System and method for authenticating a subject

US 20040168060A1
Filed: 02/24/2003
Published: 08/26/2004
Est. Priority Date: 02/24/2003
Status: Active Grant

First Claim

Patent Images

1. A method for adaptively authenticating a subject based on authentication information, comprising the steps of:

providing for the receipt of the authentication information;

providing for the performance of Java Authentication and Authorization Service (JAAS) authentication of the subject based on the authentication information and wherein successful authentication of the subject results in the association a principal with the subject;

providing for the signing of the principal by determining an authentication code for the principal that is a function of the principal and a key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for adaptively authenticating a subject based on authentication information, comprising the steps of providing for the receipt of the authentication information; providing for the performance of Java Authentication and Authorization Service (JAAS) authentication of the subject based on the authentication information and wherein successful authentication of the subject results in the association a principal with the subject; providing for the signing of the principal by determining an authentication code for the principal that is a function of the principal and a key.

Citations

53 Claims

1. A method for adaptively authenticating a subject based on authentication information, comprising the steps of:
- providing for the receipt of the authentication information;
  
  providing for the performance of Java Authentication and Authorization Service (JAAS) authentication of the subject based on the authentication information and wherein successful authentication of the subject results in the association a principal with the subject;
  
  providing for the signing of the principal by determining an authentication code for the principal that is a function of the principal and a key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein:
    - the subject can be a user, group, service or process.
  - 3. The method of claim 1 further comprising the step of:
    - providing for the determination of whether the principal has been altered by generating a second code and comparing it to the authentication code.
  - 4. The method of claim 1 further comprising the step of:
    - providing for the generation of authentication code via a secret key authentication algorithm, wherein the code is used to sign the principal.
  - 5. The method of claim 1 wherein:
    - the step of associating the signed principal with a subject results in storing the signed principal in the subject.
  - 6. The method of claim 1 wherein:
    - the step of providing for the authentication of the subject includes invoking one or more authentication mechanisms.
  - 7. The method of claim 1 wherein:
    - the step of providing for the authentication of the subject includes invoking one or more JAAS login modules.
  - 8. The method of claim 7 wherein:
    - configuration information determines which login modules are required and which login modules are optional.
  - 9. The method of claim 1 wherein:
    - the step of providing for the authentication of the subject is within the context of a security realm.
  - 10. The method of claim 1 wherein:
    - the authentication information includes at least one of (1) user name, (2) password, and (3) biometric data.
  - 11. The method of claim 10 wherein:
    - the biometric data can include at least one of (1) a finger print, (2) a voice print, (3) a retina scan, (4) an image, (5) a sound, (6) a sample of human deoxyribonucleic acid, (7) human saliva, and (8) human blood.

12. A method for adaptively authenticating a subject based on authentication information, comprising the steps of:
- providing for the receipt of the authentication information;
  
  providing for the performance of Java Authentication and Authorization Service (JAAS) authentication of the subject based on the authentication information and wherein successful authentication of the subject results in the association of a principal with the subject;
  
  providing for the signing of the principal by determining an authentication code for the principal using an HMAC algorithm.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12 wherein:
    - the subject can be a user, group, service or process.
  - 14. The method of claim 12 further comprising the step of:
    - providing for the determination of whether the principal has been altered by generating a second code and comparing it to the authentication code.
  - 15. The method of claim 12 further comprising the step of:
    - providing for the generation of authentication code via a secret key authentication algorithm, wherein the code is used to sign the principal.
  - 16. The method of claim 12 wherein:
    - the step of associating the signed principal with a subject results in storing the signed principal in the subject.
  - 17. The method of claim 12 wherein:
    - the step of providing for the authentication of the subject includes invoking one or more authentication mechanisms.
  - 18. The method of claim 12 wherein:
    - the step of providing for the authentication of the subject includes invoking one or more JAAS login modules.
  - 19. The method of claim 18 wherein:
    - configuration information determines which login modules are required and which login modules are optional.
  - 20. The method of claim 12 wherein:
    - the step of providing for the authentication of the subject is within the context of a security realm.
  - 21. The method of claim 12 wherein:
    - the authentication information includes at least one of (1) user name, (2) password, and (3) biometric data.
  - 22. The method of claim 21 wherein:
    - the biometric data can include at least one of (1) a finger print, (2) a voice print, (3) a retina scan, (4) an image, (5) a sound, (6) a sample of human deoxyribonucleic acid, (7) human saliva, and (8) human blood.

23. A method for adaptively authenticating a subject based on authentication information, comprising the steps of:
- providing for the receipt of the authentication information;
  
  providing for the invocation of a Java Authentication and Authorization Service (JAAS) login module by an authentication provider;
  
  providing for the performance of authentication of the subject by the JAAS login module based on the authentication information and wherein successful authentication of the subject results in the association of a principal with the subject;
  
  providing for the signing of the principal by determining an authentication code for the principal that is a function of the principal and a key.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The method of claim 23 wherein:
    - the subject can be a user, group, service or process.
  - 25. The method of claim 23 further comprising the step of:
    - providing for the determination of whether the principal has been altered by generating a second code and comparing it to the authentication code.
  - 26. The method of claim 23 further comprising the step of:
    - providing for the generation of authentication code via a secret key authentication algorithm, wherein the code is used to sign the principal.
  - 27. The method of claim 23 wherein:
    - the step of associating the signed principal with a subject results in storing the signed principal in the subject.
  - 28. The method of claim 23 wherein:
    - the step of providing for the authentication of the subject includes invoking more than one JAAS login module.
  - 29. The method of claim 28 wherein:
    - configuration information determines which login modules are required and which login modules are optional.
  - 30. The method of claim 23 wherein:
    - the step of providing for the authentication of the subject is within the context of a security realm.
  - 31. The method of claim 23 wherein:
    - the authentication information includes at least one of (1) user name, (2) password, and (3) biometric data.
  - 32. The method of claim 31 wherein:
    - the biometric data can include at least one of (1) a finger print, (2) a voice print, (3) a retina scan, (4) an image, (5) a sound, (6) a sample of human deoxyribonucleic acid, (7) human saliva, and (8) human blood.

33. A system for adaptively authenticating a subject based on authentication information and adapted to cooperate with a security framework, the system comprising the steps of:
- an authentication provider coupled to the framework;
  
  a Java Authentication and Authorization Service (JAAS) login module coupled to the authentication provider, the login module to authenticate the subject, wherein the login module associates a principal with the subject if authentication of the subject is successful;
  
  a principal validator coupled to the authentication provider, the principal validator to sign the principal by determining an authentication code for the principal that is a function of the principal and a key; and
  
  a management provider to provide configuration information to the authentication provider.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 34. The method of claim 33 wherein:
    - the subject can be a user, group, service or process.
  - 35. The method of claim 33 further comprising the step of:
    - providing for the determination of whether the principal has been altered by generating a second code and comparing it to the authentication code.
  - 36. The method of claim 33 further comprising the step of:
    - providing for the generation of authentication code via a secret key authentication algorithm, wherein the code is used to sign the principal.
  - 37. The method of claim 33 wherein:
    - the step of associating the signed principal with a subject results in storing the signed principal in the subject.
  - 38. The method of claim 33 wherein:
    - the step of providing for the authentication of the subject includes invoking more than one JAAS login module.
  - 39. The method of claim 38 wherein:
    - the configuration information determines which login modules are required and which login modules are optional.
  - 40. The method of claim 33 wherein:
    - the step of providing for the authentication of the subject is within the context of a security realm.
  - 41. The method of claim 33 wherein:
    - the authentication information includes at least one of (1) user name, (2) password, and (3) biometric data.
  - 42. The method of claim 41 wherein:
    - the biometric data can include at least one of (1) a finger print, (2) a voice print, (3) a retina scan, (4) an image, (5) a sound, (6) a sample of human deoxyribonucleic acid, (7) human saliva, and (8) human blood.

43. A machine readable medium having instructions stored thereon that when executed by a processor cause a system to:
- receive authentication information;
  
  perform Java Authentication and Authorization Service (JAAS) authentication of a subject based on authentication information and wherein successful authentication of the subject results in the association of a principal with the subject;
  
  sign the principal by determining an authentication code for the principal that is a function of the principal and a key.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 44. The machine readable medium of claim 43 wherein:
    - the subject can be a user, group, service or process.
  - 45. The machine readable medium of claim 43 further comprising instructions which when executed cause the system to:
    - determine whether the principal has been altered by generating a second code and comparing it to the authentication code.
  - 46. The machine readable medium of claim 43 further comprising instructions which when executed cause the system to:
    - generate the authentication code via a secret key authentication algorithm, wherein the code is used to sign the principal.
  - 47. The machine readable medium of claim 43 wherein:
    - the step of associating the signed principal with a subject results in storing the signed principal in the subject.
  - 48. The machine readable medium of claim 43 wherein:
    - the step of providing for the authentication of the subject includes invoking one or more authentication mechanisms.
  - 49. The machine readable medium of claim 43 wherein:
    - the step of providing for the authentication of the subject includes invoking one or more JAAS login modules.
  - 50. The machine readable medium of claim 49 wherein:
    - configuration information determines which login modules are required and which login modules are optional.
  - 51. The machine readable medium of claim 43 wherein:
    - the step of providing for the authentication of the subject is within the context of a security realm.
  - 52. The machine readable medium of claim 43 wherein:
    - the authentication information includes at least one of (1) user name, (2) password, and (3) biometric data.
  - 53. The machine readable medium of claim 52 wherein:
    - the biometric data can include at least one of (1) a finger print, (2) a voice print, (3) a retina scan, (4) an image, (5) a sound, (6) a sample of human deoxyribonucleic acid, (7) human saliva, and (8) human blood.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Patrick, Paul

Granted Patent

US 7,610,618 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

System and method for authenticating a subject

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating a subject

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links