Systems and methods for caching in authentication systems
First Claim
Patent Images
1. A process for verification of a client authentication request by a server which can decrease problems associated with sham authentication requests, the process comprising:
- receiving, in the server, a client authentication request including client-specific data;
comparing the client specific data to data stored in a first cache memory coupled to the server to determine whether the client specific data meet a first threshold of validity;
if the client specific data meet the first threshold of validity, proceeding with the authentication process; and
if the client specific data do not meet the first threshold of validity, then storing in a second cache memory a portion of the client specific data and an indication that the client specific data do not correspond to a valid client, wherein the portion of the client specific data and the indication stored in the second cache memory identify a client name associated with the client authentication request and associate the client name with a negative indication of validity regardless of whether the client specific data includes valid proof of knowledge of privileged data, and then terminating the verification process.
2 Assignments
0 Petitions
Accused Products
Abstract
A process for requesting authentication includes transmitting a hash digest formed from first client-specific data together with second client specific data and receiving, in response to transmitting, an indication of acceptance when the hash digest and second client-specific data correspond to a valid client authentication request.
-
Citations
21 Claims
-
1. A process for verification of a client authentication request by a server which can decrease problems associated with sham authentication requests, the process comprising:
-
receiving, in the server, a client authentication request including client-specific data; comparing the client specific data to data stored in a first cache memory coupled to the server to determine whether the client specific data meet a first threshold of validity; if the client specific data meet the first threshold of validity, proceeding with the authentication process; and if the client specific data do not meet the first threshold of validity, then storing in a second cache memory a portion of the client specific data and an indication that the client specific data do not correspond to a valid client, wherein the portion of the client specific data and the indication stored in the second cache memory identify a client name associated with the client authentication request and associate the client name with a negative indication of validity regardless of whether the client specific data includes valid proof of knowledge of privileged data, and then terminating the verification process. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising:
-
an authentication server; and a first cache memory coupled to the authentication server, wherein the authentication server is configured to perform a method, the method comprising; receiving a client authentication request including client-specific data; comparing the client specific data to data stored in the first cache memory coupled to the authentication server to determine whether the client specific data meet a first threshold of validity; if the client specific data do not meet the first threshold of validity, terminating authentication and denying the authentication request; if the client specific data meet the first threshold of validity, proceeding with authentication by comparing the client specific data with data stored in a second cache memory to determine whether the client specific data meet a second threshold of validity and whether the client specific data correspond to an identity previously determined to be valid or invalid; if the client specific data meet the second threshold, transmitting a request for verification to a database containing client-specific data; and if the client specific data correspond to an identity previously determined to be invalid, terminating the authentication request. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A process for verification of a client authentication request by a server which can decrease problems associated with sham authentication requests, the process comprising:
-
receiving, in the server, a client authentication request including client-specific data comprising a name or hash of the name along with a client key or a proof of knowledge which identifies the client key; comparing the client-specific data to data stored in a first cache memory coupled to the server to determine whether the client-specific data meet a first threshold of validity, wherein the first cache memory stores names and keys of valid clients, and wherein the first cache memory uses the name or the hash of the name as a cache key to access the first cache memory; if the client-specific data meet the first threshold of validity, the first threshold of validity being met when the name and the client key identified in the client authentication request correspond to a valid entry in the first cache memory, proceeding with the authentication process; and if the client-specific data do not meet the first threshold of validity, then storing the name, the client key, and validity/invalidity indicators in a second cache memory, wherein the name stored in the second cache memory is associated with a validity indication regardless of whether the client key or the proof of knowledge for the client key matches data in an associated authentication database, and terminating the verification process.
-
-
17. A process for authenticating a user which can decrease problems associated with sham authentication requests, the process comprising:
-
receiving an authentication request including first client specific data comprising at least one of a client name and proof of knowledge of a client key; computing a NameHash using the received client name and a random session key; using data corresponding to the NameHash as a cache key to access first validity threshold data from a first cache memory; comparing the first validity threshold data to the first client specific data; and if the first client specific data do not meet the first threshold of validity, then storing a portion of the client specific data in a second cache memory along with an indication that the client specific data do not correspond to a valid client, the portion of the client specific data stored in the second cache memory identifying a client name associated with the client authentication request and associating the client name with a validity indication regardless of whether the client specific data included valid proof of knowledge of privileged data, and then terminating the verification process. - View Dependent Claims (18, 19, 20, 21)
-
Specification