SYSTEM AND METHOD FOR DELIVERING A CHALLENGE RESPONSE IN AN AUTHENTICATION PROTOCOL

US 20130212387A1
Filed: 08/31/2012
Published: 08/15/2013
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user comprising:

receiving an access-request of a network protocol at a challenge-response server;

determining if an access-challenge message is required;

delivering an active script component through a parameter of an access-challenge message of the network protocol when an access-challenge is required;

receiving a challenge-response of a user;

validating the challenge-response; and

selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating a user that includes receiving an access-request of a network protocol at a challenge-response server; determining if an access-challenge message is required; delivering an active script component through a parameter of an access-challenge message of the network protocol when an access-challenge is required; receiving a challenge-response of a user; validating the challenge-response; and selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response.

Citations

20 Claims

1. A method for authenticating a user comprising:
- receiving an access-request of a network protocol at a challenge-response server;
  
  determining if an access-challenge message is required;
  
  delivering an active script component through a parameter of an access-challenge message of the network protocol when an access-challenge is required;
  
  receiving a challenge-response of a user;
  
  validating the challenge-response; and
  
  selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein determining if an access-challenge message is required includes processing the access-request to verify credentials;
    - and the challenge response server selectively replying with an access-accepted message for verified credentials, an access-denied message if credentials are denied, and an access-challenge message if the credentials require a challenge to verify the credentials.
  - 3. The method of claim 1, wherein the network protocol is a client/server protocol running in the application layer and using a user datagram protocol as transport.
  - 4. The method of claim 3, wherein delivering the active script component through a parameter of an access-challenge message of the network protocol includes delivering the active script component embedded in the reply-message field of the of the access-challenge message.
  - 5. The method of claim of claim 4, wherein the active script component is user executable code, and delivering an active script includes configuring the executable code to update an interface of a user device.
  - 6. The method of claim 5, wherein configuring the executable code includes configuring the executable code to update the document object model of a browser window.
  - 7. The method of claim 6, wherein configuring the executable code includes configuring the executable code to update an interface of a user device that collects input for the challenge-response.
  - 8. The method of claim 7, further comprising receiving and processing secondary authentication communication from a rendered challenge interface.
  - 9. The method of claim 3, wherein the active script component is an active script identifier;
    - the method further comprising configuring user device executable code to detect the active script identifier and modify the interface of the user device; and
      
      delivering the user device executable code.

10. A method for authenticating a user comprising:
- at a challenge response server, initiating an access-challenge message of a network protocol;
  
  configuring an active script component to update an authentication interface of a user device;
  
  embedding the active script component in a reply-message parameter of the access-challenge message;
  
  communicating the access-challenge message;
  
  receiving a challenge-response of a user; and
  
  validating the challenge-response.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprising selectively sending an access-accept message for a valid challenge-response and sending an access-denied message for an invalid challenge-response.
  - 12. The method of claim 11, wherein the access-challenge message is communicated from the challenge response server to an access-challenge client.
  - 13. The method of claim 11, wherein the network protocol is a client/server protocol running in the application layer and using the User Datagram Protocol (UDP) as transport.
  - 14. The method of claim 11, wherein the active script embedded in the reply-message is an executable code.
  - 15. The method of claim 11, wherein the active script component embedded in the reply-message is an active script identifier;
    - the method further comprising configuring user device executable code to detect the active script identifier and modify the interface of the user device; and
      
      delivering the user device executable code.

16. A method for authenticating network access comprising:
- receiving an access-request of a network protocol at a challenge response server;
  
  processing the access-request to verify credentials;
  
  the challenge response server selectively replying with an access-accepted message for verified credentials, an access-denied message if credentials are denied, and an access-challenge message if the credentials require a challenge to verify the credentials;
  
  configuring an active script component to transform an authentication interface of a user device;
  
  wherein replying with an access-challenge message includes embedding the active script component in a parameter of the access-challenge;
  
  receiving a challenge-response of a user;
  
  validating the challenge-response; and
  
  selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the network protocol is a client/server protocol running in the application layer and using the User Datagram Protocol (UDP) as transport.
  - 18. The method of claim 17, further comprising at a user device, rendering the active script component in the reply-message parameter of the access-challenge message in the context of a browser.
  - 19. The method of claim 18, wherein the active script component is user executable code, and delivering an active script.
  - 20. The method of claim 17, wherein the active script component is an active script identifier;
    - the method further comprising at a user device detecting the active script identifier and modifying the interface of the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas, Goodman, Adam

Granted Patent

US 8,892,885 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/168   above the transport layer

H04L 9/32   including means for verifyi...

SYSTEM AND METHOD FOR DELIVERING A CHALLENGE RESPONSE IN AN AUTHENTICATION PROTOCOL

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DELIVERING A CHALLENGE RESPONSE IN AN AUTHENTICATION PROTOCOL

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links