Modular authentication and authorization scheme for internet protocol
First Claim
1. A system for authentication and authorization, comprising:
- (a) an authorizer configured to determine if a requestor is authorized to access a resource associated with a request;
(b) a client that is an Internet Protocol version 6 (IPv6) host, wherein the client is configured to make the request; and
(c) a local attendant that is accessible to the authorizer and the client and that provides a conduit through which messages between the client and the authorizer pass, wherein the authorizer, the client, and a peer on which the resource may be accessed are each in separate domains, wherein each domain is defined as a set of one or more entities such that if the set includes more than one entity, a connection between any two of the entities in the set can be secured by static credentials that are known by each of the two entities.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for three-party authentication and authorization. The system includes an authorizer that authorizes requestors, a client that makes a request, and a local attendant that provides a conduit through which messages between the client and the authorizer pass. The authorizer, the client, and a peer on which the requested resource may be accessed are each in separate domains. A domain is defined as a set of one or more entities such that if the set includes more than one entity, a connection between any two of the entities in the set can be secured by static credentials that are known by each of the two entities. A subscriber identity module (SIM) may be used to generate a copy of a key for the client to be used in accessing a requested resource.
180 Citations
22 Claims
-
1. A system for authentication and authorization, comprising:
-
(a) an authorizer configured to determine if a requestor is authorized to access a resource associated with a request;
(b) a client that is an Internet Protocol version 6 (IPv6) host, wherein the client is configured to make the request; and
(c) a local attendant that is accessible to the authorizer and the client and that provides a conduit through which messages between the client and the authorizer pass, wherein the authorizer, the client, and a peer on which the resource may be accessed are each in separate domains, wherein each domain is defined as a set of one or more entities such that if the set includes more than one entity, a connection between any two of the entities in the set can be secured by static credentials that are known by each of the two entities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for authentication and authorization, comprising:
-
(a) sending an identity associated with a client to an authorizer, wherein the identity is sent using Internet Protocol version 6 (IPv6);
(b) generating, by the authorizer, a challenge that is calculated using the client identity;
(c) sending the challenge to the client;
(d) generating, by the client, a response employing the client identity and the challenge;
(e) sending the response to the authorizer;
(f) comparing, by the authorizer, the challenge to the client response;
(g) transferring, by the authorizer, a key to a device providing a service to the client; and
(h) automatically generating a copy of the key for use by the client by employing a subscriber identity module (SIM) associated with the client. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A system for authenticating and authorization, comprising:
-
(a) means for determining if a requestor is authorized to access a resource associated with a request;
(b) means for requesting access to the resource;
(c) means for passing messages between the requestor and the determining means, wherein the determining means, the requesting means, and the message passing means are each in a separate domain, wherein each domain is defined as a set of one or more entities such that if the set includes more than one entity, a connection between any two of the entities in the set can be secured by static credentials that are known by each of the two entities.
-
Specification