METHOD AND SYSTEM FOR MEDIATION OF AUTHENTICATION WITHIN A COMMUNICATION NETWORK

US 20090100261A1
Filed: 09/12/2008
Published: 04/16/2009
Est. Priority Date: 09/28/2007
Status: Abandoned Application

First Claim

Patent Images

1. Method for mediation of authentication within a communication network wherein a first node is managed by a first authentication server, a second node is managed by a second authentication server, and the method comprises the steps of:

authenticating the first node at the first authentication server,authenticating the first authentication server at the first node,sending a request to mediate authentication between the first node and at least the second node from the first node to the first authentication server,providing a mediation server being able to mediate authentication between the first node and the second node,authenticating the first authentication server at the mediation server,authenticating the mediation server at the first authentication server,sending the request to mediate authentication between the first node and the second node from the first authentication server to the mediation server,authenticating the second authentication server at the mediation server,authenticating the mediation server at the second authentication server,providing authentication between the second authentication server and the second node,providing mediation of authentication between the first node and the second node by distributing a mediation result from the mediation server to at least one of the first node and the second node, andestablishing a connection between the first node and the second node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system, and a computer software product provide mediation of authentication within a communication network. The method comprises the steps of sending a request to mediate authentication between a first node 101; 410 and at least a second node 122; 420 from the first node to a mediation server 142; 450, receiving said request by the mediation server 142; 450, providing authentication between the mediation server 142; 450 and the second node 122; 420, providing mediation of authentication between the first node 101; 410 and the second node 122; 420, and establishing a connection between the first node 101; 410 and the second node 122; 420.

Citations

32 Claims

1. Method for mediation of authentication within a communication network wherein a first node is managed by a first authentication server, a second node is managed by a second authentication server, and the method comprises the steps of:
- authenticating the first node at the first authentication server,authenticating the first authentication server at the first node,sending a request to mediate authentication between the first node and at least the second node from the first node to the first authentication server,providing a mediation server being able to mediate authentication between the first node and the second node,authenticating the first authentication server at the mediation server,authenticating the mediation server at the first authentication server,sending the request to mediate authentication between the first node and the second node from the first authentication server to the mediation server,authenticating the second authentication server at the mediation server,authenticating the mediation server at the second authentication server,providing authentication between the second authentication server and the second node,providing mediation of authentication between the first node and the second node by distributing a mediation result from the mediation server to at least one of the first node and the second node, andestablishing a connection between the first node and the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method according to claim 1, wherein the request to mediate authentication between the first node and the second node comprises:
    - an identifier of the second node,an identifier of the second authentication server, andconfiguration information for a connection between the first node and the second node.
  - 3. The method according to claim 1, wherein the step of providing the mediation server comprises the steps of:
    - sending a list of at least one mediation server where the first authentication server is registered as a target for mediation from the first authentication server to the second authentication server,selecting a mediation server where also the second authentication server is registered as a target for mediation from the list at the second authentication server, andsending an identifier of the selected mediation server from the second authentication server to the first authentication server.
  - 4. The method according to claim 3, wherein the list of mediation servers is ordered according to a priority of the mediation server.
  - 5. The method according to claim 1, wherein the step of providing the mediation server comprises sending several messages between the first authentication server and the second authentication server.
  - 6. The method according to claim 1, wherein the step of providing the mediation server is performed by using information about previous selections of a mediation server that is stored on the first authentication server.
  - 7. The method according to claim 1, wherein the first authentication server provides the mediation server by sending a request as to whether the mediation server can mediate the second authentication server to each mediation server using unicasting.
  - 8. The method according to claim 1, wherein the first authentication server provides a mediation server by sending a request as to whether the mediation server can mediate the second authentication server, to each mediation server using broadcasting.
  - 9. The method according to claim 1, wherein the first authentication server provides a mediation server by sending a request as to whether the mediation server can mediate the second authentication server, to each mediation server using multicasting.
  - 10. The method according to claim 1, wherein:
    - the request to mediate authentication between the first node and the second node from the first authentication server to the mediation server comprises;
      
      an identifier of the first node,at least one attribute of the first node, andat least one condition that a counter part node must meet to be able to communicate with the first node.
  - 11. The method according to claim 1, wherein the step of providing authentication between the mediation server and the second node comprises the steps of:
    - sending an authentication request from the mediation server to the second authentication server, andsending an authentication response from the second authentication server to the mediation server.
  - 12. The method according to claim 11, wherein the authentication request comprises an identifier of the second node.
  - 13. The method according to claim 1, wherein the authentication response comprises:
    - at least one attribute of the second node,at least one condition that a counter part node must meet to be able to communicate with the second node, andconfiguration information for a connection with the second node.
  - 14. The method according to claim 1, wherein the step of providing mediation of authentication between the first node and the second node comprises the steps of:
    - determining if the first node is acceptable for the second node as a counter part of communication based on the at least one attribute of the first node and the at least one condition that a counter part node must meet to be able to communicate with the second node,determining if the second node is acceptable for the first node as a counter part of communication based on the at least one attribute of the second node and the at least one condition that a counter part node must meet to be able to communicate with the first node,determining the intersection between the configuration information sent from the first authentication server and the configuration information sent from the second authentication server, anddetermining a suitable configuration from the intersection as the mediation result.
  - 15. The method according to claim 14, wherein the mediation server translates between the information model used to model the at least one attribute of the first node and the at least one condition that a counter part node must meet to be able to communicate with the first node and the information model used to model the at least one attribute of the second node and the at least one condition that a counter part node must meet to be able to communicate with the second node.
  - 16. The method according to claim 14, wherein the mediation server retrieves on demand the at least one attribute of the first node, the at least one condition that a counter part node must meet to be able to communicate with the second node, the at least one attribute of the second node, and the at least one condition that a counter part node must meet to be able to communicate with the first node from the first and second authentication server during the step of providing mediation of authentication between the first node and the second node.
  - 17. The method according to claim 1, wherein the step of providing mediation of authentication between the first node and the second node further comprises the steps of:
    - generating an encryption key according to the determined configuration, andadding the generated encryption key to the mediation result.
  - 18. The method according to claim 1, wherein the step of providing mediation of authentication between the first node and the second node further comprises the steps of:
    - generating a seed of an encryption key according to the determined configuration, andadding the generated seed of an encryption key to the mediation result.
  - 19. The method according to claim 1, wherein the step of distributing a mediation result form the mediation server to at least one of the first node and the second node comprises the steps of:
    - sending the mediation result from the mediation server to the first authentication server,sending the mediation result from the mediation server to the second authentication server,sending the mediation result from the first authentication server to the first node, andsending the mediation result from the second authentication server to the second node.
  - 20. The method according to claim 19, wherein the mediation result sent from the mediation server to the first authentication server and sent from the first authentication server to the first node comprises:
    - an identifier of the second authentication server, andan identifier of the second node.
  - 21. The method according to claim 20, wherein the mediation result sent from the mediation server to the second authentication server and sent from the second authentication server to the second node comprises:
    - an identifier of the first authentication server, andan identifier of the first node.
  - 22. The method according to claim 1, wherein the request to mediate authentication between the first node and the second node and/or the mediation result are recorded at the mediation server.

23. A system for mediation of authentication within a communication network comprising a first node being managed by a first authentication server and a second node being managed by a second authentication server, wherein the system comprises:
- a unit for authenticating the first node at the first authentication server,a unit for authenticating the first authentication server at the first node,a unit for sending a request to mediate authentication between the first node and at least the second node from the first node to the first authentication server,a mediation server being able to mediate authentication between the first node and the second node,a unit for authenticating the first authentication server at the mediation server,a unit for authenticating the mediation server at the first authentication server,a unit for sending the request to mediate authentication between the first node and the second node from the first authentication server to the mediation server,a unit for authenticating the second authentication server at the mediation server,a unit for authenticating the mediation server at the second authentication server,a unit for providing authentication between the second authentication sever and the second node,a unit for providing mediation of authentication between the first node and the second node by distributing a mediation result from the mediation server to at least one of the first node and the second node, anda unit for establishing a connection between the first node and the second node.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The system according to claim 23, wherein the first node is constituted by a user.
  - 25. The system according to claim 23, wherein the second node is constituted by a user.
  - 26. The system according to claim 23, wherein the first and second authentication servers keep information about each node that they manage, the information comprising:
    - at least one attribute of the managed node, and/orat least one condition that a counter part node must meet to be able to communicate with the managed node.
  - 27. The system according to claim 23, wherein the first and second authentication servers keep information about each counter part authentication server that they have a pre-agreed relation, the information comprising:
    - at least one attribute of the counter part authentication server, and/orat least one condition in order to manage nodes cooperatively between the authentication servers.
  - 28. The system according to claim 23, wherein the first and second authentication servers keep information about at least one mediation server, the information comprising:
    - at least one attribute of the mediation server, and/orinformation which enables the authentication server to authenticate the mediation server.
  - 29. The system according to claim 28, wherein the information which enables the authentication server to authenticate the mediation server is a public key certificate of the mediation server.
  - 30. The system according to claim 23, wherein the mediation server keeps information about each authentication server that is registered as a target for mediation at the mediation server, the information comprising:
    - at least one attribute of the authentication server, and/orinformation which enables the mediation server to authenticate the authentication server.
  - 31. The system according to claim 30, wherein the information which enables the mediation server to authenticate the authentication server is a public key certificate of the authentication server.

32. An article of manufacture, comprising:
- a machine readable storage medium; and
  
  programming instructions embodied in said medium for execution by at least one computer, wherein execution causes said at least one computer to perform functions comprising;
  
  authenticating the first node at the first authentication server,authenticating the first authentication server at the first node,sending a request to mediate authentication between the first node and at least the second node from the first node to the first authentication server,providing a mediation server being able to mediate authentication between the first node and the second node,authenticating the first authentication server at the mediation server,authenticating the mediation server at the first authentication server,sending the request to mediate authentication between the first node and the second node from the first authentication server to the mediation server,authenticating the second authentication server at the mediation server,authenticating the mediation server at the second authentication server,providing authentication between the second authentication server and the second node,providing mediation of authentication between the first node and the second node by distributing a mediation result from the mediation server to at least one of the first node and the second node, andestablishing a connection between the first node and the second node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
AOSHIMA, Hirokazu

Application Number

US12/209,659
Publication Number

US 20090100261A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/20 for managing network securi...

METHOD AND SYSTEM FOR MEDIATION OF AUTHENTICATION WITHIN A COMMUNICATION NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR MEDIATION OF AUTHENTICATION WITHIN A COMMUNICATION NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links