Authentication arrangement

US 10,594,695 B2
Filed: 12/10/2007
Issued: 03/17/2020
Est. Priority Date: 12/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving with a proxy device and storing in a non-transitory memory of the proxy device a security token from an authentication provider device, the security token including authentication information, wherein the security token comprises information that allows access to a service provider and information that assigns the security token to the service provider;

after said receiving with the proxy device and storing, in the non-transitory memory of the proxy device, the security token from the authentication provider device;

receiving with the proxy device an authentication request directed to the authentication provider device or to the proxy device;

determining with the proxy device whether the authentication information corresponds to the authentication request; and

in case the authentication information corresponds to the authentication request, providing the security token from the proxy device as a response to the authentication request;

after determining with the proxy device whether the authentication information corresponds to the authentication request;

requesting a further security token from the authentication provider device;

receiving at the proxy device said further security token as a response to said request for the further security token; and

requesting additional security tokens with the proxy device in order to maintain a complement of security tokens within the proxy device in response to all security tokens received and stored being exhausted or having expired after a predetermined time interval, or in response to the proxy device having less than the complement of security tokens.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a proxy, a device, a system, and a computer program product for enabling authentication is provided. Authentication is enabled by receiving by a proxy a security token from an authentication provider, the security token including authentication information, receiving by the proxy an authentication request directed to the authentication provider or to the proxy, determining by the proxy whether the authentication information corresponds to the authentication request, and in case the authentication information corresponds to the authentication request, providing by the proxy the security token as a response to the authentication request.

46 Citations

18 Claims

1. A method comprising:
- receiving with a proxy device and storing in a non-transitory memory of the proxy device a security token from an authentication provider device, the security token including authentication information, wherein the security token comprises information that allows access to a service provider and information that assigns the security token to the service provider;
  
  after said receiving with the proxy device and storing, in the non-transitory memory of the proxy device, the security token from the authentication provider device;
  
  receiving with the proxy device an authentication request directed to the authentication provider device or to the proxy device;
  
  determining with the proxy device whether the authentication information corresponds to the authentication request; and
  
  in case the authentication information corresponds to the authentication request, providing the security token from the proxy device as a response to the authentication request;
  
  after determining with the proxy device whether the authentication information corresponds to the authentication request;
  
  requesting a further security token from the authentication provider device;
  
  receiving at the proxy device said further security token as a response to said request for the further security token; and
  
  requesting additional security tokens with the proxy device in order to maintain a complement of security tokens within the proxy device in response to all security tokens received and stored being exhausted or having expired after a predetermined time interval, or in response to the proxy device having less than the complement of security tokens.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17)
- - 2. The method according to claim 1, wherein the security token is associated with a client the authentication provider device initially authenticated.
  - 3. The method according to claim 1, wherein the authentication request is originated from the service provider, and wherein the proxy device receives the authentication request from the authentication provider device as a response to the authentication provider device forwarding the authentication request to the proxy device.
  - 4. The method according to claim 1, wherein the authentication request is originated from the service provider, and wherein the proxy device receives the authentication request as a response to the service provider sending the authentication request to the proxy device.
  - 5. The method according to claim 2, wherein the authentication request is originated as a response to the client requesting service from the service provider.
  - 6. The method according to claim 2, wherein the authentication provider device initial authentication of the client is initiated as a response to the client requesting service from the service provider.
  - 7. The method according to claim 2, further comprising after the proxy device determines whether the authentication information corresponds to the authentication request:
    - in case the authentication information does not correspond to the authentication request, the proxy device requesting further authentication information from the client;
      
      receiving the further authentication information from the client; and
      
      in case the further authentication information corresponds to the authentication request, the proxy device providing the security token or a further security token to the service provider.
  - 8. The method according to claim 1, wherein the security token comprises a plurality of tokens.
  - 9. The method according to claim 1, wherein the further security token is requested after the security token has been provided or expired.
  - 10. The method according to claim 1, wherein the security token has been standardized in a Single Sign-On convention, a federation, a generic format, or comprises an X.509 certificate, a Kerberos ticket, or a SAML assertion.
  - 17. The method according to claim 1, wherein the authentication provider device is further configured to generate further security tokens such that the further security tokens are generated in batches, wherein a batch of security tokens is generated when processing resources of the authentication provider device are available.

11. An apparatus, comprising:
- at least one processor and a non-transitory memory storing a set of computer instructions, in which the at least one processor and the non-transitory memory storing the computer instructions are configured to cause the apparatus at least;
  
  to receive and store in the non-transitory memory a security token received from the authentication provider device through a communication interface, the security token including authentication information, wherein the security token comprises information that allows access to a service provider and information that assigns the security token to the service provider; and
  
  after said receipt and storage;
  
  to process an authentication request received through the communication interface of the apparatus, the authentication request having been directed to the authentication provider device or to the apparatus;
  
  to determine whether the authentication information corresponds to the authentication request; and
  
  in case the authentication information corresponds to the authentication request, to provide the security token through the communication interface;
  
  after said determination;
  
  requesting a further security token from the authentication provider device;
  
  receiving with the apparatus said further security token as a response to said request for the further security token; and
  
  requesting additional security tokens in order to maintain a complement of security tokens within the apparatus in response to all security tokens received and stored being exhausted or having expired after a predetermined time interval, or in response to the apparatus having less than the complement of security tokens.
- View Dependent Claims (12, 13, 14, 15, 18)
- - 12. The apparatus according to claim 11, wherein the security token is associated with a client the authentication provider device initially authenticated.
  - 13. The apparatus according to claim 11, wherein the computer instructions are further configured to cause the apparatus to request through the communication interface further authentication information in case the authentication information does not correspond to the authentication request.
  - 14. The apparatus according to claim 11, wherein the computer instructions are further configured to cause the apparatus to request through the communication interface a further security token from the authentication provider device.
  - 15. The apparatus according to claim 13, wherein the computer instructions are further configured to cause the apparatus to:
    - receive through the communication interface said further authentication information;
      
      determine whether said further authentication information corresponds to the authentication request; and
      
      provide the security token or a further security token through the communication interface in case the further authentication information corresponds to the authentication request.
  - 18. The apparatus according to claim 11, wherein the authentication provider device is further configured to generate further security tokens such that the further security tokens are generated in batches, wherein a batch of security tokens is generated when processing resources of the authentication provider device are available.

16. A computer program product embodied on a non-transitory computer readable memory comprising computer executable program code which, when executed with at least one processor of an apparatus, causes the apparatus to perform:
- receiving with the apparatus and storing in a non-transitory memory of the apparatus a security token from the authentication provider device, the security token including authentication information, wherein the security token comprises information that allows access to a service provider and information that assigns the security token to the service provider; and
  
  after said receiving and storing with the apparatus;
  
  receiving with the apparatus an authentication request directed to the authentication provider device or to the apparatus;
  
  determining with the apparatus whether the authentication information corresponds to the authentication request; and
  
  in case the authentication information corresponds to the authentication request, providing the security token from the apparatus as a response to the authentication request;
  
  after said determining with the apparatus;
  
  requesting a further security token from the authentication provider device;
  
  receiving at the apparatus said further security token as a response to said request for the further security token; and
  
  requesting additional security tokens with the apparatus in order to maintain a complement of security tokens within the apparatus in response to all security tokens received and stored being exhausted or having expired after a predetermined time interval, or in response to the apparatus having less than the complement of security tokens.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Tarkoma, Sasu
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US12/747,466
Publication Number

US 20100281530A1
Time in Patent Office

4,481 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/335   for accessing specific reso...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

Authentication arrangement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication arrangement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links