Distributed authentication with data cloud

US 9,485,246 B2
Filed: 12/21/2010
Issued: 11/01/2016
Est. Priority Date: 12/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, where the client request does not provide a user name and password such that the client request does not identify the user, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data;

receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm;

presenting the response information of the authentication realm to the user and prompting the user for a user name and password; and

re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information,wherein the user credentials are stored in the data cloud as a <

key, value>

pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user. The method further includes receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data.

25 Citations

View as Search Results

19 Claims

1. A method, comprising:
- sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, where the client request does not provide a user name and password such that the client request does not identify the user, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data;
  
  receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm;
  
  presenting the response information of the authentication realm to the user and prompting the user for a user name and password; and
  
  re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information,wherein the user credentials are stored in the data cloud as a <
  
  key, value>
  
  pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, where the multiple authorized user applications access the user credentials based on an open authorization key and secret.
  - 3. The method of claim 1, where the multiple authorized user applications access the user credentials based on at least one of a secure sockets layer or transparent layer security.
  - 4. The method of claim 1, where user name in the user credentials is also hashed.
  - 5. The method of claim 1, where the authentication header includes user credentials that are valid only when they match user credentials already stored in the user'"'"'s certain stored data in the data cloud.
  - 6. The method of claim 5, where in response to the user credentials being valid, further comprising generating a cookie, and storing the cookie into the data cloud.
  - 7. The method of claim 6, where the cookie is available only for a single user browsing session.
  - 8. The method of claim 7, where the cookie is comprised of a single sign on token.
  - 9. The method of claim 1, performed as a result of execution of computer program instructions stored in a computer-readable storage medium.

10. An apparatus, comprising:
- a processor; and
  
  a non-transitory memory including computer program code, where the memory and computer program code are configured to, with the processor, cause the apparatus at least to perform;
  
  sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data, where the client request does not provide a user name and password such that the client request does not identify the user;
  
  receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm;
  
  presenting the response information of the authentication realm to the user and prompting the user for a user name and password; and
  
  re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information,wherein the user credentials are stored in the data cloud as a <
  
  key, value>
  
  pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, where the multiple authorized user applications to access the user credentials based on an open authorization key and secret.
  - 12. The apparatus of claim 10, where the multiple authorized user applications to access the user credentials based on at least one of a secure sockets layer or transparent layer security.
  - 13. The apparatus of claim 10, where user name in the user credentials is also hashed.
  - 14. The apparatus of claim 10, where the authentication header includes user credentials that are valid only when they match user credentials already stored in the user'"'"'s certain stored data in the data cloud.
  - 15. The apparatus of claim 14, where in response to the user credentials being valid, further comprising generating a cookie, and storing the cookie into the data cloud.
  - 16. The apparatus of claim 15, where the cookie is available only for a single user browsing session.
  - 17. The apparatus of claim 16, where the cookie is comprised of a single sign on token.

18. A non-transitory computer readable medium comprising computer program code stored thereon, the non-transitory computer readable medium and computer program code being configured to, when run on at least one processor, cause the apparatus to perform at least the following:
- sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, where the client request does not provide a user name and password such that the client request does not identify the user, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data;
  
  receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm;
  
  presenting the response information of the authentication realm to the user and prompting the user for a user name and password;
  
  re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information,wherein the user credentials are stored in the data cloud as a <
  
  key, value>
  
  pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time.
- View Dependent Claims (19)
- - 19. The non-transitory computer readable medium of claim 18, wherein the multiple authorized user applications access the user credentials based on at least one of:
    - an open authorization key and secret;
      
      a secure sockets layer;
      
      or a transparent layer security.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Vepslinen, Ari, Lumme, Tapani, Mki, Jussi
Primary Examiner(s)
Turchen, James

Application Number

US13/519,438
Publication Number

US 20130019299A1
Time in Patent Office

2,142 Days
Field of Search

726/8
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 9/3228   One-time or temporary data,...

H04L 9/3236   using cryptographic hash fu...

Distributed authentication with data cloud

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed authentication with data cloud

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links