ENTERPRISE AUTHENTICATION SERVER

US 20170034143A1
Filed: 07/30/2015
Published: 02/02/2017
Est. Priority Date: 07/30/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented authentication method, comprising:

performing operations as follows by a processor of an authentication server;

receiving, at the authentication server from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;

generating, at the authentication server, an authentication token comprising client-specific and server-specific portions, responsive to receiving the first authentication request from the first machine;

transmitting, from the authentication server to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine;

receiving, at the authentication server from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; and

determining, at the authentication server, an authentication status for the requested service, responsive to receiving the second authentication request from the second machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer-implemented authentication method, a first authentication request from a first machine is received at an authentication server. The first authentication request includes an identification of a second machine that is to provide a requested service. An authentication token including client-specific and server-specific portions is generated at the authentication server, responsive to receiving the first authentication request from the first machine. An authentication identifier and the server-specific portion of the authentication token are transmitted from the authentication server to the second machine, responsive to receiving the first authentication request from the first machine. A second authentication request, including the authentication identifier and both the server-specific and the client-specific portions of the authentication token, is received at the authentication server from the second machine. An authentication status for the requested service is determined at the authentication server, responsive to receiving the second authentication request from the second machine.

Citations

20 Claims

1. A computer-implemented authentication method, comprising:
- performing operations as follows by a processor of an authentication server;
  
  receiving, at the authentication server from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;
  
  generating, at the authentication server, an authentication token comprising client-specific and server-specific portions, responsive to receiving the first authentication request from the first machine;
  
  transmitting, from the authentication server to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine;
  
  receiving, at the authentication server from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token; and
  
  determining, at the authentication server, an authentication status for the requested service, responsive to receiving the second authentication request from the second machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented authentication method of claim 1, wherein the client-specific portion of the authentication token is not transmitted to the second machine from the authentication server.
  - 3. The computer-implemented authentication method of claim 2, further comprising performing operations as follows by the processor:
    - transmitting, from the authentication server to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request,wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine.
  - 4. The computer-implemented authentication method of claim 3, wherein the server-specific portion of the authentication token is not transmitted to the first machine from the authentication server.
  - 5. The computer-implemented authentication method of claim 3, further comprising performing operations as follows by the processor:
    - receiving, at the authentication server from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and
      
      transmitting, from the authentication server to the first machine, an acknowledgment comprising the authentication status responsive to receiving the third authentication request.
  - 6. The computer-implemented authentication method of claim 5, further comprising performing operations as follows by the processor:
    - transmitting, from the authentication server to the second machine, an authentication response comprising the authentication status responsive to determining thereof,wherein receiving the third authentication request from the first machine is responsive to transmitting the authentication response to the second machine.
  - 7. The computer-implemented authentication method of claim 6, wherein determining the authentication status comprises:
    - comparing the server-specific and the client-specific portions of the authentication token received from the second machine in the second authentication request with the authentication token generated at the authentication server responsive to receiving the first authentication request;
      
      determining the authentication status as positive responsive to a match indicated by the comparing; and
      
      determining the authentication status as negative responsive to an absence of the match indicated by the comparing.
  - 8. The computer-implemented method of claim 7, wherein the acknowledgment comprising the authentication status as positive indicates authorization for the first machine to accept a response for the requested service from the second machine.
  - 9. The computer-implemented method of claim 8, wherein the authentication response comprising the authentication status as positive indicates authorization for the second machine to provide the response for the requested service to the first machine.

10. A computer system, comprising:
- a processor; and
  
  a memory coupled to the processor, the memory comprising computer readable program code embodied therein that, when executed by the processor, causes the processor to perform operations comprising;
  
  generating an authentication token comprising client-specific and server-specific portions responsive to receiving, from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;
  
  transmitting, to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine; and
  
  determining an authentication status for the requested service responsive to receiving, from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer system of claim 10, wherein the client-specific portion of the authentication token is not transmitted to the second machine by the processor.
  - 12. The computer system of claim 11, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request therefrom,wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine.
  - 13. The computer system of claim 12, wherein the server-specific portion of the authentication token is not transmitted to the first machine by the processor.
  - 14. The computer system of claim 12, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and
      
      transmitting, to the first machine, an acknowledgment comprising the authentication status responsive to receiving the third authentication request.
  - 15. The computer system of claim 14, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the second machine, an authentication response comprising the authentication status responsive to determining thereof,wherein receiving the third authentication request from the first machine is responsive to transmitting the authentication response to the second machine.

16. A computer program product comprising:
- a computer readable storage medium comprising computer readable program code embodied in the medium, which, when executed by a processor, causes the processor to perform operations comprising;
  
  generating an authentication token comprising client-specific and server-specific portions responsive to receiving, from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;
  
  transmitting, to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine; and
  
  determining an authentication status for the requested service responsive to receiving, from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein the client-specific portion of the authentication token is not transmitted to the second machine by the computer readable program code when executed by the processor.
  - 18. The computer program product of claim 17, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request therefrom,wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine.
  - 19. The computer program product of claim 18, wherein the server-specific portion of the authentication token is not transmitted to the first machine by the computer readable program code when executed by the processor.
  - 20. The computer program product of claim 18, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the second machine, an authentication response comprising the authentication status responsive to determining thereof;
      
      receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to transmitting the authentication response to the second machine; and
      
      transmitting, to the first machine, an acknowledgment comprising the authentication status responsive to receiving the third authentication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Pachouri, Rajendra Kumar

Granted Patent

US 9,641,509 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 67/01   Protocols

ENTERPRISE AUTHENTICATION SERVER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ENTERPRISE AUTHENTICATION SERVER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links