Secure resource

US 7,266,838 B2
Filed: 10/31/2002
Issued: 09/04/2007
Est. Priority Date: 10/31/2002
Status: Active Grant

First Claim

Patent Images

1. In a computer network, a method comprising:

recording a first serial number that was added to a previous request to access a resource;

acquiring the first serial number;

updating the first serial number by increasing its value;

adding the updated serial number to a request to access the resource;

sending the request;

verifying the serial number added to the request by comparing it to a second serial number; and

granting access to the resource only if the value of the updated serial number added to the request exceeds the value of the second serial number.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Preventing replay attacks without user involvement. A method according to one embodiment of the invention includes recording a serial number that was verified following a previous request to access a resource, and later receiving a request to access the resource. A serial number is acquired from the source of the request and then updated by increasing its value. The updated serial number is verified by comparing it with the recorded serial number, and access to the resource is granted only if the value of the updated serial number exceeds the value of the recorded serial number.

Citations

34 Claims

1. In a computer network, a method comprising:
- recording a first serial number that was added to a previous request to access a resource;
  
  acquiring the first serial number;
  
  updating the first serial number by increasing its value;
  
  adding the updated serial number to a request to access the resource;
  
  sending the request;
  
  verifying the serial number added to the request by comparing it to a second serial number; and
  
  granting access to the resource only if the value of the updated serial number added to the request exceeds the value of the second serial number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein acquiring, updating, adding, and sending are achieved through use of a programmatic interface.
  - 3. The method of claim 1, wherein recording comprises recording a first serial number on user'"'"'s smart card, and wherein acquiring comprises acquiring the first serial number from the user'"'"'s smart card.
  - 4. The method of claim 1, further comprising:
    - signing the request; and
      
      authenticating the signature; and
      
      wherein granting access comprises granting access to the resource only if the value of the updated serial number added to the request exceeds the value of the second serial number and the signature is authentic.
  - 5. The method of claim 4, wherein signing comprises, programming on a user'"'"'s smart card signing the request.
  - 6. The method of claim 4, wherein recording comprises recording a first serial number on user'"'"'s smart card, and wherein acquiring comprises acquiring the first serial number from the user'"'"'s smart card, the method further comprising acquiring the credentials from the user'"'"'s smart card.
  - 7. The method of claim 1, further comprising, after granting access, recording the serial number added to the request as a second serial number to be used to verify a serial number added to a subsequent request.
  - 8. The method of claim 1:
    - wherein the act of recording comprises recording a first serial number that was added to a previous request to access a resource and associating the recorded first serial number with data identifying the resource;
      
      the method further comprising intercepting the request to access the resource and identifying the resource to which the request is directed; and
      
      wherein the act of acquiring comprises acquiring the recorded first serial number associated with the data identifying the identified resource.
  - 9. The method of claim 1, further comprising:
    - recording a serial number that was added to a previous request to access a resource as a second serial number;
      
      associating the recorded second serial number with data identifying a user who issued the previous request; and
      
      identifying a user who issued the request; and
      
      wherein the act of verifying comprises verifying the updated serial number by comparing it with the recorded second serial number associated with the data identifying the identified user.

10. In a computer network, a method comprising:
- intercepting a request to access a resource;
  
  identifying the resource;
  
  acquiring a first serial number that was added to a previous request to access the resource;
  
  updating the acquired serial number by increasing its value;
  
  adding the updated serial number to the request;
  
  sending the request;
  
  receiving the request;
  
  verifying the serial number added to the request by comparing it with a second serial number that was added to a previous request to access the resource; and
  
  granting access to the resource if the value of the serial number added to the request exceeds the value of the second serial number.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein granting comprises granting access to the resource if the value of the serial number added to the request exceeds the value of the second serial number by one increment.
  - 12. The method of claim 10, further comprising, after granting access, recording the serial number added to the request as a second serial number to be used to verify a serial number added to a subsequent request.
  - 13. The method of claim 10, wherein the act of acquiring comprises acquiring a first recorded serial number that is associated with data identifying the identified resource.
  - 14. The method of claim 10, further comprising identifying a user who issued the request and wherein the act of verifying comprises verifying the serial number added to the request by comparing it with a second recorded serial number associated with data identifying the identified user.

15. Computer readable media having instructions for:
- recording a first serial number that was included with a previous request to access a resource;
  
  acquiring the first serial numberupdating the first serial number by increasing its value;
  
  adding the updated serial number to a request to access the resource;
  
  sending the request;
  
  verifying the serial number added to the request by comparing it with a second serial number; and
  
  granting access to the resource only if the value of the serial number added to the request exceeds the value of the recorded serial number.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The media of claim 15, wherein the instructions for recording comprise instructions for recording a first serial number on user'"'"'s smart card, and wherein the instructions for acquiring comprise instructions for acquiring the first serial number from the user'"'"'s smart card.
  - 17. The media of claim 15, having further instructions for:
    - adding credentials to the request; and
      
      authenticating the credentials; and
      
      wherein the instructions for granting access comprise instructions for granting access to the resource only if the value of the updated serial number added to the request exceeds the value of the second serial number and the credentials are authentic.
  - 18. The media of claim 17, wherein the instructions for adding are instructions found on a user'"'"'s smart card.
  - 19. The media of claim 15, wherein the instructions for recording comprise instructions for recording a first serial number on user'"'"'s smart card, and wherein the instructions for acquiring comprise instructions for acquiring the first serial number from the user'"'"'s smart card, the media having further instructions for acquiring the credentials from the user'"'"' smart card.
  - 20. The media of claim 15, having further instructions for, after granting access, recording the serial number added to the request as a second serial number to be used to verify a serial number added to a subsequent request.
  - 21. The media of claim 15:
    - wherein the instructions for recording comprise instructions for recording a first serial number that was added to a previous request to access a resource and associating the recorded first serial number with data identifying the resource;
      
      the method having further instructions for intercepting the request to access the resource and identifying the resource to which the request is directed; and
      
      wherein the instructions for acquiring comprise instructions for acquiring the recorded first serial number associated with the data identifying the identified resource.
  - 22. The media of claim 15, having further instructions for:
    - recording a serial number added to a previous request to access a resource as a second serial number;
      
      associating the recorded second serial number with data identifying a user who issued the previous request; and
      
      identifying a user who issued the request; and
      
      wherein the instructions for verifying comprise instructions for verifying the updated serial number by comparing it with the recorded second serial number associated with the data identifying the identified user.

23. Computer readable media having instructions for:
- intercepting a request to access a resource;
  
  identifying the resource;
  
  acquiring a first serial number that was added to a previous request to access the resource;
  
  updating the acquired serial number by increasing its value;
  
  adding the updated serial number to the request;
  
  sending the request;
  
  receiving the request;
  
  verifying the serial number added to the request by comparing it with a second serial number that was added to a previous request to access the resource; and
  
  granting access to the resource if the value of the serial number added to the request exceeds the value of the second serial number.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The media of claim 23, wherein the instructions for granting include instructions for granting access to the resource if the value of the serial number added to the request exceeds the value of the second serial number by one increment.
  - 25. The media of claim 23, having further instructions for, after granting access, recording the serial number added to the request as a second serial number to be used to verify a serial number added to a subsequent request.
  - 26. The media of claim 23, wherein the instructions for acquiring comprise instructions for acquiring a first serial number associated with data identifying the identified resource.
  - 27. The media of claim 23, having further instructions for identifying a user who issued the request and wherein the instructions for verifying comprise instructions for verifying the serial number added to the request by comparing it with a second serial number associated with data identifying the identified user.

28. In a computer network, a resource access system, comprising:
- a security module operable to intercept a request to access a resource;
  
  a serial module operable to acquire a recorded serial number added to a previous request to access the resource, the serial module further operable to update the acquired serial number by increasing its value; and
  
  the security module further operable to add the updated serial number to the request so that the request will be granted only after a verification that the updated serial number added to the request exceeds the value of the recorded serial number added to the previous request.
- View Dependent Claims (29, 30)
- - 29. The system of claim 28, further comprising:
    - a resource server operable to receive requests to access the resource; and
      
      a verifier operable to verify a serial number added to a received request.
  - 30. The system of claim 29, wherein the verifier is further operable to identify a user who issued the request, to acquire a second recorded serial number added to a previously received request associated with data identifying the identified user, and to verify a serial number added to a received request by comparing it to the second recorded serial number.

31. In a computer network, a resource access system, comprising:
- a security module operable to intercept a request to access a resource;
  
  a serial module operable to acquire a first recorded serial number added to a previous request to access the resource, the serial module further operable to update the acquired serial number by increasing its value;
  
  the security module further operable to add the updated serial number to the request;
  
  a resource server operable to receive a request to access the resource; and
  
  a verifier operable to acquire a second recorded serial number added to a previous request received by the resource server, to verify the serial number added to the received request by comparing it to the second recorded serial number, and to grant the request to access the resource only if the value of the serial number added to the request exceeds the value of the second recorded serial number.
- View Dependent Claims (32, 33)
- - 32. The system of claim 31, wherein the serial module is further operable to identify the resource to which the intercepted request is directed and to acquire a first recorded serial number that is associated with data identifying the identified resource.
  - 33. The system of claim 31, wherein the verifier is further operable to identify a user who issued the request and to acquire a second recorded serial number that is associated with data identifying the identified user.

34. In a computer network, a resource access system, comprising:
- a means for intercepting a request to access a resource;
  
  a means for acquiring a first recorded serial number added to a previous request to access the resource;
  
  a means for updating the acquired serial number by increasing it;
  
  a means for adding the updated serial number to the intercepted request and sending the request;
  
  a means for receiving a request to access the resource; and
  
  a means for acquiring a second recorded serial number added to a previous request to access the resource;
  
  a means for verifying the serial number added to a received request by comparing it to the acquired second serial number; and
  
  a means for granting the request to access the resource only if the serial number added to the request exceeds the acquired second recorded serial number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Foster, Ward Scott, Madril, Jr., Robert John, Simpson, Shell Sterling
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/286,121
Publication Number

US 20040088545A1
Time in Patent Office

1,769 Days
Field of Search

None
US Class Current

726/6
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 63/1441   Countermeasures against mal...

Secure resource

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure resource

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links