CENTRALIZED AUTHENTICATION FOR MULTIPLE APPLICATIONS

US 20130104219A1
Filed: 10/21/2011
Published: 04/25/2013
Est. Priority Date: 10/21/2011
Status: Active Grant

First Claim

Patent Images

1. A network authentication system for authenticating requests for services that are delivered from a network data communication device and that are directed to different applications, each request being directed to one of the applications, comprising:

a network communication interface configured to electronically receive the requests for services from the network data communication device and to electronically send requests for the services to the applications on behalf of the network data communication device; and

a data processing system configured to;

electronically authenticate each received request; and

cause the network communication interface to send each request for the service indicated by the received request on behalf of the network data communication device to the application if and only if the authentication is successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network applications can provide network security without containing any security code or otherwise verifying the authenticity of each request that they receive for service. Instead, a single, centralized network authentication system can be placed between the network applications and all devices requesting for services from them. The authenticity of each request for service can then be verified by the centralized network authentication system before the request is passed to the network application to which it is directed. Responses from the network applications may also be channeled back to the systems that made the requests through the centralized network authentication system.

26 Citations

20 Claims

1. A network authentication system for authenticating requests for services that are delivered from a network data communication device and that are directed to different applications, each request being directed to one of the applications, comprising:
- a network communication interface configured to electronically receive the requests for services from the network data communication device and to electronically send requests for the services to the applications on behalf of the network data communication device; and
  
  a data processing system configured to;
  
  electronically authenticate each received request; and
  
  cause the network communication interface to send each request for the service indicated by the received request on behalf of the network data communication device to the application if and only if the authentication is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The network authentication system of claim 1 wherein each request for service that is sent by the network communication interface to an application is not configured to be authenticated by the application.
  - 3. The network authentication system of claim 1 wherein the data processing system is configured to electronically authenticate each received request by sending information relating to the received request to a security database system that is separate from the network authentication system and by receiving information from the security database system in response indicating whether the received request is authentic.
  - 4. The network authentication system of claim 1 wherein each received request includes authentication information from which the authenticity of the received request is determined by the data processing system.
  - 5. The network authentication system of claim 4 wherein the authentication information in each received request includes a session token.
  - 6. The network authentication system of claim 5 wherein the data processing system is configured to electronically authenticate each received requested by verifying the validity of its session token.
  - 7. The network authentication system of claim 6 wherein the data processing system is configured to verify the validity of each session token by causing the network communication interface to send the session token to a token database system that is separate from the network authentication system and by receiving information from the token database system in response indicating whether the session token is valid.
  - 8. The network authentication system of claim 1 wherein the data processing system is further configured to obtain authentication information, to cause the network communication interface to send the authentication information to the network data communication device, and to verify that each subsequent request for services from the network data communication device includes the authentication information.
  - 9. The network authentication system of claim 8 wherein the data processing system is configured to cause the network communication interface to obtain the authentication information from a security database system that is separate from the network authentication system and to receive the authentication information from the security database system in response.
  - 10. The network authentication system of claim 8 wherein the authentication information is a session token.
  - 11. The network authentication system of claim 8 wherein the data processing system is configured to determine whether there are any additional application-specific security requirements in connection with the application to which each received request is directed, in addition to verifying the inclusion of the authentication information, and, if so, to verify that such application-specific security requirements are met in addition to verifying the inclusion of the authentication information.
  - 12. The network authentication system of claim 1 wherein the network communication interface is configured to receive from the applications responses to the requests for services and the data processing system is configured to cause the network communication interface to deliver these responses to the network communication device.
  - 13. The network authentication system of claim 1 wherein the network data communication device is a wireless mobile communication device.
  - 14. The network authentication system of claim 1 wherein each of the applications is run on a different application server and the network communication interface is configured to send each request for service on behalf of the network communication device to the server on which the application is running.

15. Non-transitory, tangible, computer-readable storage media containing a program of instructions configured to cause a network authentication system running the program of instructions to authenticate requests for services that are delivered from a wireless mobile communication device and that are directed to different applications, each request being directed to one of the applications, by:
- electronically receiving the requests for services from the network data communication device and to electronically send requests for the services to the applications on behalf of the network data communication device;
  
  electronically authenticating each received request; and
  
  electronically sending each request for the service requested indicated by each received request on behalf of the network data communication device to the application if and only if the authentication is successful.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The storage media of claim 15 wherein each request for service that is sent to an application is not configured to be authenticated by the application.
  - 17. The storage media of claim 15 wherein each received request includes a session token from which the authenticity of the received request is determined.
  - 18. The storage media of claim 15 wherein the program of instructions is configured to cause the network authentication system running the program of instructions to obtain a session token, to send the session token to the wireless mobile communication device, and to verify that each subsequent request for services from the wireless mobile communication device includes the session token.
  - 19. The storage media of claim 15 wherein the program of instructions is configured to cause the network authentication system running the program of instructions to receive from the applications responses to the requests for services and to deliver these responses to the wireless mobile communication device.
  - 20. The storage media of claim 15 wherein each of the applications is run on a different application server and wherein the program of instructions is configured to cause the network authentication system running the program of instructions to send each request for service on behalf of the wireless mobile communication device to the server on which the application is running.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Kumar, Nanda, Mudalegundi, Vijay G.

Granted Patent

US 8,561,165 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 9/321   involving a third party or ...

H04L 9/3234   involving additional secure...

CENTRALIZED AUTHENTICATION FOR MULTIPLE APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CENTRALIZED AUTHENTICATION FOR MULTIPLE APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links