Systems and methods for validating client authentication using protected timing data

US 8,914,633 B1
Filed: 07/21/2011
Issued: 12/16/2014
Est. Priority Date: 07/21/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to validate client authentication using timing data, comprising:

authenticating credentials entered by a user on a client;

upon authenticating the credentials entered by the user, validating the client authentication using timing data, comprising;

receiving, by a processor, a connection request from the client, the connection request comprising a request to connect the client to an Internet-based resource, the credentials being authenticated and the client authentication being validated using timing data to determine whether to allow the client to connect to the Internet-based resource;

receiving, by the processor, a validation token with the connection request;

verifying, by the processor, the received validation token with an issuing server by matching the received validation token with a validation token generated by the issuing server;

calculating, by the processor, timing data that indicate a time to transmit the data to the client and receive the retransmitted data from the client;

applying, by the processor, a protective element to the timing data, wherein the protective element comprises a digital signature;

transmitting, by the processor, data to the client, wherein the client retransmits the data, and wherein the data comprises the digitally signed timing data;

receiving, by the processor, the retransmitted data from the client; and

transmitting the digitally signed timing data to a timing verification server, wherein the timing verification server determines whether the timing data fall within a predetermined range of timing data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for validating client authentication using timing data is described. A connection request is received from a client. Data are transmitted to the client. The client is instructed to retransmit the data. The retransmitted data are received from the client. Timing data that indicates a time to transmit the data to the client and receive the retransmitted data from the client are calculated. A protective element is applied to the timing data.

Citations

11 Claims

1. A computer-implemented method to validate client authentication using timing data, comprising:
- authenticating credentials entered by a user on a client;
  
  upon authenticating the credentials entered by the user, validating the client authentication using timing data, comprising;
  
  receiving, by a processor, a connection request from the client, the connection request comprising a request to connect the client to an Internet-based resource, the credentials being authenticated and the client authentication being validated using timing data to determine whether to allow the client to connect to the Internet-based resource;
  
  receiving, by the processor, a validation token with the connection request;
  
  verifying, by the processor, the received validation token with an issuing server by matching the received validation token with a validation token generated by the issuing server;
  
  calculating, by the processor, timing data that indicate a time to transmit the data to the client and receive the retransmitted data from the client;
  
  applying, by the processor, a protective element to the timing data, wherein the protective element comprises a digital signature;
  
  transmitting, by the processor, data to the client, wherein the client retransmits the data, and wherein the data comprises the digitally signed timing data;
  
  receiving, by the processor, the retransmitted data from the client; and
  
  transmitting the digitally signed timing data to a timing verification server, wherein the timing verification server determines whether the timing data fall within a predetermined range of timing data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the validation token is associated with the client.
  - 3. The method of claim 2, further comprising establishing a connection with the issuing server, wherein the issuing server generates validation tokens.
  - 4. The method of claim 1, further comprising transmitting a key value pair, wherein the key value pair is protected by the digital signature.
  - 5. The method of claim 4, wherein the key value pair comprises a validation token associated with the client and the timing data.

6. A computing device configured to validate client authentication using timing data, comprising:
- a processor;
  
  memory in electronic communication with the processor; and
  
  instructions stored in the memory, the instructions being executable by the processor to;
  
  authenticate credentials entered by a user on a client;
  
  upon authenticating the credentials entered by the user, validate the client authentication using timing data, comprising;
  
  receive a connection request from the client, the connection request comprising a request to connect the client to an Internet-based resource, the credentials being authenticated and the client authentication being validated using timing data to determine whether to allow the client to connect to the Internet-based resource;
  
  receive a validation token with the connection request;
  
  verify the received validation token with an issuing server by matching the received validation token with a validation token generated by the issuing server;
  
  calculate timing data that indicate a time to transmit the data to the client and receive the retransmitted data from the client;
  
  apply a protective element to the timing data;
  
  transmit data to the client, wherein the client retransmits the data, and wherein the data comprises the digitally signed timing data;
  
  receive the retransmitted data from the client; and
  
  transmit the digitally signed timing data to a timing verification server, wherein the timing verification server determines whether the timing data fall within a predetermined range of timing data.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computing device of claim 6, wherein the validation token is associated with the client.
  - 8. The computing device of claim 7, wherein the instructions are executable by the processor to establish a connection with the issuing server, wherein the issuing server generates validation tokens.
  - 9. The computing device of claim 6, wherein the instructions are executable by the processor to transmit a key value pair, wherein the key value pair is protected by the digital signature.
  - 10. The computing device of claim 9, wherein the key value pair comprises a validation token associated with the client and the timing data.

11. A computer-program product to validate client authentication using timing data, the computer-program product comprising a non-transitory computer-readable medium having instructions thereon, the instructions being executable by a processor to:
- authenticate credentials entered by a user on a client;
  
  upon authenticating the credentials entered by the user, validate the client authentication using timing data, comprising;
  
  receive a connection request from the client, the connection request comprising a request to connect the client to an Internet-based resource, the credentials being authenticated and the client authentication being validated using timing data to determine whether to allow the client to connect to the Internet-based resource;
  
  receive a validation token with the connection request;
  
  verify the received validation token with an issuing server by matching the received validation token with a validation token generated by the issuing server;
  
  calculate timing data that indicate a time to transmit the data to the client and receive the retransmitted data from the client;
  
  apply a protective element to the timing data;
  
  transmit data to the client, wherein the client retransmits the data, and wherein the data comprises the digitally signed timing data;
  
  receive the retransmitted data from the client; and
  
  transmit the digitally signed timing data to a timing verification server, wherein the timing verification server determines whether the timing data fall within a predetermined range of timing data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Hopwood, Scott, Cook, Paul, Langsworth, Anthony
Primary Examiner(s)
Okeke, Izunna

Application Number

US13/188,344
Time in Patent Office

1,244 Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/126   the source of the received ...

H04L 69/28   Timers or timing mechanisms...

Systems and methods for validating client authentication using protected timing data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for validating client authentication using protected timing data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links