Obscuring authentication data of remote user

US 8,191,131 B2
Filed: 08/23/2006
Issued: 05/29/2012
Est. Priority Date: 08/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

obtaining a plurality of user authentication data parts from a remote user device as part of an authentication request, wherein the user authentication data parts were received in a plurality of messages, at least two of the plurality of messages having been received at different logical ports of a firewall;

assembling the plurality of user authentication data parts into user authentication data;

checking the authenticity of the authentication request using the user authentication data; and

enabling communication with the remote user device if the authentication request data is determined to be authentic.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method in which authentication data, such as a password, which is sent to a server/firewall as part of an authentication request, for example a logon request, is received at the server/firewall in a plurality of messages at a plurality of logical ports from the user, thus improving protection against replay attacks. In one embodiment, a plurality of user authentication data parts is obtained from a remote user device as part of an authentication request, the plurality of user authentication data parts is assembled into user authentication data; the authenticity of the authentication request is checked using the user authentication data; and communication with the remote user device is enabled if the authentication request data is determined to be authentic.

43 Citations

9 Claims

1. A method comprising:
- obtaining a plurality of user authentication data parts from a remote user device as part of an authentication request, wherein the user authentication data parts were received in a plurality of messages, at least two of the plurality of messages having been received at different logical ports of a firewall;
  
  assembling the plurality of user authentication data parts into user authentication data;
  
  checking the authenticity of the authentication request using the user authentication data; and
  
  enabling communication with the remote user device if the authentication request data is determined to be authentic.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - receiving, for each message, an indication that the message has been received and that the part of the user authentication data which it comprises has been written to a location in storage,wherein obtaining the plurality of user authentication data parts comprises reading each of the user authentication data parts from the location in storage.
  - 3. The method of claim 1 wherein the step of assembling the plurality of user authentication data parts comprises:
    - obtaining, for each of the plurality of authentication data parts, an associated value;
      
      using the values associated with each of the plurality of authentication data parts to determine how to assemble the authentication data parts into the authentication data.
  - 4. The method of claim 3 wherein at least one of the plurality of messages includes an identifier which identifies the user device and the step of using the values to determine how to assemble the authentication data parts into the authentication data further uses the identifier to determine the order.
  - 5. The method of claim 1 wherein the set of logical ports is predefined and the step of checking the authenticity of the authentication request further comprises:
    - checking that a message part was received at each of the set of logical ports.
  - 6. The method of claim 1 wherein at least one of the plurality of messages includes an identifier which identifies the user device and a plurality of sets of logical ports are predefined and the step of checking the authenticity of the authentication request further comprises:
    - using the identifier to select one of the plurality of sets of logical ports; and
      
      checking that a message part was received at each of the selected set of logical ports.

7. A method comprising:
- receiving a plurality of messages from a user device at a plurality of logical ports of a firewall;
  
  determining each message comprises a part of an authentication request from the user device,providing each of the plurality of message to a data processing host for processing as part of an authentication request.
- View Dependent Claims (8)
- - 8. The method of the claim 7 further comprising the step:
    - responsive to determining a message is not part of an authentication request, rejecting the message.

9. A computer program product comprising:
- a computer readable transmission medium; and
  
  computer program instructions stored on the computer readable transmission medium that, when executed, cause a computer to carry out the steps of;
  
  obtaining a plurality of user authentication data parts from a remote user device as part of an authentication request, wherein the user authentication data parts were received in a plurality of messages, at least two of the plurality of messages having been received at different logical ports of a firewall;
  
  assembling the plurality of user authentication data parts into user authentication data;
  
  checking the authenticity of the authentication request using the user authentication data; and
  
  enabling communication with the remote user device if the authentication request data is determined to be authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Jennings, Jeffrey Bart, Kekessie, Kofi
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US11/466,494
Publication Number

US 20080072304A1
Time in Patent Office

2,106 Days
Field of Search

726/11, 726/28, 380/277, 713/168
US Class Current

726/11
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

Obscuring authentication data of remote user

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Obscuring authentication data of remote user

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links