Dynamic identity authentication system
First Claim
Patent Images
1. A method comprising the steps of:
- given a network client (10) desiring access to a resource residing on a network server (26);
sending a first digital identity (43) from said network client (10) to said network server (26);
sending a second digital identity (63) from said network client (10) to said network server (26);
receiving said first digital identity (43) by said network server (26);
receiving said second digital identity (63) by said network server (26);
determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26);
determining that an association exists between said first digital identity (43) and said second digital identity (63) by said network server (26); and
granting access to said resources by said network server (26).
1 Assignment
0 Petitions
Accused Products
Abstract
An authenticating device (22) that receives a first digital identity (43) and a second digital identity (63) is disclosed. In one embodiment, the authenticating device (22) uses the second digital identity (63) as a key to an Identity Association Database (24) to retrieve a database entry (33). If the database entry (33) shows an association between the first digital identity (43) and the second digital identity (63), the digital identities are valid and an indication (72) of the validation of existence of association between first digital identity and second digital identity (96) is made by the authenticating device (22).
-
Citations
66 Claims
-
1. A method comprising the steps of:
-
given a network client (10) desiring access to a resource residing on a network server (26); sending a first digital identity (43) from said network client (10) to said network server (26); sending a second digital identity (63) from said network client (10) to said network server (26); receiving said first digital identity (43) by said network server (26); receiving said second digital identity (63) by said network server (26); determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26); determining that an association exists between said first digital identity (43) and said second digital identity (63) by said network server (26); and granting access to said resources by said network server (26). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising the steps of:
-
given a network client (10) desiring access to a resource on a network server (26); sending a first digital identity (43) to said network server (26) by said network client (10); sending a second digital identity (63) to said network server (26) by said network client (10); receiving said first digital identity (43) and context information (95) by said network server (26); receiving said second digital identity (63) and context information (95) by said network server (26); determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26); determining that context information (95) obtained during reception of said first digital identity (43) is the same as the context information (95) obtained during reception of said second digital identity (63) by said network server (26); determining that an association exists between said first digital identity (43) and said second digital identity (63) by said network server (26); and granting access to said resource by said network server (26). - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method comprising the steps of:
-
given a network client (10) desiring access to a resource on a network server (26); sending a first digital identity (43) to said network server (26) by said network client (10); sending a second digital identity (63) to said network server (26) by said network client (10); receiving said first digital identity (43) and context information (95) by said network server (26); receiving said second digital identity (63) and context information (95) by said network server (26); determining that both said first digital identity (43) and said second digital identity (63) are valid by said network server (26); determining that context information (95) obtained during reception of said first digital identity (43) is the same as the context information (95) obtained during reception of said second digital identity (63) by said network server (26); sending a challenge (35) to said network client (10) by said network server (26); receiving said challenge (35) by said network client (10); computing a challenge response (36) by said network client (10); sending said challenge response to said network server (26) by said network client (10); receiving said challenge response (36) by said network server (26); validating said challenge response (36) by said network server (26); and granting access to said desired resource by said network server (26). - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method comprising the steps of:
-
receiving a first digital identity (43) from a network client (10) using a first protocol entity server (17) by a network server (26); receiving a second digital identity (63) from said network client (10) using a second protocol entity server (19) by said network server (26); creating a challenge (35) including said received first digital identity (43) and said received second digital identity (63) by said network server (26); sending said challenge (35) to said network client (10) using a third protocol entity client (15) by said network server (26); receiving said challenge (35) using a third protocol entity server (21) by said network client (10); generating a challenge response (36) to said challenge (35) by said network client (10); sending said challenge response (36) using a third protocol entity server (21) to said network server (26) by said network client (10); receiving said challenge response (36) by said network server (26); and validating said challenge response (36) by said network server (26). - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A method comprising the steps of:
-
receiving a first digital identity (43) from a network client (10) using a first protocol entity server (17) by a network server (26); receiving a second digital identity (63) from said network client (10) using a second protocol entity server (19) by said network server (26); creating a challenge (35) including said first digital identity (43) and said second digital identity (63) by said network client (10); sending said challenge (35) to said network server (26) using a third protocol entity client (15) by said network client (10); receiving said challenge (35) using a third protocol entity server (21) by said network server (26); generating a challenge response (36) to said challenge (35) by said network server (26); sending said challenge response (36) using a third protocol entity server (21) to said network client (10) by said network server (26); receiving said challenge response (36) by said network client (10); and validating said challenge response (36) by said network client (10). - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
Specification