System And Method For A Single Request And Single Response Authentication Protocol

US 20130124856A1
Filed: 11/04/2008
Published: 05/16/2013
Est. Priority Date: 11/04/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating credentials for access to a given electronic document protected by a given rights management policy, comprising:

receiving an indication of an attempt to access the electronic document protected by the rights management policy, wherein said electronic document comprises rights management configuration information specifying one or more authentication parameters for performing authentication with a remote server in regard to the electronic document, wherein the rights management configuration information from said electronic document indicates a particular authentication protocol to be performed for the authentication with the remote server;

sending to the remote server, a single request to authenticate an identity of an entity attempting to access the electronic document, wherein said single request is generated according to said rights management configuration information from the electronic document;

in response to sending the single request, receiving a single response from the remote server, wherein said single response comprises information indicating that said identity is authenticated; and

in response to the single response, providing access to the document according to said rights management policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of a system and method for a single request and single response authentication protocol are described. A client may send to an authentication server a request to authenticate the identity of a user attempting to access an electronic document protected by a rights management policy. The single request may be generated according to rights management configuration information included within the document. Such rights management information may include one or more parameters for requesting authentication from an authentication server. In response to the request, an authentication server may send a single response to the client. The single response may include information indicating that the identity is authenticated (e.g., a license to access the document, or an encryption key to decrypt the document). The client system may be configured to, in response to the single response, provide access to the document according to the rights management policy.

Citations

36 Claims

1. A computer-implemented method for authenticating credentials for access to a given electronic document protected by a given rights management policy, comprising:
- receiving an indication of an attempt to access the electronic document protected by the rights management policy, wherein said electronic document comprises rights management configuration information specifying one or more authentication parameters for performing authentication with a remote server in regard to the electronic document, wherein the rights management configuration information from said electronic document indicates a particular authentication protocol to be performed for the authentication with the remote server;
  
  sending to the remote server, a single request to authenticate an identity of an entity attempting to access the electronic document, wherein said single request is generated according to said rights management configuration information from the electronic document;
  
  in response to sending the single request, receiving a single response from the remote server, wherein said single response comprises information indicating that said identity is authenticated; and
  
  in response to the single response, providing access to the document according to said rights management policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the method further comprises:
    - subsequent to said providing access to the document, receiving an other attempt to access the electronic document;
      
      sending to the remote server, an other single request to authenticate an identity of a given entity attempting to access the electronic document, wherein said other single request is generated according to said rights management configuration information;
      
      in response to sending the other single request, receiving a notification to change one or more authentication parameters of said rights management configuration information; and
      
      in response to said notification, changing at least some of said authentication parameters specified by said rights management configuration information.
  - 3. The computer-implemented method of claim 2, further comprising:
    - subsequent to changing at least some of said authentication parameters, sending to the remote server, an additional single request to authenticate the identity of the given entity attempting to access the electronic document, wherein said additional single request is generated according to the changed rights management configuration information;
      
      in response to sending the additional single request, receiving an other single response from the remote server, wherein said other single response comprises information indicating that said identity of the given entity is authenticated; and
      
      in response to the other single response, providing access to the document according to said rights management policy.
  - 4. The computer-implemented method of claim 1, wherein said attempt to access the electronic document is one or more of:
    - an attempt to view the electronic document, an attempt to modify the electronic document, and an attempt to print the electronic document.
  - 5. The computer-implemented method of claim 1, wherein said information indicating that said entity is authenticated comprises a license to access said electronic document.
  - 6. The computer-implemented method of claim 1, wherein said information indicating that said entity is authenticated comprises an encryption key for decrypting said electronic document, wherein said providing access to the document comprises utilizing the encryption key to decrypt said electronic document.

7. A computer-implemented method for authenticating credentials for access to a given electronic document protected by a given rights management policy, comprising:
- receiving a single request to authenticate an identity of an entity attempting to access the electronic document protected by the rights management policy, wherein said single request is generated according to rights management configuration information stored within said electronic document, wherein the rights management configuration information stored within said electronic document indicates a particular authentication protocol for performing authentication in re and to the electronic document;
  
  determining whether the single request adheres to one or more authentication requirements of an authentication server; and
  
  in response to determining that the single request adheres to said one or more authentication requirements, sending to a remote client a single response comprising information indicating that said identity is authenticated.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-implemented method of claim 7, further comprising:
    - subsequent to sending said information indicating that said identity is authenticated, receiving an other single request to authenticate an identity of a given entity attempting to access the electronic document; and
      
      in response to determining that the single request does not adhere to at least one authentication requirement of the authentication server, sending to a remote client a notification to change the rights management configuration information according to which authentication requests are generated.
  - 9. The computer-implemented method of claim 8, wherein said notification to change specifies one or more authentication parameters that are to be changed.
  - 10. The computer-implemented method of claim 9, wherein said authentication parameters include one or more of:
    - a parameter specifying an authentication mechanism, a parameter specifying capabilities of the authentication server, and a parameter specifying a privacy notification to be displayed to a user.
  - 11. The computer-implemented method of claim 7, wherein said information indicating that said entity is authenticated comprises a license to access said electronic document.
  - 12. The computer implemented method of claim 7, wherein said information indicating that said entity is authenticated comprises an encryption key for decrypting said electronic document.

13. A system for authenticating credentials for access to a given electronic document protected by a given rights management policy, the system comprising:
- a memory comprising program instructions;
  
  one or more processors coupled to said memory, wherein the program instructions are executable by at least one of said one or more processors to;
  
  receive an indication of an attempt to access the electronic document protected by the rights management policy, wherein said electronic document comprises rights management configuration information specifying one or more authentication parameters for performing authentication with a remote server in regard to the electronic document, wherein the rights management configuration information from said electronic document indicates a particular authentication protocol to be performed for the authentication with the remote server;
  
  send to the remote server, a single request to authenticate an identity of an entity attempting to access the electronic document, wherein said single request is generated according to said rights management configuration information from the electronic document;
  
  in response to sending the single request, receive a single response from the remote server, wherein said single response comprises information indicating that said identity is authenticated; and
  
  in response to the single response, provide access to the document according to said rights management policy.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the program instructions are configured to:
    - subsequent to said providing access to the document, receive an other attempt to access the electronic document;
      
      send to the remote server, an other single request to authenticate an identity of a given entity attempting to access the electronic document, wherein said other single request is generated according to said rights management configuration information;
      
      in response to sending the other single request, receive a notification to change one or more authentication parameters of said rights management configuration information; and
      
      in response to said notification, change at least some of said authentication parameters specified by said rights management configuration information.
  - 15. The system of claim 14, wherein the program instructions are configured to:
    - subsequent to changing at least some of said authentication parameters, send to the remote server, an additional single request to authenticate the identity of the given entity attempting to access the electronic document, wherein said additional single request is generated according to the changed rights management configuration information;
      
      in response to sending the additional single request, receive an other single response from the remote server, wherein said other single response comprises information indicating that said identity of the given entity is authenticated; and
      
      in response to the other single response, provide access to the document according to said rights management policy.
  - 16. The system of claim 13, wherein said attempt to access the electronic document is one or more of:
    - an attempt to view the electronic document, an attempt to modify the electronic document, and an attempt to print the electronic document.
  - 17. The system of claim 13, wherein said information indicating that said entity is authenticated comprises a license to access said electronic document.
  - 18. The system of claim 13, wherein said information indicating that said entity is authenticated comprises an encryption key for decrypting said electronic document, wherein to provide access to the document the program instructions are configured to utilize the encryption key to decrypt said electronic document.

19. A system for authenticating credentials for access to a given electronic document protected by a given rights management policy, the system comprising:
- a memory comprising program instructions;
  
  one or more processors coupled to said memory, wherein the program instructions are executable by at least one of said one or more processors to;
  
  receive a single request to authenticate an identity of an entity attempting to access the electronic document protected by the rights management policy, wherein said single request is generated according to rights management configuration information stored within said electronic document, wherein the rights management configuration information stored within said electronic document indicates a particular authentication protocol for performing authentication in regard to the electronic document;
  
  determine whether the single request adheres to one or more authentication requirements of an authentication server; and
  
  in response to determining that the single request adheres to said one or more authentication requirements, send to a remote client a single response comprising information indicating that said identity is authenticated.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein the program instructions are configured to:
    - subsequent to sending said information indicating that said identity is authenticated, receive an other single request to authenticate an identity of a given entity attempting to access the electronic document; and
      
      in response to determining that the single request does not adhere to at least one authentication requirement of the authentication server, send to a remote client a notification to change the rights management configuration information according to which authentication requests are generated.
  - 21. The system of claim 20, wherein said notification to change specifies one or more authentication parameters that are to be changed.
  - 22. The system of claim 21, wherein said authentication parameters include one or more of:
    - a parameter specifying an authentication mechanism, a parameter specifying capabilities of the authentication server, and a parameter specifying a privacy notification to be displayed to a user.
  - 23. The system of claim 19, wherein said information indicating that said entity is authenticated comprises a license to access said electronic document.
  - 24. The system of claim 19, wherein said information indicating that said entity is authenticated comprises an encryption key for decrypting said electronic document.

25. A computer accessible storage medium storing program instructions for authenticating credentials for access to a given electronic document protected by a given rights management policy, the program instructions computer-executable to:
- receive an indication of an attempt to access the electronic document protected by the rights management policy, wherein said electronic document comprises rights management configuration information specifying one or more authentication parameters for performing authentication with a remote server in regard to the electronic document, wherein the rights management configuration information from said electronic document indicates a particular authentication protocol to be performed for the authentication with the remote server;
  
  send to the remote server, a single request to authenticate an identity of an entity attempting to access the electronic document, wherein said single request is generated according to said rights management configuration information from the electronic document;
  
  in response to sending the single request, receive a single response from the remote server, wherein said single response comprises information indicating that said identity is authenticated; and
  
  in response to the single response, provide access to the document according to said rights management policy.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The medium of claim 25, wherein the program instructions are configured to:
    - subsequent to said providing access to the document, receive an other attempt to access the electronic document;
      
      send to the remote server, an other single request to authenticate an identity of a given entity attempting to access the electronic document, wherein said other single request is generated according to said rights management configuration information;
      
      in response to sending the other single request, receive a notification to change one or more authentication parameters of said rights management configuration information; and
      
      in response to said notification, change at least some of said authentication parameters specified by said rights management configuration information.
  - 27. The medium of claim 26, wherein the program instructions are configured to:
    - subsequent to changing at least some of said authentication parameters, send to the remote server, an additional single request to authenticate the identity of the given entity attempting to access the electronic document, wherein said additional single request is generated according to the changed rights management configuration information;
      
      in response to sending the additional single request, receive an other single response from the remote server, wherein said other single response comprises information indicating that said identity of the given entity is authenticated; and
      
      in response to the other single response, provide access to the document according to said rights management policy.
  - 28. The medium of claim 25, wherein said attempt to access the electronic document is one or more of:
    - an attempt to view the electronic document, an attempt to modify the electronic document, and an attempt to print the electronic document.
  - 29. The medium of claim 25, wherein said information indicating that said entity is authenticated comprises a license to access said electronic document.
  - 30. The medium of claim 25, wherein said information indicating that said entity is authenticated comprises an encryption key for decrypting said electronic document, wherein to provide access to the document the program instructions are configured to utilize the encryption key to decrypt said electronic document.

31. A computer accessible storage medium storing program instructions for access to a given electronic document protected by a given rights management policy, the program instructions computer-executable to:
- receive a single request to authenticate an identity of an entity attempting to access the electronic document protected by the rights management policy, wherein said single request is generated according to rights management configuration information stored within said electronic document, wherein the rights management configuration information stored within said electronic document indicates a particular authentication protocol for performing authentication in regard to the electronic document;
  
  determine whether the single request adheres to one or more authentication requirements of an authentication server; and
  
  in response to determining that the single request adheres to said one or more authentication requirements, send to a remote client a single response comprising information indicating that said identity is authenticated.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The medium of claim 31, wherein the program instructions are configured to:
    - subsequent to sending said information indicating that said identity is authenticated, receive an other single request to authenticate an identity of a given entity attempting to access the electronic document; and
      
      in response to determining that the single request does not adhere to at least one authentication requirement of the authentication server, send to a remote client a notification to change the rights management configuration information according to which authentication requests are generated.
  - 33. The medium of claim 32, wherein said notification to change specifies one or more authentication parameters that are to be changed.
  - 34. The medium of claim 33, wherein said authentication parameters include one or more of:
    - a parameter specifying an authentication mechanism, a parameter specifying capabilities of the authentication server, and a parameter specifying a privacy notification to be displayed to a user.
  - 35. The medium of claim 31, wherein said information indicating that said entity is authenticated comprises a license to access said electronic document.
  - 36. The medium of claim 31, wherein said information indicating that said entity is authenticated comprises an encryption key for decrypting said electronic document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Agrawal, Sunil, Poling, Mathew J.

Granted Patent

US 9,338,166 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

H04L 2463/103   applying security measure f...

H04L 63/10   for controlling access to d...

H04L 67/01   Protocols

H04L 9/0844   with user authentication or...

System And Method For A Single Request And Single Response Authentication Protocol

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System And Method For A Single Request And Single Response Authentication Protocol

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links