Securing computer network interactions between entities with authorization assurances

US 20060174323A1
Filed: 09/23/2005
Published: 08/03/2006
Est. Priority Date: 01/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request to interact with a network resource provided by a second entity via a computer network;

receiving assurances via the network that a first entity has authorized an agent to send the request to the second entity on behalf of the first entity; and

complying with the request subject to acceptance of the assurances.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is directed to techniques to secure interactions between entities communicating on a computer network. In general, techniques are described in which a first entity provides assurances to a second entity that an agent interacting with the second entity is interacting with the second entity on behalf of the first entity. Specifically, the techniques provide the second entity with information tending to indicate that the first entity authorized the agent to perform the interaction with the second entity pursuant to some prior agreement between the two entities. The techniques employ authentication systems and encryption to ensure the security of the interaction.

188 Citations

50 Claims

1. A method comprising:
- receiving a request to interact with a network resource provided by a second entity via a computer network;
  
  receiving assurances via the network that a first entity has authorized an agent to send the request to the second entity on behalf of the first entity; and
  
  complying with the request subject to acceptance of the assurances.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1, wherein an agreement between the first entity and the second entity defines a standard of acceptability for the assurances for a network resource provided by the second entity to the first entity.
  - 3. The method of claim 1, further comprising:
    - receiving authentication information from the first entity;
      
      examining the authentication information to determine whether the authentication information and the request actually originated from the first entity; and
      
      complying with the request subject to the examination.
  - 4. The method of claim 3, wherein receiving authentication information authenticating the first entity comprises:
    - receiving a certificate from the first entity vouched for by a mutually trusted third party; and
      
      complying with the one or more instruction subject to validity of the certificate.
  - 5. The method of claim 1, wherein receiving assurances comprises:
    - receiving authorization information from the first entity via the network, wherein the authorization information describes rights granted by the first entity to the agent to act on behalf of the first entity with respect to a second entity; and
      
      storing a copy of the authorization information in an audit log.
  - 6. The method of claim 5, further comprising:
    - comparing the authorization information to stored information relating to the first entity; and
      
      complying with the request when the comparison demonstrates that the agent is authorized to act on behalf of the first entity with respect to the request.
  - 7. The method of claim 5, further comprising:
    - receiving a digitally signed version of the authorization information;
      
      verifying that the authorization information has not changed during transmission using the digitally signed version of the authentication information; and
      
      complying with the request subject to the verification.
  - 8. The method of claim 1, wherein receiving assurances comprises:
    - receiving agent identity information about the agent; and
      
      storing a copy of the agent identity information in an audit log.
  - 9. The method of claim 8, further comprising complying with the request subject to the agent identity information.
  - 10. The method of claim 8, further comprising:
    - receiving a digitally signed version of the agent identity information;
      
      using the digitally signed version to verify that the agent identity information has not changed during transmission; and
      
      complying with the request subject to the verification.
  - 11. The method of claim 1, further comprising receiving the request comprises receiving security parameters from the first entity via the network, wherein the security parameters define a level of security.
  - 12. The method of claim 11, further comprising:
    - comparing the security parameters to an agreement between the first entity and the entity; and
      
      complying with the request when the comparison demonstrates that the security parameters are within an acceptable range as defined in the agreement.
  - 13. The method of claim 1, wherein complying with the request includes delegating the request to another computer or system of computers.
  - 14. The method of claim 1, wherein:
    - receiving the request from the agent comprises receiving a purchase order; and
      
      complying with the request comprises executing the purchase order when the second entity accepts the assurances that the agent is authorized to make the purchase order for the first entity.
  - 15. The method of claim 1, wherein:
    - receiving the request from the agent comprises receiving a request for a document; and
      
      complying with the request comprises delivering the document to the agent when the second entity accepts the assurances that the agent is authorized to view the document.
  - 16. The method of claim 1, wherein:
    - receiving the request from the agent comprises receiving a fax; and
      
      complying with the request comprises receiving the fax when the second entity accepts the assurances that the first entity has authorized the agent to send the fax.
  - 17. The method of claim 1, wherein:
    - receiving the request comprises entering into an agreement between the first entity and the second entity; and
      
      wherein complying with the request includes accepting the agreement as binding upon the first entity and the second entity.
  - 18. The method of claim 1, wherein:
    - receiving the request from the agent comprises receiving electronic funds transmission instructions; and
      
      complying with the request comprises accepting the transfer of funds as specified and accepting responsibility for the timely execution of the transfer.
  - 19. The method of claim 1, wherein:
    - receiving the request comprises receiving a voting ballot cast by the agent; and
      
      complying with the request comprises registering and tabulating the ballot.
  - 20. The method of claim 1, further comprising sending a response to the first entity indicating acceptance or rejection of the instructions.
  - 21. The method of claim 20, further comprising sending a digitally signed version of the response to the first entity.
  - 22. The method of claim 1, further comprising storing a copy of the request in an audit log.
  - 23. The method of claim 22, further comprising:
    - receiving a digitally signed version of the request;
      
      using the digitally signed version of the request to verify that the action request has not changed during transmission across the network; and
      
      complying with the request subject to the verification.
  - 24. The method of claim 1, wherein the first and second entities communicate using a secure communication protocol.

25. A computer readable medium comprising computer readable instructions that cause a processor to:
- receive one or more agent instructions sent to a second entity from an agent via a computer network;
  
  receive assurances via the network that a first entity has authorized the agent to send the one or more agent instructions to the second entity on behalf of the first entity; and
  
  comply with the one or more agent instructions subject to acceptance of the assurances.
- View Dependent Claims (26, 27, 28)
- - 26. The computer readable medium of claim 25, wherein the instructions that cause the processor to receive assurances cause the processor to receive authorization information from the first entity via the network, the authorization information defining rights granted by the first entity to the agent to act on behalf of the first entity with respect to a second entity.
  - 27. The computer readable medium of claim 25, further comprising computer readable instructions that cause the processor to verify that the agent instructions and assurances were not changed during transmission.
  - 28. The computer readable medium of claim 25, wherein the agent instructions comprise a purchase order and the computer readable instructions cause the processor to comply with the agent instructions by executing the purchase order when the second entity accepts the assurances that the agent is authorized to make the purchase order for the first entity.

29. A method comprising:
- sending a request to interact with a network resource to a second entity via a network;
  
  sending assurances to the second entity via the network that a first entity has authorized an agent to send the request to the second entity on behalf of the first entity; and
  
  receiving a response complying with the request subject to acceptance of the request and the assurances by the second entity.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 30. The method of claim 29, further comprising displaying the network resource to the agent as a hyperlink file.
  - 31. The method of claim 29, further comprising:
    - sending authentication information of the first entity to the second entity; and
      
      receiving a response indicating whether the second entity has authenticated the first entity based on the authentication information; and
      
      storing a copy of the response in an audit log.
  - 32. The method of claim 31, wherein sending the authentication information comprises sending a certificate to the second entity vouched for by a mutually trusted third party.
  - 33. The method of claim 29, wherein sending assurances comprises:
    - sending authorization information to the second entity via the network, the authorization information defining rights granted by the first entity to the agent to act on behalf of the first entity with respect to a second entity;
      
      receiving a response from the second entity indicating whether the second entity accepts the authorization information; and
      
      storing a copy of the authorization information response in an audit log.
  - 34. The method of claim 33, further comprising:
    - creating a digitally signed version of the authorization information; and
      
      sending the digitally signed version to the second entity.
  - 35. The method of claim 29, wherein sending assurances comprises:
    - sending agent identity information about the agent;
      
      receiving a response from the second entity indicating whether the second entity correctly received the agent identity information; and
      
      storing a copy of the agent identity information response in an audit log.
  - 36. The method of claim 35, further comprising:
    - creating a digitally signed version of the agent identity information; and
      
      sending the digitally signed version to the second entity.
  - 37. The method of claim 29, further comprising:
    - generating a digitally signed version of the instructions; and
      
      sending the digitally signed version to the second entity.
  - 38. The method of claim 29, further comprising storing a copy of the response in an audit log.
  - 39. The method of claim 29, further comprising:
    - receiving a digitally signed version of the response; and
      
      verifying the accuracy of the response using the digitally signed version of the response.
  - 40. The method of claim 29, wherein:
    - sending the request from the agent comprises sending a purchase order; and
      
      receiving a response comprises receiving confirmation of the purchase order when the second entity accepts the assurances.
  - 41. The method of claim 29, wherein:
    - sending the request from the agent comprises sending a request for a document; and
      
      receiving a response comprises receiving the document when the second entity accepts the assurances.
  - 42. The method of claim 29, wherein:
    - sending the request from the agent comprises sending a fax; and
      
      receiving a response comprises receiving confirmation of the delivery of the fax when the second entity accepts the assurances.
  - 43. The method of claim 29, further comprising disallowing the agent from sending the instructions unless the agent has strongly authenticated.
  - 44. The method of claim 29, wherein the first and second entities communicate using a secure communication protocol.

45. A computer readable medium comprising computer readable instructions that cause a processor to:
- send one or more agent instructions to a second entity from an agent via a network;
  
  send assurances to the second entity via the network that a first entity has authorized the agent to send the one or more agent instructions on behalf of the first entity; and
  
  receive a response complying with the one or more agent instructions subject to acceptance of the assurances by the second entity.
- View Dependent Claims (46, 47, 48)
- - 46. The computer readable medium of claim 45, further comprising computer readable instructions that cause the processor to receive messages indicating the content of the agent instructions and the assurances.
  - 47. The computer readable medium of claim 45, further comprising computer readable instructions that cause the processor to verify that the agent instructions and assurances were not changed during transmission.
  - 48. The computer readable medium of claim 45, wherein:
    - causing to processor to receive the request from the agent comprises receiving a purchase order; and
      
      causing to processor to complying with the request comprises executing the purchase order when the second entity accepts the assurances that the agent is authorized to make the purchase order for the first entity.

49. A system comprising:
- a local directory server that sends request from a second entity from an agent via a network and sends assurances to the second entity via the network that the first entity has authorized the agent to send the request on behalf of the first entity; and
  
  a remote directory server that receives the request and receives the assurances, wherein the remote directory server complies with the request subject to acceptance of the assurances.
- View Dependent Claims (50)
- - 50. The system of claim 49, further comprising an audit log to store responses concerning the request and the assurances.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Redphone Security, Inc.
Original Assignee
Redphone Security, Inc.
Inventors
Wilke, David J., Brown, Mark D.

Granted Patent

US 8,365,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/0823 using certificates cryptogr...

Securing computer network interactions between entities with authorization assurances

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

188 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Securing computer network interactions between entities with authorization assurances

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links