Hardware identity in multi-factor authentication at the application layer
First Claim
1. A method for authenticating a client device for a data transaction between the client device and a server, the method comprising:
- in the client device, sending a request message to the server in accordance with a protocol at the application layer of a computer communication model;
in the client device, receiving a response message in accordance with the protocol from the server that is responsive to the request message and that indicates that the request is denied for lack of authorization;
in the client device, sending an authorization request to the server in accordance with the protocol and in response to the response message;
in the client device, receiving an authorization challenge message from the server in accordance with the protocol wherein the authorization challenge message requests data representing one or more parts of a digital fingerprint of the client device;
in the client device, sending a challenge response message to the server in accordance with the protocol wherein the challenge response message includes data representing the one or more parts of a digital fingerprint of the client device; and
in the client device, receiving a grant message from the server in accordance with the protocol only if the one or more parts of a digital fingerprint of the client device match predetermined data stored within the server representing the one or more parts of a digital fingerprint of an authorized client device;
wherein the grant message represents a granting of the request of the request message by the server.
4 Assignments
0 Petitions
Accused Products
Abstract
Device authentication is implemented at the application layer of a computer communication model to add a factor to user authentication without requiring any action by the user. User space applications, such as web browsers, e-mail readers, and such, can remain completely unaffected. Instead, the additional authentication factor is provided at the application layer, typically in an operating system, where protocols such as HTTP(s), FTP(s), POP, SMTP, SNMP and DNS are implemented. Authentication is performed by a challenge/response transaction and the client device'"'"'s digital fingerprint is compared to a whitelist of digital fingerprints of authorized client devices.
-
Citations
5 Claims
-
1. A method for authenticating a client device for a data transaction between the client device and a server, the method comprising:
-
in the client device, sending a request message to the server in accordance with a protocol at the application layer of a computer communication model; in the client device, receiving a response message in accordance with the protocol from the server that is responsive to the request message and that indicates that the request is denied for lack of authorization; in the client device, sending an authorization request to the server in accordance with the protocol and in response to the response message; in the client device, receiving an authorization challenge message from the server in accordance with the protocol wherein the authorization challenge message requests data representing one or more parts of a digital fingerprint of the client device; in the client device, sending a challenge response message to the server in accordance with the protocol wherein the challenge response message includes data representing the one or more parts of a digital fingerprint of the client device; and in the client device, receiving a grant message from the server in accordance with the protocol only if the one or more parts of a digital fingerprint of the client device match predetermined data stored within the server representing the one or more parts of a digital fingerprint of an authorized client device; wherein the grant message represents a granting of the request of the request message by the server. - View Dependent Claims (2, 3)
-
-
4. A computer system comprising:
-
at least one processor; a computer readable medium that is operatively coupled to the processor; network access circuitry that is operatively coupled to the processor; and application layer server protocol logic (i) that executes at least in part in the processor from the computer readable medium and (ii) that, when executed, causes the computer system to authenticate a client device for a data transaction between the client device and the computer system by at least; receiving a request message from the client device in accordance with a protocol at the application layer of a computer communication model; sending a response message in accordance with the protocol to the client device that is responsive to the request message and that indicates that the request is denied for lack of authorization; thereafter, receiving an authorization request from the client device in accordance with the protocol; sending an authorization challenge message to the client device in accordance with the protocol wherein the authorization challenge message requests data representing one or more parts of a digital fingerprint of the client device; receiving a challenge response message from the client device in accordance with the protocol wherein the challenge response message includes data representing the one or more parts of a digital fingerprint of the client device; determining whether the one or more parts of a digital fingerprint of the client device match predetermined data stored within the computer system representing the one or more parts of a digital fingerprint of an authorized client device; and sending a grant message to the client device in accordance with the protocol only if the application layer server protocol logic determines that the one or more parts of a digital fingerprint of the client device match the predetermined data stored within the computer system representing the one or more parts of a digital fingerprint of an authorized client device; wherein the grant message represents a granting of the request of the request message by the computer system. - View Dependent Claims (5)
-
Specification