Dynamic identity authentication system

US 20120072717A1
Filed: 04/27/2011
Published: 03/22/2012
Est. Priority Date: 02/01/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising the steps of:

given a network client (10) desiring access to a resource residing on a network server (26);

sending a first digital identity (43) from said network client (10) to said network server (26);

sending a second digital identity (63) from said network client (10) to said network server (26);

receiving said first digital identity (43) by said network server (26);

receiving said second digital identity (63) by said network server (26);

determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26);

determining that an association exists between said first digital identity (43) and said second digital identity (63) by said network server (26); and

granting access to said resources by said network server (26).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticating device (22) that receives a first digital identity (43) and a second digital identity (63) is disclosed. In one embodiment, the authenticating device (22) uses the second digital identity (63) as a key to an Identity Association Database (24) to retrieve a database entry (33). If the database entry (33) shows an association between the first digital identity (43) and the second digital identity (63), the digital identities are valid and an indication (72) of the validation of existence of association between first digital identity and second digital identity (96) is made by the authenticating device (22).

Citations

66 Claims

1. A method comprising the steps of:
- given a network client (10) desiring access to a resource residing on a network server (26);
  
  sending a first digital identity (43) from said network client (10) to said network server (26);
  
  sending a second digital identity (63) from said network client (10) to said network server (26);
  
  receiving said first digital identity (43) by said network server (26);
  
  receiving said second digital identity (63) by said network server (26);
  
  determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26);
  
  determining that an association exists between said first digital identity (43) and said second digital identity (63) by said network server (26); and
  
  granting access to said resources by said network server (26).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as recited in claim 1, in which:
    - said first digital identity (43) is obtained by a public key mechanism.
  - 3. A method as recited in claim 2, in which:
    - said first digital identity (43) is a PKI Certificate (65).
  - 4. A method as recited in claim 1, in which:
    - said first digital identity (43) is obtained by a symmetric key mechanism.
  - 5. A method as recited in claim 4, in which:
    - said first digital identity (43) is a TAC Identity (45).
  - 6. A method as recited in claim 1, in which:
    - said authentication is temporal.
  - 7. A method as recited in claim 1, in which:
    - said second digital identity (63) is obtained by a public key mechanism.
  - 8. A method as recited in claim 1, in which:
    - said second digital identity (63) is a PKI Certificate (65).
  - 9. A method as recited in claim 1, in which:
    - said second digital identity (63) is obtained by a symmetric key mechanism.
  - 10. A method as recited in claim 1, in which:
    - said second digital identity (63) is a TAC Identity (45).

11. A method comprising the steps of:
- given a network client (10) desiring access to a resource on a network server (26);
  
  sending a first digital identity (43) to said network server (26) by said network client (10);
  
  sending a second digital identity (63) to said network server (26) by said network client (10);
  
  receiving said first digital identity (43) and context information (95) by said network server (26);
  
  receiving said second digital identity (63) and context information (95) by said network server (26);
  
  determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26);
  
  determining that context information (95) obtained during reception of said first digital identity (43) is the same as the context information (95) obtained during reception of said second digital identity (63) by said network server (26);
  
  determining that an association exists between said first digital identity (43) and said second digital identity (63) by said network server (26); and
  
  granting access to said resource by said network server (26).
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 12. A method as recited in claim 11, in which:
    - said first digital identity (43) is obtained by a public key mechanism.
  - 13. A method as recited in claim 11, in which:
    - said first digital identity (43) is a PKI Certificate (65).
  - 14. A method as recited in claim 11, in which:
    - said first digital identity (43) is obtained by a symmetric key mechanism.
  - 15. A method as recited in claim 11, in which:
    - said first digital identity (43) is a TAC Identity (45).
  - 16. A method as recited in claim 11, in which:
    - said second digital identity (63) is obtained by a public key mechanism.
  - 17. A method as recited in claim 11, in which:
    - said second digital identity (63) is a PKI. Certificate (65).
  - 18. A method as recited in claim 11, in which:
    - said second digital identity (63) is obtained by a symmetric key mechanism.
  - 19. A method as recited in claim 11, in which:
    - said second digital identity (63) is a TAC Identity (45).
  - 20. A method as recited in claim 11, in which:
    - said authentication is temporal.
  - 21. A method as recited in claim 11, in which:
    - said context information (95) includes network layer state information.
  - 22. A method as recited in claim 11, in which:
    - said context information (95) includes transport layer state information.
  - 23. A method as recited in claim 11, in which:
    - said context information (95) includes TCP/IP state information.
  - 24. A method as recited in claim 11, in which:
    - said context information (95) includes application state.
  - 25. A method as recited in claim 11, in which:
    - said context information (95) includes state information from any of the OSI protocol stack layers.

26. A method comprising the steps of:
- given a network client (10) desiring access to a resource on a network server (26);
  
  sending a first digital identity (43) to said network server (26) by said network client (10);
  
  sending a second digital identity (63) to said network server (26) by said network client (10);
  
  receiving said first digital identity (43) and context information (95) by said network server (26);
  
  receiving said second digital identity (63) and context information (95) by said network server (26);
  
  determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26);
  
  determining that context information (95) obtained during reception of said first digital identity (43) is the same as the context information (95) obtained during reception of said second digital identity (63) by said network server (26);
  
  sending a challenge (35) to said network client (10) by said network server (26);
  
  receiving said challenge (35) by said network client (10);
  
  computing a challenge response (36) by said network client (10);
  
  sending said challenge response to said network server (26) by said network client (10);
  
  receiving said challenge response (36) by said network server (26);
  
  validating said challenge response (36) by said network server (26); and
  
  granting access to said desired resource by said network server (26).
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 27. A method as recited in claim 26, in which:
    - said first digital identity (43) is obtained by a public key mechanism.
  - 28. A method as recited in claim 26, in which:
    - said first digital identity (43) is a PKI Certificate (65).
  - 29. A method as recited in claim 26, in which:
    - said first digital identity (43) is obtained by a symmetric key mechanism.
  - 30. A method as recited in claim 26, in which:
    - said first digital identity (43) is a TAC Identity (45).
  - 31. A method as recited in claim 26, in which:
    - said second digital identity (63) is obtained by a public key mechanism.
  - 32. A method as recited in claim 26, in which:
    - said second digital identity (63) is a PKI Certificate (65).
  - 33. A method as recited in claim 26, in which:
    - said second digital identity (63) is obtained by a symmetric key mechanism.
  - 34. A method as recited in claim 26, in which:
    - said second digital identity (63) is a TAC Identity (45).
  - 35. A method as recited in claim 26, in which:
    - said authentication is temporal.
  - 36. A method as recited in claim 26, in which:
    - said context information (95) includes network layer state information.
  - 37. A method as recited in claim 26, in which:
    - said context information (95) includes transport layer state information.
  - 38. A method as recited in claim 26, in which:
    - said context information (95) includes TCP/IP state information.
  - 39. A method as recited in claim 26, in which:
    - said context information (95) includes application state.
  - 40. A method as recited in claim 26, in which:
    - said context information (95) includes state information from any of the OSI protocol stack layers.

41. A method comprising the steps of:
- receiving a first digital identity (43) from a network client (10) using a first protocol entity server (17) by a network server (26);
  
  receiving a second digital identity (63) from said network client (10) using a second protocol entity server (19) by said network server (26);
  
  creating a challenge (35) including said received first digital identity (43) and said received second digital identity (63) by said network server (26);
  
  sending said challenge (35) to said network client (10) using a third protocol entity client (15) by said network server (26);
  
  receiving said challenge (35) using a third protocol entity server (21) by said network client (10);
  
  generating a challenge response (36) to said challenge (35) by said network client (10);
  
  sending said challenge response (36) using a third protocol entity server (21) to said network server (26) by said network client (10);
  
  receiving said challenge response (36) by said network server (26); and
  
  validating said challenge response (36) by said network server (26).
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 42. A method as recited in claim 41, in which:
    - said first digital identity (43) is obtained by a public key mechanism.
  - 43. A method as recited in claim 41, in which:
    - said first digital identity (43) is a PKI Certificate (65).
  - 44. A method as recited in claim 41, in which:
    - said first digital identity (43) is obtained by a symmetric key mechanism.
  - 45. A method as recited in claim 41, in which:
    - said first digital identity (43) is a TAC Identity (45).
  - 46. A method as recited in claim 41, in which:
    - said first digital identity (43) is independently authenticated.
  - 47. A method as recited in claim 41, in which:
    - said second digital identity (63) is obtained by a public key mechanism.
  - 48. A method as recited in claim 41, in which:
    - said second digital identity (63) is a PKI Certificate (65).
  - 49. A method as recited in claim 41, in which:
    - said second digital identity (63) is obtained by a symmetric key mechanism.
  - 50. A method as recited in claim 41, in which:
    - said second digital identity (63) is a TAC Identity (45).
  - 51. A method as recited in claim 41, in which:
    - said first digital identity (43) is independently authenticated.
  - 52. A method as recited in claim 41, in which:
    - said challenge response (36) includes a cryptographic hash of inputs including said first digital identity (43), said second digital identity (63) and information included in said challenge (35).
  - 53. A method as recited in claim 41, in which:
    - said challenge (35) includes a random number.

54. A method comprising the steps of:
- receiving a first digital identity (43) from a network client (10) using a first protocol entity server (17) by a network server (26);
  
  receiving a second digital identity (63) from said network client (10) using a second protocol entity server (19) by said network server (26);
  
  creating a challenge (35) including said first digital identity (43) and said second digital identity (63) by said network client (10);
  
  sending said challenge (35) to said network server (26) using a third protocol entity client (15) by said network client (10);
  
  receiving said challenge (35) using a third protocol entity server (21) by said network server (26);
  
  generating a challenge response (36) to said challenge (35) by said network server (26);
  
  sending said challenge response (36) using a third protocol entity server (21) to said network client (10) by said network server (26);
  
  receiving said challenge response (36) by said network client (10); and
  
  validating said challenge response (36) by said network client (10).
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 55. A method as recited in claim 54, in which:
    - said first digital identity (43) is obtained by a public key mechanism.
  - 56. A method as recited in claim 54, in which:
    - said first digital identity (43) is a PKI Certificate (65).
  - 57. A method as recited in claim 54, in which:
    - said first digital identity (43) is obtained by a symmetric key mechanism.
  - 58. A method as recited in claim 54, in which:
    - said first digital identity (43) is a TAC Identity (45).
  - 59. A method as recited in claim 54, in which:
    - said first digital identity (43) is independently authenticated.
  - 60. A method as recited in claim 54, in which:
    - said second digital identity (63) is obtained by a public key mechanism.
  - 61. A method as recited in claim 54, in which:
    - said second digital identity (63) is a PKI Certificate (65).
  - 62. A method as recited in claim 54, in which:
    - said second digital identity (63) is obtained by a symmetric key mechanism.
  - 63. A method as recited in claim 54, in which:
    - said second digital identity (63) is a TAC Identity (45).
  - 64. A method as recited in claim 54, in which:
    - said second digital identity (63) is independently authenticated.
  - 65. A method as recited in claim 54, in which:
    - said challenge response (36) includes a cryptographic hash of inputs including said received first digital identity (43), said received second digital identity (63) and information included in said challenge (35).
  - 66. A method as recited in claim 54, in which:
    - said challenge (35) includes a random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackridge Technology Holdings, Inc
Original Assignee
Blackridge Technology Holdings, Inc
Inventors
Hayes, John W.

Application Number

US13/066,963
Publication Number

US 20120072717A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

Dynamic identity authentication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic identity authentication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links