Authentication of untrusted gateway without disclosure of private information

US 20050240774A1
Filed: 04/23/2004
Published: 10/27/2005
Est. Priority Date: 04/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing use of a server without providing the server with sensitive information, said method comprising:

establishing a secure authorization link between a user interface and a remote authorization server utilizing a user interface web browser, the authorization link passing through a local server and being unreadable by the local server;

sending user authorization data from the user interface to the authorization server, via the authorization link, utilizing the user interface web browser;

returning a redirected validation message from the authorization server to the user interface, via the authorization link; and

establishing a local link between the user interface and the local server based on data included in the redirected validation message, the local link established utilizing the user interface web browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provides user authorization for use of a server without providing the server with sensitive user information. A secure authorization link is established between a user interface and a remote authentication server. The authorization link passes through a local server while being unreadable by the local server. User authorization data is sent from the user interface to the authorization server, via the authorization link. The authorization server then returns a redirected validation message to the user interface, via the authorization link. A local link is established between the user interface and the local server based on data included in the redirected validation message. All communication between the user interface, the local server and authorization server is performed utilizing the user interface web browser. Thus, authorization for use of services controlled by the local server is accomplished without the need to load specialized software on the user interface for establishing such links and performing such communications.

31 Citations

View as Search Results

39 Claims

1. A method for authorizing use of a server without providing the server with sensitive information, said method comprising:
- establishing a secure authorization link between a user interface and a remote authorization server utilizing a user interface web browser, the authorization link passing through a local server and being unreadable by the local server;
  
  sending user authorization data from the user interface to the authorization server, via the authorization link, utilizing the user interface web browser;
  
  returning a redirected validation message from the authorization server to the user interface, via the authorization link; and
  
  establishing a local link between the user interface and the local server based on data included in the redirected validation message, the local link established utilizing the user interface web browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein the method further comprises providing a user access to a requested service controlled by the local server once the local link is established.
  - 3. The method of claim 1, wherein the method further comprises sending data from the local server to the authorization server via the secure authorization link.
  - 4. The method of claim 1, wherein establishing a secure authorization link between the user interface and the authorization server comprises sending a login notification from the local server to the user interface, the login notification utilized by a user to request access to services controlled by the local server.
  - 5. The method of claim 1, wherein returning a redirected validation message comprises validating the user authorization data utilizing the authorization server.
  - 6. The method of claim 1, wherein establishing a local link comprises forwarding the redirected validation message from the user interface to the local server utilizing the user interface web browser.
  - 7. The method of claim 6, wherein establishing a local link comprises verifying the redirected message is valid using a public key of the authorization server and a digital signature attached to the redirected message.
  - 8. The method of claim 6, wherein forwarding the redirected validation message comprises encrypting the forwarded redirected validation message.
  - 9. The method of claim 1, wherein establishing a secure authorization link comprises establishing the authorization link absent specialized software on the user interface for establishing the authorization link.
  - 10. The method of claim 1, wherein sending a login notification comprises sending a login page from the local server to the user interface.
  - 11. The method of claim 1, wherein sending a login notification comprises sending a link to a login page from the local server to the user interface.
  - 12. The method of claim 1, wherein establishing a secure authorization link comprises establishing an https session between the user interface and the authorization server.
  - 13. The method of claim 1, wherein establishing a secure authorization link comprises providing the authorization link while blocking access to a plurality of selected Internet links.
  - 14. The method of claim 1, wherein establishing a secure authorization link comprises sending communication identification data regarding the user interface from the local server to the authorization server.
  - 15. The method of claim 14, wherein sending communication identification data comprises encrypting the communication identification data sent.
  - 16. The method of claim 1, wherein establishing a secure authorization link server comprises sending user login information from the user interface to the authorization server.
  - 17. The method of claim 1, wherein returning a redirected validation message comprised constructing an http redirected validation message using the authorization server.
  - 18. The method of claim 1, wherein returning a redirected validation message comprised constructing a Java Script redirected validation message using the authorization server.
  - 19. The method of claim 1, wherein returning a redirected validation message comprises sending authorization and authorized service related data from the authorization server to the local server.
  - 20. The method of claim 1, wherein establishing the local link comprises establishing the local link while cookies are disabled within the user interface web browser.
  - 21. The method of claim 1, wherein returning a redirected validation message comprises embedding in the redirected validation message a time stamp adapted to limit the duration the validation message is valid.
  - 22. The method of claim 1, wherein establishing a local link comprises establishing a secured https session between the user interface and the local server.

23. A communication system comprising:
- a connection port adapted to provide a connection for a user interface;
  
  a remote authorization server; and
  
  a local server including a local processor and a local storage device having local server (LS) software stored thereon executable by the local processor, wherein the local processor is configured to;
  
  execute the LS software to send a login notification from the local server to the user interface when the user interface is communicatively connected to the connection port, wherein the login notification is utilized by a user to request access to a service controlled by the local server;
  
  execute the LS software to establish a secure authorization link between the user interface and the authorization server in response to user request, wherein the authorization link is established utilizing a user interface web browser absent other specialize specialized software stored in the user interface for establishing the authorization link, the authorization link passing through a local server and being unreadable by the local server;
  
  execute the LS software to verify a redirected validation message sent by the authorization server, the redirected validation message containing authorization data and verified utilizing a public key of the authorization server; and
  
  execute the LS software to establish a local link between the user interface and the local server according to the authorization data, the link established utilizing the user interface web browser absent other specialized software stored in the user interface for establishing the local link.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The system of claim 23, wherein the local processor is further configured to execute the LS software to enable the user to have access to authorized services controlled by the local server, the authorized services identified in the redirected validation message.
  - 25. The system of claim 23, wherein the authorization server comprises a remote processor and a remote storage device having authorization server (AS) software stored thereon executable by the remote processor, wherein the remote processor is configured to:
    - execute the AS software to validate user authorization data sent from the user interface to the authorization server via the authorization link; and
      
      execute the AS software to return a redirected validation message to the user interface, via the authorization link, the validation message including authorization and authorized service related data, wherein the validation message is forwarded by the user interface to the local server utilizing the user interface web browser absent other specialized software stored in the user interface for communicating with the onboard server.
  - 26. The system of claim 23, wherein the local processor is further configured to execute the LS software to establish the secure authorization link comprising an https session between the user interface and the authorization server.
  - 27. The system of claim 23, wherein the local processor is further configured to execute the LS software to establish the secure authorization link while blocking access to various selected Internet links.
  - 28. The system of claim 23, wherein the local processor is further configured to execute the LS software to establish the local link while cookies are disabled within the user interface web browser.
  - 29. The system of claim 23, wherein the remote processor is further configured to execute the AS software to return the redirected validation message comprising an embedded time stamp adapted to limit the duration the validation message is valid.
  - 30. The system of claim 23, wherein a local link is established using a secured https session between the user interface and the local server.
  - 31. The system of claim 23, wherein the remote processor is further configured to execute the AS software to return the redirected validation message comprising a digital signature.
  - 32. The system of claim 31, wherein the local processor is further configured to execute the LS software to validate the authenticity of the redirected validation message using the digital signature and a private key of the authorization server.

33. A method for authorizing use of a service controlled by an onboard server of an aircraft without disclosing confidential information to the onboard server, said method comprising:
- sending a login notification from a onboard server to a user interface, the login notification utilized by a user to request access to the service controlled by onboard server;
  
  establishing a secure authorization link between the user interface and a ground based server, the authorization link being established utilizing a user interface web browser absent other specialized software stored in the user interface for establishing the authorization link, the authorization link passing through the onboard server and being unreadable by the onboard server;
  
  sending user authorization data from the user interface to the ground based server via the authorization link utilizing the user interface web browser absent other specialized software stored in the user interface for establishing the authorization link;
  
  validating the user authorization data utilizing the ground based server;
  
  returning a redirected validation message including authorization and authorized service related data from the ground based server to the user interface, via the authorization link;
  
  forwarding the redirected validation message from the user interface to the onboard server utilizing the user interface web browser absent other specialized software stored in the user interface for communicating with the onboard server;
  
  verifying the redirected validation message is valid utilizing a public key of the ground based server; and
  
  establishing a local link between the user interface and the onboard server utilizing the user interface web browser absent other specialized software stored in the user interface for communicating with the onboard server.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The method of claim 33, wherein establishing a secure authorization link comprises establishing an https session between the user interface and the ground based server using a certificate of the ground based server.
  - 35. The method of claim 33, wherein establishing a secure authorization link comprises providing the secure link while blocking access to a plurality of selected Internet links
  - 36. The method of claim 33, wherein returning a redirected validation message comprises constructing one of an http redirected validation message and a Java Script redirected validation message using the ground based server.
  - 37. The method of claim 33, wherein establishing the local link comprises establishing the local link while cookies are disabled within the user interface web browser.
  - 38. The method of claim 33, wherein returning a redirected validation message comprises embedding in the redirected validation message a time stamp adapted to limit the duration the validation message is valid.
  - 39. The method of claim 33, wherein establishing a local link comprises establishing a secured https session between the user interface and the local server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Skinner, John D., Angus, Ian G., Pahm, Rosanne P.

Granted Patent

US 8,261,070 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/10 for controlling access to d...

Authentication of untrusted gateway without disclosure of private information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Authentication of untrusted gateway without disclosure of private information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others