Security Token Caching in Centralized Authentication Systems

US 20150180868A1
Filed: 12/20/2013
Published: 06/25/2015
Est. Priority Date: 12/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a client device, a security token from an authentication server based on user credentials submitted to the authentication server;

sending, by the client device, the security token to an application server;

verifying, by the application server, the security token with the authentication server and determining whether to allow or deny access to the client device based on the security token verification;

determining, by the application server, a disposition of the security token based on whether the received security token is a single-use token or a multiple-use token;

associating, by the application server, the security token with a corresponding cache table based on the determined disposition of the token;

caching, by the application server, the security token based on the associated cache table; and

determining a time-expiry algorithm for the cache table based on the cached security token, the disposition of the security token, and associated cache table.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and devices for determining a time-expiry algorithm based on a cached and verified security token, a disposition of the security token, and a cache table, where the disposition of the security token is based on whether the received security token is a single-use token or a multiple-use token and where the cache table is selected from two separate cache tables.

45 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, by a client device, a security token from an authentication server based on user credentials submitted to the authentication server;
  
  sending, by the client device, the security token to an application server;
  
  verifying, by the application server, the security token with the authentication server and determining whether to allow or deny access to the client device based on the security token verification;
  
  determining, by the application server, a disposition of the security token based on whether the received security token is a single-use token or a multiple-use token;
  
  associating, by the application server, the security token with a corresponding cache table based on the determined disposition of the token;
  
  caching, by the application server, the security token based on the associated cache table; and
  
  determining a time-expiry algorithm for the cache table based on the cached security token, the disposition of the security token, and associated cache table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the security token is a token string and determined based on an authentication of the user credentials.
  - 3. The method of claim 1 further comprising:
    - selecting the associated cache table for caching the security token; and
      
      storing the security token in the cache table for future retrieval.
  - 4. The method of claim 1, wherein the time-expiry algorithm determines a timeout interval for the security token.
  - 5. The method of claim 4, wherein the timeout interval for the security token having a single-use token disposition is based on a sliding window algorithm.
  - 6. The method of claim 4, wherein the timeout interval for the security token having a multiple-use token disposition is based on an absolute algorithm.
  - 7. The method of claim 4, wherein the timeout interval is longer for a single-use token than the timeout interval for a multiple-use token.
  - 8. The method of claim 1, wherein the cache table is based on an expected number of concurrent active users in the application server.
  - 9. The method of claim 1, wherein the cache table is selected from two separate cache tables.
  - 10. The method of claim 9, wherein the two separate cache tables store a different number of entries from each other.
  - 11. The method of claim 9, wherein the two separate cache tables are unique from each other.
  - 12. The method of claim 9, wherein the two separate cache tables comprise a first cache table for storing single-use tokens and a second cache table for storing multiple-use tokens.
  - 13. The method of claim 1 further comprising:
    - determining, by the application server, a timeout interval for the security token based on the determined time-expiry algorithm.

14. A device comprising:
- a processor and addressable memory, the processor configured to;
  
  receive a security token from a client device;
  
  verify the security token with an authentication server and determine whether to allow or deny access to the client device based on the security token verification;
  
  determine a disposition of the security token based on whether the received security token is a single-use token or a multiple-use token;
  
  associate the security token with a corresponding cache table based on the disposition of the token, wherein the cache table is selected from two separate cache tables;
  
  cache the security token based on the associated cache table; and
  
  determine a time-expiry algorithm based on the cached security token, the disposition of the security token, and associated cache table.
- View Dependent Claims (15, 16)
- - 15. The device of claim 14, wherein the processor is further configured to:
    - save the security token to the cache table; and
      
      retrieve the security token from the cache table.
  - 16. The device of claim 14, wherein the received security token from the client device has already been authenticated by the authentication server.

17. A centralized authentication system for security token caching, the centralized authentication system comprising:
- a first computing device, wherein the first computing device comprises a processor and an addressable memory, the processor configured to;
  
  transmit a set of one or more user credentials associated with a user to a second computing device;
  
  receive a security token from the second computing device based on the one or more user credentials being authenticated successfully; and
  
  send the security token to a third computing device;
  
  the second computing device, wherein the second computing device comprising a processor and an addressable memory, the processor configured to;
  
  receive from the first computing device the set of one or more user credentials associated with the user;
  
  authenticate the received set of one or more user credentials; and
  
  validate a received security token of the user in response to a verification request from the third computing device;
  
  the third computing device, wherein the third computing device comprises a processor and an addressable memory, the processor configured to;
  
  verify the security token with the second computing device;
  
  determine whether to allow or deny access to the first computing device based on the security token verification;
  
  determine a disposition of the security token based on whether the received security token is a single-use token or a multiple-use token;
  
  associate the security token with a corresponding cache table based on the disposition of the token, wherein the cache table is selected from two separate cache tables;
  
  cache the security token based on the associated cache table; and
  
  determine a time-expiry algorithm based on the cached security token, the disposition of the security token, and associated cache table.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the first computing device is a client computing device, the second computing device is an authentication server, and the third computing device is an application server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sharp Kabushiki Kaisha (Hon Hai Precision Industry Co., Ltd.)
Original Assignee
Sharp Laboratories of America Incorporated (Hon Hai Precision Industry Co., Ltd.)
Inventors
Sng, Swee Huat

Granted Patent

US 9,276,933 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/121   using replacement algorithms

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0884   by delegation of authentica...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

Security Token Caching in Centralized Authentication Systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security Token Caching in Centralized Authentication Systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links