Method And System For Securely Caching Authentication Elements
First Claim
1. An authentication method for authorizing a user to a plurality of secure servers each adapted to store user information, the method comprising:
- receiving a request for access to one of the plurality of secure servers from a first user device using an authorized account identifier;
transmitting a request for the user to authenticate to an authentication server;
receiving an encrypted file stored by the user from a first user device;
retrieving a key specific to the first user device and selected from a plurality of keys associated with the account identifier upon authentication of the user to the authentication server and receipt of the encrypted file, wherein each key corresponds to one of a plurality of user devices;
decrypting the encrypted file with the key to generate a decrypted file comprising an authentication element;
accessing the secure server using the authentication server to transmit the authentication element and account identifier; and
granting access to the secure server if the transmitted authentication element and account identifier corresponds to a stored authentication element and account identifier for the user.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authorizing a user to a plurality of secure servers. Each server is adapted to store user information. The secure server receives a request for access to one of the plurality of secure servers from a first user device from a user possessing an authorized account identifier. An authentication server may intervene and request the user authenticate to the authentication server and transmit a client-side electronic lockbox stored at the first user device to the authentication server. The authentication server retrieves a key′ corresponding to the received client-side lockbox and uses the key to decrypt an encrypted file contained within the lockbox. The decrypted file may contain authentication information that is forwarded to the secure server. The secure server grants the user access to the user'"'"'s content stored thereon when the authentication information received from the authentication server corresponds to the authentication information stored at the secure server for the user. The present method provides the user the ability to manage access to the user'"'"'s content by permitting the user to delete or disable a client-side lockbox or associated key from a remote location.
-
Citations
17 Claims
-
1. An authentication method for authorizing a user to a plurality of secure servers each adapted to store user information, the method comprising:
-
receiving a request for access to one of the plurality of secure servers from a first user device using an authorized account identifier; transmitting a request for the user to authenticate to an authentication server; receiving an encrypted file stored by the user from a first user device; retrieving a key specific to the first user device and selected from a plurality of keys associated with the account identifier upon authentication of the user to the authentication server and receipt of the encrypted file, wherein each key corresponds to one of a plurality of user devices; decrypting the encrypted file with the key to generate a decrypted file comprising an authentication element; accessing the secure server using the authentication server to transmit the authentication element and account identifier; and granting access to the secure server if the transmitted authentication element and account identifier corresponds to a stored authentication element and account identifier for the user. - View Dependent Claims (2, 3, 4)
-
-
5. A system for authorizing a user to a secure server, the system comprising:
-
a means for authenticating the user to the secure server upon receipt of an authorized account identifier and a corresponding authentication element; a user device comprising a means for storing a client-side lockbox containing the authentication element an authentication server communicatively connected to the secured computer system, wherein the authentication server is adapted to store a plurality of keys corresponding to the authorized account identifier, wherein at least one of the plurality of keys is specific to the user device; and wherein when the user attempts to access the secure server the authentication server intervenes and requires transmission of the account identifier and client-side lockbox to authenticate the user to the authentication server; wherein upon authentication to the authentication server and receipt of the client-side lockbox the authentication server retrieves the key corresponding to the account identifier and the user device used to access the authentication server; wherein the authentication server opens the client-side lockbox using the key specific to the user device and transmits account identifier and the authentication element contained in the client-side lockbox to the means for authenticating the user to the secure server. - View Dependent Claims (6, 7, 8)
-
-
9. A method for authorizing a user to a secure server adapted to store user information, the method comprising:
-
receiving a request for access from a first user device; transmitting a request for the user to authenticate to an authentication server; receiving an encrypted file stored by the user from the first user input device; retrieving a key specific to the first user device selected from a plurality of keys associated with the user upon authentication of the user to the authentication server and receipt of the encrypted file decrypting the encrypted file to generate a decrypted file comprising an authentication element; accessing the secure server using the authentication server to transmit the decrypted file comprising the authentication element; and granting access to the secure server if the transmitted authentication element corresponds to a stored authentication element for the user. - View Dependent Claims (10, 11)
-
-
12. A method for granting a user access to a secure computer system, the method comprising:
-
establishing a communications channel between the secure computer system and a first user device; receiving an account identifier and a password from the first user device via the communications channel; generating and transmitting a query from the secure computer system to the user to request an authentication element containing an encrypted code specific to the first user device and the account identifier; retrieving a key stored by the computer system, wherein the key is specific to the first user device and account identifier, and wherein the key is adapted to allow decryption of the encrypted code; receiving the authentication element and encrypted code from the first user device; and granting access to the secure computer system only if the encrypted code received from the first user device, when decrypted with the key, corresponds to the account identifier and first user device. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification