Public key based authentication method for transaction delegation in service-based computing environments

US 20030131238A1
Filed: 01/08/2002
Published: 07/10/2003
Est. Priority Date: 01/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method on a central computer of providing data to a client computer, comprising the steps of:

accepting a request for data from a client computer; and

transmitting a partial response to the client computer, wherein the partial response contains a nonce value, and wherein the nonce value is digitally signed and is used to authorize a limited number of accesses to data on a remote computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing access to data or processing on a remote computer. An authorizing computer provides client computers with a data specification and remote computer address along with an authorization code that is digitally signed or encrypted and that may only be used for a limited number of times. A client computer then accesses the remote computer by providing the digitally signed authorization code. The remote computer responds with the data or processing if the digital signature is successfully verified and the authorization code has been used fewer than the limited number of times.

Citations

26 Claims

1. A method on a central computer of providing data to a client computer, comprising the steps of:
- accepting a request for data from a client computer; and
  
  transmitting a partial response to the client computer, wherein the partial response contains a nonce value, and wherein the nonce value is digitally signed and is used to authorize a limited number of accesses to data on a remote computer.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, further comprising the step of charging an entity upon use of the nonce value for at least one of the accesses.
  - 3. The method according to claim 1, wherein the nonce value comprises an expiration time.

4. A method of controlling access to data on a remote computer, the method comprising the steps of:
- accepting a request for a data item, wherein the request contains a nonce value which has been digitally signed with a digital signature;
  
  verifying the nonce value, wherein the step of verifying the nonce value comprises the step of verifying the digital signature; and
  
  responding to the request by returning the data item if the nonce value is valid and has been previously used fewer than a limited number of times.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method according to claim 4, further comprising the step of charging an entity upon performance of the step of responding in conjunction with the use of the nonce value.
  - 6. The method according to claim 4, wherein the nonce value comprises an expiration time.
  - 7. The method according to claim 4, wherein step of verifying comprises comparing the nonce value to a list of stored and valid nonce values.
  - 8. The method according to claim 7, wherein the list of stored and valid nonce values is shared with an entity that originated the data request.

9. A method of obtaining service from a secure data server, the method comprising the steps of:
- accepting a partial response from a first computer, wherein the partial response comprises a nonce value and a specification of a remote computer, and wherein the nonce value is signed with a digital signature;
  
  transmitting a service request to the remote computer, wherein the service request comprises the nonce value; and
  
  receiving a service response from the remote computer if the nonce value was valid.
- View Dependent Claims (10)
- - 10. The method according to claim 9, wherein the service request comprises one of a request for a data item and a request for a computing service.

11. A central computer system for providing data to a client computer, the system comprising:
- a request message receiver for accepting a request for data from a client computer; and
  
  a partial response transmitter transmitting for transmitting a partial response to the client computer, wherein the partial response contains a nonce value, and wherein the nonce value is digitally signed and is used to authorize a limited number of accesses to data on a remote computer.
- View Dependent Claims (12, 13)
- - 12. The system according to claim 11, further comprising a billing module for charging an entity upon use of the nonce value for at least one of the accesses.
  - 13. The system according to claim 11, wherein the nonce value comprises an expiration time.

14. A system for controlling access to data on a computer, the system comprising:
- a request receiver for accepting a request for a data item, wherein the request contains a nonce value, wherein the nonce value is digitally signed by a digital signature;
  
  a nonce verifier for verifying the nonce value, wherein the nonce verifier performs at least a verification of the digital signature; and
  
  a response generator for responding to the request by returning the data item if the nonce value is valid and has been previously used fewer than a limited number of times.
- View Dependent Claims (15, 16)
- - 15. The system according to claim 14, further comprising a billing module for charging an entity upon use of the nonce value for the onetime access.
  - 16. The system according to claim 14, wherein the nonce value comprises an expiration time.

17. A system for obtaining service from a secure data server, the system comprising the steps of:
- a partial response receiver for accepting a partial response from a first computer, wherein the partial response comprises a nonce value and a specification of a remote computer, and wherein the nonce value is digitally signed by a digital signature;
  
  a request transmitter for transmitting a service request to the remote computer, wherein the service request comprises the nonce value; and
  
  a service response receiver for receiving a service response from the remote computer if the nonce value was valid.
- View Dependent Claims (18)
- - 18. The system according to claim 17, wherein the service request comprises a request for a data item.

19. A computer readable medium including computer instructions for controlling communications access to remote processors, the computer instructions comprising instructions for:
- accepting a request for data from a client computer; and
  
  transmitting a partial response to the client computer, wherein the partial response contains a nonce value, wherein the nonce value is digitally signed with a digital signature and the nonce value is used to authorize a limited number of accesses to data on a remote computer.
- View Dependent Claims (20, 21)
- - 20. The computer readable medium of claim 19, further comprising instructions for charging an entity for at least one of the accesses.
  - 21. The computer readable medium of claim 19, wherein the nonce value comprises an expiration time.

22. A computer readable medium including computer instructions for controlling communications access to computer, the computer instructions comprising instructions for:
- accepting a request for a data item, wherein the request contains a nonce value, wherein the nonce value is digitally signed with a digital signature;
  
  verifying the nonce value, wherein the instructions for verifying comprise instructions for verifying the digital signature; and
  
  responding to the request by returning the data item if the nonce value was verified by the instructions for verifying and the nonce value is valid and has been previously used fewer than a limited number of times.
- View Dependent Claims (23, 24)
- - 23. The computer readable medium according to claim 22, further comprising instructions for charging an entity upon use of the nonce value for the onetime access.
  - 24. The computer readable medium according to claim 22, wherein the nonce value comprises an expiration time.

25. A computer readable medium including computer instructions for obtaining service from a secure data server, the computer instructions comprising instructions for:
- accepting a partial response from a first computer, wherein the partial response comprises a nonce value and a specification of a remote computer, wherein the nonce value is digitally signed with a digital signature;
  
  transmitting a service request to the remote computer, wherein the service request comprises the nonce value; and
  
  receiving a service response from the remote computer if the nonce value was valid.
- View Dependent Claims (26)
- - 26. The computer readable medium according to claim 25, wherein the service request comprises a request for a data item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wrp IP Management, LLC
Original Assignee
International Business Machines Corporation
Inventors
Vincent, Christopher R.

Granted Patent

US 7,117,366 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/32   including means for verifyi...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Public key based authentication method for transaction delegation in service-based computing environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Public key based authentication method for transaction delegation in service-based computing environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links