment of the present invention.
  • FIG. 9 is a diagram of a multiple network system that may be used in accordance with at least one embodiment of the present invention.
    •  DETAILED DESCRIPTION OF ILLUSTRATED EMBODIMENTS
  • In the description herein, general details are provided in flow diagrams, to provide a general understanding of the programming methods that will assist in an understanding of embodiments of the inventive methods. One skilled in the relevant art of programming will recognize, however, that the inventive method can be practiced without one or more specific details, or in other programming methods. Referenced throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present inventive method. Thus, the appearance of the phrases “in one embodiment” or “in an embodiment” in places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
  • In accordance with one or more embodiments of the present invention, the O/S utility may be developed or implemented in a variety of programming languages ranging from low-level, programming languages (e.g., but not limited to, assembler) to high-level programming languages (e.g., but not limited to, C++, Visual Basic, Java, Java Beans, etc.). The O/S utility may be stored or encoded as an executable file on a machine-readable and/or a computer-readable medium (e.g., but not limited to, a floppy disk, a hard drive, a flash drive, a bubble memory, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like) and/or hardwired into one or more integrated circuits (e.g., an Electrically Erasable Programmable Read Only Memory (EEPROM), an Erasable Programmable Read Only Memory (EPROM), etc.).
  • FIG. 1 is a general flow diagram of the mechanics and interlinks used to execute and perform an analysis of the internal device hardware configuration and the creation of a Unique ID, based on an internal hard drive, combined Media Address Codes (MAC), at least one hard drive serial number and the individual user system name and password, in order to authenticate the individual user at the time the individual user attempts to login and gain access to a host LAN. In FIG. 1, there is shown an example of a general flow diagram of a service booting and executing (110) from the time the computer is powered on (i.e., booted-up) and sequentially reading (200) at least one internal hardware drive serial numbers and performing (300) an analysis on all Media Access Codes (MAC) and combining all of the Media Access Codes (MAC) into one string, along with the hard drive serial number and establishing (400) a Unique ID based on the internal hardware device configuration and the individuals system name and password information. Embodiments of the present invention are also contemplated in which at least one serial number may be used with an external hard drive and/or a removable hard drive.
  • FIG. 2 is a detailed flow diagram of the mechanics used to perform an analysis of a computer, retrieve a hard drive serial number and all MAC codes, create a unique ID for an individual user and store the unique ID to an encrypted data file, in accordance with one or more embodiments of the present invention. In FIG. 2, there is shown a detailed flow diagram of how a computer performs (i.e., functions) to obtain and create the actual Unique ID and then store the Unique ID into an encrypted data file, for example, a data encryption standard (DES) or an advanced encryption standard (AES) data file. When the service program executes (110) it establishes (200) an interlink/interface into the operating system Winsock. The PIP_ADAPTER_INFO Table is established (210) in memory and the buffer is filled (220) with the adapter information. A function is called to enumerate (230) all adapters and retrieve each specific Media Access Code (MAC). Each Media Access Code is converted (240) to a string and each code is appended to form a string of all MACs within the computer. For example, if three MACs are recorded within the PIP_ADAPTER_INFO Table, all of the MACs would form a long string such as the following, where the “+” operators used in the equations below are string concatenation operators that operate to append strings together to form a longer string:

  • MAC 1+MAC 2+MAC 3=STRING (ALL COMBINED Media Access Codes)
  • This STRING (ALL COMBINED Media Access Codes) is combined (300) with the hard drive serial number, which is also converted to a character string prior to being combined and that may be retrieved by calling the GetVolumelnformation( ) function to create an Unique ID using the following equation:

  • Unique ID=STRING (ALL COMBINED Media Access Codes)+Hard Drive Serial Number
  • In those instances where more than one hard drive is present in the computer, some embodiments of the present invention may only use the primary (i.e., root) hard drive, for example, this is frequently the “C:\” drive. However, in other embodiments of the present invention, when more than one hard drive is present, serial numbers from two or more of the hard drives present may be used by converting them to strings and then appending them to the end of the STRING of MAC codes. In general, the root drive, for example, “C:\”, will be used in each embodiment to calculate the Unique ID, but embodiments are contemplated in which the root drive may not be used.
  • The Unique ID may be encrypted (400) by initiating the operating system Crypto API and a DES or an AES Encrypted string that is stored to a data file.
  • FIG. 3 is a detailed flow diagram of the mechanics that may occur after a Unique ID has been established for a user and stored to an encrypted data file, each time the user attempts to log into a network host, in accordance with one or more embodiments of the present invention. In FIG. 3, there is shown a detailed flow diagram of how a computer performs (i.e., functions) after the Unique ID has been established (i.e., created) and stored to a DES or an AES encrypted data file within the computer. When the service program executes (110) a function may be executed (500) to retrieve read and de-encrypt the DES or AES file by activating the operating system Crypto API. Once the Unique ID is retrieved, de-encrypted and stored into memory, the Media Access Codes may again be retrieved (600) by establishing an interlink/interface into the operating system Winsock and reading the PIP_ADAPTER_INFO Table and enumerating all Media Access Codes (MAC). The hard drive serial number may be retrieved (610) by executing the GetVolumeInformation( )function. The Unique ID may then be re-calculated and compared (700) to the Unique ID retrieved from the data file stored within the computer.
  • In accordance with and embodiment of the present invention, when the user attempts to log into the host, if the Unique ID matches the Unique ID stored on the host, the user is granted access (800) to the host LAN. If the Unique ID identified by the user (i.e., client) does not exist, because the user does not have an Unique ID stored on the host, or the Unique ID stored on the host for the user does not match the user Unique ID, the login session is terminated (900) and the IP Address of the attempted login is recorded (1000) and an alert is sent to network administration. For example, if a user attempts to login on to the host LAN from a different computer from which his/her Unique ID was created, they will not be able to login into the host LAN.
  • FIG. 4 is a block diagram of a computer system that may be used in accordance with an embodiment of the present invention. In FIG. 4, a computer system 400 may include, but is not limited to, a processing unit (e.g., a processor) 410 connected to a bus 415 to enable processing unit 410 to have two-way communication across bus 415. Computer system 400 may also include a volatile memory (e.g., a random access memory (RAM)) 420 to store executable instructions and information/data to be used by the executable instructions when executed by processing unit 410. Computer system 400 may still further include a non-volatile memory (e.g., a read only memory (ROM)) 430 to store instructions and static information for processing unit 410, and a mass storage device (e.g., a hard disk drive, a compact disc (CD) and associated CD drive, an optical disk and associated optical disk drive, a floppy disk and associated floppy disk drive, etc.) 940 that each may also be connected to bus 415 to enable each to have two-way communication across bus 415. In operation, embodiments of the present invention may be resident in processing unit 410 while being executed. In operation, embodiments of the present invention may be resident in processing unit 1210 while being executed. For example, executing programmed instructions may cause processing unit 1210 to be configured to perform the functions described herein. The computer system illustrated in FIG. 4 provides the basic features of a computer/server system that may be used in conjunction with embodiments of the present invention.
  • It is contemplated that embodiments of the present invention may also be used with computer/server systems that include additional elements not included in computer system 400 in FIG. 4. For example, these addition elements may include, but are not limited to, additional processing units (e.g., parallel processing units, graphics processing units, etc.), bridges and/or interfaces to a variety of peripherals (e.g., monitor, keyboard, mouse, printer, joystick, biometric devices, speakers, external communications devices (e.g., a LAN, a WAN, a modem, a router, etc.)).
  • Additionally, any configuration of the computer system in FIG. 4 may be used with the various embodiments of the present invention. The executable instructions (i.e., computer program) implementing the present invention may be stored in any memory or storage device accessible to processing unit 410, for example, but not limited to, volatile memory 420, mass storage device 440, or any other local or remotely connected memory or storage device.
  • An embodiment of the present invention provides one or more means for implementing a programming design, capable of being applied to Microsoft C/C++ programs, that can initiate parallel threads to monitor almost an unlimited amount of events reported by the operating system in a real-time environment, without any noticeable performance degradation by the user and an extremely small impact to the overall computer usage, regarding CPU cycles (percentage) and memory utilization.
  • In accordance with one or more embodiments, each of the features of the present invention may be separately and independently claimed. Likewise, in accordance with one or more embodiments, each utility program, program, and/or code segment/module may be substituted for an equivalent means capable of substantially performing the same function(s).
  • FIG. 5 is a diagram of a multiple network system that may be used together and/or separately in accordance with one or more embodiments of the present invention. In FIG. 5, Internet 510 may have connected to it a variety of computers, servers and communications devices. For example, multiple desktop personal computers (PCs) 515, servers 520, lap top PCs 525, tablet PCs 530, and personal digital assistants (PDAs) 540 may be connected to Internet 510 via a variety of communications means. The communications means may include wireless access points 545, such as seen connecting lap top PC 525, tablet PC 530, and PDA 540 to Internet 510; a router 550, as seen connecting a desktop PC to Internet 510; and a modem 555, as seen connecting another desktop PC to Internet 510. Internet 510 may also be connected to a LAN and/or WAN 560 via a firewall 565 and router 550. LAN and/or WAN 560 in turn may be directly connected to multiple desktop PCs 515, lap top PCs 525, multiple printers 570, one or more servers 520, and one or more mass storage devices 575, which may also be connected to one or more servers 520. Although the diagram in FIG. 5 is not exhaustive of all of the possible configurations and implementations, it is provided to illustrate a general network structure in which embodiments of the present invention may be implemented. Therefore, additional configurations and pieces of equipment are contemplated as being used with one or more embodiments of the present invention.
  • In accordance with one or more embodiments, each of the features of the present invention may be separately and independently claimed. Likewise, in accordance with one or more embodiments, each utility program, program, and/or code segment/module may be substituted for an equivalent means capable of substantially performing the same function(s).
  • An embodiment of the present invention provides one or more means for executing and performing an analysis of a 32/64-bit Microsoft computer's internal hardware configuration, reading the internal device hardware physically installed within the 32/64-bit Microsoft computer and generating a Unique ID based on the internal hardware configuration and the system name and password of the individual (user).
  • In accordance with an embodiment of the present invention, a method of retrieving all Media Access Codes (MAC) includes retrieving a hard drive serial number and a combined all Media Access Codes with the hard drive serial number and creating a Unique ID.
  • In accordance with an embodiment of the present invention, a method includes implementing a Unique ID as part of a user login authentication to a network and verifying that a physical computer logging into the network is a correct computer.
  • In accordance with an embodiment of the present invention, a method as substantially shown and described herein.
  • In accordance with another embodiment of the present invention, a system and method as substantially shown and described herein.
  • In accordance with yet another embodiment of the present invention, a computer and method as substantially shown and described herein.
  • In accordance with still another embodiment of the present invention, a computer network and method as substantially shown and described herein.
  • Although the present invention has been disclosed in detail, it should be understood that various changes, substitutions, and alterations can be made herein. Moreover, although software and hardware are described to control certain functions, such functions can be performed using either software, hardware or a combination of software and hardware, as is well known in the art. Other examples are readily ascertainable by one skilled in the art and can be made without departing from the spirit and scope of the present invention as defined by the following claims.

Claims (27)

1. A method of providing a secure network user login procedure for a network, the method comprising:
retrieving configuration data on at least one hard drive in a computer connected to the network, including a serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to a character string and appending all of the media access code character strings together to form a single, long character string of all of the media access code strings;
creating an unique identification (ID) for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string of the at least one serial number to the single, long character string of all of the media access code strings to create the unique ID for the computer;
encrypting the unique ID; and
storing the encrypted unique ID in a data file on the computer.
2. The method of claim 1 wherein the retrieving configuration data on at least one hard drive in a computer connected to the network, including the serial number for the at least one hard drive, and retrieving the media access codes occurs immediately after the computer is powered-on.
3. The method of claim 1 wherein the encrypting the unique ID comprises:
initiating an operating system crypto application programming interface to encrypt the unique ID.
4. The method of claim 3 wherein the unique ID is encrypted using a data encryption standard algorithm or an advanced encryption standard algorithm.
5. The method of claim 1 further comprising:
retrieving and decrypting the unique ID and storing it in the memory of the computer;
retrieving configuration data on at least one hard drive in the computer, including the serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to a character string and appending all of the media access code character strings together to form a new single, long character string of all of the media access code strings;
creating a new unique identification (ID) for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string for the serial number for the at least one hard drive to the new single, long character string of all of the media access code strings to create the new unique ID for the computer;
comparing the new unique ID to the unique ID and, if the new unique ID matches the unique ID, then grant access to the network, otherwise, terminate the login attempt and report an invalid login attempt.
6. The method of claim 5 wherein the report invalid login attempt comprises:
reporting the invalid login attempt to the network;
recording the IP address of the invalid login attempt; and
sending an alert signal to a network administrator that the invalid login attempt occurred.
7. A machine-readable medium having stored thereon a plurality of executable instructions for performing a method of providing a secure network user login procedure for a network, the method comprising:
retrieving configuration data on at least one hard drive in a computer connected to the network, including a serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to a character string and appending all of the media access code character strings together to form a single, long character string of all of the media access code strings;
creating an unique identification (ID) for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string of the at least one serial number to the single, long character string of all of the media access code strings to create the unique ID for the computer;
encrypting the unique ID; and
storing the encrypted unique ID in a data file on the computer.
8. The machine-readable medium of claim 7 wherein the retrieving configuration data on at least one hard drive in the computer connected to the network, including the serial number for the at least one hard drive, and retrieving the media access codes occurs immediately after the computer is powered-on.
9. The machine-readable medium of claim 7 wherein the encrypting the unique ID comprises:
initiating an operating system crypto application programming interface to encrypt the unique ID.
10. The machine-readable medium of claim 9 wherein the unique ID is encrypted using a data encryption standard algorithm or an advanced encryption standard algorithm.
11. The machine-readable medium of claim 7 wherein the method further comprises:
retrieving and decrypting the unique ID and storing it in the memory of the computer;
retrieving configuration data on at least one hard drive in the computer, including the serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to a character string and appending all of the media access code character strings together to form a new single, long character string of all of the media access code strings;
creating a new unique identification (ID) for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string serial number for the at least one hard drive to the new single, long character string of all of the media access code strings to create the new unique ID for the computer;
comparing the new unique ID to the unique ID and, if the new unique ID matches the unique ID, then grant access to the network, otherwise, terminate the login attempt and report the invalid login attempt.
12. The machine-readable medium of claim 11 wherein the report invalid login attempt comprises:
reporting the invalid login attempt to the network;
recording the IP address of the invalid login attempt; and
sending an alert signal to a network administrator that the invalid login attempt occurred.
13. A method of providing a secure network user login procedure for a network, the method comprising:
retrieving configuration data on at least one hard drive in a computer, including a serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to a character string and appending all of the media access code character strings together to form a single, long character string of all of the media access code strings;
creating a unique identification (ID)for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string serial number for the at least one hard drive to the single, long character string of all of the media access code strings to create the unique ID for the computer;
comparing the unique ID to a previously created unique ID for the computer and, if the unique ID matches the previously created unique ID, then grant access to the network, otherwise, terminate the login attempt and report the invalid login attempt.
14. The method of claim 13 wherein the previously created unique ID was created by the method comprising:
retrieving configuration data on at least one hard drive in the computer connected to the network, including the serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to initial character strings and appending all of the media access code initial character strings together to form an initial single, long character string of all of the media access code strings; and
creating the previously created unique ID for the computer by converting the serial number for the at least one hard drive to a character string, and appending the character string serial number for the at least one hard drive to the initial single, long character string of all of the media access code strings to create the initial unique ID for the computer.
15. The method of claim 13 wherein the report invalid login attempt comprises:
reporting the invalid attempt to the network;
recording the IP address of the invalid login attempt; and
sending an alert signal to a network administrator.
16. The method of claim 13 wherein the retrieving configuration data on the at least one hard drive in the computer connected to the network, including the serial number for the at least one hard drive, and retrieving the media access codes occurs immediately after the computer is powered-on.
17. The method of claim 13 wherein the previously created unique ID is retrieved and decrypted from an encrypted, previously created unique ID stored in a data file on the computer and the decrypted previously created unique ID is stored in the memory of the computer occurs immediately after the computer is powered-on.
18. A machine-readable medium having stored thereon a plurality of executable instructions for performing a method of providing a secure network user login procedure for a network, the method comprising:
retrieving configuration data on at least one hard drive in a computer, including a serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to a character string and appending all of the media access code character strings together to form a single, long character string of all of the media access code strings;
creating a unique identification (ID)for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string serial number for the at least one hard drive to the single, long character string of all of the media access code strings to create the unique ID for the computer;
comparing the unique ID to a previously created unique ID for the computer and, if the unique ID matches the previously created unique ID, then grant access to the network, otherwise, terminate the login attempt and report the invalid login attempt.
19. The machine-readable medium of claim 18 wherein the previously created unique ID was created by the method comprising:
retrieving configuration data on the at least one hard drive in the computer connected to the network, including the serial number for the at least one hard drive;
retrieving all media access codes associated with the computer;
converting each of the media access codes to initial character strings and appending all of the media access code initial character strings together to form an initial single, long character string of all of the media access code strings; and
creating the previously created unique ID for the computer by converting the serial number for the at least one hard drive to a character string, and appending the character string serial number for the at least one hard drive to the initial single, long character string of all of the media access code strings to create the initial unique ID for the computer.
20. The machine-readable medium of claim 18 wherein the report invalid login attempt comprises:
reporting the invalid attempt to the network;
recording the IP address of the invalid login attempt; and
sending an alert signal to a network administrator.
21. The machine-readable medium of claim 18 wherein the retrieving configuration data on the at least one hard drive in the computer connected to the network, including the serial number for the at least one hard drive, and retrieving the media access codes all occurs immediately after the computer is powered-on.
22. The machine-readable medium of claim 18 wherein the previously created unique ID is retrieved and decrypted from an encrypted, previously created unique ID stored in a data file on the computer and the decrypted previously created unique ID is stored in the memory of the computer occurs immediately after the computer is powered-on.
23. An apparatus for performing a method of providing a secure network user login procedure for a network, the apparatus comprising:
means for retrieving configuration data on at least one hard drive in a computer, including a serial number for the at least one hard drive;
means for retrieving all media access codes associated with the computer;
means for converting each of the media access codes to a character string and appending all of the media access code character strings together to form a single, long character string of all of the media access code strings;
means for creating a unique identification (ID)for the computer by
converting the serial number for the at least one hard drive to a character string, and
appending the character string serial number for the at least one hard drive to the single, long character string of all of the media access code strings to create the unique ID for the computer;
means for comparing the unique ID to a previously created unique ID for the computer and, if the unique ID matches the previously created unique ID, then grant access to the network, otherwise, terminate the login attempt and report the invalid login attempt.
24. The apparatus of claim 23 wherein the previously created unique ID was created by an initial use of the apparatus.
25. The apparatus of claim 23 wherein the report invalid login attempt comprises:
reporting the invalid attempt to the network;
recording the IP address of the invalid login attempt; and
sending an alert signal to a network administrator.
26. The apparatus of claim 23 wherein the means for retrieving configuration data on the at least one hard drive in the computer connected to the network, including the serial number for the at least one hard drive, and retrieving the media access codes all operates immediately after the computer is powered-on.
27. The apparatus of claim 23 wherein the previously created unique ID is retrieved and decrypted from an encrypted, previously created unique ID stored in a data file on the computer and the decrypted previously created unique ID is stored in the memory of the computer occurs immediately after the computer is powered-on.
US12/440,312 2006-09-07 2007-09-07 Creating and using a specific user unique id for security login authentication Abandoned US20100192199A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/440,312 US20100192199A1 (en) 2006-09-07 2007-09-07 Creating and using a specific user unique id for security login authentication

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US82483506P 2006-09-07 2006-09-07
US12/440,312 US20100192199A1 (en) 2006-09-07 2007-09-07 Creating and using a specific user unique id for security login authentication
PCT/US2007/077914 WO2008031054A2 (en) 2006-09-07 2007-09-07 Creating and using a specific user unique id for security login authentication

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/077914 A-371-Of-International WO2008031054A2 (en) 2006-09-07 2007-09-07 Creating and using a specific user unique id for security login authentication

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/789,248 Continuation US8954729B2 (en) 2006-09-07 2013-03-07 Creating and using a specific user unique id for security login authentication

Publications (1)

Publication Number Publication Date
US20100192199A1 true US20100192199A1 (en) 2010-07-29

Family

ID=39158109

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/440,312 Abandoned US20100192199A1 (en) 2006-09-07 2007-09-07 Creating and using a specific user unique id for security login authentication
US13/789,248 Expired - Fee Related US8954729B2 (en) 2006-09-07 2013-03-07 Creating and using a specific user unique id for security login authentication

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/789,248 Expired - Fee Related US8954729B2 (en) 2006-09-07 2013-03-07 Creating and using a specific user unique id for security login authentication

Country Status (2)

Country Link
US (2) US20100192199A1 (en)
WO (1) WO2008031054A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212653A1 (en) * 2012-02-09 2013-08-15 Indigo Identityware Systems and methods for password-free authentication
WO2015002545A1 (en) * 2013-07-05 2015-01-08 Sgx As Method and system related to authentication of users for accessing data networks

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9075958B2 (en) * 2009-06-24 2015-07-07 Uniloc Luxembourg S.A. Use of fingerprint with an on-line or networked auction
AU2011101297B4 (en) 2011-08-15 2012-06-14 Uniloc Usa, Inc. Remote recognition of an association between remote devices
US9286466B2 (en) 2013-03-15 2016-03-15 Uniloc Luxembourg S.A. Registration and authentication of computing devices using a digital skeleton key

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577249A (en) * 1992-07-31 1996-11-19 International Business Machines Corporation Method for finding a reference token sequence in an original token string within a database of token strings using appended non-contiguous substrings
US20010054102A1 (en) * 2000-05-24 2001-12-20 Kacines Jeffery J. Login method for identifying devices on a network
US20030033545A1 (en) * 2001-08-09 2003-02-13 Wenisch Thomas F. Computer network security system
US20040098627A1 (en) * 2002-02-01 2004-05-20 Larsen Vincent Alan Process based security system authentication system and method
US20050163488A1 (en) * 1999-09-30 2005-07-28 Satoshi Tsujii Recording apparatus, recording method, reproducing apparatus, reproducing method, and record medium
US20050188222A1 (en) * 2004-02-24 2005-08-25 Covelight Systems, Inc. Methods, systems and computer program products for monitoring user login activity for a server application
US20050262076A1 (en) * 2004-05-21 2005-11-24 Voskuil Eric K System for policy-based management of software updates
US20070116648A1 (en) * 2005-11-21 2007-05-24 Wong Wing T Optimized relaxivity and specificity hepatobiliary MRI contrast agent

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658447B2 (en) 1997-07-08 2003-12-02 Intel Corporation Priority based simultaneous multi-threading
US6212544B1 (en) 1997-10-23 2001-04-03 International Business Machines Corporation Altering thread priorities in a multithreaded processor
US6983350B1 (en) 1999-08-31 2006-01-03 Intel Corporation SDRAM controller for parallel processor architecture
AU2597401A (en) 1999-12-22 2001-07-03 Ubicom, Inc. System and method for instruction level multithreading in an embedded processor using zero-time context switching
US7051329B1 (en) 1999-12-28 2006-05-23 Intel Corporation Method and apparatus for managing resources in a multithreaded processor
US7480706B1 (en) 1999-12-30 2009-01-20 Intel Corporation Multi-threaded round-robin receive for fast network port
US20020116648A1 (en) * 2000-12-14 2002-08-22 Ibm Corporation Method and apparatus for centralized storing and retrieving user password using LDAP
JP3702814B2 (en) 2001-07-12 2005-10-05 日本電気株式会社 Multi-thread execution method and parallel processor system
US7401208B2 (en) 2003-04-25 2008-07-15 International Business Machines Corporation Method and apparatus for randomizing instruction thread interleaving in a multi-thread processor
US20050071438A1 (en) 2003-09-30 2005-03-31 Shih-Wei Liao Methods and apparatuses for compiler-creating helper threads for multi-threading

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577249A (en) * 1992-07-31 1996-11-19 International Business Machines Corporation Method for finding a reference token sequence in an original token string within a database of token strings using appended non-contiguous substrings
US20050163488A1 (en) * 1999-09-30 2005-07-28 Satoshi Tsujii Recording apparatus, recording method, reproducing apparatus, reproducing method, and record medium
US20010054102A1 (en) * 2000-05-24 2001-12-20 Kacines Jeffery J. Login method for identifying devices on a network
US20030033545A1 (en) * 2001-08-09 2003-02-13 Wenisch Thomas F. Computer network security system
US20040098627A1 (en) * 2002-02-01 2004-05-20 Larsen Vincent Alan Process based security system authentication system and method
US20050188222A1 (en) * 2004-02-24 2005-08-25 Covelight Systems, Inc. Methods, systems and computer program products for monitoring user login activity for a server application
US20050262076A1 (en) * 2004-05-21 2005-11-24 Voskuil Eric K System for policy-based management of software updates
US20070116648A1 (en) * 2005-11-21 2007-05-24 Wong Wing T Optimized relaxivity and specificity hepatobiliary MRI contrast agent

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212653A1 (en) * 2012-02-09 2013-08-15 Indigo Identityware Systems and methods for password-free authentication
WO2015002545A1 (en) * 2013-07-05 2015-01-08 Sgx As Method and system related to authentication of users for accessing data networks
RU2676896C2 (en) * 2013-07-05 2019-01-11 СГЭкс АС Method and system related to authentication of users for accessing data networks
US10862890B2 (en) 2013-07-05 2020-12-08 Sgx As Method and system related to authentication of users for accessing data networks

Also Published As

Publication number Publication date
WO2008031054A3 (en) 2008-06-05
US20140173273A1 (en) 2014-06-19
WO2008031054A2 (en) 2008-03-13
US8954729B2 (en) 2015-02-10

Similar Documents

Publication Publication Date Title
US11556556B2 (en) System and method for conducting searches at target devices
US8397077B2 (en) Client side authentication redirection
US8271790B2 (en) Method and system for securely identifying computer storage devices
US8261093B1 (en) System, method, and computer program product for disabling a communication channel during authentication
US8954729B2 (en) Creating and using a specific user unique id for security login authentication
WO2012160421A1 (en) Systems and methods for device based secure access control using encryption
CN110084599B (en) Key processing method, device, equipment and storage medium
CN102325026A (en) Account password secure encryption system
US7836310B1 (en) Security system that uses indirect password-based encryption
US7412603B2 (en) Methods and systems for enabling secure storage of sensitive data
JP4734512B2 (en) Secure and recoverable password
JP4947562B2 (en) Key information management device
US10623400B2 (en) Method and device for credential and data protection
JP3727819B2 (en) Database sharing system
Dowdeswell et al. The CryptoGraphic Disk Driver.
US20100293596A1 (en) Method of automatically defining and monitoring internal network connections
CN113961970B (en) Cross-network-segment network disk login identity authentication method and device, network disk and storage medium
JPWO2018034192A1 (en) INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM
Pal et al. Enhancing file data security in linux operating system by integrating secure file system
Kapis et al. Security Modeling for Protecting Electronic Patients' Consent.
CN108875379A (en) The method, apparatus and USB flash disk of USB flash disk storing data
Magruder et al. More Secure Passwords

Legal Events

Date Code Title Description
AS Assignment

Owner name: CW INTERNATIONAL, LLC, PENNSYLVANIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACK LAB SECURITY SYSTEMS, INC.;REEL/FRAME:022374/0987

Effective date: 20081215

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION