Modular device authentication framework

US 8,813,186 B2
Filed: 09/29/2010
Issued: 08/19/2014
Est. Priority Date: 09/30/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing access to a service, comprising:

storing authentication modules to authenticate devices requesting access to the service, the devices including at least a first plurality of devices having a first device type and a second plurality of devices having a second device type;

configuring a first one of the authentication modules to perform authentication of the first plurality of devices using an authentication scheme specific to the first device type;

configuring a second one of the authentication modules to perform authentication of the second plurality of devices using an authentication scheme specific to the second device type;

configuring a third one of the authentication modules to receive requests corresponding to a third device type, wherein the third one of the authentication modules forwards requests corresponding to the third device type to a trusted partner device having an alternate authentication scheme for authenticating the third device type;

receiving, by a server, a request to access the service, the request including a device type identifier of a device requesting the service;

extracting the device type identifier from the request;

determining whether the device type identifier corresponds to the first device type, the second device type, or third device type;

selecting the first authentication module if the device type identifier corresponds to the first device type, selecting the second authentication module if the device type identifier corresponds to the second device type, and selecting the third authentication module if the device type identifier corresponds to the third device type;

authenticating the request using the selected authentication module to determine whether the requesting device is permitted to access the service, thereby performing authentication of the requesting device using the authentication scheme specific to the requesting device; and

providing access to the service when the selected authentication module determines that the requesting device is authorized to access the service, and preventing access to the service when the selected authentication module determines that the requesting device is not authorized to access the service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable media provide a requesting device with access to a service. In one implementation, a server receives a request to access a service, and the request includes a device type identifier of a device requesting access to the service. The server extracts the device type identifier from the request and determines a corresponding device type for the requesting device. An authentication module is selected from a plurality of authentication modules based on the device type identifier, and the selected authentication module implements an authentication scheme for the device type of the requesting device. The server authenticates the request using the selected authentication module to determine whether the requesting device is permitted to access the service, and provides access to the service based on at least a determination that the requesting device is authorized to access the service.

40 Citations

View as Search Results

16 Claims

1. A computer-implemented method for providing access to a service, comprising:
- storing authentication modules to authenticate devices requesting access to the service, the devices including at least a first plurality of devices having a first device type and a second plurality of devices having a second device type;
  
  configuring a first one of the authentication modules to perform authentication of the first plurality of devices using an authentication scheme specific to the first device type;
  
  configuring a second one of the authentication modules to perform authentication of the second plurality of devices using an authentication scheme specific to the second device type;
  
  configuring a third one of the authentication modules to receive requests corresponding to a third device type, wherein the third one of the authentication modules forwards requests corresponding to the third device type to a trusted partner device having an alternate authentication scheme for authenticating the third device type;
  
  receiving, by a server, a request to access the service, the request including a device type identifier of a device requesting the service;
  
  extracting the device type identifier from the request;
  
  determining whether the device type identifier corresponds to the first device type, the second device type, or third device type;
  
  selecting the first authentication module if the device type identifier corresponds to the first device type, selecting the second authentication module if the device type identifier corresponds to the second device type, and selecting the third authentication module if the device type identifier corresponds to the third device type;
  
  authenticating the request using the selected authentication module to determine whether the requesting device is permitted to access the service, thereby performing authentication of the requesting device using the authentication scheme specific to the requesting device; and
  
  providing access to the service when the selected authentication module determines that the requesting device is authorized to access the service, and preventing access to the service when the selected authentication module determines that the requesting device is not authorized to access the service.
- View Dependent Claims (10, 11)
- - 10. The computer implemented method according to claim 1, further comprising:
    - receiving from the third device type a token to gain access to the service, the token provided in response to the trusted partner device authenticating the third device type; and
      
      providing access to the service based on a determination that the token is authentic.
  - 11. The computer-implemented method according to claim 10, wherein the token is provided to the requesting device by the trusted partner device in response to the trusted partner device authenticating a user request to access a service by determining that a user Internet Protocol (IP) address is included in a white list of allowable IP addresses stored in memory on the trusted partner device.

2. A computer-implemented method for providing access to a service, comprising:
- receiving a request to access a service, the request including a device type identifier of a device requesting access to the service;
  
  extracting the device type identifier from the request;
  
  determining a corresponding device type for the requesting device;
  
  selecting an authentication module from a plurality of authentication modules based on the device type identifier, wherein one of the plurality of authentication modules is selected based on the device type being an unknown device type having an unknown device type identifier;
  
  authenticating the request for the device type of the requesting device using the selected authentication module to determine whether the requesting device is permitted to access the service, wherein the authenticating includes forwarding the request corresponding to the unknown device type to a trusted partner device having an alternate authentication scheme;
  
  providing access to the service based on at least a determination that the requesting device is authorized to access the service; and
  
  preventing access to the service when the selected authentication module determines that the requesting device is not authorized to access the service.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
- - 3. The computer-implemented method according to claim 2, wherein the selected authentication module shares secret data with the requesting device to determine whether the requesting device is authorized to access the service.
  - 4. The computer-implemented method according to claim 2, wherein a plurality of devices having a plurality of device types access the service through the selected authentication module.
  - 5. The computer-implemented method according to claim 2, wherein at least two of the authentication modules are accessed using a common uniform resource locator (URL).
  - 6. The computer-implemented method according to claim 2, wherein the trusted partner device provides a token to the requesting device in response to the trusted partner device authenticating the unknown device type, the method further comprises:
    - receiving a copy of the token from the requesting device; and
      
      providing access to the service based on a determination that the copy of the token is authentic.
  - 7. The computer-implemented method according to claim 6, wherein the token is encrypted with a private key corresponding to a public key from a private/public key pair, the method further comprising:
    - decrypting the token with the corresponding public key to determine whether the token is authentic.
  - 8. The computer-implemented method according to claim 6, wherein the token is provided to the requesting device by the trusted partner device after the trusted partner device authenticates a user request to access a service by determining that a user Internet Protocol (IP) address is included in a white list of allowable IP addresses stored in memory on the trusted partner device.
  - 9. The computer-implemented method according to claim 2, further comprising:
    - pre-storing a token in the requesting device before receiving the request from the requesting device; and
      
      authenticating the request using the selected authentication module by verifying that the request is accompanied by the pre-stored token.

12. A server for providing access to a service, the server comprising:
- a processor for executing program instructions; and
  
  a computer-readable medium storing the program instructions, the program instructions, when executed by the processor, performing a process to;
  
  receive a request to access a service, the request including a device type identifier of a device requesting access to the service;
  
  extract the device type identifier from the request;
  
  determine a corresponding device type for the requesting device;
  
  select an authentication module from a plurality of authentication modules based on the device type identifier, wherein one of the plurality of authentication modules is selected based on the device type being an unknown device type having an unknown device type identifier;
  
  authenticate the request for the device type of the requesting device using the selected authentication module to determine whether the requesting device is permitted to access the service, wherein the request corresponding to the unknown device type is forwarded to a trusted partner device having an alternate authentication scheme, wherein the alternate authentication scheme authenticates the unknown device type, and in response to the authenticating the unknown device type, providing the requesting device with a token; and
  
  provide access to the service based on at least a determination that the requesting device is authorized to access the service.
- View Dependent Claims (13)
- - 13. The server according to claim 12, wherein the selected authentication module shares secret data with the requesting device to determine whether the requesting device is authorized to access the service.

14. A non-transitory computer-readable medium storing computer-executable instructions for performing a method executed by a processor, the method providing access to a service and comprising steps performed by the processor of:
- receiving a request to access a service, the request including a device type identifier of a device requesting access to the service;
  
  extracting the device type identifier from the request;
  
  determining a corresponding device type for the requesting device;
  
  selecting an authentication module from a plurality of authentication modules based on the device type identifier, wherein one of the plurality of authentication modules is configured to receive requests corresponding to unknown device type having an unknown device type identifier;
  
  authenticating the request for the device type of the requesting device using the selected authentication module to determine whether the requesting device is permitted to access the service, wherein the request corresponding to the unknown device type is forwarded to a trusted partner device having an alternate authentication scheme, wherein the alternate authentication scheme provides the unknown device type with a token; and
  
  providing access to the service based on at least a determination that the requesting device is authorized to access the service.
- View Dependent Claims (15, 16)
- - 15. The non-transitory computer-readable medium according to claim 14, wherein the selected authentication module shares secret data with the requesting device to determine whether the requesting device is authorized to access the service.
  - 16. The non-transitory computer-readable medium according to claim 14 wherein the providing access to the service for the unknown device type further comprises:
    - receiving a token from the unknown device type, anddetermining that the token is authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Hegg, Joel C., Sriram, Siddharth, Talreja, Kamlesh T.
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US13/499,587
Publication Number

US 20130061291A1
Time in Patent Office

1,420 Days
Field of Search

713/176, 713/185, 713/168, 726/12, 726 2- 4
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/205   involving negotiation or de...

Modular device authentication framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Modular device authentication framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others