Accessing a secure resource using certificates bound with authentication information
First Claim
1. A method, comprising:
- receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
verifying the identification information;
issuing a certificate to the user when the identification information is verified;
signing a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
signing the authentication information; and
sending the unique user identifier to an authentication server that is configured to authenticate the user in reference to the sent information.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and computer program product for accessing a secure resource using a certificate bound with authentication information. In one implementation, the method includes receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user; verifying the identification information; issuing a certificate to the user when the identification information is verified; and sending the authentication information and a certificate identifier for the certificate to an authentication server. According to one aspect, the sending step includes signing a combination of the authentication information and the certificate identifier to form a unique user identifier; signing the authentication information; and sending the unique user identifier to the authentication server.
-
Citations
18 Claims
-
1. A method, comprising:
-
receiving a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
verifying the identification information;
issuing a certificate to the user when the identification information is verified;
signing a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
signing the authentication information; and
sending the unique user identifier to an authentication server that is configured to authenticate the user in reference to the sent information. - View Dependent Claims (2, 3)
-
-
4. A method for use in a secure server, comprising:
-
receiving a certificate for a user and a request for access for the user to the secure server;
sending an authentication query regarding the user to an authentication server;
receiving a delta in response to the authentication query, the delta indicating the amount of time that has passed since the user was last authenticated by the authentication server;
comparing the delta to a predefined threshold; and
granting access when the predefined threshold exceeds the delta. - View Dependent Claims (5)
denying access when the delta exceeds the predefined threshold.
-
-
6. A method, comprising:
-
sending a request for access to a secure server, the request containing a certificate associated with a user;
signing a combination of authentication information and a certificate identifier for the certificate to form a unique user identifier;
signing the authentication information;
sending the unique user identifier, when the secure server denies access, to an authentication server configured to authenticate the user in reference to the sent information; and
sending the certificate and request to the secure server again when an indication of authentication is received from the authentication server.
-
-
7. A method for use in an authentication server, comprising:
-
receiving, from a secure server, a request to authenticate a user;
determining a delta indicating the amount of time that has passed since the user was last authenticated by the authentication server; and
sending the delta to the secure server. - View Dependent Claims (8)
receiving a certificate and authentication information from a user that has been denied access to a secure server;
authenticating the user based on the certificate, the received authentication information, and stored authentication information associated with the certificate; and
resetting the delta when the user is authenticated.
-
-
9. A computer program product, tangibly stored on a machine-readable medium, comprising instructions operable to cause a programmable processor to:
-
receive a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
verify the identification information;
issue a certificate to the user when the identification information is verified;
sign a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
sign the authentication information; and
send the unique user identifier to an authentication server operable to authenticate the user in reference to the sent information. - View Dependent Claims (10, 11)
-
-
12. A computer program product, tangibly stored on a machine-readable medium, for use in a secure server, comprising instructions operable to cause a programmable processor to:
-
receive a certificate for a user and a request for access for the user to the secure server;
send an authentication query regarding the user to an authentication server;
receive a delta in response to the authentication query, the delta indicating the amount of time that has passed since the user was last authenticated by the authentication server;
compare the delta to a predefined threshold; and
grant access when the predefined threshold exceeds the delta. - View Dependent Claims (13)
deny access when the delta exceeds the predefined threshold.
-
-
14. A computer program product, tangibly stored on a machine-readable medium, comprising instructions operable to cause a programmable processor to:
-
sign a combination of authentication information and a certificate identifier for a certificate associated with a user to form a unique user identifier;
sign the authentication information;
send a request for access to a secure server, the request containing a certificate associated with a user;
send the unique user identifier, when the secure server denies access, to an authentication server operable to authenticate the user in reference to the sent information; and
send the certificate and request to the secure server again when an indication of authentication is received from the authentication server.
-
-
15. A computer program product, tangibly stored on a machine-readable medium, comprising instructions operable to cause a programmable processor to:
-
receive, from a secure server, a request to authenticate a user;
determine a delta indicating the amount of time that has passed since the user was last authenticated by the authentication server; and
send the delta to the secure server. - View Dependent Claims (16)
receive a certificate and authentication information from a user that has been denied access to a secure server;
authenticate the user based on the certificate, the received authentication information, and stored authentication information associated with the certificate; and
reset the delta when the user is authenticated.
-
-
17. An authentication system, comprising a server configured to:
-
receive a certificate request from a user, the certificate request including identification information and authentication information associated with the user;
verify the identification information;
issue a certificate to the user when the identification information is verified;
sign a combination of the authentication information and a certificate identifier for the certificate to form a unique user identifier;
sign the authentication information; and
send the unique user identifier to an authentication server that is configured to authenticate the user in reference to the sent authentication information.
-
-
18. An authentication system, comprising a server configured to:
-
receive a certificate for a user and a request for access for the user to the secure server;
send an authentication query regarding the user to an authentication server;
receive a delta in response to the authentication query, the delta indicating the amount of time that has passed since the user was last authenticated by the authentication server;
compare the delta to a predefined threshold; and
when the predefined threshold exceeds the delta, denying access and causing a request for authentication information, including biometric information, to be sent to the user.
-
Specification