Method and system for a service process to provide a service to a client

US 20040221045A1
Filed: 06/02/2004
Published: 11/04/2004
Est. Priority Date: 07/09/2001
Status: Active Grant

First Claim

Patent Images

1. Method for a service process to provide a service to a client, characterized by the following steps:

a. the client sets up a secure session to an authentication process and sends a client identifier and a service request indicating which service is required;

b. the authentication process verifies the client identifier and sends to an authorization process the verified client identifier and the service request;

c. the authorization process checks whether the service indicated in the service request can and may be provided to the client, and sends the result of the check to the authentication process in the form of an authorized service request that includes a validity period;

d. the authentication process generates a token that is associated with the authorized service request;

e. via the secure session, the authentication process sends to the client the address of the service process concerned and the token;

f. the client contacts the service process and sends the service process the token received from the authentication process;

g. the service process sends the authentication process the token received from the client;

h. the authentication process fetches the authorized service request associated with the token, checks whether the validity period is good, and then sends the authorized service request to the service process;

i. the service process then provides the service required by the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system for a service server to provide a service to a client. The client (C) sets up a secure session to an authentication server (CAP) and sends its identifier and a service request stating the required service. The authentication server verifies the client identifier and sends the service request to a service authorization server (DAP). The authorization server checks whether the required service may be provided and sends the authorized service request to the authentication server. The authentication server generates a token, associated with the authorized service request. Via the secure session, the authentication server sends the address of the relevant service server and the token. The client sends the token to the service server, which then sends the token to the authentication server. The authentication server fetches the service request associated with the token and forwards it to the service server, after which the service server gives the client the required service.

90 Citations

View as Search Results

4 Claims

1. Method for a service process to provide a service to a client, characterized by the following steps:
- a. the client sets up a secure session to an authentication process and sends a client identifier and a service request indicating which service is required;
  
  b. the authentication process verifies the client identifier and sends to an authorization process the verified client identifier and the service request;
  
  c. the authorization process checks whether the service indicated in the service request can and may be provided to the client, and sends the result of the check to the authentication process in the form of an authorized service request that includes a validity period;
  
  d. the authentication process generates a token that is associated with the authorized service request;
  
  e. via the secure session, the authentication process sends to the client the address of the service process concerned and the token;
  
  f. the client contacts the service process and sends the service process the token received from the authentication process;
  
  g. the service process sends the authentication process the token received from the client;
  
  h. the authentication process fetches the authorized service request associated with the token, checks whether the validity period is good, and then sends the authorized service request to the service process;
  
  i. the service process then provides the service required by the client.
- View Dependent Claims (2)
- - 2. Method according to claim 1, with the characteristic that the authentication process in the step described above at b. sends to the authorization process, in addition to the verified client identifier, a “
    - degree of certainty”
      
      indication concerning the authenticity of the client identifier.

3. System for a service server to provide a service to a client, with the characteristic that:
- a. the client includes means for setting up a secure session to an authentication server and for sending to that authentication server a client identifier and a service request stating which service is required;
  
  b. the authentication server includes means for verifying the client identifier received from the client and for sending the verified client identifier and the service request to an authorization server;
  
  c. the authorization server includes means for checking whether the service stated in the service request can and may be provided to the client, and means for sending back to the authentication server the result of the check in the form of an authorized service request, provided with a validity period determined by the authorization server;
  
  d. the authentication server includes means for generating a token, associated with the authorized service request;
  
  e. the authentication server includes means for sending the client, via the secure session, the address of the relevant service server and the token;
  
  f. the client includes means for sending the received token to the service server;
  
  g. the service server includes means for sending to the authentication server the token received from the client;
  
  h. the authentication server includes means for fetching the authorized service request associated with the token, checking whether the validity period is good, and then sending the authorized service request to the service server;
  
  i. the service server includes means for subsequently providing the required service to the client.
- View Dependent Claims (4)
- - 4. System according to claim 3, with the characteristic that the authentication server, in addition to including the means mentioned above at b. for verifying the client identifier received from the client and sending the verified client identifier and the service request to an authorization server, further includes means for calculating a “
    - degree of certainty”
      
      indication regarding the authenticity of the client identifier and for sending that indication to the authorization server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno
Original Assignee
Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno
Inventors
Joosten, Hendrikus Johannes Maria, van Buuren, Rene, Hiddo Hut, Derk, Kleinhaus, Geert

Granted Patent

US 7,565,554 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0823   using certificates cryptogr...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 67/51   Discovery or management the...

H04L 69/329   in the application layer [O...

Method and system for a service process to provide a service to a client

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for a service process to provide a service to a client

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links