Account-Based digital signature (ABDS) system for authenticating entity access to controlled resource
First Claim
1. A method of providing access to an entity requesting access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, comprising the steps of:
- (a) providing the requesting entity with a security account maintained in a database accessible by the access authentication component, the security account having information that is retrievable based on a unique identifier of the requesting entity, the information pertaining to the requesting entity'"'"'s right to access the controlled resource;
(b) associating a public key of a public-private key pair with the security account such that the public key is retrievable based on the unique identifier of the requesting entity, wherein the private key of the public-private key pair is not accessible by the access authentication component; and
(c) thereafter, (i) receiving the unique identifier of the requesting entity;
(ii) receiving a message and a digital signature of the message, the message comprising a request by the requesting entity for access to the controlled resource;
(iii) obtaining the public key associated with the unique identifier received;
(iv) decrypting the digital signature of the message using the public key to verify that the digital signature was generated using the private key of the requesting entity; and
(v) granting the requesting entity with access to the controlled resource in response to the request if the digital signature successfully verifies and as a function of the information pertaining to the requesting entity'"'"'s right to access the controlled resource.
8 Assignments
0 Petitions
Accused Products
Abstract
Authenticating a requesting entity for access to a controlled resource by an access authentication component for the controlled resource includes the steps of, the requesting entity initially opening a security account with the access authentication component, the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource.
-
Citations
20 Claims
-
1. A method of providing access to an entity requesting access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, comprising the steps of:
-
(a) providing the requesting entity with a security account maintained in a database accessible by the access authentication component, the security account having information that is retrievable based on a unique identifier of the requesting entity, the information pertaining to the requesting entity'"'"'s right to access the controlled resource;
(b) associating a public key of a public-private key pair with the security account such that the public key is retrievable based on the unique identifier of the requesting entity, wherein the private key of the public-private key pair is not accessible by the access authentication component; and
(c) thereafter, (i) receiving the unique identifier of the requesting entity;
(ii) receiving a message and a digital signature of the message, the message comprising a request by the requesting entity for access to the controlled resource;
(iii) obtaining the public key associated with the unique identifier received;
(iv) decrypting the digital signature of the message using the public key to verify that the digital signature was generated using the private key of the requesting entity; and
(v) granting the requesting entity with access to the controlled resource in response to the request if the digital signature successfully verifies and as a function of the information pertaining to the requesting entity'"'"'s right to access the controlled resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of authenticating a requesting entity for access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, comprising the steps of:
-
(a) providing the requesting entity with a security account maintained in a database of the access authentication component, the security account having a record of information being retrievable by the access authentication component based on a unique identifier of the requesting entity;
(b) associating a public key of a public-private key pair of the requesting entity with the record such that the public key of the requesting entity is retrievable from the record based on the unique identifier and wherein the private key is maintained only within a secure device of the requesting entity;
(c) wherein the access authentication component performs the steps of;
(i) receiving the unique identifier of the requesting entity;
(ii) receiving a digitally-signed message from the requesting entity, the digitally-signed message including a message and a digital signature of the message, the message comprising a request by the requesting entity for access to the controlled resource, the digital signature generated by the secure device using the private key of the requesting entity;
(iii) based on the unique identifier, obtaining the public key of the requesting entity; and
(iv) using the public key obtained from the record, decrypting the digital signature to verify that the digital signature was generated using the private key maintained within the secure device of the requesting entity;
and (d) if the digital signature was generated using the private key of the secure device, providing the requesting entity with access to the controlled resource in response to the request. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of providing access to an entity requesting access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, comprising the steps of:
-
(a) initially, associating in a database accessible by the access authentication component a public key of a public-private key pair with a unique identifier, the database comprising information that is retrievable based on the unique identifier, the information pertaining to access by the entity; and
(b) thereafter, (i) receiving an electronic communication from the entity, the electronic communication comprising, (A) the unique identifier, (B) a message comprising a request by the entity for access to the controlled resource, and (C) a digital signature of the message, the digital signature being generated using the private key of the public-private key pair, (ii) based on the unique identifier, retrieving said associated public key from the database;
(iii) comparing a function of said received digital signature with a function of said received message, the function of said received digital signature comprising using said retrieved public key to decrypt said received digital signature; and
(iv) granting, to the requesting entity, access to the controlled resource as a function of, (A) said comparison, and (B) the information of the record that is retrievable based on said received unique identifier.
-
Specification