CERTIFICATE-BASED MUTUAL AUTHENTICATION FOR DATA SECURITY

US 20120324225A1
Filed: 06/20/2012
Published: 12/20/2012
Est. Priority Date: 06/20/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of protecting sensitive data from unauthorized access, said method comprising the computer-implemented steps of:

establishing a plurality of client roles for authorizing access to a set of API functions;

establishing a plurality of API keys for authorizing access to a subset of said set of API functions;

providing a first client role and a first API key to a first client;

receiving from said first client, at a first server, a request for access to a protected API function;

requiring the mutual exchange and verification of certificates between said first client and said first server; and

allowing said request if both said first client role and said first API key authorize access to said protected API function.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for maintaining data security using client roles, API keys, and certificate-based mutual authentication are presented. A method of protecting sensitive data includes both client authorization techniques and the mutual exchange and verification of certificates between client and server. In one embodiment, access by a client to a server is further limited by temporal constraints, volume constraints, and an end user identity filter.

27 Citations

View as Search Results

9 Claims

1. A method of protecting sensitive data from unauthorized access, said method comprising the computer-implemented steps of:
- establishing a plurality of client roles for authorizing access to a set of API functions;
  
  establishing a plurality of API keys for authorizing access to a subset of said set of API functions;
  
  providing a first client role and a first API key to a first client;
  
  receiving from said first client, at a first server, a request for access to a protected API function;
  
  requiring the mutual exchange and verification of certificates between said first client and said first server; and
  
  allowing said request if both said first client role and said first API key authorize access to said protected API function.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising the step of limiting access to said set of API functions by imposing one or more temporal constraints, one or more volume constraints, and/or an end user identity filter.
  - 3. The method of claim 2, wherein said one or more temporal constraints is a time-related limit selected from the group consisting of UTC clock time, client'"'"'s local time of day, server'"'"'s local time of day, client'"'"'s local day of the week, and server'"'"'s local day of the week.
  - 4. The method of claim 2, wherein said one or more volume constraints comprises a limit on the quantity of requests by said first client within a predetermined time window.
  - 5. The method of claim 2, wherein said end user identity filter comprises a rule permitting the display of masked values only unless an identified end user making said request matches a name on an approved user list.

6. A method of protecting sensitive data from unauthorized access, said method comprising the computer-implemented steps of:
- establishing a plurality of client roles for authorizing access to a set of API functions;
  
  establishing a plurality of API keys for authorizing access to a subset of said set of API functions;
  
  establishing one or more constraints for limiting access to said subset of said set of API functions, said constraints comprising one or more temporal constraints, one or more volume constraints, and an end user identity filter;
  
  assigning a first client role and a first API key to a first client;
  
  receiving from said first client, at a first server, a request for access to a protected API function;
  
  requiring the mutual exchange and verification of certificates between said first client and said first server; and
  
  allowing said request if both said first client role and said first API key authorize access to said protected API function, while also limiting said access by imposing one or more of said one or more constraints.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein said one or more temporal constraints is a time-related limit selected from the group consisting of UTC clock time, client'"'"'s local time of day, server'"'"'s local time of day, client'"'"'s local day of the week, and server'"'"'s local day of the week.
  - 8. The method of claim 6, wherein said one or more volume constraints comprises a limit on the quantity of requests by said first client within a predetermined time window.
  - 9. The method of claim 6, wherein said end user identity filter comprises a rule permitting the display of masked values only unless an identified end user making said request matches a name on an approved user list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dameion Dorsner, Daniel Konisky, Jason Chambers, Sridhar Manickam, Theresa Robison
Original Assignee
Dameion Dorsner, Daniel Konisky, Jason Chambers, Sridhar Manickam, Theresa Robison
Inventors
Chambers, Jason, Robison, Theresa, Dorsner, Dameion, Manickam, Sridhar, Konisky, Daniel

Application Number

US13/527,867
Publication Number

US 20120324225A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 15/173   using an interconnection ne...

G06F 21/00   Security arrangements for p...

H04L 9/0891   Revocation or update of sec...

CERTIFICATE-BASED MUTUAL AUTHENTICATION FOR DATA SECURITY

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

CERTIFICATE-BASED MUTUAL AUTHENTICATION FOR DATA SECURITY

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links