DUAL AUTHENTICATION OF A REQUESTOR USING A MAIL SERVER AND AN AUTHENTICATION SERVER

US 20060242241A1
Filed: 01/29/2002
Published: 10/26/2006
Est. Priority Date: 11/02/2001
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating remote access by a mail client to a mail server via an intermediary server, said method comprising:

(a) receiving a mail access request at the intermediary server, the mail access request being sent to the intermediary server from the mail client for a requester;

(b) receiving a password associated with the mail access request;

(c) authenticating the requester with the mail server based on the received password;

(d1) retrieving a previously stored hashed password associated with the requester or the mail client;

(d2) determining whether a hashed version of the received password matches the retrieved hashed password;

(d3) authenticating, based on the received password, the requester with an authentication server that couples to a private network that includes the mail server; and

(d4) bypassing said authenticating (d3) and deeming the received password authenticated when said determining (d2) determines that the hashed version of the received password matches the retrieved hashed password.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for providing secure remote access to email resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to email on a mail server within a private network through a common access point. The solution provided by the improved approaches allow not only native access to email resources but also robust authentication approaches.

58 Citations

View as Search Results

23 Claims

1. A method for facilitating remote access by a mail client to a mail server via an intermediary server, said method comprising:
- (a) receiving a mail access request at the intermediary server, the mail access request being sent to the intermediary server from the mail client for a requester;
  
  (b) receiving a password associated with the mail access request;
  
  (c) authenticating the requester with the mail server based on the received password;
  
  (d1) retrieving a previously stored hashed password associated with the requester or the mail client;
  
  (d2) determining whether a hashed version of the received password matches the retrieved hashed password;
  
  (d3) authenticating, based on the received password, the requester with an authentication server that couples to a private network that includes the mail server; and
  
  (d4) bypassing said authenticating (d3) and deeming the received password authenticated when said determining (d2) determines that the hashed version of the received password matches the retrieved hashed password.
- View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as recited in claim 1, wherein a mail server password and an authentication server password are included in or derived from the received password, wherein said authenticating (c) authenticates the requestor with the mail server using the mail server password, and wherein said authenticating (d3) authenticates the requestor with the authentication server using the authentication server password.
  - 4. A method as recited in claim 1, wherein a mail server password and an authentication server password are separated by a password separator in the received password, wherein said authenticating (c) authenticates the requestor with the mail server using the mail server password, and wherein said authenticating (d3) authenticates the requestor with the authentication server using the authentication server password.
  - 5. A method as recited in claim 1, wherein said retrieving (d1) further includes at least retrieving a time last authorized by the authentication server, and wherein said method further comprises:
    - (d5) determining whether the time last authorized by the authentication server exceeds a predetermined duration; and
      
      (d6) preventing said bypassing (d4) from bypassing said authenticating (d3) when said determining (d5) determines that the time last authorized by the authentication server exceeds the predetermined duration.
  - 6. A method as recited in claim 5, wherein the predetermined duration is a maximum session duration.
  - 7. A method as recited in claim 5, wherein a mail server password and an authentication server password are included in or derived from the received password, wherein said authenticating (c) authenticates the requester with the mail server using the mail server password, and wherein said authenticating (d3) authenticates the requester with the authentication server using the authentication server password.
  - 8. A method as recited in claim 1, wherein said retrieving (d1) further includes at least retrieving a time last used password, and wherein said method further comprises:
    - (d5) determining whether the time last used password exceeds a predetermined duration; and
      
      (d6) preventing said bypassing (d4) from bypassing said authenticating (d3) when said determining (d5) determines that the time last used password exceeds the predetermined duration.
  - 9. A method as recited in claim 8, wherein the predetermined duration is a maximum idle duration.
  - 10. A method as recited in claim 9, wherein a mail server password and an authentication server password are included in or derived from the received password, wherein said authenticating (c) authenticates the requester with the mail server using the mail server password, and wherein said authenticating (d3) authenticates the requester with the authentication server using the authentication server password.

3. (canceled)

11. A method for authenticating a requester of a remote mail client seeking access to a mail server, said method comprising:
- (a) receiving a password from the remote mail client;
  
  (b) retrieving a previously stored hashed password;
  
  (c) determining whether a hashed version of the received password matches the previously stored hashed password;
  
  (d) authenticating the requester with the mail server based on the received password; and
  
  (e) further authenticating the requester with an authentication server based on the received password when said determining (c) determines that the hashed version of the received password does not match the previously stored hashed password, the authentication server couples to or resides on a private network that includes the mail server.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. A method as recited in claim 11, wherein the received password is an authentication password, and wherein the authentication password serves to authenticate the requester or the remote mail client to the authentication server.
  - 13. A method as recited in claim 11, wherein said receiving (a) further receives a time last authorized by the authentication server, wherein said determining (c) further determines whether a time since the time last authorized by the authentication server exceeds a predetermined duration, and wherein said authenticating (e) is performed when said determining (c) determines that the time since the time last authorized by the authentication server exceeds the predetermined duration, regardless of whether said determining (c) determines that the hashed version of the received password matches the previously stored hashed password.
  - 14. A method as recited in claim 11, wherein said receiving (a) further receives a time last used password, wherein said determining (c) further determines whether a time since the time last used password exceeds a predetermined duration, and wherein said authenticating (e) is performed when said determining (c) determines that the time since the time last used password exceeds the predetermined duration, regardless of whether said determining (c) determines that the hashed version of the received password matches the previously stored hashed password.
  - 15. A method as recited in claim 11, wherein said receiving (a) further receives a time last authorized by the authentication server and a time last used password, wherein said determining (c) further determines whether a time since the time last authorized by the authentication server exceeds a first predetermined duration and whether the time since the time last used password exceeds a second predetermined duration, and wherein said authenticating (e) is performed when said determining (c) determines that the time since the time last authorized by the authentication server exceeds the first predetermined duration or that the time since the time last used password exceeds the second predetermined duration, regardless of whether said determining (c) determines that the hashed version of the received password matches the previously stored hashed password.
  - 16. A method as recited in claim 15, wherein the received password is an authentication password, and wherein the authentication password serves to authenticate the requester or the remote mail client to the authentication server.
  - 17. A method as recited in claim 15, wherein the first predetermined duration is a maximum session duration, and wherein the second predetermined duration is a maximum idle duration.

18. A computer readable storage medium including at least computer program code for facilitating remote access by a mail client to a mail server via an intermediary server, said computer readable storage medium comprising:
- computer program code for receiving a mail access request at the intermediary server, the mail access request being sent to the intermediary server from the mail client for a requester;
  
  computer program code for receiving a password associated with the mail access request;
  
  computer program code for authenticating the requestor with the mail server based on the received password;
  
  computer program code for retrieving a previously stored hashed password associated with the requester or the mail client and determining whether the retrieved hashed password matches a hashed version of the received password;
  
  computer program code for authenticating the requester with an authentication server based on the received password, the authentication server being coupled to or included in a private network that includes the mail server; and
  
  computer program code for bypassing the authenticating with the authentication server and deeming the received password as authenticated when the hashed version of the received password matches the retrieved hashed password.
- View Dependent Claims (19)
- - 19. A computer readable storage medium as recited in claim 18, wherein a mail server password and an authentication server password are included in or derived from the received password, wherein said computer program code for authenticating operates to authenticate the requester with the mail server using the mail server password, and wherein said computer program code for authenticating operates to authenticate the requester with the authentication server using the authentication server password.

20. (canceled)

21. A computer readable storage medium including at least computer program code for authenticating a requester of a remote mail client seeking access to a mail server, said computer readable storage medium comprising:
- computer program code for receiving a password from the remote mail client;
  
  computer program code for retrieving a previously stored hashed password;
  
  computer program code for determining whether a hashed version of the received password matches the previously stored hashed password;
  
  computer program code for authenticating the requester with the mail server based on the received password; and
  
  computer program code for authenticating the requester with an authentication server based on the received password when said computer program code for determining determines that the hashed version of the received password does not match the previously stored hashed password, the authentication server on a private network that includes the mail server.
- View Dependent Claims (22, 23)
- - 22. A computer readable storage medium as recited in claim 21, wherein the received password is an authentication password, and wherein the authentication password serves to authenticate the requester or the remote mail client to the authentication server.
  - 23. A computer readable storage medium as recited in claim 21, wherein said computer program code for receiving further receives a time last authorized by the authentication server, wherein said computer program code for determining further determines whether a time since the time last authorized by the authentication server exceeds a predetermined duration, and wherein the authenticating is performed by said computer program code for authenticating when said computer program code for determining determines that the time since the time last authorized by the authentication server exceeds the predetermined duration, regardless of whether said computer program code for determining determines that the hashed version of the received password matches the previously stored hashed password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Neoteris, Inc. (Juniper Networks Incorporated)
Inventors
Sang, Yvonne Pui Fung, Srinivas, Sampath, Tock, Theron

Granted Patent

US 7,146,403 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/206
CPC Class Codes

H04L 51/00 User-to-user messaging in p...

H04L 63/083 using passwords cryptograph...

DUAL AUTHENTICATION OF A REQUESTOR USING A MAIL SERVER AND AN AUTHENTICATION SERVER

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

DUAL AUTHENTICATION OF A REQUESTOR USING A MAIL SERVER AND AN AUTHENTICATION SERVER

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links