Methods and systems for authentication and authorization

US 20040111375A1
Filed: 12/04/2003
Published: 06/10/2004
Est. Priority Date: 02/07/2002
Status: Active Grant

First Claim

Patent Images

1. In a computing environment having a connection to a network, computer readable code readable by a computer system in said environment, for enabling a server computer within the computing environment to both authenticate a user of a client computer within the computing environment and to verify that the user is authorized to request that the server computer carry out a requested action, comprising:

a digital certificate assigned to the user of the client computer, the digital certificate comprising a first code portion and a second code portion, wherein the first code portion of the digital certificate is configured enable authentication of the user, the first code portion defines a public key, a certificate serial number, a certificate validity period, a digital signature of the certificate authority, and an extension field, and wherein the second code portion of the digital certificate is configured to define an authority of the user of the client computer to request that the server computer carry out the requested action, the second code portion being configured for inclusion within the extension field of the first code portion, the authority of the user defined within the second code portion of the certificate being verifiable by the server computer independently of the digital certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for ensuring non-repudiation of a payment request and/or other action may include a step of receiving, over a network, the payment request together with a digital certificate identifying a user having caused the payment request to be generated. The certificate may include certificate-identifying information, user-identifying information, authority information that defines and delimits the authority of the user to make the payment request. The certificate-identifying information and the user-identifying information included within the received certificate may be validated. The authority information included within the received certificate may then be validated. The payment request and/or other action is then only executed when the certificate-identifying information, the user-identifying information and the authority information within the received certificate are successfully validated.

119 Citations

View as Search Results

28 Claims

1. In a computing environment having a connection to a network, computer readable code readable by a computer system in said environment, for enabling a server computer within the computing environment to both authenticate a user of a client computer within the computing environment and to verify that the user is authorized to request that the server computer carry out a requested action, comprising:
- a digital certificate assigned to the user of the client computer, the digital certificate comprising a first code portion and a second code portion, wherein the first code portion of the digital certificate is configured enable authentication of the user, the first code portion defines a public key, a certificate serial number, a certificate validity period, a digital signature of the certificate authority, and an extension field, and wherein the second code portion of the digital certificate is configured to define an authority of the user of the client computer to request that the server computer carry out the requested action, the second code portion being configured for inclusion within the extension field of the first code portion, the authority of the user defined within the second code portion of the certificate being verifiable by the server computer independently of the digital certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer readable code of claim 1, wherein the digital certificate conforms to the X.509 standard.
  - 3. The computer readable code of claim 1, wherein the second code portion is configured as XML code.
  - 4. The computer readable code of claim 3, wherein the XML code is compliant with a DSML standard.
  - 5. The computer readable code of claim 1, wherein the authority of the user of the client computer is stored in a hierarchical authority data structure that is accessible by the server computer.
  - 6. The computer readable code of claim 1, wherein the authority of the user defined within the second code portion of the certificate is verifiable by the server computer accessing a store of authority information that is independent of the received certificate.
  - 7. The computer readable code of claim 1, wherein the authority defined within the second code portion defines access rights of the user to data and programs within the computing environment.
  - 8. The computer readable code of claim 1, wherein the authority defined within the second code portion defines rights of the user to issue payment requests.

9. A computer-implemented method for ensuring non-repudiation of a payment request, the payment request being generated in a computing environment having a connection to a network, the method comprising the steps of:
- receiving, over the network, the payment request together with a certificate identifying a user having caused the payment request to be generated, the certificate including certificate-identifying information and user-identifying information, the certificate further including authority information defining an authority of the user to make the payment request;
  
  validating the certificate-identifying information and the user-identifying information included within the received certificate;
  
  validating the authority information included within the received certificate, and executing of the payment request only when the certificate-identifying information, the user-identifying information and the authority information within the received certificate is successfully validated.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the payment request is for a predetermined amount and wherein the payment request is authorized only when the validating steps are successful and when the authority information for the user stored in the hierarchical authority data structure lists an authorized amount for the user at least equal to the predetermined amount.
  - 11. The method of claim 9, wherein the certificate received in the receiving step conforms to the X.509 standard.
  - 12. The method of claim 9, wherein the authority information is configured as XML code.
  - 13. The method of claim 9, wherein the XML code is compliant with a DSML standard.
  - 14. The method of claim 9, wherein the authority information is validated by accessing a store of authority information that is independent of the received certificate.

15. A software application configured to carry out a financial transaction, the application being configured to run on a computer coupled to a network, and comprising, stored on a computer-readable medium:
- certificate receiving code which is configured to receive a digital certificate from a user over the network, the certificate including certificate-identifying information and user-identifying information, the certificate further including authority information that defines an authority granted to the user to request that the financial transaction be carried out;
  
  certificate validating code configured to enable validation of the certificate-identifying information and user-identifying information within the received certificate, and authorization validating code configured to enable validation of the authority information within the received certificate against corresponding authority information for the user stored in a data structure that is independent of the received certificate.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The software application of claim 15, wherein the digital certificate conforms to the X.509 standard.
  - 17. The software application of claim 15, wherein the authority information is configured as XML code.
  - 18. The software application of claim 17, wherein the XML code is compliant with a DSML standard.
  - 19. The software application of claim 15, wherein the authority defined by the authority information within the received certificate also defines rights of the user to access predetermined data and programs within the network.

20. A computer-implemented method for controlling authority of employees of a company within in a computing environment, the company having a hierarchical management structure, the method comprising the steps of:
- creating or receiving a primary digital certificate, the primary digital certificate including primary authority information that defines and grants primary rights to a primary employee as defined by the hierarchical management structure;
  
  creating secondary digital certificates and assigning the created secondary certificates to selected secondary employees requiring access to the computing environment, each of the selected secondary employees occupying a predefined position within the hierarchical management structure that is hierarchically lower than that of the primary employee, each of the secondary certificates including secondary authority information that defines and grants secondary rights, the secondary rights being derivative from the primary rights and being commensurate with the predefined position of the selected secondary employee within the hierarchical management structure, and allowing each selected secondary employee to exercise only those rights within the computing environment that are granted by the secondary rights defined within the assigned secondary certificate.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The computer-implemented method of claim 20, wherein the primary and secondary certificates conform to the X.509 standard.
  - 22. The computer-implemented method of claim 20, wherein the primary and secondary authority information are encoded within the primary and secondary certificates as XML code.
  - 23. The computer-implemented method of claim 22, wherein the XML code is compliant with a DSML standard.
  - 24. The computer-implemented method of claim 20, wherein the secondary rights defined within at least one of the secondary certificates are derivative from secondary rights defined within another secondary certificate.
  - 25. The computer-implemented method of claim 20, further including a step of revoking a secondary certificate to a terminated secondary employee, the revoking step being operative to revoke all certificates to secondary employees of the company that report to the terminated secondary employee, which revokes all secondary rights that are derivative from the secondary rights granted by the revoked secondary certificate.
  - 26. The computer-implemented method of claim 20, further including a step of revoking a secondary certificate to a terminated secondary employee, the revoking step being operative to revoke all secondary rights that are derivative from the secondary rights granted by the revoked secondary certificate.
  - 27. The computer-implemented method of claim 20, wherein the primary and secondary rights define access rights to data and programs within the computing environment.
  - 28. The computer-implemented method of claim 20, wherein the primary and secondary rights each define amounts to which the primary and each of the secondary employees, respectively, are authorized to bind the company.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Johnson, Richard C.

Granted Patent

US 8,566,249 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06Q 20/06   Private payment circuits, e...

G06Q 20/0855   involving a third party

G06Q 20/102   Bill distribution or payments

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/12   Accounting

Methods and systems for authentication and authorization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

119 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for authentication and authorization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links