System and method to send a message using multiple authentication mechanisms

US 8,321,678 B2
Filed: 10/17/2006
Issued: 11/27/2012
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a component that executes program code, first authentication data in association with a message from a sender computing system, the first authentication data conforming to a first authentication mechanism and being associated with a user in the sender computing system;

receiving, by the component, second authentication data in association with the message from the sender computing system, the second authentication data conforming to a second authentication mechanism and being associated with a fixed anonymous user that is different than the user associated with the first authentication data;

wherein the message includes the second authentication data and an assertion that includes the first authentication data, an attester signature of the message, and an attester certificate;

performing, by the component, an authentication action of the second authentication data based on the second authentication mechanism;

determining, by the component, whether the attester signature is valid and whether the attester certificate is trusted;

processing the message after the receiving, by the component, of the first authentication data in association with the message from the sender computing system;

wherein the processed message comprises a second assertion including the first authentication data, a second attester signature and a second attester certificate created by a certificate handling block of the component;

transmitting the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system; and

after the receiving, by the component, the first authentication data in association with the message from the sender computing system, not performing an authentication action based on the first authentication data until after the transmission of the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may include a sender computing system to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism. The system may also include a component to receive the first authentication data in association with the message from the sender computing system, and to receive the second authentication data in association with the message from the sender computing system.

36 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, by a component that executes program code, first authentication data in association with a message from a sender computing system, the first authentication data conforming to a first authentication mechanism and being associated with a user in the sender computing system;
  
  receiving, by the component, second authentication data in association with the message from the sender computing system, the second authentication data conforming to a second authentication mechanism and being associated with a fixed anonymous user that is different than the user associated with the first authentication data;
  
  wherein the message includes the second authentication data and an assertion that includes the first authentication data, an attester signature of the message, and an attester certificate;
  
  performing, by the component, an authentication action of the second authentication data based on the second authentication mechanism;
  
  determining, by the component, whether the attester signature is valid and whether the attester certificate is trusted;
  
  processing the message after the receiving, by the component, of the first authentication data in association with the message from the sender computing system;
  
  wherein the processed message comprises a second assertion including the first authentication data, a second attester signature and a second attester certificate created by a certificate handling block of the component;
  
  transmitting the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system; and
  
  after the receiving, by the component, the first authentication data in association with the message from the sender computing system, not performing an authentication action based on the first authentication data until after the transmission of the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein the transmitting the processed message comprising the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - transmitting the processed message comprising the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system that is to perform an authentication action based on the second assertion and a trusted relationship with an attester associated with the certificate handling block of the component.
  - 3. A method according to claim 2, wherein the component performs the processing of the message.
  - 4. A method according to claim 1, wherein the transmitting the processed message comprising the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - transmitting, by the component, the processed message comprising the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system.
  - 5. A method according to claim 1, wherein the transmitting the processed message comprising the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - transmitting, by the component, the processed message comprising the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system that is to perform an authentication action based on the second assertion and a trusted relationship with an attester associated with the certificate handling block of the component.
  - 6. A method according to claim 5, wherein the component performs the processing of the message.
  - 7. A method according to claim 1, wherein the component performs the processing of the message.

8. A non-transitory computer-readable medium storing processor-executable program code, the program code comprising:
- code to receive, by a component, first authentication data in association with a message from a sender computing system, the first authentication data conforming to a first authentication mechanism and being associated with a user in the sender computing system; and
  
  code to receive, by the component, second authentication data in association with the message from the sender computing system, the second authentication data conforming to a second authentication mechanism and being associated with a fixed anonymous user that is different than the user associated with the first authentication data;
  
  wherein the message includes the second authentication data and an assertion that includes the first authentication data, an attester signature of the message, and an attester certificate;
  
  code to perform, by the component, an authentication action of the second authentication data based on the second authentication mechanism;
  
  code to determine, by the component, whether the attester signature is valid and whether the attester certificate is trusted;
  
  code to perform, by the component, processing of the message after reception, by the component, of the first authentication data in association with the message;
  
  wherein the processed message comprises a second assertion including the first authentication data, a second attester signature and a second attester certificate created by a certificate handling block of the component; and
  
  code to transmit the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system without first performing, by the component, an authentication action based on the received first authentication data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A non-transitory computer-readable medium according to claim 8, the program code not including code to perform an authentication action based on the first authentication data.
  - 10. A non-transitory computer-readable medium according to claim 8, wherein the code to transmit the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - code to transmit the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system that is to perform an authentication action based on the second assertion and a trusted relationship with an attester associated with the certificate handling block of the component.
  - 11. A non-transitory computer-readable medium according to claim 8, wherein the code to transmit the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - code to transmit, by the component, the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system.
  - 12. A non-transitory computer-readable medium according to claim 8, wherein the code to transmit the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - code to transmit, by the component, the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system that is to perform an authentication action based on the second assertion and a trusted relationship with an attester associated with the certificate handling block of the component.
  - 13. A non-transitory computer-readable medium according to claim 12, the program code not including code to perform an authentication action based on the first authentication data.
  - 14. A non-transitory computer-readable medium according to claim 8, the program code not including code to perform, by the component, an authentication action based on the first authentication data.

15. A system comprising:
- a sender computing system that includes hardware and is to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism and being associated with a user in the sender computing system, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism and being associated with a fixed anonymous user that is different than the user associated with the first authentication data; and
  
  a component that includes hardware and is to receive the first authentication data in association with the message from the sender computing system, to receive the second authentication data in association with the message from the sender computing system, wherein the message includes the second authentication data and an assertion that includes the first authentication data, an attester signature of the message, and an attester certificate, to perform an authentication action of the second authentication data based on the second authentication mechanism, to determine whether the attester signature is valid and whether the attester certificate is trusted, process the message after reception, by the component, of the first authentication data in association with the message, wherein the processed message comprises a second assertion including the first authentication data, a second attester signature and a second attester certificate created by a certificate handling block of the component, and to transmit the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system without first performing, by the component, an authentication action based on the received first authentication data.
- View Dependent Claims (16, 17, 18)
- - 16. A system according to claim 15, the component not to perform an authentication action based on the first authentication data.
  - 17. A system according to claim 15, wherein transmission of the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system comprises:
    - transmission of the processed message that comprises the second assertion including the first authentication data, the second attester signature and the second attester certificate created by the certificate handling block of the component to a receiver computing system that is to perform an authentication action based on the second assertion and a trusted relationship with an attester associated with the certificate handling block of the component.
  - 18. A system according to claim 17, wherein the component is not to perform an authentication action based on the first authentication data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Hofmann, Christoph H., De Boer, Martijn
Primary Examiner(s)
Gelagay, Shewaye

Application Number

US11/582,105
Publication Number

US 20080091950A1
Time in Patent Office

2,233 Days
Field of Search

None
US Class Current

713/176
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method to send a message using multiple authentication mechanisms

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to send a message using multiple authentication mechanisms

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links