Securing Communication over a Network Using User Identity Verification

US 20140223178A1
Filed: 03/11/2013
Published: 08/07/2014
Est. Priority Date: 02/01/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for securing communication over a network, comprising:

at a server system having one or more processors and memory storing one or more programs for execution by the one or more processors;

receiving a first encrypted user identifier from a trust broker system associated with the server system, the first encrypted user identifier including information identifying a user of a client system verified by the trust broker system;

receiving a connection request packet from a first client system;

receiving a second encrypted user identifier from the first client system;

determining whether first encrypted user identifier matches the second encrypted user identifier; and

in accordance with a determination that the first encrypted user identifier matches the second encrypted user identifier, establishing an encrypted connection with the first client system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communication over a network is disclosed. The method is performed on a server system having one or more processors and memory storing one or more programs for execution by the one or more processors. The server system receives a first encrypted user identifier from a trust broker system associated with the server system, the first encrypted user identifier including information identifying a user of a client system verified by the trust broker system. The server system receives a connection request packet from a first client system. The server system then receives a second encrypted user identifier from the first client system. The server system determines whether first encrypted user identifier matches the second encrypted user identifier. In accordance with a determination that the first encrypted user identifier matches the second encrypted user identifier, the server system establishes an encrypted connection with the first client system.

Citations

20 Claims

1. A method for securing communication over a network, comprising:
- at a server system having one or more processors and memory storing one or more programs for execution by the one or more processors;
  
  receiving a first encrypted user identifier from a trust broker system associated with the server system, the first encrypted user identifier including information identifying a user of a client system verified by the trust broker system;
  
  receiving a connection request packet from a first client system;
  
  receiving a second encrypted user identifier from the first client system;
  
  determining whether first encrypted user identifier matches the second encrypted user identifier; and
  
  in accordance with a determination that the first encrypted user identifier matches the second encrypted user identifier, establishing an encrypted connection with the first client system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further including:
    - in accordance with a determination that first encrypted user identifier does not match the second encrypted user identifier, discarding the received packet, without replying to the first client system.
  - 3. The method of claim 1, wherein both the first user identifier and the second user identifier are encrypted with a session based key that is changed for each communication session.
  - 4. The method of claim 1, wherein all communications between the first client system and the server system are encrypted with a unique session based key that is changed for every communication session.
  - 5. The method of claim 1, further including, prior to establishing a connection:
    - determining the access level permitted to the identified user;
      
      determining whether the identified user is authorized to connect to the requested server agent based on the determined access level permitted to the identified user;
      
      in accordance with a determination that the user is not authorized to connect to the request server agent;
      
      terminating the connection with the user agent; and
      
      sending a lack of authorization notice to the requesting user agent.
  - 6. The method of claim 5, wherein the access level permitted to the identified user is determined by the identified user'"'"'s role.
  - 7. The method of claim 5, wherein the access level permitted to the identified user is predetermined by a super user associated with the server system

8. An electronic device for securing communication over a network, comprising:
- one or more processors;
  
  memory storing one or more programs to be executed by the one or more processors;
  
  the one or more programs comprising instructions for;
  
  receiving a first encrypted user identifier from a trust broker system associated with the server system, the first encrypted user identifier including information identifying a user of a client system verified by the trust broker system;
  
  receiving a connection request packet from a first client system;
  
  receiving a second encrypted user identifier from the first client system;
  
  determining whether first encrypted user identifier matches the second encrypted user identifier; and
  
  in accordance with a determination that the first encrypted user identifier matches the second encrypted user identifier, establishing an encrypted connection with the first client system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device of claim 8, further including instructions for:
    - in accordance with a determination that first encrypted user identifier does not match the second encrypted user identifier, discarding the received packet, without replying to the first client system.
  - 10. The device of claim 8, wherein both the first user identifier and the second user identifier are encrypted with a session based key that is changed for each communication session.
  - 11. The device of claim 8, wherein all communications between the first client system and the server system are encrypted with a unique session based key that is changed for every communication session.
  - 12. The device of claim 8, further including instructions for, prior to establishing a connection:
    - determining the access level permitted to the identified user;
      
      determining whether the identified user is authorized to connect to the requested server agent based on the determined access level permitted to the identified user;
      
      in accordance with a determination that the user is not authorized to connect to the request server agent;
      
      terminating the connection with the user agent; and
      
      sending a lack of authorization notice to the requesting user agent.
  - 13. The device of claim 12, wherein the access level permitted to the identified user is determined by the identified user'"'"'s role.
  - 14. The method of claim 12, wherein the access level permitted to the identified user is predetermined by a super user associated with the server system

15. A non-transitory computer readable storage medium storing one or more programs configured for execution by an electronic device with a camera, the one or more programs comprising instructions for:
- receiving a first encrypted user identifier from a trust broker system associated with the server system, the first encrypted user identifier including information identifying a user of a client system verified by the trust broker system;
  
  receiving a connection request packet from a first client system;
  
  receiving a second encrypted user identifier from the first client system;
  
  determining whether first encrypted user identifier matches the second encrypted user identifier; and
  
  in accordance with a determination that the first encrypted user identifier matches the second encrypted user identifier, establishing an encrypted connection with the first client system.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, further including instructions for:
    - in accordance with a determination that first encrypted user identifier does not match the second encrypted user identifier, discarding the received packet, without replying to the first client system.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein both the first user identifier and the second user identifier are encrypted with a session based key that is changed for each communication session.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein all communications between the first client system and the server system are encrypted with a unique session based key that is changed for every communication session.
  - 19. The non-transitory computer readable storage medium of claim 15, further including instructions for, prior to establishing a connection:
    - determining the access level permitted to the identified user;
      
      determining whether the identified user is authorized to connect to the requested server agent based on the determined access level permitted to the identified user;
      
      in accordance with a determination that the user is not authorized to connect to the request server agent;
      
      terminating the connection with the user agent; and
      
      sending a lack of authorization notice to the requesting user agent.
  - 20. The non-transitory computer readable storage medium of claim 19, wherein the access level permitted to the identified user is determined by the identified user'"'"'s role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Islam, Junaid, Bilger, Brent, Schroeder, Ted

Application Number

US13/794,574
Publication Number

US 20140223178A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 2101/69   using geographic informatio...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/562   Brokering proxy services

Securing Communication over a Network Using User Identity Verification

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing Communication over a Network Using User Identity Verification

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links