Method and apparatus for a security framework that enables identity and access control services

US 20060156388A1
Filed: 01/13/2005
Published: 07/13/2006
Est. Priority Date: 01/13/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

a step in which a client device attached to a network obtains from a server device hosting a service and also attached to the network an indication of a security mechanism by which the server device limits access to the service;

a step in which the client device obtains from an authenticator proof of identity; and

a step in which the client device presents the proof of identity to a service security module attached to the network and providing security against unauthorized access to the service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method by which access to services of a network are controlled, including a step in which a client device presents proof of identity to a service security module attached to the network and providing security against unauthorized access to the service.

63 Citations

View as Search Results

9 Claims

1. A method, comprising:
- a step in which a client device attached to a network obtains from a server device hosting a service and also attached to the network an indication of a security mechanism by which the server device limits access to the service;
  
  a step in which the client device obtains from an authenticator proof of identity; and
  
  a step in which the client device presents the proof of identity to a service security module attached to the network and providing security against unauthorized access to the service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as in claim 1, further comprising a step in which the client device receives an indication of whether the server accepts the proof of identity, and the client device then accesses the service if the server accepts the proof of identity.
  - 3. A method as in claim 1, wherein the service security module is hosted by the server device.
  - 4. A method as in claim 1, wherein the service security module is hosted by a device different from the server device and provides service security for not only the service of the server device but also for a service offered by another device attached to the network.
  - 5. A method as in claim 1, wherein the authenticator is a physical device located at an entry way to the network, and the client device communicates with the authenticator using a near-field communication protocol or a touch-based communication protocol.
  - 6. A computer program product comprising a computer readable storage structure embodying computer program code thereon for execution by a computer processor, wherein said computer program code comprises instructions for performing a method according to claim 1.

7. A device, comprising:
- means for obtaining from a server device an indication of a security mechanism by which the server device limits access to a service;
  
  means for obtaining from an authenticator proof of identity of the device; and
  
  means for presenting the proof of identity to a service security module.
- View Dependent Claims (8)
- - 8. A device as in claim 7, further comprising means by which the device receives an indication of whether the server device accepts the proof of identity, and by which the device then accesses the service if the server device accepts the proof of identity.

9. A network, comprising a client device, a server device offering a service, and a service security module providing security against unauthorized access to the service and either integral with or separate from the server device, wherein the client device includes:
- means for obtaining from the server device an indication of a security mechanism by which the server device limits access to the service, means for obtaining from an authenticator proof of identity of the client device, and means for presenting the proof of identity to the service security module;
  
  and wherein the server device includes means for determining whether to accept the proof of identity and for granting access to the service if the server device accepts the proof of identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Costa-Requena, Jose, Stirbu, Vlad

Application Number

US11/035,689
Publication Number

US 20060156388A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

Method and apparatus for a security framework that enables identity and access control services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a security framework that enables identity and access control services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links