ENCRYPTION-BASED SESSION ESTABLISHMENT

US 20140019752A1
Filed: 07/10/2012
Published: 01/16/2014
Est. Priority Date: 07/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a first server, a first token from a user device,the first token including information to authenticate the user device to communicate with the first server via a session with the first server;

determining, by the first server, whether the first token is valid;

sending, by the first server, an instruction to the user device, based on determining that the first token is invalid,the instruction requesting the user device to provide a set of credentials to a second server;

receiving, by the first server, a first response from the user device,the first response being provided to the user device by the second server, based on the user device providing the set of credentials to the second server,the first response including information identifying whether the user device is authenticated to communicate with the first server, via a session with the first server;

sending, by the first server, the first response to a third server,the third server generating a second response based on the first response,the second response indicating authentication of the user device to communicate with the first server, via a session with the first server;

receiving, by the first server, the second response from the third server;

generating, by the first server, a second token, based on receiving the second response,the second token including information to authenticate the user device to communicate with the first server via a session with the first server; and

sending, by the first server, the second token to the user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first server is configured to receive a first token from a user device, determine whether the first token is valid, request the user device to provide a set of credentials to a second server, based on determining that the first token is invalid, and receive a first response from the user device. The first response may include information identifying whether the user device is authenticated to communicate with the first server. The first server is further configured to send the first response to a third server. The third server may generate a second response to indicate authentication of the user device to communicate with the first server. The first server is further configured to receive the second response from the third server, generate a second token, based on receiving the second response, and send the second token to the user device.

65 Citations

View as Search Results

23 Claims

1. A method comprising:
- receiving, by a first server, a first token from a user device,the first token including information to authenticate the user device to communicate with the first server via a session with the first server;
  
  determining, by the first server, whether the first token is valid;
  
  sending, by the first server, an instruction to the user device, based on determining that the first token is invalid,the instruction requesting the user device to provide a set of credentials to a second server;
  
  receiving, by the first server, a first response from the user device,the first response being provided to the user device by the second server, based on the user device providing the set of credentials to the second server,the first response including information identifying whether the user device is authenticated to communicate with the first server, via a session with the first server;
  
  sending, by the first server, the first response to a third server,the third server generating a second response based on the first response,the second response indicating authentication of the user device to communicate with the first server, via a session with the first server;
  
  receiving, by the first server, the second response from the third server;
  
  generating, by the first server, a second token, based on receiving the second response,the second token including information to authenticate the user device to communicate with the first server via a session with the first server; and
  
  sending, by the first server, the second token to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, where the second response is an encrypted second response, the method further comprising:
    - decrypting the encrypted second response; and
      
      validating a signature associated with the second response, based on decrypting the encrypted second response,where generating the second token is based on validating the signature associated with the second response.
  - 3. The method of claim 1, further comprising:
    - establishing a session with the user device, based on determining that the first token is valid.
  - 4. The method of claim 1, where determining whether the first token is valid includes:
    - calculating a first value based on a set of parameters;
      
      decrypting a first key, associated with the first token, via a second key associated with the first server;
      
      decrypting a third key, associated with the first token, using the decrypted first key;
      
      identifying a second value based on decrypting the third key;
      
      determining whether the first value matches the second value; and
      
      determining that the first token is valid based on determining that the first value matches the second value.
  - 5. The method of claim 1, where determining whether the first token is valid includes:
    - identifying a timestamp associated with the first token;
      
      determining whether the timestamp has expired based on a current time at which the first token was received by the first server;
      
      identifying a time period threshold associated with the first token;
      
      determining whether the time period threshold is satisfied based on a time difference between a first time and a second time;
      
      the first time corresponding to when the first token was previously received by the first server,the second time corresponding to the current time; and
      
      determining that the timestamp is valid based on determining that the timestamp is unexpired and that the time period threshold is satisfied.
  - 6. The method of claim 1, where generating the second token includes:
    - calculating a value based on a set of parameters;
      
      generating and encrypting a first key based on a second key associated with the first server;
      
      storing the value in a secure storage;
      
      encrypting the secure storage based on the first key; and
      
      storing the encrypted secure storage in the second token.
  - 7. The method of claim 1, where generating the second token includes:
    - generating a timestamp,the timestamp including information to identify an expiration time associated with the second token;
      
      generating a time period threshold,the time period threshold relating to an idle time period associated with the second token; and
      
      storing the timestamp and the time period threshold in the second token.
  - 8. The method of claim 1, where the first server is associated with a different party than the second and third servers.

9. A system comprising:
- a first server to;
  
  receive a first token from a user device,the first token including information to authenticate the user device to communicate with the first server via a session with the first server;
  
  determine whether the first token is valid;
  
  send an instruction to the user device, based on determining that the first token is invalid,the instruction requesting the user device to provide a set of credentials to a second server;
  
  receive a first response from the user device,the first response being provided to the user device by the second server, based on the user device providing the set of credentials to the second server,the first response including information identifying whether the user device is authenticated to communicate with the first server, via a session with the first server;
  
  send the first response to a third server,the third server generating a second response based on the first response,the second response indicating authentication of the user device to communicate with the first server, via a session with the first server;
  
  receive the second response from the third server;
  
  generate a second token, based on the second response,the second token including information to authenticate the user device to communicate with the first server via a session with the first server;
  
  send the second token to the user device; and
  
  establish a session with the user device based on the second token.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, where the second response is an encrypted second response, the first server is further to:
    - decrypt the encrypted second response; and
      
      validate a signature associated with the second response, based on decrypting the encrypted second response,where when generating the second token, the first server is to generate the second token based on validating the signature associated with the second response.
  - 11. The system of claim 9, where the first server is further to:
    - establish a session with the user device, based on determining that the first token is valid.
  - 12. The system of claim 9, where when determining whether the first token is valid, the first server is further to:
    - calculate a first value based on a set of parameters;
      
      decrypt a first key, associated with the first token, via a second key associated with the first server;
      
      decrypt a third key, associated with the first token, using the decrypted first key;
      
      identify a second value based on decrypting the third key;
      
      determine whether the first value matches the second value; and
      
      determine that the first token is valid based on determining that the first value matches the second value.
  - 13. The system of claim 9, where when determining whether the first token is valid, the first server is further to:
    - identify a timestamp associated with the first token;
      
      determine whether the timestamp has expired based on a current time at which the first token was received by the first server;
      
      identify a time period threshold associated with the first token;
      
      determine whether the time period threshold is satisfied based on a time difference between a first time and a second time;
      
      the first time corresponding to when the first token was previously received by the first server,the second time corresponding to the current time; and
      
      determine that the timestamp is valid based on determining that the timestamp is unexpired and that the time period threshold is satisfied.
  - 14. The system of claim 9, where when generating the second token, the first server is further to:
    - calculate a value based on a set of parameters;
      
      generate and encrypt a first key based on a second key associated with the first server;
      
      store the value in a secure storage;
      
      encrypt the secure storage based on the first key; and
      
      store the encrypted secure storage in the second token.
  - 15. The system of claim 9, where when generating the second token, the first server is further to:
    - generate a timestamp,the timestamp including information to identify an expiration time associated with the second token;
      
      generate a time period threshold,the time period threshold relating to an idle time period associated with the second token; and
      
      store the timestamp and the time period threshold in the second token.
  - 16. The system of claim 9, where the first server is associated with a different party than the second and third servers.

17. A computer-readable medium comprising:
- a plurality of instructions which, when executed by one or more processors associated with a first server, cause the one or more processors to;
  
  receive a first token from a user device,the first token including information to authenticate the user device to communicate with the first server via a session with the first server;
  
  determine whether the first token is valid;
  
  send an instruction to the user device, based on determining that the first token is invalid,the instruction requesting the user device to provide a set of credentials to a second server;
  
  receive a first response from the user device,the first response being provided to the user device by the second server, based on the user device providing the set of credentials to the second server,the first response including information identifying whether the user device is authenticated to communicate with the first server, via a session with the first server;
  
  send the first response to a third server,the third server generating a second response based on the first response,the second response including a response to indicate authentication of the user device to communicate with the first server, via a session with the first server;
  
  receive the second response from the third server;
  
  decrypt the second response;
  
  validate a signature associated with the second response, based on decrypting the second response;
  
  generate a second token, based on validating the second response,the second token including information to authenticate the user device to communicate with the first server via a session with the first server;
  
  send the second token to the user device; and
  
  establish a session between the user device and the first server, based on the second token or based on determining that the first token is valid.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer-readable medium of claim 17, where the second response is an encrypted second response, the one or more processors are further to:
    - decrypt the encrypted second response; and
      
      validate a signature associated with the second response, based on decrypting the encrypted second response,where one or more instructions, of the plurality of instructions, to generate the second token, include one or more instructions to cause the one or more processors to generate the second token based on validating the signature associated with the second response.
  - 19. The computer-readable medium of claim 17, where one or more instructions, of the plurality of instructions, to determine whether the first token is valid, include one or more instructions to cause the one or more processors to:
    - calculate a first value based on a set of parameters;
      
      decrypt a first key, associated with the first token, via a second key associated with the first server;
      
      decrypt a third key, associated with the first token, using the decrypted first key;
      
      identify a second value based on decrypting the third key;
      
      determine whether the first value matches the second value; and
      
      determine that the first token is valid based on determining that the first value matches the second value.
  - 20. The computer-readable medium of claim 17, where one or more instructions, of the plurality of instructions, to determine whether the first token is valid, include one or more instructions to cause the one or more processors to:
    - identify a timestamp associated with the first token;
      
      determine whether the timestamp has expired based on a current time at which the first token was received by the first server;
      
      identify a time period threshold associated with the first token;
      
      determine whether the time period threshold is satisfied based on a time difference between a first time and a second time;
      
      the first time corresponding to when the first token was previously received by the first server,the second time corresponding to the current time; and
      
      determine that the timestamp is valid based on determining that the timestamp is unexpired and that the time period threshold is satisfied.
  - 21. The computer-readable medium of claim 17, where one or more instructions, of the plurality of instructions, to generate the second token include one or more instructions to cause the one or more processors to:
    - calculate a value based on a set of parameters;
      
      generate and encrypt a first key based on a second key associated with the first server;
      
      store the value in a secure storage;
      
      encrypt the secure storage based on the first key; and
      
      store the encrypted secure storage in the second token.
  - 22. The computer-readable medium of claim 17, where one or more instructions, of the plurality of instructions, to generate the second token include one or more instructions to cause the one or more processors to:
    - generate a timestamp,the timestamp including information to identify an expiration time associated with the second token;
      
      generate a time period threshold,the time period threshold relating to an idle time period associated with the second token; and
      
      store the timestamp and the time period threshold in the second token.
  - 23. The computer-readable medium of claim 17, where the first server is associated with a different party than the second and third servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
YIN, Fenglin, HAO, Jianxiu, JIN, Zhiying

Granted Patent

US 8,949,596 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/108   when the policy decisions a...

H04L 63/126   the source of the received ...

ENCRYPTION-BASED SESSION ESTABLISHMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTION-BASED SESSION ESTABLISHMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links