Systems and methods for state-less authentication

US 8,051,098 B2
Filed: 01/21/2010
Issued: 11/01/2011
Est. Priority Date: 04/19/2001
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of accessing any of a plurality of resources wherein at least some of the resources do not share a common processing platform, the method comprising:

establishing a secure communication session between a user computing device and a logon component, wherein the secure communication session comprises a temporary, interactive information exchange that is set up and then torn down;

verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context to be employed by the user computing device that is;

unique to a user of the user computing device;

necessary to access any of the plurality of resources without requiring any follow-on authorization communications between the accessed resource and the logon component.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Systems and methods for providing user logon and state-less authentication are described in a distributed processing environment. Upon an attempted access by a user to an online resource, transaction, or record, a logon component asks the user to supply a logon ID and a password. The logon component verifies the provided information, and upon successful identification, a security context is constructed from information relevant to the user. The security context is sent to the user and is presented to the system each time the user attempts to invoke a new resource, such as a program object, transaction, record, or certified printer avoiding the need for repeated logon processing.

54 Citations

View as Search Results

19 Claims

1. A method of accessing any of a plurality of resources wherein at least some of the resources do not share a common processing platform, the method comprising:
- establishing a secure communication session between a user computing device and a logon component, wherein the secure communication session comprises a temporary, interactive information exchange that is set up and then torn down;
  
  verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context to be employed by the user computing device that is;
  
  unique to a user of the user computing device;
  
  necessary to access any of the plurality of resources without requiring any follow-on authorization communications between the accessed resource and the logon component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein verifying the logon information comprises comparing the logon information to previously stored information that identifies the user.
  - 3. The method of claim 1 wherein a security context that is unique to the user comprises, at least in part, a unique identifier as corresponds to the user.
  - 4. The method of claim 1 wherein the security context comprises a stateless security context.
  - 5. The method of claim 1 wherein generating a security context to be employed by the user computing device comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources.
  - 6. The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user'"'"'s degree of access to a given accessed resource can vary notwithstanding a common use of the security context.
  - 7. The method of claim 1 wherein generating a security context comprises generating a time-limited security context.
  - 8. The method of claim 7 wherein generating a time-limited security context comprises including a time stamp in the security context.

9. An apparatus comprising:
- at least one trusted computing environment component configured to facilitate;
  
  establishing a secure communication session between a user computing device and a logon component, wherein the secure communication session comprises a temporary, interactive information exchange that is set up and then torn down;
  
  verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is;
  
  unique to a user of the user computing device;
  
  necessary to access any of the plurality of resources without requiring any follow-on authorization communications between the accessed resource and the logon component.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus of claim 9 wherein the security context comprises, at least in part, a unique identifier as corresponds to the user.
  - 11. The apparatus of claim 9 wherein the security context comprises a stateless security context.
  - 12. The apparatus of claim 9 wherein the security context is operable to support contemporaneously accessing at least two of the plurality of resources.
  - 13. The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user'"'"'s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context.
  - 14. The apparatus of claim 9 wherein the security context comprises a time-limited security context.
  - 15. The apparatus of claim 14 wherein the time-limited security context includes a time stamp.

16. A method to facilitate accessing protected on-line resources via corresponding secured transactions, comprising:
- at a user computing device;
  
  presenting, to other than the on-line resources, at least a logon identifier;
  
  responsively receiving a corresponding stateless security context that is unique to the user,wherein no request history is retained at the user computing device and authentication using the stateless security context is independent of a particular state, application, transaction, or routine being invoked;
  
  using the stateless security context to access a plurality of differing on-line resources via a plurality of corresponding secured transactions.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16 further wherein using the stateless security context to access a plurality of differing on-line resources via a plurality of corresponding secured transactions comprises using the stateless security context to at least partially contemporaneously access a plurality of differing on-line resources via a plurality of corresponding secured transactions.
  - 18. The method of claim 16 wherein presenting, to other than the on-line resources, at least a logon identifier comprises presenting the logon identifier to a logon component as comprises a part of a trusted computing environment.
  - 19. The method of claim 18 wherein using the stateless security context to access a plurality of differing on-line resources via a plurality of corresponding secured transactions comprises accessing any of the plurality of resources without conducting any follow-on authorization communications between the accessed on-line resources and the logon component.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Alto Dynamics, LLC (IP Investments Group LLC)
Original Assignee
Teigel Processing AB LLC (Intellectual Ventures LLC)
Inventors
Bisbee, Stephen F., Twaddell, Gordon W., Peterson, Ellis K., Becker, Keith F., Moskowitz, Jack J.
Primary Examiner(s)
Fleurantin; Jean B

Application Number

US12/691,547
Publication Number

US 20100122326A1
Time in Patent Office

649 Days
Field of Search

707600-831, 709/217, 709/219, 709/225, 709/229, 713/182, 726 27- 29
US Class Current

707/781
CPC Class Codes

F23H 17/12   Fire-bars

G06F 16/00   Information retrieval; Data...

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0435   wherein the sending and rec...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

H04L 9/3226   using a predetermined code,...

Y10S 707/99931   Database or file accessing

Y10S 707/99936   Pattern matching access

Systems and methods for state-less authentication

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

54 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for state-less authentication

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links