System and method for using an authentication applet to identify and authenticate a user in a computer network
First Claim
1. A dynamic authentication system on a server computer system, comprising:
- a user ID module for obtaining a user ID;
a password module for obtaining a password;
a response generator, coupled to the password module, for using the password as a variable in an algorithm to decrypt a token in response;
a communications module, coupled to the response generator and to the user ID module, for sending the response and the user ID to the server computer system from a client computer system;
a module for downloading the user ID module, the password module, the response generator and the communications module dynamically to a client computer system that requests access to the server computer system, enabling the server computer system to provide to the client computer system, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system; and
a module for determining whether the response and user ID authenticate a user on the client computer system.
10 Assignments
0 Petitions
Accused Products
Abstract
The system includes a server coupled via a computer network to a client. Upon receiving a request for access, the server sends an authentication applet to the client. The authentication applet includes a user identification (ID) module for obtaining a user ID and a password module for obtaining a client password. The authentication applet also includes a response generator coupled to the password module for using the client password as a variable in an algorithm to compute a client response. The authentication applet further includes a communications module coupled to the response generator and to the user ID module for sending the client response and the user ID back to the server for verifying the response and authenticating the user. The client uses an applet engine to execute the applet. The server uses the user ID to retrieve user information, and uses the user information as a variable in an algorithm to generate a verification response. If the verification response is the same as the client response, then the identity of the user is verified and access may be granted.
415 Citations
54 Claims
-
1. A dynamic authentication system on a server computer system, comprising:
-
a user ID module for obtaining a user ID;
a password module for obtaining a password;
a response generator, coupled to the password module, for using the password as a variable in an algorithm to decrypt a token in response;
a communications module, coupled to the response generator and to the user ID module, for sending the response and the user ID to the server computer system from a client computer system;
a module for downloading the user ID module, the password module, the response generator and the communications module dynamically to a client computer system that requests access to the server computer system, enabling the server computer system to provide to the client computer system, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system; and
a module for determining whether the response and user ID authenticate a user on the client computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A dynamic authentication system on a server computer system, comprising:
-
first means for obtaining a user ID;
second means for obtaining a password;
third means, coupled to the second means, for using the password as a variable in an algorithm to decrypt a token in response;
fourth means, coupled to the first means and to the third means, for sending the response and the user ID to the server computer system from a client computer system;
fifth means for downloading the first means, the second means, the third means and the fourth means dynamically to a client computer system that requests access to the server computer system, enabling the server computer system to provide to the client computer system, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system; and
sixth means for determining whether the response and user ID authenticate a user on the client computer system. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable storage medium on a server computer system storing dynamically downloadable program code for causing a client computer system to perform the steps of:
-
obtaining a user ID;
obtaining a password;
using the password as a variable in an algorithm to decrypt a token in response;
sending the response and the user ID to the server computer system from the client computer system, the dynamically downloadable program code enabling the server computer system to provide to the client computer system, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system.
-
-
18. A computer-based authentication method, comprising the steps of:
-
requesting access to a server computer system;
receiving, after the step of requesting, downloaded program code dynamically from the server computer system;
initiating execution of the program code;
obtaining, by the program code, a user ID;
obtaining, by the program code, a corresponding password;
using, by the program code, the password as a variable in an algorithm to decrypt a token in response; and
sending, by the program code, the response and the user ID to the server computer system, the server computer system verifying the response to authenticate the user, enabling the server computer system to provide to the client computer system, after a different access request, a different algorithm decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A dynamic authentication system on a server computer system, comprising:
-
an engine for receiving a service request from a client;
a password database storing a first password; and
an authentication program, coupled to the engine and to the password database, for downloading dynamically to the client authentication code, which when executed by the client uses a client password as a variable in an algorithm to decrypt a token response, for receiving the client response from the client, and for using the first password to verify the client response, enabling the server computer system to provide to the client, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A dynamic authentication system on a server computer system, comprising:
-
first means for receiving a service request from a client;
second means, coupled to the first means, for downloading dynamically to the client authentication code, which when executed by the client uses client input as a variable in an algorithm to decrypt a token in response, enabling the server computer system to provide to the client, after a different access request, a different algorithm for decrypting the taken, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system;
third means, coupled to the second means, for receiving the token from the client; and
fourth means, coupled to the third means, for verifying the token.
-
-
39. A computer-readable storage medium storing program code for causing a server computer system to perform the steps of:
-
receiving a service request from a client;
downloading dynamically to the client authentication code, which when executed by the client uses client input as a variable in an algorithm to decrypt a token, enabling the server computer system to provide to the client, after a different access request, a different algorithm for detecting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system;
receiving the token from the client; and
verifying the token.
-
-
40. A computer-based method in a server computer system, comprising the steps of:
-
receiving a service request from a client;
downloading dynamically to the client authentication code, which when executed by the client uses client input as a variable in an algorithm to decrypt a token in response, enabling the server computer system to provide to the client, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system;
receiving the client response from the client; and
verifying the client response. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A method of authentication in a client computer system, comprising:
-
receiving authentication code dynamically from a server computer system; and
executing the authentication code, which causes obtaining a user ID and a password from a user;
using the password as a variable in an algorithm to decrypt a token; and
sending the user ID and the token to the server computer system, the server computer system verifying the token to authenticate the user, enabling the server computer system to provide to the client, after a different access request, a different algorithm for decrypting the token, each different algorithm for decrypting the token enabling a corresponding varying procedure for authenticating a user on the client computer system.
-
Specification