DELEGATING AUTHENTICATION USING A CHALLENGE/RESPONSE PROTOCOL

US 20110145900A1
Filed: 12/11/2009
Published: 06/16/2011
Est. Priority Date: 12/11/2009
Status: Active Grant

First Claim

Patent Images

1. A method performed by a server application for delegating authentication of a client application using a challenge/response protocol, the method comprising:

determining that authentication of a client application is required and transmitting an authentication request to the client application;

receiving a challenge/response request from the client application;

authenticating the client application to the server application in accordance with the challenge response protocol;

transmitting an access request to a second server application;

receiving an authentication request from the second server application and transmitting the authentication request to the client application;

receiving a second challenge/response request from the client application and transmitting the second challenge/response request to the second server application; and

authenticating the server application to the second server application based on the second challenge/response request on behalf of the client application in accordance with the challenge/response protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for delegating authentication using a challenge/response protocol is provided. The method may initiate with a challenge/response sequence between a client application and a server application to authenticate the client application. Then the server application authenticates to a second server application using the credentials associated with the client application by acting as a conduit between the client application and the second server application.

Citations

16 Claims

1. A method performed by a server application for delegating authentication of a client application using a challenge/response protocol, the method comprising:
- determining that authentication of a client application is required and transmitting an authentication request to the client application;
  
  receiving a challenge/response request from the client application;
  
  authenticating the client application to the server application in accordance with the challenge response protocol;
  
  transmitting an access request to a second server application;
  
  receiving an authentication request from the second server application and transmitting the authentication request to the client application;
  
  receiving a second challenge/response request from the client application and transmitting the second challenge/response request to the second server application; and
  
  authenticating the server application to the second server application based on the second challenge/response request on behalf of the client application in accordance with the challenge/response protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the server application determines that authentication is required when the client application attempts to access the server application.
  - 3. The method according to claim 1, wherein authenticating the client application to the server application in accordance with the challenge/response protocol comprises:
    - transmitting a challenge to the client application;
      
      receiving a response to the challenge from the client application; and
      
      validating the response and returning a result of the validation to the client application.
  - 4. The method according to claim 3, wherein the challenge is random data and the response is derived from the challenge and a password.
  - 5. The method according to claim 1, wherein authenticating of the server application to the second server application on behalf of the client application in accordance with the challenge/response protocol comprises:
    - receiving a second challenge from the second server application and transmitting the second challenge to the client application;
      
      receiving a response to the second challenge from the client application and transmitting the response to the second challenge to the second server application; and
      
      receiving a validation from the second server application.
  - 6. The method according to claim 1, wherein an authentication server is in communication with the server application and configured to authenticate the client application in accordance with the challenge/response protocol.
  - 7. The method according to claim 6, wherein the server application transmits the challenge/response request to the authentication server and the authentication server generates a challenge and transmits the challenge to the server application.
  - 8. The method according to claim 7, wherein the server application transmits a response to the authentication server so that the authentication server can validate the response.
  - 9. The method according to claim 6, wherein the authentication server includes a storage unit for storing a plurality of security credentials.

10. A method for authenticating a client application to a first server application and a second server application by delegation using a challenge/response protocol, the method comprising:
- establishing a data transfer link between the client application and the first server application;
  
  requesting the client application to authenticate to the first server application;
  
  authenticating the client application using a challenge/response sequence between the client application and the first server application;
  
  establishing a data transfer link between the first server application and the second server application;
  
  requesting the first server application to authenticate to the second server application;
  
  transmitting the request to authenticate from the first server application to the client application; and
  
  authenticating the first server to the second server on behalf of the client application using a second challenge/response sequence between the client application and the first server application.
- View Dependent Claims (11, 12, 13)
- - 11. The method according to claim 10, wherein the first server application communicates with the second server application and the second server application communicates with an authentication server.
  - 12. The method according to claim 11, wherein authenticating the client application to the first server application using the challenge/response sequence comprises:
    - generating a challenge/response request and transmitting the challenge/response request from the client application to the first server application;
      
      receiving the challenge/response request and transmitting the challenge/response request from the first server application to the authentication server;
      
      generating a challenge and transmitting the challenge from the authentication server to the first server application which relays the challenge to the client application; and
      
      generating a response at the client application, transmitting the response to the first server application to relay to the authentication server for validating the response to the challenge.
  - 13. The method according to claim 11, wherein authenticating the first server to the second server on behalf of the client application using the second challenge/response sequence comprises:
    - generating a second challenge/response request and transmitting the second challenge/response request to the first server application, forwarding the second challenge/response request to the authentication server;
      
      generating a challenge and transmitting the challenge to the second server application and then forwarding to the client application through the first server application; and
      
      generating a response to the challenge, transmitting the response to the first server application to forward to the authentication server through the second server for validating the response.

14. A delegation apparatus for delegating authentication of a client application using a challenge/response protocol with a server application, the delegation apparatus comprising:
- a determinating unit configured to determine if the client application is to be authenticated to the server application or a second server application;
  
  a receiving unit configured to receive a first challenge/response request and a second challenge/response request from the client application;
  
  a transmitting unit configured to transmit an access request from the server application to the second server application; and
  
  an authentication unit configured to authenticate the client application to the server application in response to the first challenge/response request in accordance with the challenge/response protocol,wherein the authentication unit authenticates the server application to the second server application on behalf of the client application in response to the server application receiving the second challenge/response request from the client application.

16. A computer-readable storage medium which stores computer-executable instructions for causing a computer to execute a method for delegating authentication of a client application using a challenge/response protocol with a server application, the method comprising:
- determining that authentication of a client application is required and transmitting an authentication request to the client application;
  
  receiving a challenge/response request from the client application;
  
  authenticating the client application to the server application in accordance with the challenge/response protocol;
  
  transmitting an access request to a second server application;
  
  receiving an authentication request from the second server application and transmitting the authentication request to the client application;
  
  receiving a second challenge/response request from the client application and transmitting the second challenge/response request to the second server application; and
  
  authenticating the server application to the second server application based on the second challenge/response request on behalf of the client application in accordance with the challenge/response protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Chern, Wei-Jhy

Granted Patent

US 8,484,708 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 67/02   based on web technology, e....

H04L 9/3271   using challenge-response

DELEGATING AUTHENTICATION USING A CHALLENGE/RESPONSE PROTOCOL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

DELEGATING AUTHENTICATION USING A CHALLENGE/RESPONSE PROTOCOL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links