HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT

US 20100020967A1
Filed: 07/24/2008
Published: 01/28/2010
Est. Priority Date: 07/24/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

receiving authenticated user data at an authority node;

defining a plurality of epochs, each epoch identified by an epoch id;

associating the authenticated user data with a current epoch ID for a current epoch;

obtaining a current epoch key pair for the current epoch, the current epoch key pair comprising a current public epoch key and a current private epoch key, wherein one attribute of the current public epoch key is the current epoch id;

encrypting the associated authenticated user data with the current private epoch key to generate authentication data;

providing the current public epoch key to an external security service; and

providing the authentication data to the external security service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch manager that is used to generate authentication and authorization data that remain valid only for an epoch. The epoch manager can generate an epoch key pair that can be used to encrypt and decrypt the authentication and authorization data during the epoch that the key is valid. The epoch manager can also associate the contents of the data with the epoch in which it was created, so that at decrypting the epoch that the data was generated in can be identified.

81 Citations

View as Search Results

20 Claims

1. A computer implemented method, comprising:
- receiving authenticated user data at an authority node;
  
  defining a plurality of epochs, each epoch identified by an epoch id;
  
  associating the authenticated user data with a current epoch ID for a current epoch;
  
  obtaining a current epoch key pair for the current epoch, the current epoch key pair comprising a current public epoch key and a current private epoch key, wherein one attribute of the current public epoch key is the current epoch id;
  
  encrypting the associated authenticated user data with the current private epoch key to generate authentication data;
  
  providing the current public epoch key to an external security service; and
  
  providing the authentication data to the external security service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 18, 19, 20)
- - 2. The method of claim 1, wherein receiving authenticated user data comprises receiving at an authority node authenticated user data from an access agent.
  - 3. The method of claim 1, wherein the authenticated user data comprises authenticated user credentials.
  - 4. The method of claim 1, wherein an epoch is a period of time.
  - 5. The method of claim 1, wherein an epoch ID is a timestamp.
  - 6. The method of claim 1, wherein associating the authenticated user data with a current epoch ID for a current epoch comprises:
    - identifying a current epoch ID for the current epoch; and
      
      generating an associated authenticated user data, wherein the associated authenticated user data comprises of the authenticated user data and the current epoch id.
  - 7. The method of claim 1, wherein obtaining a current epoch key pair for the current epoch comprises:
    - generating at the authority node a public key and a private key during the current epoch;
      
      associating the key pair of the public key and private key with the current epoch ID.
  - 8. The method of claim 1, wherein the private epoch key is used to encrypt data.
  - 9. The method of claim 1, wherein the current public epoch key is used to decrypt data encrypted using the current private epoch key.
  - 10. The method of claim 1, wherein the current private epoch key is maintained at the authority node.
  - 11. The method of claim 1, wherein providing the current public epoch key comprises providing the current public epoch key to a processing node, wherein the processing node receives requests from one or more client browsers.
  - 12. The method of claim 1, wherein providing the authentication data to the external security service comprises providing a authentication data to a client browser.
  - 13. The method of claim 1, wherein providing the authentication data to the external security service comprises providing a authentication data to an access agent.
  - 14. The method of claim 1, further comprising:
    - determining whether the current epoch has expired;
      
      if the current epoch is determined to have expired,associating the authenticated user data with a new epoch ID for a new epoch;
      
      obtaining a new epoch key pair for the new epoch, the new epoch key pair comprising a new public epoch key and a new private epoch key, wherein one attribute of the new public epoch key is the new epoch id;
      
      encrypting the associated authenticated user data with the new private epoch key for the new epoch to generate a new authentication data;
      
      providing the new public epoch key for the new epoch to the external security service; and
      
      providing the new authentication data to the external security service.
  - 15. The method of claim 14, wherein providing the new authentication data to the external security service comprises providing the new authentication data to the processing node.
  - 18. The software of claim 15, wherein the providing the authentication data to the external security service comprises providing the authentication data to a processing node.
  - 19. The software of claim 15, wherein the providing the authentication data to the external security service comprises providing the authentication data to a access agent.
  - 20. The software of claim 15, w herein the new epoch key pair is obtained from the authority node.

16. Software stored in a computer readable medium and comprising instructions executable by a data processing system and upon such execution cause the data processing system to perform operations comprising:
- receiving authenticated user data;
  
  identifying a current epoch;
  
  identifying a current epoch ID associated with the current epoch;
  
  associating the authenticated user data with a current epoch id;
  
  obtaining a current epoch key pair for the current epoch, the current epoch key pair comprising a current public epoch key and a current private epoch key, wherein one attribute of the current public epoch key is the current epoch id;
  
  encrypting the associated authenticated user data with the current private epoch key to generate authentication data; and
  
  providing the current public epoch key and the authentication data to an external security service.
- View Dependent Claims (17)
- - 17. The software of claim 16, further comprising instructions executable by the data processing system and upon such execution cause the data processing system to perform operations comprising:
    - determining whether the current epoch has expired;
      
      if the current epoch is determined to have expired,identifying a new epoch ID for the new epoch;
      
      generating a new associated authenticated user data, wherein the new associated authenticated user data comprises of the authenticated user data and the new epoch id;
      
      obtaining a new epoch key pair for the new epoch, the new epoch key pair comprising a new public epoch key and a new private epoch key, wherein one attribute of the new public epoch key is the new epoch id;
      
      encrypting the new associated authenticated user data with the new private epoch key for the new epoch to generate a new authentication data;
      
      providing the new public epoch key for the new epoch to the external security service; and
      
      providing the new authentication data to the external security service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
SafeChannel, Inc.
Inventors
Kailash, Kailash, Mullick, Amarnath, Raphel, Jose, Nanjundaswamy, Shashidhara Mysore

Granted Patent

US 9,003,186 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/45
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 9/3234   involving additional secure...

H04L 9/3297   involving time stamps, e.g....

HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HTTP AUTHENTICATION AND AUTHORIZATION MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links