Shared authorization data authentication method for transaction delegation in service-based computing environments

US 7,565,324 B2
Filed: 01/31/2006
Issued: 07/21/2009
Est. Priority Date: 10/10/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing data to a client computer, comprising the steps of:

generating, at a remote computer, a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values;

storing, at the remote computer, the list of pre-generated nonce values;

transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer;

accepting, at the first computer from a client computer, a first request for data;

retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value;

transmitting, from the first computer in response to the accepting, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data;

accepting, at the client computer, the partial response from the first computer;

transmitting the second request for the data to the remote computer;

receiving, at the remote computer, a second request for the data, the second request comprising the selected pre-generated nonce value;

determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer;

authorizing, in response to the determining, access the data that is stored on the remote computer; and

removing the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer, wherein the removing is performed in response to a pre-defined number of executions of authorizing access to the data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing client computers to access data or processing on remote computers without requiring the remote computer'"'"'s recognition of the client computer. An authorizing computer provides client computers with a data specification and remote computer address along with an authorization code that may only be used for a limited number of times. A client computer then accesses the remote computer to access secure data. The authorization codes of the example embodiment are stored on the authorizing computer and the remote computer and simple look up and comparison is used to validate the authorization code on the remote computer.

Citations

11 Claims

1. A method of providing data to a client computer, comprising the steps of:
- generating, at a remote computer, a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values;
  
  storing, at the remote computer, the list of pre-generated nonce values;
  
  transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer;
  
  accepting, at the first computer from a client computer, a first request for data;
  
  retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value;
  
  transmitting, from the first computer in response to the accepting, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data;
  
  accepting, at the client computer, the partial response from the first computer;
  
  transmitting the second request for the data to the remote computer;
  
  receiving, at the remote computer, a second request for the data, the second request comprising the selected pre-generated nonce value;
  
  determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer;
  
  authorizing, in response to the determining, access the data that is stored on the remote computer; and
  
  removing the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer, wherein the removing is performed in response to a pre-defined number of executions of authorizing access to the data.
- View Dependent Claims (2, 3, 9)
- - 2. The method according to claim 1, further comprising the step of charging an entity in response to providing the pre-generated nonce value to the remote computer for at least one of the accesses to the data.
  - 3. The method according to claim 1, wherein the pre-generated nonce value comprises an expiration time.
  - 9. The method of claim 1, wherein each nonce value within the plurality of pre-generated nonce values comprises a cryptographically generated number.

4. A system for of providing data to a client computer, the system comprising:
- a remote computer, comprising;
  
  a nonce generator for generating a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values;
  
  a remote nonce storage for storing the list of pre-generated nonce values; and
  
  a remote transmitter for transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer;
  
  the first computer comprising;
  
  a request message receiver for, accepting from a client computer, a request for data;
  
  a partial response transmitter, coupled to the request message receiver, for;
  
  retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value; and
  
  transmitting, in response to the request message receiver accepting the request, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data,wherein the remote computer further comprises;
  
  a remote computer receiver for receiving a second request for the data, the second request comprising the selected pre-generated nonce value;
  
  a validator for determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data iscontained within the list of pre-generated nonce values stored at the remote computer; and
  
  an authorization module for authorizing, in response to the determining, access the data that is stored on the remote computer,wherein the remote nonce storage further removes, in response to a pre-defined number of executions of authorizing access to the data by the authorization module, the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer;
  
  the client computer, wherein the client computer further comprises;
  
  a partial response receiver for accepting the partial response from the first computer; and
  
  a request transmitter for transmitting the second request for the data to the remote computer.
- View Dependent Claims (5, 6, 10)
- - 5. The system according to claim 4, further comprising a billing module for charging an entity in response to providing the pre-generated nonce value to the remote computer for at least one of the accesses to the data.
  - 6. The system according to claim 4, wherein the pre-generated nonce value comprises an expiration time.
  - 10. The system of claim 4, wherein each nonce value within the plurality of pre-generated nonce values comprises a cryptographically generated number.

7. A computer readable medium including computer instructions for controlling communications access to remote processors, the computer instructions comprising instructions for:
- generating, at a remote computer, a list of pre-generated nonce values, the list of pre-generated nonce values containing a plurality of pre-generated nonce values;
  
  storing, at the remote computer, the list of pre-generated nonce values;
  
  transmitting, to a first computer, the list of pre-generated nonce values, wherein the first computer is separate from the remote computer;
  
  accepting, at the first computer from a client computer, a first request for data;
  
  retrieving, from the list of pre-generated nonce values in response to the accepting, a selected pre-generated nonce value;
  
  transmitting, from the first computer in response to the accepting, a partial response to the client computer, wherein the partial response contains the selected pre-generated nonce value and a specification of a remote computer that contains the data;
  
  accepting, at the client computer, the partial response from the first computer;
  
  transmitting the second request for the data to the remote computer;
  
  receiving, at the remote computer, a second request for the data, the second request comprising the selected pre-generated nonce value;
  
  determining, in response to the receiving, that the selected pre-generated nonce value contained within the second request for the data is contained within the list of pre-generated nonce values stored at the remote computer;
  
  authorizing, in response to the determining, access the data that is stored on the remote computer; and
  
  removing the pre-generated nonce value from the list of pre-generated nonce values stored at the remote computer, wherein the removing is performed in response to a pre-defined number of executions of the instructions for authorizing access to the data.
- View Dependent Claims (8, 11)
- - 8. The computer readable medium of claim 7, further comprising instructions for charging an entity in response to providing the pre-generated nonce value to the remote computer for at least one of the accesses to the data.
  - 11. The computer readable medium of claim 7, wherein each nonce value within the plurality of pre-generated nonce values comprises a cryptographically generated number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Vincent, Christopher R.
Primary Examiner(s)
Trammell; James P
Assistant Examiner(s)
Badii; Behrang

Application Number

US11/344,624
Publication Number

US 20060129488A1
Time in Patent Office

1,267 Days
Field of Search

713/159, 713/176, 713/168, 713/178, 713/172, 713/182, 713/186, 380/28, 709/229, 726/9, 726/26, 370/337
US Class Current

705/50
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Shared authorization data authentication method for transaction delegation in service-based computing environments

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Shared authorization data authentication method for transaction delegation in service-based computing environments

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links