Verification of server authorization to provide network resources

US 6,910,136 B1
Filed: 10/16/2001
Issued: 06/21/2005
Est. Priority Date: 03/16/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of verifying that a server is authorized to provide resources to a client, the method comprising acts of:

generating a server authentication request at the client to verify that the server is authorized to provide at least one resource to the client;

transmitting the server authentication request to the server;

receiving an encrypted server authentication response from the server;

decrypting the server authentication response without user interaction in order to prevent a user from colluding with an unauthorized server to circumvent server authentication; and

disabling one or more client functions unless the decrypted server authentication response indicates that the server is authorized to provide the at least one resource to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for verifying the authorization of a server to provide network resources to a client. At selected times, the client asserts an authorization interrupt, which will disable some or all non-essential functions of the client unless the server'"'"'s authorization is verified within an allotted period of time. The client creates a client message by generating a random number and combining it with a client identifier and a value that specifies the current time. The client message is encrypted and sent to the server. Only authorized servers can decrypt the client message and create an encrypted service message that includes the random number. The service message can also contain an authorization code specifying the services that the client may receive, and an expiration count indicating when the authorization procedure will be repeated. The client receives and decrypts the service message. If the random number in the service message is found to be the same as the random number in the client message, the server is authorized, and the client is enabled to exhibit a selected level of functionality. The client can be associated with a smart card or another intelligent peripheral that verifies the authorization of the server in behalf of the client.

Citations

20 Claims

1. A method of verifying that a server is authorized to provide resources to a client, the method comprising acts of:
- generating a server authentication request at the client to verify that the server is authorized to provide at least one resource to the client;
  
  transmitting the server authentication request to the server;
  
  receiving an encrypted server authentication response from the server;
  
  decrypting the server authentication response without user interaction in order to prevent a user from colluding with an unauthorized server to circumvent server authentication; and
  
  disabling one or more client functions unless the decrypted server authentication response indicates that the server is authorized to provide the at least one resource to the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as recited in claim 1, further comprising an act of activating one or more functions of the client if the server authentication response indicates that the server is authorized to provide at least one resource to the client.
  - 3. A method as recited in claim 1, further comprising an act of waiting to disable the one or more functions until after a grace period.
  - 4. A method as recited in claim 1, wherein the server authentication response indicates that the server is authorized to provide the at least one resource to the client, the method further comprising acts of:
    - while the server is authorized to provide the at least one resource to the client, periodically;
      
      generating one or more subsequent server authentication requests at a client;
      
      transmitting the one or more subsequent server authentication requests to the server;
      
      for each of the one or more subsequent server authentication requests, receiving a subsequent encrypted server authentication response;
      
      decrypting each subsequent server authentication response; and
      
      for each of the one or more subsequent server authentication responses, disabling one or more client functions when a response fails to indicate that the server is authorized to provide the at least one resource to the client.
  - 5. A method as recited in claim 4, wherein at least one server authentication response comprises expiration information, the method further comprising an act of determining when at least one subsequent authentication request should occur based on the expiration information.
  - 6. A method as recited in claim 1, wherein the server authentication request comprises an encryption key and a random number, the method further comprising an act of encrypting the server authentication request.

7. A method of verifying that a server is authorized to provide resources to a client, the method comprising acts of:
- generating a server authentication request at the client, the server authentication request being encrypted with one or more encryption keys such that only an authorized server is able to decrypt the server authentication request;
  
  transmitting the server authentication request to the server;
  
  determining that no response to the server authentication request has been received by the client after an allotted period of time;
  
  interpreting no response as an indication that the server is not authorized to provide resources to the client; and
  
  disabling one or more client functions.
- View Dependent Claims (8, 9, 10)
- - 8. A method as recited in claim 7, further comprising an act of waiting to disable the one or more functions until after a grace period.
  - 9. A method as recited in claim 7, further comprising acts of periodically:
    - generating one or more subsequent server authentication requests at a client;
      
      transmitting the one or more subsequent server authentication requests to one or more subsequent servers;
      
      for each of the one or more subsequent server authentication requests, receiving a subsequent encrypted server authentication response;
      
      decrypting each subsequent server authentication response; and
      
      for each of the one or more subsequent server authentication responses;
      
      disabling one or more client functions when a response fails to indicate that a subsequent server is authorized to provide at least one resources to the client; and
      
      activating one or more client functions when a response indicates that the server is authorized to provide at least one resource to the client.
  - 10. A method as recited in claim 9, wherein at least one server authentication comprises expiration information, the method further comprising an ac of determining when at least one subsequent authentication request should occur based on the expiration information.

11. A computer program product for implementing a method of verifying that a server is authorized to provide resources to a client, the computer program product comprising a computer readable medium carrying computer executable instructions that implement the method, wherein the method comprises acts of:
- generating a server authentication request at the client to verify that the server is authorized to provide at least one resource to the client;
  
  transmitting the server authentication request to the server;
  
  receiving an encrypted server authentication response from the server;
  
  using a decryption key encoded in hardware at the client system to decrypt the server authentication response in order to prevent rogue software or operators of the client system from colluding with the server to circumvent server authentication; and
  
  disabling one or more client functions unless the decrypted server authentication response indicates that the server is authorized to provide the at least one resource to the client.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A computer program product as recited in claim 11, the method further comprising an act of activating one or more functions of the client if the server authentication response indicates that the server is authorized to provide at least one resources to the client.
  - 13. A computer program product as recited in claim 11, the method further comprising an act of waiting to disable the one or more functions until after a grace period.
  - 14. A computer program product as recited in claim 11, wherein the server authentication response indicates that the server is authorized to provide the at least one resource to the client, the method further comprising acts of:
    - while the server is authorized to provide the at least one resource to the client, periodically;
      
      generating one or more subsequent server authentication requests at a client;
      
      transmitting the one or more subsequent server authentication requests to the server;
      
      for each of the one or more subsequent server authentication requests, receiving a subsequent encrypted server authentication response;
      
      decrypting each subsequent server authentication response; and
      
      for each of the one or more subsequent server authentication responses, disabling one or more client functions when a response fails to indicate that the server is authorized to provide the at least one resource to the client.
  - 15. A computer program product as recited in claim 14, wherein at least one server authentication response comprises expiration information, the method further comprising an act of determining when at least one subsequent authentication request should occur based on the expiration information.
  - 16. A computer program product as recited in claim 11, wherein the server authentication request comprises an encryption key and a random number, the method further comprising an act of encrypting the server authentication request.

17. A computer program product for implementing a method of verifying that a server is authorized to provide resources to a client, the computer program product comprising a computer readable medium carrying computer executable instructions that implement the method, wherein the method comprises acts of:
- generating a server authentication request at the client;
  
  transmitting the server authentication request to the server;
  
  determining that no response to the server authentication request has been received by the client after an allotted period of time;
  
  interpreting no response as an indication that the server is not authorized to provide resources to the client; and
  
  disabling one or more client functions.
- View Dependent Claims (18, 19, 20)
- - 18. A computer program product as recited in claim 17, the method further comprising an act of waiting to disable the one or more functions until after a grace period.
  - 19. A computer program product as recited in claim 17, the method further comprising acts of periodically:
    - generating one or more subsequent server authentication requests at a client;
      
      transmitting the one or more subsequent server authentication requests to one or more subsequent servers;
      
      for each of the one or more subsequent server authentication requests, receiving a subsequent encrypted server authentication response;
      
      decrypting each subsequent server authentication response; and
      
      for each of the one or more subsequent server authentication responses;
      
      disabling one or more client functions when a response fails to indicate that a subsequent server is authorized to provide at least one resource to the client; and
      
      activating one or more client functions when a response indicates that the server is authorized to provide at least one resource to the client.
  - 20. A computer program product as recited in claim 19, wherein at least one server authentication response comprises expiration information, the method further comprising an act of determining when at least one subsequent authentication request should occur on the expiration information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Farrand, Toby E., Wasserman, Steven C., Gray, Donald M. III
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Gurshman, Grigory

Application Number

US09/978,536
Time in Patent Office

1,344 Days
Field of Search

713/201, 713/200, 713/202, 713/169
US Class Current

726/4
CPC Class Codes

H04L 63/0478   applying multiple layers of...

H04L 63/0869   for achieving mutual authen...

H04L 67/01   Protocols

Verification of server authorization to provide network resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of server authorization to provide network resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links