Method and system for modular authentication and session management

US 8,819,416 B2
Filed: 09/20/2012
Issued: 08/26/2014
Est. Priority Date: 12/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

generating, by a computer for providing security, random data based on authentication credentials;

retrieving, by said computer, a timestamp;

creating, by said computer, an incremental token identifier;

concatenating, by said computer, said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB);

applying, by said computer, an encryption algorithm with a fixed key to said BLOB to create a session token; and

issuing, by said computer, said session token to a client, wherein said session token includes data indicating a manner by which said client was validated and access type information identifying characteristics of a first request.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.

24 Citations

21 Claims

1. A method comprising:
- generating, by a computer for providing security, random data based on authentication credentials;
  
  retrieving, by said computer, a timestamp;
  
  creating, by said computer, an incremental token identifier;
  
  concatenating, by said computer, said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB);
  
  applying, by said computer, an encryption algorithm with a fixed key to said BLOB to create a session token; and
  
  issuing, by said computer, said session token to a client, wherein said session token includes data indicating a manner by which said client was validated and access type information identifying characteristics of a first request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising receiving said authentication credentials from said client, wherein said authentication credentials are provided in response to said first request from said client.
  - 3. The method of claim 1, wherein said client invokes an Application Programming Interface (API) corresponding to a request type.
  - 4. The method of claim 1, wherein an API causes a corresponding interface to be displayed at a business application of said client, wherein said interface facilitates collection of said authentication credentials.
  - 5. The method of claim 1, further comprising validating, by said computer, said authentication credentials received from a business application via said client.
  - 6. The method of claim 1, further comprising determining, by said computer and based upon stored user data, said manner by which said client was validated and access type information identifying characteristics of said first request.
  - 7. The method of claim 1, wherein said fixed key is at least one of:
    - Data Encryption Standard (DES), triple DES, or Advanced Encryption Standard (AES).
  - 8. The method of claim 1, wherein said session token is encrypted using at least one of:
    - a standard encryption protocol, a proprietary encryption protocol, or an algorithm.
  - 9. The method of claim 1, wherein said session token further comprises at least one of data indicative of:
    - a time of creation of said session token, or data indicative of a number of said session tokens previously created.
  - 10. The method of claim 1, wherein said session token facilitates session management based on confirmed identities of said client, a user and a server.
  - 11. The method of claim 1, wherein said session token is compared to a previous session token issued to said client.
  - 12. The method of claim 1, further comprising:
    - receiving a second request from said client, wherein said second request includes said session token, andvalidating said session token.
  - 13. The method of claim 1, further comprising retrieving from stored user data, using said session token, user permissions corresponding to said session token.
  - 14. The method of claim 1, further comprising retrieving from stored user data, using said session token, user permissions corresponding to said session token, wherein said stored user data includes information regarding previous access attempts by a user.
  - 15. The method of claim 1, further comprising comparing said first request to user permissions, evaluating authentication level information, and evaluating said access type information to determine that a second request is permissible.
  - 16. The method of claim 15, further comprising transmitting a response to an application service indicative of said second request being permissible.
  - 17. The method of claim 1, wherein said authentication credentials comprise at least one of:
    - textual input or biometric data.
  - 18. The method of claim 1, further comprising retrieving from stored user data, using said session token, user permissions corresponding to said session token, wherein said stored user data further comprises at least one of:
    - an expiration time, host identifier, security realm, public globally unique identifier (GUID), private GUID, electronic signature, process identifier, parent process identifier, token type, version, or maximum inactivity time.
  - 19. The method of claim 1, further comprising retrieving from stored user data, using said session token, user permissions corresponding to said session token, wherein said stored user data further comprises at least one of:
    - a most recent session access, a copy of user profile data, current status of a user, expiration time of session, host information where a user logged in, security characteristics of a session, a globally unique identifier, electronic signature, process identifier, parent process identifier, token type, token version, or maximum inactivity time allowed.

20. An article of manufacture including a non-transitory computer readable storage medium having instructions stored thereon that are executable by a computer for providing security to cause said computer to perform operations comprising:
- generating, by said computer, random data based on authentication credentials;
  
  retrieving, by said computer, a timestamp;
  
  creating, by said computer, an incremental token identifier;
  
  concatenating, by said computer, said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB);
  
  applying, by said computer, an encryption algorithm with a fixed key to said BLOB to create a session token; and
  
  issuing, by said computer, said session token to a authentication client, wherein said session token includes data indicating a manner by which said client was validated and access type information identifying characteristics of a first request.

21. A system comprising:
- a processor;
  
  a non-transitory memory configured to communicate with the processor;
  
  said tangible, non-transitory memory having instructions stored thereon that are executable by said processor to cause said processor to perform operations comprising;
  
  generating, by said processor, random data based on authentication credentials;
  
  retrieving, by said processor, a timestamp;
  
  creating, by said processor, an incremental token identifier;
  
  concatenating, by said processor, said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB);
  
  applying, by said processor, an encryption algorithm with a fixed key to said BLOB to create a session token; and
  
  issuing, by said processor, said session token to a authentication client, wherein said session token includes data indicating a manner by which said client was validated and access type information identifying characteristics of a first request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
III Holdings 1, LLC
Inventors
More, Scott, Johnson, Rick D., Royer, Coby, Laidlaw, Robert
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/623,347
Publication Number

US 20130031359A1
Time in Patent Office

705 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

Method and system for modular authentication and session management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for modular authentication and session management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links