SECURITY TOKEN WITH EMBEDDED DATA
First Claim
Patent Images
1. A method for authenticating electronic communications between a local device and a server computer system comprising:
- a) at the server computer system, receiving from the local device credentials for a user;
b) at the server computer system, accessing stored user data and verifying the received credentials against the stored user data;
c) at the server computer system, accessing local device initialization data specific for the user;
d) at the server computer system, generating an authentication token for the user, the authentication token containing;
i) a hash value,ii) an expiration time, andiii) the local device initialization data specific for the user;
e) at the server computer system, transmitting the authentication token to the local device; and
f) at the server computer system, receiving the authentication token along with a request from the local device, wherein the request was formulated by the local device using the local device initialization data specific for the user.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method are presented that provide authentication tokens to a local device from a remote server. The authentication token incorporates standard token content, and also includes additional token components that are needed by the local device. The additional token components incorporate user preferences information, initialization data, or other useable information needed by the local device. In contrast to standard processes, which must return a security token to the local device before any useful data can be exchanged, the disclosed embodiment inserts useable data into the returned token and eliminates the time required to obtain this data through a separate data request.
12 Citations
20 Claims
-
1. A method for authenticating electronic communications between a local device and a server computer system comprising:
-
a) at the server computer system, receiving from the local device credentials for a user; b) at the server computer system, accessing stored user data and verifying the received credentials against the stored user data; c) at the server computer system, accessing local device initialization data specific for the user; d) at the server computer system, generating an authentication token for the user, the authentication token containing; i) a hash value, ii) an expiration time, and iii) the local device initialization data specific for the user; e) at the server computer system, transmitting the authentication token to the local device; and f) at the server computer system, receiving the authentication token along with a request from the local device, wherein the request was formulated by the local device using the local device initialization data specific for the user.
-
-
2. The method of claim 1, wherein the local device initialization data specific for the user comprises search preferences for the user.
-
3. The method of claim 2, wherein the search preferences further comprise a variable indicating whether exact or fuzzy string searching is to be used on search queries.
-
4. The method of claim 2, wherein the local device initialization data specific for the user further comprises a user-identifying communication address.
-
5. The method of claim 2, wherein the local device initialization data specific for the user further comprises an indication of data that is to be search through data queries submitted by the local device.
-
6. The method of claim 5, wherein the local device initialization data specific for the user further comprises a security number for the user.
-
7. The method of claim 2, further comprising:
g) at the server computer system, receiving a request to alter the search preferences for the user through a web interface and updating the stored user data to reflected the altered search preferences.
-
8. The method of claim 1, wherein the server computer system communicates with the local device through http web protocols.
-
9. The method of claim 8, wherein the server computer system comprises a web server to communicate with the local device and a token generator to generate the authentication token.
-
10. The method of claim 9, wherein the server computer system further comprises a database server to store and retrieve data relating to the user including the stored user data.
-
11. The method of claim 10, wherein the server computer system comprises separate computing devices operating as the web server, the token generator, and the database server.
-
12. The method of claim 1, wherein the local device initialization data specific for the user forms part of the stored user data.
-
13. The method of claim 1, wherein the step of receiving from the local device credentials for a user further comprises receiving and verifying an application ID received from an application operating on the local device.
-
14. A method for authenticating electronic communications between a local device and a server computer system comprising:
-
a) at the local device, receiving through a user interface credentials for a user; b) at the local device, submitting a request for an authorization token to the server computer system wherein the request includes the credentials for the user; c) at the local device, receiving the authorization token, wherein, the authentication token contains; i) a hash value, ii) an expiration time, and iii) initialization data specific for the user; d) at the local device, receiving a user request through the user interface for data provided by the server computer system; e) at the local device, using the initialization data specific for the user along with the user request to formulate a data request; f) at the local device, transmitting the authentication token and the data request to the server computer system; and g) at the local device, receiving data from the server computer system in response to the data request.
-
-
15. The method of claim 14, wherein the initialization data specific for the user comprises search preferences for the user.
-
16. The method of claim 15, wherein the local device stores the search preferences outside the authorization token.
-
17. The method of claim 16, wherein the local device permits the user to altered the stored search preferences through the user interface.
-
18. The method of claim 17, wherein the local device is a mobile device operating a mobile device specific processor under programmed instructions of a mobile device app.
-
19. A system for authenticating communications comprising:
a) a server computer system containing a processor and programming instructions, the programming instructions causing the processor to; i) receive from a local device credentials for a user; ii) access stored user data and verify the received credentials against the stored user data; iii) access local device initialization data specific for the user; iv) generate an authentication token for the user, the authentication token containing; (1) a hash value, (2) an expiration time, and (3) the local device initialization data specific for the user; v) transmit the authentication token to the local device; and vi) receive the authentication token along with a data request from the local device, wherein the data request was formulated by the local device using the local device initialization data specific for the user.
-
20. The system of claim 19, further comprising:
b) a mobile device operating as the local device, the mobile device containing a mobile device processor and app programming instructions, the app programming instructions causing the mobile device processor to; i) receive through a user interface the credentials for the user; ii) submit to the server computer system the credentials for the user; iii) receive the authentication token; iv) receive a user request through the user interface for data provided by the server computer system; v) use the local device initialization data specific for the user along with the user request to formulate the data request; and vi) transmit the authentication token and the data request to the server computer system.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeThe Descartes Systems Group Incorporated
-
Original AssigneeManagement Systems Resources Inc. (The Descartes Systems Group Incorporated)
-
InventorsZaheer, Nouman, Davies, Paul J.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06F 21/00 Security arrangements for p...G06F 21/335 for accessing specific reso...H04L 63/0846 using time-dependent-passwo...H04L 63/123 received data contents, e.g...H04L 63/166 at the transport layerH04W 12/068 using credential vaults, e....
