Enterprise authentication server

US 9,641,509 B2
Filed: 07/30/2015
Issued: 05/02/2017
Est. Priority Date: 07/30/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented authentication method, comprising:

performing operations as follows by a processor of an authentication server;

receiving, at the authentication server from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;

generating, at the authentication server, an authentication token comprising client-specific and server-specific portions, responsive to receiving the first authentication request from the first machine;

transmitting, from the authentication server to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion is not transmitted to the first machine from the authentication server;

receiving, at the authentication server from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token;

determining, at the authentication server, an authentication status for the requested service, responsive to receiving the second authentication request from the second machine;

receiving, at the authentication server from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and

responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, from the authentication server to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment from the authentication server indicates whether a response for the requested service, which is received by the first machine, is authentic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer-implemented authentication method, a first authentication request from a first machine is received at an authentication server. The first authentication request includes an identification of a second machine that is to provide a requested service. An authentication token including client-specific and server-specific portions is generated at the authentication server, responsive to receiving the first authentication request from the first machine. An authentication identifier and the server-specific portion of the authentication token are transmitted from the authentication server to the second machine, responsive to receiving the first authentication request from the first machine. A second authentication request, including the authentication identifier and both the server-specific and the client-specific portions of the authentication token, is received at the authentication server from the second machine. An authentication status for the requested service is determined at the authentication server, responsive to receiving the second authentication request from the second machine.

Citations

15 Claims

1. A computer-implemented authentication method, comprising:
- performing operations as follows by a processor of an authentication server;
  
  receiving, at the authentication server from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;
  
  generating, at the authentication server, an authentication token comprising client-specific and server-specific portions, responsive to receiving the first authentication request from the first machine;
  
  transmitting, from the authentication server to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion is not transmitted to the first machine from the authentication server;
  
  receiving, at the authentication server from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token;
  
  determining, at the authentication server, an authentication status for the requested service, responsive to receiving the second authentication request from the second machine;
  
  receiving, at the authentication server from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and
  
  responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, from the authentication server to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment from the authentication server indicates whether a response for the requested service, which is received by the first machine, is authentic.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented authentication method of claim 1, wherein generating the authentication token comprises:
    - generating a randomly-encrypted token; and
      
      dividing the randomly-encrypted token into a first part comprising the client-specific portion and a second part comprising the server-specific portion,wherein the client-specific portion of the authentication token is not transmitted to the second machine from the authentication server.
  - 3. The computer-implemented authentication method of claim 2, further comprising performing operations as follows by the processor:
    - transmitting, from the authentication server to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request,wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine.
  - 4. The computer-implemented authentication method of claim 1, further comprising performing operations as follows by the processor:
    - transmitting, from the authentication server to the second machine, an authentication response comprising the authentication status responsive to determining thereof,wherein receiving the third authentication request from the first machine is responsive to transmitting the authentication response to the second machine.
  - 5. The computer-implemented authentication method of claim 4, wherein determining the authentication status comprises:
    - comparing the server-specific and the client-specific portions of the authentication token received from the second machine in the second authentication request with the authentication token generated at the authentication server responsive to receiving the first authentication request;
      
      determining the authentication status as positive responsive to a match indicated by the comparing; and
      
      determining the authentication status as negative responsive to an absence of the match indicated by the comparing.
  - 6. The computer-implemented method of claim 5, wherein the acknowledgment comprising the authentication status as positive indicates authorization for the first machine to accept the response for the requested service from the second machine.
  - 7. The computer-implemented method of claim 6, wherein the authentication response comprising the authentication status as positive indicates authorization for the second machine to provide the response for the requested service to the first machine.

8. A computer system, comprising:
- a processor; and
  
  a memory coupled to the processor, the memory comprising computer readable program code embodied therein that, when executed by the processor, causes the processor to perform operations comprising;
  
  receiving, from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;
  
  generating an authentication token comprising client-specific and server-specific portions responsive to receiving the first authentication request comprising the identification of the second machine;
  
  transmitting, to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion of the authentication token is not transmitted to the first machine by the processor;
  
  receiving, from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token;
  
  determining an authentication status for the requested service responsive to receiving the second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token;
  
  receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and
  
  responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment verifies whether a response for the requested service, which is received by the first machine, is authentic.
- View Dependent Claims (9, 10, 11)
- - 9. The computer system of claim 8, wherein generating the authentication token comprises:
    - generating a randomly-encrypted token; and
      
      dividing the randomly-encrypted token into a first part comprising the client-specific portion and a second part comprising the server-specific portion,wherein the client-specific portion of the authentication token is not transmitted to the second machine by the processor.
  - 10. The computer system of claim 9, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request therefrom,wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine.
  - 11. The computer system of claim 8, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the second machine, an authentication response comprising the authentication status responsive to determining thereof,wherein receiving the third authentication request from the first machine is responsive to transmitting the authentication response to the second machine.

12. A computer program product comprising:
- a non-transitory computer readable storage medium comprising computer readable program code embodied in the medium, which, when executed by a processor, causes the processor to perform operations comprising;
  
  receiving, from a first machine, a first authentication request comprising an identification of a second machine that is to provide a requested service;
  
  generating an authentication token comprising client-specific and server-specific portions responsive to receiving the first authentication request comprising the identification of the second machine;
  
  transmitting, to the second machine, an authentication identifier and the server-specific portion of the authentication token, responsive to receiving the first authentication request from the first machine, wherein the server-specific portion of the authentication token is not transmitted to the first machine by the computer readable program code when executed by the processor;
  
  receiving, from the second machine, a second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token;
  
  determining an authentication status for the requested service responsive to receiving the second authentication request comprising the authentication identifier, the server-specific portion of the authentication token, and the client-specific portion of the authentication token;
  
  receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and
  
  responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment verifies whether a response for the requested service, which is received by the first machine, is authentic;
  
  receiving, from the first machine, a third authentication request comprising the authentication identifier, responsive to determining the authentication status; and
  
  responsive to determining the authentication status and responsive to receiving the third authentication request, transmitting, to the first machine, an acknowledgment comprising the authentication identifier and the authentication status for the requested service, wherein the acknowledgment verifies whether a response for the requested service, which is received by the first machine, is authentic.
- View Dependent Claims (13, 14, 15)
- - 13. The computer program product of claim 12, wherein generating the authentication token comprises:
    - generating a randomly-encrypted token; and
      
      dividing the randomly-encrypted token into a first part comprising the client-specific portion and a second part comprising the server-specific portion,wherein the client-specific portion of the authentication token is not transmitted to the second machine by the computer readable program code when executed by the processor.
  - 14. The computer program product of claim 13, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the first machine, the authentication identifier and the client-specific portion of the authentication token, responsive to receiving the first authentication request therefrom,wherein receiving the second authentication request from the second machine is responsive to transmitting the client-specific portion of the authentication token to the first machine.
  - 15. The computer program product of claim 14, wherein, when executed by the processor, the computer readable program code further causes the processor to perform operations comprising:
    - transmitting, to the second machine, an authentication response comprising the authentication status responsive to determining thereof;
      
      wherein receiving the third authentication request comprises receiving the third authentication request responsive to transmitting the authentication response to the second machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Pachouri, Rajendra Kumar
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US14/813,868
Publication Number

US 20170034143A1
Time in Patent Office

642 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 67/01   Protocols

Enterprise authentication server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise authentication server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links