Method And System For Securely Caching Authentication Elements

US 20100250937A1
Filed: 03/05/2008
Published: 09/30/2010
Est. Priority Date: 03/05/2007
Status: Abandoned Application

First Claim

Patent Images

1. An authentication method for authorizing a user to a plurality of secure servers each adapted to store user information, the method comprising:

receiving a request for access to one of the plurality of secure servers from a first user device using an authorized account identifier;

transmitting a request for the user to authenticate to an authentication server;

receiving an encrypted file stored by the user from a first user device;

retrieving a key specific to the first user device and selected from a plurality of keys associated with the account identifier upon authentication of the user to the authentication server and receipt of the encrypted file, wherein each key corresponds to one of a plurality of user devices;

decrypting the encrypted file with the key to generate a decrypted file comprising an authentication element;

accessing the secure server using the authentication server to transmit the authentication element and account identifier; and

granting access to the secure server if the transmitted authentication element and account identifier corresponds to a stored authentication element and account identifier for the user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authorizing a user to a plurality of secure servers. Each server is adapted to store user information. The secure server receives a request for access to one of the plurality of secure servers from a first user device from a user possessing an authorized account identifier. An authentication server may intervene and request the user authenticate to the authentication server and transmit a client-side electronic lockbox stored at the first user device to the authentication server. The authentication server retrieves a key′ corresponding to the received client-side lockbox and uses the key to decrypt an encrypted file contained within the lockbox. The decrypted file may contain authentication information that is forwarded to the secure server. The secure server grants the user access to the user'"'"'s content stored thereon when the authentication information received from the authentication server corresponds to the authentication information stored at the secure server for the user. The present method provides the user the ability to manage access to the user'"'"'s content by permitting the user to delete or disable a client-side lockbox or associated key from a remote location.

Citations

17 Claims

1. An authentication method for authorizing a user to a plurality of secure servers each adapted to store user information, the method comprising:
- receiving a request for access to one of the plurality of secure servers from a first user device using an authorized account identifier;
  
  transmitting a request for the user to authenticate to an authentication server;
  
  receiving an encrypted file stored by the user from a first user device;
  
  retrieving a key specific to the first user device and selected from a plurality of keys associated with the account identifier upon authentication of the user to the authentication server and receipt of the encrypted file, wherein each key corresponds to one of a plurality of user devices;
  
  decrypting the encrypted file with the key to generate a decrypted file comprising an authentication element;
  
  accessing the secure server using the authentication server to transmit the authentication element and account identifier; and
  
  granting access to the secure server if the transmitted authentication element and account identifier corresponds to a stored authentication element and account identifier for the user.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising a plurality of user devices, each user device having an encrypted file thereon for accessing at least one of the plurality of secure servers, the method further comprising granting the user access to the authentication server and permitting the user to destroy the plurality of keys to prevent access to data stored in the plurality of encrypted files on the plurality of user devices and to prevent access to the plurality of secure servers using the user'"'"'s account identifier.
  - 3. The method of claim 1 wherein the authentication element comprises a password.
  - 4. The method of claim 1 wherein the account identifier comprises a username.

5. A system for authorizing a user to a secure server, the system comprising:
- a means for authenticating the user to the secure server upon receipt of an authorized account identifier and a corresponding authentication element;
  
  a user device comprising a means for storing a client-side lockbox containing the authentication elementan authentication server communicatively connected to the secured computer system, wherein the authentication server is adapted to store a plurality of keys corresponding to the authorized account identifier, wherein at least one of the plurality of keys is specific to the user device; and
  
  wherein when the user attempts to access the secure server the authentication server intervenes and requires transmission of the account identifier and client-side lockbox to authenticate the user to the authentication server;
  
  wherein upon authentication to the authentication server and receipt of the client-side lockbox the authentication server retrieves the key corresponding to the account identifier and the user device used to access the authentication server;
  
  wherein the authentication server opens the client-side lockbox using the key specific to the user device and transmits account identifier and the authentication element contained in the client-side lockbox to the means for authenticating the user to the secure server.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5 wherein the authentication element comprises an encoded alphanumeric code decoded using the key.
  - 7. The system of claim 5 wherein the secure server comprises a web-based application server.
  - 8. The system of claim 5 wherein the authentication server comprises a third-party authentication component.

9. A method for authorizing a user to a secure server adapted to store user information, the method comprising:
- receiving a request for access from a first user device;
  
  transmitting a request for the user to authenticate to an authentication server;
  
  receiving an encrypted file stored by the user from the first user input device;
  
  retrieving a key specific to the first user device selected from a plurality of keys associated with the user upon authentication of the user to the authentication server and receipt of the encrypted filedecrypting the encrypted file to generate a decrypted file comprising an authentication element;
  
  accessing the secure server using the authentication server to transmit the decrypted file comprising the authentication element; and
  
  granting access to the secure server if the transmitted authentication element corresponds to a stored authentication element for the user.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9 further comprising granting the user access to the authentication server and permitting the user to destroy the plurality of keys to prevent access to the user information stored on the secure server.
  - 11. The method of claim 9 wherein the authentication element comprises a password.

12. A method for granting a user access to a secure computer system, the method comprising:
- establishing a communications channel between the secure computer system and a first user device;
  
  receiving an account identifier and a password from the first user device via the communications channel;
  
  generating and transmitting a query from the secure computer system to the user to request an authentication element containing an encrypted code specific to the first user device and the account identifier;
  
  retrieving a key stored by the computer system, wherein the key is specific to the first user device and account identifier, and wherein the key is adapted to allow decryption of the encrypted code;
  
  receiving the authentication element and encrypted code from the first user device; and
  
  granting access to the secure computer system only if the encrypted code received from the first user device, when decrypted with the key, corresponds to the account identifier and first user device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 wherein the secure computer system comprises a secured domain.
  - 14. The method of claim 12 wherein the first user device comprises a personal computer.
  - 15. The method of claim 12 further comprising refusing access to the secure computer system if the encrypted code received from the first user device, when decrypted with the key, does not correspond to the account identifier and first user device.
  - 16. The method of claim 12 further comprising querying the user to transmit an updated code from the first user device, and replacing the encrypted code stored at the first user device with an updated encrypted code specific to the first user device.
  - 17. The method of claim 12 further comprising:
    - establishing a communications channel between the secure computer system and a second user device;
      
      receiving the account identifier and a password from the second user device via the communications channel between the secure computer system and second user device;
      
      generating and transmitting a query from the secure computer system to the user to request an authentication element containing an encrypted code specific to the second user device and the account identifier;
      
      retrieving a key stored by the computer system, wherein the key is specific to the second user device and account identifier, and wherein the key is adapted to allow decryption of the encrypted code;
      
      receiving the authentication element and encrypted code from the second user device; and
      
      granting access to the secure computer system only if the encrypted code received from the second user device, when decrypted with the key, corresponds to the account identifier and second user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vidoop LLC
Original Assignee
Vidoop LLC
Inventors
Blomquist, Scott A., Blomquist, Chad

Application Number

US12/530,263
Publication Number

US 20100250937A1
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

Method And System For Securely Caching Authentication Elements

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method And System For Securely Caching Authentication Elements

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links