Simplified management of authentication credentials for unattended applications

US 8,424,077 B2
Filed: 12/18/2006
Issued: 04/16/2013
Est. Priority Date: 12/18/2006
Status: Active Grant

First Claim

Patent Images

1. A system for providing unattended authorization to a requesting software application to access resources, the system comprising:

a credentials manager node including a memory and a processor, the credentials manager node executing a credentials manager (CM) module for authorizing access to said resources by said requesting software application and for providing credentials for access to said resources by said requesting software application;

a requestor node on which said requesting software application is resident, said requestor node including a memory and a processor and executing a server password manager (SPM) module resident thereon, said SPM module being configured to;

receive a request for access to said resources from said requesting software application;

determine fingerprint data uniquely identifying said requestor node, said fingerprint data being derived from configuration information of said requestor node, said fingerprint data being for uniquely identifying said requestor node to said CM module;

create a request package for transmission to said CM module, said request package containing said request and data uniquely identifying said requesting software application to said CM module;

encrypt said request package using cryptographic keys previously generated by said CM module, said cryptographic keys being specifically for communications between said CM module and said requestor node; and

transmit said request package and said fingerprint data to said CM module, said fingerprint data authenticating said requestor node and thereby authenticating said request package prior to decryption by said CM module;

wherein said SPM module and said requesting software application are previously authenticated by and registered with said CM module.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for unattended authentication of software applications to provide these applications with access to shared resources. A server password manager (SPM) module resident on a node also occupied by a requester software application requesting access to resources receives the requestor'"'"'s request. The SPM module creates a request package containing the requestor'"'"'s information as well as the node'"'"'s identifying information. The request package is then transmitted to a credentials manager (CM) module in a CM node. The request package, encrypted by the SPM module with encryption keys previously generated by the CM module, is decrypted by the CM module. The contents are checked against data stored by the CM module regarding the SPM module and the requestor application when these were registered with the CM. If the data matches, then the CM provides credentials which are used to give the requestor application access to the requested resources.

26 Citations

View as Search Results

12 Claims

1. A system for providing unattended authorization to a requesting software application to access resources, the system comprising:
- a credentials manager node including a memory and a processor, the credentials manager node executing a credentials manager (CM) module for authorizing access to said resources by said requesting software application and for providing credentials for access to said resources by said requesting software application;
  
  a requestor node on which said requesting software application is resident, said requestor node including a memory and a processor and executing a server password manager (SPM) module resident thereon, said SPM module being configured to;
  
  receive a request for access to said resources from said requesting software application;
  
  determine fingerprint data uniquely identifying said requestor node, said fingerprint data being derived from configuration information of said requestor node, said fingerprint data being for uniquely identifying said requestor node to said CM module;
  
  create a request package for transmission to said CM module, said request package containing said request and data uniquely identifying said requesting software application to said CM module;
  
  encrypt said request package using cryptographic keys previously generated by said CM module, said cryptographic keys being specifically for communications between said CM module and said requestor node; and
  
  transmit said request package and said fingerprint data to said CM module, said fingerprint data authenticating said requestor node and thereby authenticating said request package prior to decryption by said CM module;
  
  wherein said SPM module and said requesting software application are previously authenticated by and registered with said CM module.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system according to claim 1 wherein said request is encrypted using unique cryptographic keys generated by said CM module, said cryptographic keys being transmitted to and stored by said SPM module when said SPM module is authenticated by said CM module.
  - 3. The system according to claim 1 wherein said CM module provides access to said resources to said requesting software application by transmitting credentials to said SPM agent if the data uniquely identifying said requesting software application and said request matches data stored by said CM module for said requesting software application and for said resources.
  - 4. The system according to claim 1 wherein said CM module provides access to said resources to said requesting software application by communicating with said resources and providing credentials directly to said resources if the data uniquely identifying said requesting software application and said request matches data stored by said CM module for said requesting software application and for said resources.
  - 5. The system according to claim 1 wherein said resources comprise another software application.

6. A non-transitory computer-readable medium storing code and instructions which, when executed by one or more processors, cause the one or more processors to perform a method for requesting authorization for access to resources for a requesting software application, the method comprising:
- a) receiving a request for access to resources from said requesting software application, said requesting software application being resident on a requestor node;
  
  b) determining fingerprint data uniquely identifying said requestor node, said fingerprint data being derived from configuration information of said requestor node, said fingerprint data being for uniquely identifying said requestor node to a credentials manager (CM) module resident on a credentials manager node;
  
  c) creating a request package for transmission to said CM module, said request package containing said request and data uniquely identifying said requesting software application to said CM module;
  
  d) encrypting said request package using cryptographic keys previously generated by said CM module, said cryptographic keys being specifically for communications between said CM module and said requestor node; and
  
  e) transmitting said request package and said fingerprint data to said CM module, said fingerprint data authenticating said requestor node and thereby authenticating said request package prior to decryption by said CM module,wherein said requesting software application and said requestor node are previously registered and authenticated by said CM module; and
  
  said resources are previously registered with said CM module.
- View Dependent Claims (7, 8, 9)
- - 7. The non-transitory computer-readable medium according to claim 6, wherein the method further includes a step of receiving credentials from said CM module in the event said data uniquely identifying said requesting software application in said request package matches data stored by said CM module in said CM node, said credentials being for transmission to said resources to obtain access for said requesting software application.
  - 8. The non-transitory computer-readable medium according to claim 6, wherein the method further includes a step of transmitting credentials from said CM module to said resources in the event said data uniquely identifying said requesting software application contained in said request package matches data stored by said CM module, said credentials being for providing access to said resources for said requesting software application.
  - 9. The non-transitory computer-readable medium according to claim 6 wherein said resources comprise another software application.

10. A non-transitory computer-readable medium storing code and instructions which, when executed by one or more processors, cause the one or more processors to perform a method for providing access to resources by a requesting software application, the method comprising the steps of:
- a) receiving, at a credentials manager (CM) module, an encrypted request package and fingerprint data from a server password manager (SPM) module resident on a requestor node on which said requesting software application is also resident, said encrypted request package containing a request for the resources and data uniquely identifying said requesting software application, and said fingerprint data being derived from configuration information of said requestor node;
  
  b) identifying and authenticating said requestor node by way of said fingerprint data;
  
  c) if the requestor node is authenticated, determining decryption keys for use in decrypting said request package based on an identity of said requestor node;
  
  d) decrypting said request package using said decryption keys to retrieve the request for the resources and the data uniquely identifying said requesting software application;
  
  e) determining if the data uniquely identifying said requesting software application matches stored data stored by the CM module; and
  
  f) if the data uniquely identifying said requesting software application matches said stored data, transmitting credentials required to provide access to said resources for said requesting software application;
  
  wherein said SPM module and said requesting software application are previously authenticated by and registered with said CM module.
- View Dependent Claims (11, 12)
- - 11. The non-transitory computer-readable medium according to claim 10 wherein step f) comprises transmitting said credentials and said request to said resources.
  - 12. The non-transitory computer-readable medium according to claim 10 wherein step f) comprises transmitting said credentials to said node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto Canada Corporation (MultiChoice Group Ltd.)
Inventors
Adams, Garney David, Grapes, Robert, Gu, Yuan Xiang, Mehan, Richard Edward Johnston, Rong, Jack Jiequn
Primary Examiner(s)
Mehedi, Morshed

Application Number

US11/640,371
Publication Number

US 20080148373A1
Time in Patent Office

2,311 Days
Field of Search

726/6, 726/21, 713/193
US Class Current

726/17
CPC Class Codes

G06F 21/31 User authentication

G06F 21/62 Protecting access to data v...

Simplified management of authentication credentials for unattended applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified management of authentication credentials for unattended applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links