Method and system for providing third party authentication of authorization

US 7,818,792 B2
Filed: 02/04/2002
Issued: 10/19/2010
Est. Priority Date: 02/04/2002
Status: Expired

First Claim

Patent Images

1. A communication authorization method, comprising:

a third party server receiving a request for access information to access content;

generating the access information and session rights to access the desired content from a first application server;

generating authentication of the access information and session rights using a first service ticket to the first application server, wherein the first service ticket is obtained from a key distribution center (KDC), wherein the KDC is a separate entity from the first application server; and

sending the access information, session rights and authentication to a client, whereby the client presents the access information, session rights and authentication to the first application server to be authorized to receive the desired content from the first application server;

the method further comprising;

the first application server receiving a key request including the access information and authentication;

extracting the access information and authentication;

verifying the authentication of the access information using the first service ticket, and client authorization; and

issuing a key reply if the authentication of the access information and client authorization are verified.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system (100) for providing third party authentication when requesting content and/or services from an application server (106). The method is applicable to key management protocols that utilize the concept of tickets. The method and system include a client (102) being coupled with a third party application server (107), wherein the client submits a request for content from the third party application server and the third party application server returns requested information and corresponding authentication. The client further couples with a first application server (106), wherein the client submits a key request (KEY_REQ) including the third party server information and corresponding authentication to the first application server. The first application server authenticates the third party server information and verifies client authorization based on third party information. The first application server returns a key reply (KEY_REP) if the third party server information is authenticated and client authorization is verified.

Citations

17 Claims

1. A communication authorization method, comprising:
- a third party server receiving a request for access information to access content;
  
  generating the access information and session rights to access the desired content from a first application server;
  
  generating authentication of the access information and session rights using a first service ticket to the first application server, wherein the first service ticket is obtained from a key distribution center (KDC), wherein the KDC is a separate entity from the first application server; and
  
  sending the access information, session rights and authentication to a client, whereby the client presents the access information, session rights and authentication to the first application server to be authorized to receive the desired content from the first application server;
  
  the method further comprising;
  
  the first application server receiving a key request including the access information and authentication;
  
  extracting the access information and authentication;
  
  verifying the authentication of the access information using the first service ticket, and client authorization; and
  
  issuing a key reply if the authentication of the access information and client authorization are verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as claimed in claim 1, further comprising:
    - encrypting at least a portion of the session rights using a third party server session key for the first application server.
  - 3. The method as claimed in claim 1, further comprising:
    - requesting a ticket granting ticket (TGT ticket);
      
      receiving a TGT ticket;
      
      requesting the first party server service ticket for the first application server; and
      
      receiving the first party server service ticket for the first application server.
  - 4. The method as claimed in claim 3, further comprising:
    - the third party server receiving a request for the access information to access content;
      
      generating the third party server access information to access the desired content from a first application server; and
      
      generating the third party server authentication of the access information.
  - 5. The method as claimed in claim 4, wherein the generating the third party server authentication includes incorporating a first party server service ticket for the first application server.
  - 6. The method as claimed in claim 5, wherein the generating the authentication includes generating a signature utilizing a session key of the first party server service ticket.
  - 7. The method as claimed in claim 1, further comprising:
    - the KDC receiving a second service ticket request from a client for the first application server;
      
      issuing a second service ticket for the first application server; and
      
      the step of the first application server receiving a key request from a client wherein the key request includes the second service ticket.
  - 8. The method as claimed in claim 7, further comprising:
    - a client generating a key request including the access information and the authentication;
      
      sending the key request to the first application server; and
      
      receiving the key reply (KEY_REP) if the authentication of the access information and client authorization are verified by the first application server.

9. A method for verifying authorization for a client to gain access to content and/or services, comprising:
- receiving a key request from a client;
  
  extracting third party server access information, session rights and third party server authentication from the key request;
  
  verifying an authentication of the third party access information, session rights and a client authorization;
  
  issuing a key reply directly to the client if the authentication of the third party access information, session rights and the client authorization are verified;
  
  receiving, in a key distribution center (KDC), wherein the KDC is a separate entity from an application server, a second service ticket request from a client for the application server;
  
  issuing a second service ticket for the application server; and
  
  the step of the application server receiving a key request from a client wherein the key request includes the second service ticket.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method as claimed in claim 9, further comprising:
    - authenticating the third party server access information using the third party server authentication.
  - 11. The method as claimed in claim 10, wherein the authenticating includes extracting a first service ticket and authenticating the third party server access information using the first service ticket.
  - 12. The method as claimed in claim 9, wherein the extracting the third party server authentication, further comprising the steps of extracting a session key from the first party ticket included in the key request;
    - and the step of authenticating the access information includes verifying a third party server signature using the session key.
  - 13. The method as claimed in claim 12, wherein the extracting the session key includes decrypting at least a portion of the first party ticket included in the key request using the first application server service key and extracting the session key.

14. A method for providing secure communication when distributing services, comprising:
- a third party server receiving a selection for services;
  
  issuing access information and session rights for the services;
  
  issuing authentication of the access information and the session rights;
  
  an application server receiving a key request from a client, the key request including the access information and authentication;
  
  extracting the access information and authentication;
  
  verifying an authentication of the access information, session rights and a client authorization utilizing, at least in part, a first service ticket; and
  
  issuing a key reply directly to a client if the authentication of the access information, session rights and the client authorization are verified.
- View Dependent Claims (15, 16, 17)
- - 15. The method as claimed in claim 14, further comprising:
    - a KDC receiving a first service ticket request from a third party server for the first application server;
      
      the KDC issuing the first service ticket to the third party server for the first application server; and
      
      the steps of the third party server issuing access information and authentication including generating the access information and authentication using the first service ticket.
  - 16. The method as claimed in claim 14, further comprising:
    - the KDC receiving a second service ticket request from a client for the first application server;
      
      issuing a second service ticket for the first application server; and
      
      the step of the application server receiving a key request from a client wherein the key request includes the second service ticket.
  - 17. The method as claimed in claim 14, wherein:
    - the verifying the authentication of the access information includes;
      
      extracting the first service ticket;
      
      decrypting the first service ticket;
      
      extracting a session key from the first service ticket;
      
      generating a signature using the session key; and
      
      verifying the signature over the access information with the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Manglore, Geetha, Medvinsky, Alexander, Peterka, Petr, Shamsaasef, Rafie
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US10/067,610
Publication Number

US 20030149880A1
Time in Patent Office

3,179 Days
Field of Search

726 1- 10, 726 17- 21, 726 26- 30, 726155-159, 726/172, 726/175, 713/150, 713/182
US Class Current

726/10
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/083   involving central third par...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3213   using tickets or tokens, e....

Method and system for providing third party authentication of authorization

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing third party authentication of authorization

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links