Method for managing access to protected computer resources

US 8,898,746 B2
Filed: 01/28/2013
Issued: 11/25/2014
Est. Priority Date: 06/11/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the method comprising:

registering, by at least one authentication server, identity data of a subscriber identity module associated with at least one client computer device;

storing, by the at least one authentication server in an associated database, (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module associated with the at least one client computer device, and (iii) authorization data associated with the protected computer resources;

receiving, by the at least one access server, (i) the identity data of a subscriber identity module associated with the at least one client computer device and (ii) a request for the protected computer resources from the at least one client computer device;

receiving, by the at least one client computer device, an acknowledgement for the request for the protected computer resources from the at least one access server;

forwarding, by the at least one access server, (i) the identity data of the at least one access server and (ii) the identity data of a subscriber identity module received from the at least one client computer device to the at least one authentication server;

authenticating, by the at least one authentication server, (i) the identity data of the at least one access server and (ii) the identity data of a subscriber identity module associated with the at least one client computer device responsive to the request for the protected computer resources by the at least one client computer device;

authorizing, by the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources, based on the stored authorization data associated with the protected computer resources;

permitting access, by the at least one authentication server, to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device; and

acquiring, by at least one of the at least one access server and a server associated with the at least one authentication server, for billing purposes, usage data of the at least the portion of the protected computer resources provided to the at least one client computer device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling access to protected computer resources provided via an Internet Protocol network that includes registering identity data of a subscriber identity module associated with at least one client computer device; storing (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module, and (iii) authorization data regarding the protect computer resources; receiving the identity data of a subscriber identity module, and a request for the protected computer resources; authenticating (i) the identity data of the at least one access server, and (ii) the identity data of a subscriber identity module; authorizing the at least one client computer device to receive at least a portion of the protected computer resources; and permitting access to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device.

Citations

50 Claims

1. A method for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the method comprising:
- registering, by at least one authentication server, identity data of a subscriber identity module associated with at least one client computer device;
  
  storing, by the at least one authentication server in an associated database, (i) identity data of at least one access server, (ii) the identity data of a subscriber identity module associated with the at least one client computer device, and (iii) authorization data associated with the protected computer resources;
  
  receiving, by the at least one access server, (i) the identity data of a subscriber identity module associated with the at least one client computer device and (ii) a request for the protected computer resources from the at least one client computer device;
  
  receiving, by the at least one client computer device, an acknowledgement for the request for the protected computer resources from the at least one access server;
  
  forwarding, by the at least one access server, (i) the identity data of the at least one access server and (ii) the identity data of a subscriber identity module received from the at least one client computer device to the at least one authentication server;
  
  authenticating, by the at least one authentication server, (i) the identity data of the at least one access server and (ii) the identity data of a subscriber identity module associated with the at least one client computer device responsive to the request for the protected computer resources by the at least one client computer device;
  
  authorizing, by the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources, based on the stored authorization data associated with the protected computer resources;
  
  permitting access, by the at least one authentication server, to the at least the portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the identity data of a subscriber identity module associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device; and
  
  acquiring, by at least one of the at least one access server and a server associated with the at least one authentication server, for billing purposes, usage data of the at least the portion of the protected computer resources provided to the at least one client computer device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 36, 49)
- - 2. The method of claim 1, further comprising authenticating, by the at least one client computer device, the at least one access server.
  - 3. The method of claim 1, further comprising receiving, by the at least one access server, at least one of a username and a password in addition to the identity data of a subscriber identity module associated with the at least one client computer device.
  - 4. The method of claim 1, further comprising authenticating, by the at least one authentication server, the at least one of a username and password.
  - 5. The method of claim 1, wherein the at least one access server receives the identity data of a subscriber identity module associated with the at least one client computer device via a network utilizing at least one Internet Protocol.
  - 6. The method of claim 1, wherein the storing of the authorization data associated with the protected computer resources is stored in a database of at least one server computer associated with the at least one authentication server.
  - 7. The method of claim 1, wherein the at least the portion of the protected computer resources are provided via a network utilizing at least one Internet Protocol to the at least one client computer device by at least one server computer associated with the at least one access server upon the at least one authentication server permitting access to the at least the portion of the protected computer resources.
  - 8. The method of claim 1, wherein the at least the portion of the protected computer resources are stored in at least one of a plurality of server computers associated with the at least one access server.
  - 9. The method of claim 1, wherein the at least the portion of the protected computer resources are stored in a database associated with the at least one access server.
  - 10. The method of claim 1, wherein at least one of a plurality of server computers associated with the at least one access server provides the at least the portion of the protected computer resources to the at least one client computer device upon the at least one authentication server permitting access to the at least the portion of the protected computer resources.
  - 11. The method of claim 1, wherein the at least the portion of the protected computer resources is encrypted.
  - 12. The method of claim 1, wherein the at least one authentication server is located on a computer separate from the at least one access server.
  - 13. The method of claim 1, wherein the at least one authentication server is located on the same computer as the at least one access server.
  - 14. The method of claim 1, wherein at least one of the functions of the at least one authentication server are performed by another server associated with the at least one authentication server.
  - 15. The method of claim 1, wherein the at least one authentication server authenticates multiple client computer devices.
  - 16. The method of claim 1, wherein the at least one authentication server authenticates multiple access servers.
  - 17. The method of claim 1, wherein the at least one authentication server is one of a plurality of servers authenticating the identity data of a subscriber identity module associated with the at least one client computer device.
  - 18. The method of claim 1, wherein the at least one authentication server is one of a plurality of servers authorizing the at least one client computer device to receive at least the portion of the protected computer resources.
  - 19. The method of claim 1, wherein the at least one authentication server is one of a plurality of servers permitting access to the at least the portion of the protected computer resources.
  - 20. The method of claim 1, further comprising assigning, at the at least one authentication server, one of a plurality of authorization levels to the at least the portion of the protected computer resources, assigning, at the at least one authentication server, a particular authorization level to the identity data of a subscriber identity module associated with the at least one client computer device, and permitting, by the at least one authentication server, only access to particular protected computer resources by the at least one client computer device permitted by the particular authorization level.
  - 21. The method of claim 1, further comprising selectively requiring, by the at least one access server, the at least one client computer device to forward the identity data of a subscriber identity module associated with the at least one client computer device to the at least one access server.
  - 22. The method of claim 1, further comprising selectively prompting, by the at least one access server, the at least one client computer device to provide the identity data of a subscriber identity module associated with the at least one client computer device and at least one of a username and a password to the at least one access server.
  - 23. The method of claim 1, further comprising selectively querying, by the at least one access server, the at least one client computer device to one of derive and generate the identity data of a subscriber identity module associated with the at least one client computer device.
  - 24. The method of claim 1, further comprising changing the identity data of a subscriber identity module associated with the at least one client computer device, and forwarding the changed identity data of a subscriber identity module associated with the at least one client computer device to the at least one authentication server.
  - 25. The method of claim 1, further comprising intermittently re-authenticating, by the at least one authentication server, the identity data of a subscriber identity module associated with the at least one client computer device.
  - 36. The method of claim 1, wherein the at least the portion of the protected computer resources is encrypted.
  - 49. The method of claim 1, further comprising changing the digital identification of an access key associated with the at least one client computer device, and forwarding the changed digital identification of an access key associated with the at least one client computer device to the at least one authentication server.

26. A method for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the method comprising:
- registering, by at least one authentication server, digital identification of an access key associated with at least one client computer device;
  
  storing, by the at least one authentication server i n an associated database, (i) identity data of at least one access server, (ii) the digital identification of an access key associated with the at least one client computer device, and (iii) authorization data associated with the protected computer resources;
  
  receiving, by the at least one access server, (i) the digital identification of an access key associated with the at least one client computer device and (ii) a request for the protected computer resources from the at least one client computer device;
  
  receiving, by the at least one client computer device, an acknowledgement for the request for the protected computer resources from the at least one access server;
  
  forwarding, by the at least one access server, (i) the identity data of the at least one access server and (ii) the digital identification of an access key received from the at least one client computer device to the at least one authentication server;
  
  authenticating, by the at least one authentication server, (i) the identity data of the at least one access server and (ii) the digital identification of an access key associated with the at least one client computer device responsive to the request for the protected computer resources by the at least one client computer device;
  
  authorizing, by the at least one authentication server, the at least one client computer device to receive at least the portion of the protected computer resources, based on the stored authorization data associated with the protected computer resources;
  
  permitting access, by the at least one authentication server, to the at least a portion of the protected computer resources (i) upon successfully authenticating the identity data of the at least one access server and the digital identification of an access key associated with the at least one client computer device, and (ii) upon successfully authorizing the at least one client computer device; and
  
  acquiring, by at least one of the at least one access server and a server associated with the at least one authentication server, for billing purposes, usage data of the at least the portion of the protected computer resources provided to the at least one client computer device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 50)
- - 27. The method of claim 26, further comprising authenticating, by the at least one client computer device, the at least one access server.
  - 28. The method of claim 26, further comprising receiving, by the at least one access server, at least one of a username and a password in addition to the digital identification of an access key associated with the at least one client computer device.
  - 29. The method of claim 26, further comprising authenticating, by the at least one authentication server, the at least one of a username and password.
  - 30. The method of claim 26, wherein the at least one access server receives the digital identification of an access key associated with the at least one client computer device via a network utilizing at least one Internet Protocol.
  - 31. The method of claim 26, wherein the storing of the authorization data associated with the protected computer resources is stored in a database of at least one server computer associated with the at least one authentication server.
  - 32. The method of claim 26, wherein the at least the portion of the protected computer resources are provided via a network utilizing at least one Internet Protocol to the at least one client computer device by at least one server computer associated with the at least one access server upon the at least one authentication server permitting access to the at least the portion of the protected computer resources.
  - 33. The method of claim 26, wherein the at least the portion of the protected computer resources are stored in at least one of a plurality of server computers associated with the at least one access server.
  - 34. The method of claim 26, wherein the at least the portion of the protected computer resources are stored in a database associated with the at least one access server.
  - 35. The method of claim 26, wherein at least one of a plurality of server computers associated with the at least one access server provides the at least the portion of the protected computer resources to the at least one client computer device upon the at least one authentication server permitting access to the at least the portion of the protected computer resources.
  - 37. The method of claim 26, wherein the at least one authentication server is located on a computer separate from the at least one access server.
  - 38. The method of claim 26, wherein the at least one authentication server is located on the same computer as the at least one access server.
  - 39. The method of claim 26, wherein at least one of the functions of the at least one authentication server are performed by another server associated with the at least one authentication server.
  - 40. The method of claim 26, wherein the at least one authentication server authenticates multiple client computer devices.
  - 41. The method of claim 26, wherein the at least one authentication server authenticates multiple access servers.
  - 42. The method of claim 26, wherein the at least one authentication server is one of a plurality of servers authenticating the digital identification of an access key associated with the at least one client computer device.
  - 43. The method of claim 26, wherein the at least one authentication server is one of a plurality of servers authorizing the at least one client computer device to receive at least the portion of the protected computer resources.
  - 44. The method of claim 26, wherein the at least one authentication server is one of a plurality of servers permitting access to the at least the portion of the protected computer resources.
  - 45. The method of claim 26, further comprising assigning, at the at least one authentication server, one of a plurality of authorization levels to the at least the portion of the protected computer resources, assigning, at the at least one authentication server, a particular authorization level to the digital identification of an access key associated with the at least one client computer device, and permitting, by the at least one authentication server, only access to particular protected computer resources by the at least one client computer device permitted by the particular authorization level.
  - 46. The method of claim 26, further comprising selectively requiring, by the at least one access server, the at least one client computer device to forward the digital identification of an access key associated with the at least one client computer device to the at least one access server.
  - 47. The method of claim 26, further comprising selectively prompting, by the at least one access server, the at least one client computer device to provide the digital identification of an access key associated with the at least one client computer device and at least one of a username and a password to the at least one access server.
  - 48. The method of claim 26, further comprising selectively querying, by the at least one access server, the at least one client computer device to one of derive and generate the digital identification of an access key associated with the at least one client computer device.
  - 50. The method of claim 26, further comprising intermittently re-authenticating, by the at least one authentication server, the digital identification of an access key associated with the at least one client computer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Inventors
Gregg, Richard L., Giri, Sandeep, Goeke, Timothy C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US13/752,036
Publication Number

US 20130167204A1
Time in Patent Office

666 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2135   Metering

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 2220/00   Business processing using c...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

Method for managing access to protected computer resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing access to protected computer resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links