Adaptive authentication methods, systems, devices, and computer program products

US 8,091,120 B2
Filed: 12/21/2005
Issued: 01/03/2012
Est. Priority Date: 12/21/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing data communications between a server computing device and a client computing device over a data network, the method comprising:

receiving a first request for data communication at the server computing device from the client computing device over the data network;

responsive to receiving the first request for data communication, transmitting a request for a first authentication credential according to a first authentication standard from the server computing device to the client computing device, wherein the request for the first authentication credential identifies the first authentication standard;

after transmitting the first request for the first authentication credential according to the first authentication standard, receiving a first authentication credential from the client computing device at the server computing device according to the first authentication standard responsive to the request for the first authentication credential;

verifying the first authentication credential responsive to receiving the first authentication credential;

responsive to receiving the first request for data communication and responsive to verifying the first authentication credential, providing the first requested data communication from the server computing device to the client computing device;

after providing the first requested data communication, receiving a second request for data communication at the server computing device from the client computing device over the data network;

responsive to receiving the second request for data communication, transmitting a request for a second authentication credential according to a second authentication standard from the server computing device to the client computing device, wherein the request for the second authentication credential identifies the second authentication standard and the first and second authentication standards are different;

after transmitting the request for the second authentication credential according to the second authentication standard, receiving a second authentication credential from the client computing device at the server computing device according to the second authentication standard responsive to the request for the second authentication credential;

verifying the second authentication credential responsive to receiving the second authentication credential; and

responsive to receiving the second request for data communication and responsive to verifying the second authentication credential, providing the second requested data communication from the server computing device to the client computing device;

wherein the data network comprises the Internet;

wherein transmitting the request for the first authentication credential comprises transmitting the request for the first authentication credential from the server computing device in a first fault message according to a simple object access protocol identifying the first authentication standard; and

wherein transmitting the request for the second authentication credential comprises transmitting the request for the second authentication credential from the server computing device in a second fault message according to the simple object access protocol identifying the second authentication standard.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing data communications between first and second computing devices over a data network may include receiving a request for data communication at the first computing device from the second computing device over the data network. After receiving the request for data communication, a request for a credential according to an authentication standard may be transmitted from the first computing device to the second computing device, and the request for the credential may identify the authentication standard. After transmitting the request for the credential according to the authentication standard, a credential according to the authentication standard may be received, and the credential maybe verified. Responsive to receiving the request for data communication and responsive to verifying the authentication credential, the requested data communication may be allowed.

Citations

18 Claims

1. A method of providing data communications between a server computing device and a client computing device over a data network, the method comprising:
- receiving a first request for data communication at the server computing device from the client computing device over the data network;
  
  responsive to receiving the first request for data communication, transmitting a request for a first authentication credential according to a first authentication standard from the server computing device to the client computing device, wherein the request for the first authentication credential identifies the first authentication standard;
  
  after transmitting the first request for the first authentication credential according to the first authentication standard, receiving a first authentication credential from the client computing device at the server computing device according to the first authentication standard responsive to the request for the first authentication credential;
  
  verifying the first authentication credential responsive to receiving the first authentication credential;
  
  responsive to receiving the first request for data communication and responsive to verifying the first authentication credential, providing the first requested data communication from the server computing device to the client computing device;
  
  after providing the first requested data communication, receiving a second request for data communication at the server computing device from the client computing device over the data network;
  
  responsive to receiving the second request for data communication, transmitting a request for a second authentication credential according to a second authentication standard from the server computing device to the client computing device, wherein the request for the second authentication credential identifies the second authentication standard and the first and second authentication standards are different;
  
  after transmitting the request for the second authentication credential according to the second authentication standard, receiving a second authentication credential from the client computing device at the server computing device according to the second authentication standard responsive to the request for the second authentication credential;
  
  verifying the second authentication credential responsive to receiving the second authentication credential; and
  
  responsive to receiving the second request for data communication and responsive to verifying the second authentication credential, providing the second requested data communication from the server computing device to the client computing device;
  
  wherein the data network comprises the Internet;
  
  wherein transmitting the request for the first authentication credential comprises transmitting the request for the first authentication credential from the server computing device in a first fault message according to a simple object access protocol identifying the first authentication standard; and
  
  wherein transmitting the request for the second authentication credential comprises transmitting the request for the second authentication credential from the server computing device in a second fault message according to the simple object access protocol identifying the second authentication standard.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1 wherein the first authentication credential comprises a credential assigned by at least one selected from the group consisting of the server computing device and the client computing device, and wherein the second authentication credential comprises a credential assigned by a certification authority independent of both of the server and client computing devices.
  - 3. A method according to claim 1 wherein the first authentication credential comprises a credential assigned by a certification authority independent of both of the server and client computing devices and wherein the second authentication credential comprises a credential assigned by at least one selected from the group consisting of the server and client computing devices.
  - 4. A method according to claim 1 wherein the first authentication credential is assigned by a first certification authority, wherein the second authentication credential is assigned by a second certification authority, wherein the first and second certification authorities are different, and wherein the first and second certification authorities are independent of both of the server and client computing devices.
  - 5. A method according to claim 1 wherein the first authentication credential comprises at least one selected from the group consisting of a digital certificate, a username, a password, a secure token, a mobile network secret, a public key, a private key, and a ticket according to the first authentication standard, and wherein the second authentication credential comprises at least one selected from the group consisting of a digital certificate, a username, a password, a secure token, a mobile network secret, a public key, a private key, and a ticket according to the second authentication standard.
  - 6. A method according to claim 1 wherein transmitting a request for a first or second authentication credential comprises transmitting the request in a fault message from the server computing device to the client computing device.
  - 7. A method according to claim 1 further comprising:
    - before transmitting the request for a first authentication credential according to the first authentication standard, receiving an authentication credential according to a previous authentication standard; and
      
      determining that the previous authentication standard is not a currently acceptable authentication standard;
      
      wherein transmitting the request for a first authentication credential according to the first authentication standard comprises transmitting a request for a credential according to an authentication standard different than the previous authentication standard.
  - 8. A method according to claim 1 wherein the first authentication credential according to the first authentication standard and the second authentication credential according to the second authentication standard provide different levels of security for different data communications between the client and server computing devices.
  - 9. A method according to claim 8 wherein the first request for data communications includes a request for a first type of data communications, wherein the server computing device is configured to select the first authentication credential according to the first authentication standard to provide a first level of security required for the first type of data, wherein the second request for data communications includes a request for a second type of data communications, wherein the server computing device is configured to select the second authentication credential according to the second authentication standard to provide a second level of security required for the second type of data, wherein the first and second data types are different, and wherein the first and second levels of security are different.
  - 10. A method according to claim 8 wherein the server computing device is configured to select the first authentication credential according to the first authentication standard to provide a first level of security responsive to a first level of security risk, and wherein the server computing device is configured to select the second authentication credential according to the second authentication standard to provide a second level of security responsive to a second level of security risk, wherein the first and second levels of security are different, and wherein the first and second levels of security risk are different.

11. A method of providing data communications between client and server computing devices over a data network, the method comprising:
- transmitting a first request for data communication from the client computing device to the server computing device over the data network;
  
  after transmitting the first request for data communication, receiving a request for a first authentication credential according to a first authentication standard from the server computing device at the client computing device, wherein the request for the first authentication credential identifies the first authentication standard, and wherein the request for the first authentication credential is responsive to the first request for data communication;
  
  responsive to receiving the request for the first authentication credential according to the first authentication standard, transmitting a first authentication credential according to the first authentication standard;
  
  after transmitting the first authentication credential, receiving the first requested data communication responsive to the first request for data communication and responsive to the first authentication credential;
  
  after receiving the first requested data communication, transmitting a second request for data communication from the client computing device to the server computing device;
  
  after transmitting the second request for data communication, receiving a request for a second authentication credential according to a second authentication standard from the server computing device at the client computing device, wherein the first and second authentication standards are different, and wherein the request for the second authentication credential is responsive to the second request for data communication;
  
  responsive to receiving the request for the second authentication credential according to the second authentication standard, transmitting a second authentication credential according to the second authentication standard; and
  
  after transmitting the second authentication credential, receiving the second requested data communication responsive to the second request for data communication and responsive to the second authentication credential;
  
  wherein the data network comprises the Internet;
  
  wherein receiving the request for the first authentication credential comprises receiving the request for the first authentication credential at the client computing device in a first fault message according to a simple object access protocol identifying the first authentication standard; and
  
  wherein receiving the request for the second authentication credential comprises receiving the request for the second authentication credential at the client computing device in a second fault message according to the simple object access protocol identifying the first authentication standard.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A method according to claim 11 wherein the first authentication credential comprises a credential assigned by at least one selected from the group consisting of the client and server computing devices, and wherein the second authentication credential comprises a credential assigned by a certification authority independent of both of the client and server computing devices.
  - 13. A method according to claim 11 wherein the first authentication credential comprises a credential assigned by a certification authority independent of both of the client and server computing devices and wherein the second authentication credential comprises a credential assigned by at least one selected from the group consisting of the client and server computing devices.
  - 14. A method according to claim 11 wherein the first authentication credential is assigned by a first certification authority, wherein the second authentication credential is assigned by a second certification authority, wherein the first and second certification authorities are different, and wherein the first and second certification authorities are independent of both of the client and server computing devices.
  - 15. A method according to claim 11 wherein the first authentication credential comprises at least one selected from the group consisting of a digital certificate, a username, a password, a secure token, a mobile network secret, a public key, a private key, and a ticket according to the first authentication standard, and wherein the second authentication credential comprises at least one selected from the group consisting of a digital certificate, a username, a password, a secure token, a mobile network secret, a public key, a private key, and a ticket according to the second authentication standard.
  - 16. A method according to claim 11 wherein receiving a request for a first or second authentication credential comprises receiving the request in a fault message at the client computing device from the server computing device.
  - 17. A method according to claim 11 further comprising:
    - before receiving the request for a first authentication credential according to the first authentication standard, transmitting an authentication credential according to a previous authentication standard; and
      
      wherein receiving the request for a first authentication credential according to the first authentication standard comprises receiving a request for a credential according to an authentication standard different than the previous authentication standard.
  - 18. A method according to claim 11 wherein the first authentication credential according to the first authentication standard and the second authentication credential according to the second authentication standard provide different levels of security for different data communications between the client and server computing devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Perrella, Ronald, Kreiner, Barrett, Bailey, Samuel Jr.
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Baum, Ronald

Application Number

US11/314,310
Publication Number

US 20070143832A1
Time in Patent Office

2,204 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Adaptive authentication methods, systems, devices, and computer program products

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive authentication methods, systems, devices, and computer program products

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links