Shared authorization data authentication method for transaction delegation in service-based computing environments
First Claim
Patent Images
1. A method of providing data to a client computer, comprising the steps of:
- generating, at a remote computer, a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values;
storing, at the remote computer, the list of pre-generated nonce values;
transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer;
accepting, at the first computer from a client computer, a first request for data;
retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value;
transmitting, from the first computer in response to the accepting, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data;
accepting, at the client computer, the partial response from the first computer;
transmitting the second request for the data to the remote computer;
receiving, at the remote computer, a second request for the data, the second request comprising the selected pre-generated nonce value;
determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer;
authorizing, in response to the determining, access the data that is stored on the remote computer; and
removing the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer, wherein the removing is performed in response to a pre-defined number of executions of authorizing access to the data.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for allowing client computers to access data or processing on remote computers without requiring the remote computer'"'"'s recognition of the client computer. An authorizing computer provides client computers with a data specification and remote computer address along with an authorization code that may only be used for a limited number of times. A client computer then accesses the remote computer to access secure data. The authorization codes of the example embodiment are stored on the authorizing computer and the remote computer and simple look up and comparison is used to validate the authorization code on the remote computer.
-
Citations
11 Claims
-
1. A method of providing data to a client computer, comprising the steps of:
-
generating, at a remote computer, a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values; storing, at the remote computer, the list of pre-generated nonce values; transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer; accepting, at the first computer from a client computer, a first request for data; retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value; transmitting, from the first computer in response to the accepting, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data; accepting, at the client computer, the partial response from the first computer; transmitting the second request for the data to the remote computer; receiving, at the remote computer, a second request for the data, the second request comprising the selected pre-generated nonce value; determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer; authorizing, in response to the determining, access the data that is stored on the remote computer; and removing the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer, wherein the removing is performed in response to a pre-defined number of executions of authorizing access to the data. - View Dependent Claims (2, 3, 9)
-
-
4. A system for of providing data to a client computer, the system comprising:
-
a remote computer, comprising; a nonce generator for generating a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values; a remote nonce storage for storing the list of pre-generated nonce values; and a remote transmitter for transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer; the first computer comprising; a request message receiver for, accepting from a client computer, a request for data; a partial response transmitter, coupled to the request message receiver, for; retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value; and transmitting, in response to the request message receiver accepting the request, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data, wherein the remote computer further comprises; a remote computer receiver for receiving a second request for the data, the second request comprising the selected pre-generated nonce value; a validator for determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer; and an authorization module for authorizing, in response to the determining, access the data that is stored on the remote computer, wherein the remote nonce storage further removes, in response to a pre-defined number of executions of authorizing access to the data by the authorization module, the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer; the client computer, wherein the client computer further comprises; a partial response receiver for accepting the partial response from the first computer; and a request transmitter for transmitting the second request for the data to the remote computer. - View Dependent Claims (5, 6, 10)
-
-
7. A computer readable medium including computer instructions for controlling communications access to remote processors, the computer instructions comprising instructions for:
-
generating, at a remote computer, a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values; storing, at the remote computer, the list of pre-generated nonce values; transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer; accepting, at the first computer from a client computer, a first request for data; retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value; transmitting, from the first computer in response to the accepting, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data; accepting, at the client computer, the partial response from the first computer; transmitting the second request for the data to the remote computer; receiving, at the remote computer, a second request for the data, the second request comprising the selected pre-generated nonce value; determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer; authorizing, in response to the determining, access the data that is stored on the remote computer; and removing the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer, wherein the removing is performed in response to a pre-defined number of executions of the instructions for authorizing access to the data. - View Dependent Claims (8, 11)
-
Specification