SYSTEM AND METHOD FOR SECURE COMMUNICATION

US 20100268945A1
Filed: 06/28/2010
Published: 10/21/2010
Est. Priority Date: 09/21/2001
Status: Active Grant

First Claim

Patent Images

1-37. -37. (canceled)

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communication module is provided for securing communication between a client application and a network service. The secure communication module comprises an authentication identifier provider for providing the client application a pool of authentication identifiers for use in subsequent communication with the network service, and an authentication identifier validator for checking the validity of an authentication identifiers from the pool of authentication identifiers sent with the subsequent communication.

42 Citations

View as Search Results

57 Claims

1-37. -37. (canceled)

38. An authentication apparatus for authenticating communication between a client and one or more web services, the authentication apparatus comprising:
- a computer readable memory storing instructions; and
  
  a processor for executing the instructions stored in the computer readable memory, the instructions when executed by the processor configuring the authentication apparatus to provide;
  
  an authentication identifier provider for providing to a client application executed on a client a plurality of authentication identifiers over a secure communication channel established over the network, individual authentication identifiers of the plurality of authentication identifiers for use in validating subsequent client application requests to access functionality provided by a web service;
  
  an authentication identifier validator for validating the client application'"'"'s authorization to access the requested functionality of the web service using an authentication identifier from the plurality of authentication identifiers received with a client application request to access functionality provided by the web service; and
  
  a communication module for receiving, over an unsecure communication channel established over the network, the client application request and the associated authentication identifier and sending the request to access functionality to the web service when the client application'"'"'s authorization to access the web service is validated by the authentication identifier validator.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
- - 39. The authentication apparatus of claim 38, wherein each authentication identifier is invalidated after being validated by the authentication validator, whereby each authentication identifier can only be used once.
  - 40. The authentication apparatus of claim 38, further comprising an authentication module for authenticating the client application prior to providing the client application the plurality of authentication identifiers.
  - 41. The authentication apparatus of claim 38, further comprising an authorization module for checking if the client application has authorization to access the functionality of the web service.
  - 42. The authentication apparatus of claim 38, further comprising a repository for storing information relating to the plurality of authentication identifiers.
  - 43. The authentication apparatus of claim 42, wherein the repository further stores information relating to the client application, and the web service.
  - 44. The authentication apparatus of claim 38, further comprising a billing module to bill for the pool authentication identifiers.
  - 45. The authentication apparatus of claim 38, further comprising a metering module for tracking usage of the pool of authentication identifiers.

46. A system for authenticating communication over a network comprising:
- a client computing device coupled to the network, the client executing a client application for receiving a plurality authentication identifiers over a secure channel through the network and sending over an unsecure communication channel through the network a client application request and an associated authentication identifier;
  
  a web service coupled to the authentication apparatus through the network for receiving the request to access the functionality of the web service; and
  
  an authentication server coupled to the network for;
  
  providing the plurality of authentication identifiers to the client over the secure communication channel established through the network, individual authentication identifiers of the plurality of authentication identifiers for use in validating subsequent client application requests to access functionality provided by the web service;
  
  receiving, over the unsecure communication channel established through the network, the client application request and the associated authentication identifier;
  
  validating the client application'"'"'s authorization to access the requested functionality of the web service using the authentication identifier from the plurality of authentication identifiers received with the client application request to access functionality provided by the web service; and
  
  sending the request to access functionality of the web service when the client application'"'"'s authorization to access the web service is validated.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54)
- - 47. The system of claim 46, wherein each authentication identifier is invalidated after being validated by the authentication validator, whereby each authentication identifier can only be used once.
  - 48. The system of claim 46, wherein the authentication apparatus further comprises an authentication module for authenticating the client application prior to providing the client application the plurality of authentication identifiers.
  - 49. The system of claim 46, wherein the authentication apparatus further comprises an authorization module for checking if the client application has authorization to access the functionality of the web service.
  - 50. The system of claim 46, wherein the authentication apparatus further comprises a repository for storing information relating to the plurality of authentication identifiers.
  - 51. The system of claim 50, wherein the repository further stores information relating to the client application, and the web service.
  - 52. The system of claim 46, wherein the authentication apparatus further comprises a billing module to bill for the pool authentication identifiers.
  - 53. The system of claim 46, wherein the authentication apparatus further comprises a metering module for tracking usage of the pool of authentication identifiers.
  - 54. The system of claim 46, wherein the communication module of the authentication apparatus further receives a response from the web service and sends the response back to client.

55. A method of authenticating communication between a client and a web service, the method comprising:
- sending, from the client, client application credentials over a secure communication channel;
  
  receiving and authenticating, at a server, the client application credentials;
  
  providing a plurality of authentication identifiers to the client over the secure communication channel established through the network, individual authentication identifiers of the plurality of authentication identifiers for use in validating subsequent client application requests to access a web service;
  
  receiving at the client the plurality of authentication identifiers;
  
  sending a client application request to access the web service with an associated authentication identifier from the plurality of received authentication identifiers;
  
  receiving, over an unsecure communication channel established through network, the client application request and the associated authentication identifier;
  
  validating the client application'"'"'s authorization to access the requested functionality of the web service using the authentication identifier from the plurality of authentication identifiers received with the client application request to access functionality provided by the web service; and
  
  sending the request to access functionality of the web service when the client application'"'"'s authorization to access the web service is validated.
- View Dependent Claims (56, 57)
- - 56. The method of claim 55, further comprising:
    - receiving at the web service the web service request;
      
      processing at the web service the web service request;
      
      sending a web service response to the server in response to the received web service request;
      
      receiving the web service response at the server; and
      
      sending the web service response to the client.
  - 57. The method of claim 56, further comprising:
    - sending a second client application request to access the web service with a second associated authentication identifier from the plurality of received authentication identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Corel Corporation (Corel Holdings LP)
Original Assignee
Joseph Chin, Matt Schnarr, Stephen Mereu
Inventors
Mereu, Stephen, Chin, Joseph, Schnarr, Matt

Granted Patent

US 8,302,163 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/161
CPC Class Codes

G06Q 30/02   Marketing; Price estimation...

G06Q 30/04   Billing or invoicing

H04L 63/0838   using one-time-passwords

SYSTEM AND METHOD FOR SECURE COMMUNICATION

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURE COMMUNICATION

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links