Adaptive method for amortizing authentication overhead

US 7,085,937 B1
Filed: 10/27/2000
Issued: 08/01/2006
Est. Priority Date: 09/06/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating transferred data between a sender computer and a receiver computer of a service broker system for interactive monitoring and control of data to and from Internet enabled devices of a sender/receiver computer security system over the Internet, the method comprising the steps of:

establishing a first secure transmission of data over the Internet between a virtual gateway of the sender computer and a Web site of the receiver computer, the computers being provided with browser programming for accessing and/or displaying files and other data between the sender and receiver computers over the Internet;

establishing at least one additional transmission of data between the sender computer gateway and the receiver computer Web site;

adaptively determining the number of additional transmissions between the sender computer gateway and the receiver computer Web site;

transmitting the data during at least one of the additional transmissions; and

authenticating each transmission in which data is transmitted.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for amortizing the authentication overhead of data transmissions. The method comprises establishing a first secure transmission of data between a transmitter and a receiver by transmitting at least one token to the receiver during the first secure transmission. There may be any number of senders and receivers, and any receivers may be a sender and vice versa. The method also comprises establishing at least one additional transmission of data between the sender and the receiver and transmitting the data and at least one token during the at least one additional transmission. In addition, the method compares the at least one token transmitted during the at least one additional transmission to the token transmitted during the first secure transmission to guarantee the authenticity of that at least one additional transmission. The method may also include transmitting a preselected number of tokens during the first secure transmission. The number of additional transmissions may or may not correspond to the preselected number of tokens. The at least one additional transmission may be conducted over an unsecure connection using open communication. The first secure transmission may be protected or encrypted.

216 Citations

17 Claims

1. A method for authenticating transferred data between a sender computer and a receiver computer of a service broker system for interactive monitoring and control of data to and from Internet enabled devices of a sender/receiver computer security system over the Internet, the method comprising the steps of:
- establishing a first secure transmission of data over the Internet between a virtual gateway of the sender computer and a Web site of the receiver computer, the computers being provided with browser programming for accessing and/or displaying files and other data between the sender and receiver computers over the Internet;
  
  establishing at least one additional transmission of data between the sender computer gateway and the receiver computer Web site;
  
  adaptively determining the number of additional transmissions between the sender computer gateway and the receiver computer Web site;
  
  transmitting the data during at least one of the additional transmissions; and
  
  authenticating each transmission in which data is transmitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method set forth in claim 1, wherein the number of additional transmissions is adaptively selected, at least in part, based upon the performance overhead of the system.
  - 3. The method set forth in claim 2, wherein the number of additional transmissions is variable and adaptively selected, at least in part, based upon monitored conditions.
  - 4. The method set forth in claim 2, wherein the number of additional transmissions is adaptively selected, at least in part, based upon a set of criteria that are used in an algorithm to determine the number of additional transmissions, the criteria selected from the group consisting of the frequency of transmissions between the sender computer and receiver computer, the closeness of the sender computer to the source of the transactions, and the usage patterns of the sender computer.
  - 5. The method set forth in claim 4, wherein the algorithm is a statistical averaging algorithm.
  - 6. The method set forth in claim 1, further comprising the step of transmitting at least one token to the receiver during the first secure transmission;
    - wherein the data transmitting step further comprises transmitting at least one token along with the data; and
      
      wherein the authentication step comprises comparing the at least one token transmitted during the additional transmission to the at least one token transmitted during the first secure transmission to determine whether the transmission is authentic.
  - 7. The method set forth in claim 6, wherein the at least one token comprises a preselected number of tokens.
  - 8. The method set forth in claim 7, wherein the number of at least one transmissions corresponds to the preselected number of tokens.
  - 9. The method set forth in claim 7, wherein the number of at least one transmissions is greater than the preselected number of tokens.
  - 10. The method set forth in claim 7, wherein the number of at least one transmissions is less than the preselected number of tokens.
  - 11. The method set forth in claim 6, wherein the at least one additional transmission is conducted over an unsecure or open connection.
  - 12. The method set forth in claim 6, wherein the first secure transmission is encrypted.
  - 13. The method set forth in claim 6, wherein the at least one additional transmission is sent in plaintext.
  - 14. The method set forth in claim 6, further comprising the steps of transmitting a checksum value during the first transmission and having the receiver verify that the checksum value is accurate by comparing the transmitted value to a checksum value generated using a similar checksum algorithm.
  - 15. The method set forth in claim 14, wherein the transmitted checksum value is based upon checksum values transmitted during the previous transmissions.

16. A method for authenticating transferred data between a sender computer and a receiver computer of a service broker system for interactive monitoring and control of data to and from one or more Internet enabled devices of a client/server security system over the Internet, the method comprising the steps of:
- establishing a first secure transmission of data over the Internet between the sender computer and the receiver computer, each of the sender and receiver computers having a virtual gateway and/or a Web site for directing data therebetween, and browser programming for accessing and/or displaying files and other data between the sender and receiver computers over the Internet;
  
  establishing at least one additional transmission of data between the sender computer and the receiver computer;
  
  adaptively determining the number of additional transmissions between the sender computer and the receiver computer;
  
  transmitting the data during at least one of the additional transmissions; and
  
  authenticating each transmission in which data is transmitted, wherein the number of additional transmissions is variable and adaptively selected, at least in part, based upon the performance overhead of the system, and, at least in part, based upon a set of criteria used in an algorithm to determine the number of additional transmissions, the criteria being selected from the group consisting of the frequency of transmissions between the sender computer and receiver computer, the closeness of the sender computer to the source of the transactions, and the usage patterns of the sender computer.

17. A method for authenticating transferred data between a sender computer and a receiver computer of a service broker system for interactive monitoring and control of data to and from Internet enabled devices of a sender/receiver computer security system over the Internet, the method comprising the steps of:
- establishing a first secure transmission of data over the Internet between a Web site of the sender computer and a virtual gateway of the receiver computer, the computers being provided with browser programming for accessing and/or displaying files and other data between the sender and receiver computers over the Internet;
  
  establishing at least one additional transmission of data between the sender computer Web site and the receiver computer gateway;
  
  adaptively determining the number of additional transmissions between the sender computer Web site and the receiver computer gateway site;
  
  transmitting the data during at least one of the additional transmissions; and
  
  authenticating each transmission in which data is transmitted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Digital Life, Inc. (AT&T, Inc.)
Original Assignee
AT&T Digital Life, Inc. (AT&T, Inc.)
Inventors
Rezvani, Babak, Chen, Jack L.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
TRAN, ELLEN C

Application Number

US09/698,764
Time in Patent Office

2,104 Days
Field of Search

713/200, 713/201, 709/229, 709/217, 709/220, 709/221, 709/223, 709/225, 710/8, 710/104
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

H04L 41/00   Arrangements for maintenanc...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

H04L 63/18   using different networks or...

Adaptive method for amortizing authentication overhead

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

216 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive method for amortizing authentication overhead

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

216 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links