Authentication of network users

US 7,464,402 B2
Filed: 03/18/2003
Issued: 12/09/2008
Est. Priority Date: 03/17/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating a client on a network used by plural network clients, the method comprising:

an authenticating network entity instructing the client to be authenticated to obtain authentication information from at least two other network clients;

the client to be authenticated obtaining the authentication information from said at least two other network clients and sending that authentication information to the authenticating network entity; and

the authenticating network entity evaluating authenticity of the client to be authenticated on the basis of the authentication information it is sent;

wherein said at least two other network clients are determined randomly.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network includes a server and a number of clients, which will in operation of the network require authentication by the server. The server distributes authentication information to other clients when a session is initialized. When the server needs to authenticate a client, it hands out a server request to the client which asks client for authentication information which it must obtain from other clients. The client to be authenticated then sends these requests to the clients specified in the authentication request to obtain the authentication information from those clients. Once the client to be authenticated has received the relevant authentication information from the other clients it returns it to the server and is authenticated or not accordingly.

41 Citations

View as Search Results

26 Claims

1. A method of authenticating a client on a network used by plural network clients, the method comprising:
- an authenticating network entity instructing the client to be authenticated to obtain authentication information from at least two other network clients;
  
  the client to be authenticated obtaining the authentication information from said at least two other network clients and sending that authentication information to the authenticating network entity; and
  
  the authenticating network entity evaluating authenticity of the client to be authenticated on the basis of the authentication information it is sent;
  
  wherein said at least two other network clients are determined randomly.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein the authenticating network entity is a server of the network.
  - 3. The method of claim 1, wherein the client to be authenticated comprises a client on the network.
  - 4. The method of claim 1, wherein the authentication information comprises one or more pieces of information that is stored by said at least two other network clients.
  - 5. The method of claim 4, wherein each piece of authentication information is only valid for a limited period of time.
  - 6. The method of claim 1, further comprising at least one distributor network entity distributing said authentication information to said at least two other network clients.
  - 7. The method of claim 6, wherein the authentication information is distributed by a plurality of distributor network entities.
  - 8. The method of claim 6, wherein the authentication information is distributed by at least two authenticating network entities.
  - 9. The method of claim 6, wherein the authentication information is distributed in plain text.
  - 10. The method of claim 6, further comprising the distributor network entity first verifying the at least two other network clients that it is distributing the authentication information to, and then, once it has verified the at least two other network clients, transmitting the authentication information to the at least two other network clients.
  - 11. The method of claim 10, wherein the network entity verification is done using a token exchange technique.
  - 12. The method of claim 11, wherein the at least two other network clients store the token sent to them by the distributor network entity during the authentication information distribution process for future use.
  - 13. The method of claim 1, further comprising the client to be authenticated verifying the authentication instruction received from the authenticating network entity before responding to that instruction.
  - 14. The method of claim 1, further comprising the authenticating network entity including with the authentication instruction verification information that the client to be authenticated can return to the authenticating network entity with its response to the authentication instruction to allow the authenticating network entity to verify that response as being in answer to the authentication instruction.
  - 15. The method of claim 14, further comprising the client to be authenticated returning its response to the authentication instruction to the authenticating network entity together with said verification information.
  - 16. The method of claim 1, further comprising the client to be authenticated, once it has received the authentication instruction, sending authentication information request messages to the indicated at least two other network clients requesting from them the authentication information.
  - 17. The method of claim 1, further comprising the authenticating network entity determining the time delay between its authentication instruction and the response from the client to be authenticated, and rejecting the response if the response is returned outside a predetermined period of time from the original instruction.
  - 18. The method of claim 1, wherein the authentication takes place via an intermediate network entity which modifies the authentication process.
  - 19. The method of claim 18, wherein the authentication instruction from the authenticating network entity is sent to the client to be authenticated via the intermediate network entity which modifies that instruction, and further comprising the client to be authenticated answering this modified instruction and returning its response, and the intermediate network entity intercepting the response and modifying it appropriately before returning it to the authenticating network entity.
  - 20. A tangible computer program storage medium containing computer software code for performing the method of claim 1 when the program element is run on data processing hardware.
  - 21. A tangible computer program storage medium containing computer software code for performing the method of claim 1 when the program element is run on data processing hardware.

22. A network comprising:
- an authenticating network entity comprising means for authenticating network clients, including;
  
  means for instructing a network client to be authenticated to obtain and send to it authentication information from at least two other network clients andmeans for evaluating authenticity of the network client to be authenticated on the basis of the authentication information it sends;
  
  said at least two other network clients each having means for storing authentication information and for sending that information to said network client to be authenticated;
  
  wherein said at least two other network clients are determined randomly.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The network of claim 22, wherein said network client to be authenticated having:
    - means for receiving the authentication instruction from the authenticating network entity;
      
      means for, in response to such an instruction, seeking the authentication information from said at least two other network clients; and
      
      means for returning the authentication information to the authenticating network entity.
  - 24. The network of claims 22, further comprising at least one distributor network entity comprising means for distributing authentication information to said at least two other network clients.
  - 25. The network of claim 22, further comprising an intermediate network entity via which the authentication takes place, and which intermediate network entity modifies the authentication process.
  - 26. The network of claim 25, wherein the intermediate network entity comprises:
    - means for receiving and modifying the authentication instruction sent from the authenticating network entity;
      
      means for intercepting the response of the network client to be authenticated; and
      
      means for modifying that response appropriately before returning it to the authenticating network entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Soppera, Andrea, Briscoe, Robert J
Primary Examiner(s)
Revak; Christopher A

Application Number

US10/389,901
Publication Number

US 20040187024A1
Time in Patent Office

2,093 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

H04L 63/08 for authentication of entit...

Authentication of network users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of network users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links