Systems and methods for enhancing security of communication over a public network
First Claim
Patent Images
1. A computer-implemented method for enhancing the security of communication over a network, the method comprising:
- receiving a set of authentication credentials from a user;
receiving from the user a request that requires communication over the network with a remote system;
applying a collection of security privileges to the set of authentication credentials to determine if the user is authorized to carry out the request wherein applying comprises applying based at least in part upon a role-based determination that involves referencing a record that assigns access privileges to various roles that can be assumed by the user;
selectively transmitting a security certificate over the network to the remote system, the certificate containing a public key;
receiving from the remote system a session ticket that has been encrypted with the public key;
decrypting the session ticket with a corresponding private key;
using the session ticket as an authenticator for subsequent communications with the remote system;
wherein the remote system is a service provider configured to extend the functionality of a software application by remotely providing a service, and wherein selectively transmitting therefore comprises selectively transmitting the security certificate to the service provider;
wherein receiving from the user a request comprises receiving from the user a request for delivery of the service provided remotely by the service provider;
wherein selectively transmitting comprises transmitting only when the collection of security privileges indicates that the user is authorized to receive the service provided remotely by the service provider;
wherein using the session ticket comprises using the session ticket to secure communication associated with the service provider extending the functionality of the software application; and
wherein receiving a set of authentication credentials comprises receipt of the authentication credentials by a first computing device, the first computing device being the same computing device upon which operates the software application that receives the extended functionality from service provider, and wherein the first computing device is the same computing device upon which the role-based determination is made, the record that is referenced as part of that determination being stored on the first computing device, and wherein selectively transmitting a security certificate to the service provider further comprises transmitting the security certificate from the first computing device to the service provider, and wherein using the session ticket to secure communications further comprises using the session ticket to secure direct communications between the service provider and the first computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.
36 Citations
15 Claims
-
1. A computer-implemented method for enhancing the security of communication over a network, the method comprising:
-
receiving a set of authentication credentials from a user; receiving from the user a request that requires communication over the network with a remote system; applying a collection of security privileges to the set of authentication credentials to determine if the user is authorized to carry out the request wherein applying comprises applying based at least in part upon a role-based determination that involves referencing a record that assigns access privileges to various roles that can be assumed by the user; selectively transmitting a security certificate over the network to the remote system, the certificate containing a public key; receiving from the remote system a session ticket that has been encrypted with the public key; decrypting the session ticket with a corresponding private key; using the session ticket as an authenticator for subsequent communications with the remote system; wherein the remote system is a service provider configured to extend the functionality of a software application by remotely providing a service, and wherein selectively transmitting therefore comprises selectively transmitting the security certificate to the service provider; wherein receiving from the user a request comprises receiving from the user a request for delivery of the service provided remotely by the service provider; wherein selectively transmitting comprises transmitting only when the collection of security privileges indicates that the user is authorized to receive the service provided remotely by the service provider; wherein using the session ticket comprises using the session ticket to secure communication associated with the service provider extending the functionality of the software application; and wherein receiving a set of authentication credentials comprises receipt of the authentication credentials by a first computing device, the first computing device being the same computing device upon which operates the software application that receives the extended functionality from service provider, and wherein the first computing device is the same computing device upon which the role-based determination is made, the record that is referenced as part of that determination being stored on the first computing device, and wherein selectively transmitting a security certificate to the service provider further comprises transmitting the security certificate from the first computing device to the service provider, and wherein using the session ticket to secure communications further comprises using the session ticket to secure direct communications between the service provider and the first computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for enhancing the security of communication over a network, the method comprising:
-
receiving a set of authentication credentials from a user; applying a collection of security privileges to the set of authentication credentials to determine if the user is authorized to carry out a request wherein applying comprises applying based at least in part upon a role-based determination that involves referencing a record that assigns access privileges to various roles that can be assumed by the user; generating a public key and a corresponding private key; storing the private key; transmitting the public key over the network to a registration service; receiving from the registration service a security certificate that includes the public key; transmitting the security certificate over the network to an entity with which a channel of communication is desired; receiving from the entity a session ticket encrypted with the public key; decrypting the session ticket with the private key; using the session ticket as an authenticator for subsequent communications with the entity, wherein using the session ticket comprises using the session ticket as a cryptography key for encrypting or decrypting messages; wherein receiving a session ticket from the entity comprises receipt of the session ticket by a first computing device; wherein decrypting the session ticket with the private key is a function that occurs via processing executed by the first computing device; wherein using the session ticket as an authenticator further comprises using the session ticket as an authenticator for subsequent communications between the entity and the first computing device; and wherein transmitting the security certificate over the network comprises transmitting the security certificate to a service provider configured to extend the functionality of a software application by remotely providing a service. - View Dependent Claims (9, 10, 11)
-
-
12. A computer-implemented method for enhancing the security of communication over a network between multiple peer application hosts, the method comprising:
-
receiving a set of authentication credentials from a user; applying a collection of security privileges to the set of authentication credentials to determine if the user is authorized to carry out a request wherein applying comprises applying based at least in part upon a role-based determination that involves referencing a record that assigns access privileges to various roles that can be assumed by the user; receiving a security certificate from a first application host; transmitting the security certificate over the network to an entity with which a channel of communication is desired; generating a session ticket; encrypting the session ticket with a public key contained in the security certificate; transmitting the session ticket to the first application host; receiving a message from the first application host, the message being at least partially encrypted in accordance with the session key prior to its being encrypted with the public key; wherein said steps of receiving a security certificate, generating, encrypting, transmitting, and receiving a message are all conducted via processing by the same computing device; and wherein transmitting the security certificate over the network comprises transmitting the security certificate to a service provider configured to extend the functionality of a software application by remotely providing a service. - View Dependent Claims (13, 14, 15)
-
Specification