System and method for authenticating the legitimacy of a request for a resource by a user

US 9,853,964 B2
Filed: 11/27/2012
Issued: 12/26/2017
Est. Priority Date: 11/27/2012
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating the legitimacy of a request for a resource by a user, the method being executable in an electronic communication system after the following predetermined steps have occurred:

a structured user message having been created, said structured user message including a resource identifier to identify the resource, a user identifier to identify the user that is requesting the resource and a digital signature having been created using a signing key held by the user;

a user verified message having been created in part by encrypting the structured user message, said user verified message at least partially comprising a verification string derived from at least part of the structured user message,a user request message having been assembled, said user request message including the user verified message, and the resource identifier to identify the resource being requested of the resource provider,the user request message having been sent to a resource provider,a process having been run by the resource provider receiving the user request message to create a resource provider message by at least adding a resource identifier to the user request message,said method including the steps of;

receiving and de-assembling the resource provider message,confirming the integrity of the user request message by checking the verification string accords with a well-formed structured user message,decrypting the user verified message to yield the structured user message and verifying the digital signature of the structured user message,creating a result indicator as to the legitimacy of the resource provider message by performing two or more authenticity checks, including a first authenticity check that the resource identifier in the structured user message is equal or equivalent to the identified resource in the resource provider message, and a second authenticity check that the user identifier in the structured user message is correlated with a known and valid user,andsending an authentication result including said result indicator.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating the legitimacy of a request for a resource from a resource provider by a user, including providing an authentication process in which a resource provider message is received and de-assembled, the integrity of the user request message is confirmed, a result indicator as to the legitimacy of the resource provider message is created by performing two or more authenticity checks, and an authentication result is sent.

19 Citations

View as Search Results

23 Claims

1. A method of authenticating the legitimacy of a request for a resource by a user, the method being executable in an electronic communication system after the following predetermined steps have occurred:
- a structured user message having been created, said structured user message including a resource identifier to identify the resource, a user identifier to identify the user that is requesting the resource and a digital signature having been created using a signing key held by the user;
  
  a user verified message having been created in part by encrypting the structured user message, said user verified message at least partially comprising a verification string derived from at least part of the structured user message,a user request message having been assembled, said user request message including the user verified message, and the resource identifier to identify the resource being requested of the resource provider,the user request message having been sent to a resource provider,a process having been run by the resource provider receiving the user request message to create a resource provider message by at least adding a resource identifier to the user request message,said method including the steps of;
  
  receiving and de-assembling the resource provider message,confirming the integrity of the user request message by checking the verification string accords with a well-formed structured user message,decrypting the user verified message to yield the structured user message and verifying the digital signature of the structured user message,creating a result indicator as to the legitimacy of the resource provider message by performing two or more authenticity checks, including a first authenticity check that the resource identifier in the structured user message is equal or equivalent to the identified resource in the resource provider message, and a second authenticity check that the user identifier in the structured user message is correlated with a known and valid user,andsending an authentication result including said result indicator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as claimed in claim 1, wherein the verification string is ciphertext generated using an asymmetric key algorithm.
  - 3. A method as claimed in claim 2, wherein the structured user message includes:
    - the collation of the structured user message being signed using a signing key A_sto create a ciphertext signature, andthe collation of the structured user message and the ciphertext signature then encrypted using an encryption key Be resulting in the user verified message being comprised predominantly of a verification ciphertext,and the step of confirming the integrity of the user verified message comprises the steps of;
      
      decrypting the user verified message using a decryption key B_dto obtain the structured user message and the ciphertext signature, andconfirming the integrity of the user verified message by using verification key A_von the structured user message to confirm that the ciphertext signature is valid.
  - 4. A method as claimed in claim 1, wherein the structured user message includes a sufficiently unique identifier, to ensure that the collation of the contents of the structured user message is not repeatable.
  - 5. A method as claimed in claim 1, further comprising an additional step of creating a log entry in a parseable format, and thereafter parsing and processing the plurality of log entries created over time, to generate zero or more suspicious activity criteria based on analysis of the plurality of log entries.
  - 6. A method as claimed in claim 5, wherein each log entry includes a digital signature, to create an unforgettable log entry.
  - 7. A method as claimed in claim 5, wherein a third authenticity check is performed to check whether any information associated with the resource provider message matches any of the suspicious activity criteria.
  - 8. A method as claimed in claim 1, wherein the structured user message includes a timestamp of when the request was created, and a timestamp authenticity checker is provided, that checks that the timestamp was generated within a predetermined preceding time period.
  - 9. A method as claimed in claim 1, wherein the step of receiving the resource provider message is conducted over a secure channel, at least in part using a TLS client certificate.
  - 10. A method as claimed in claim 1, wherein the resource is a request for an Internet resource over the IP protocol, and the resource provider message includes the user'"'"'s IP address.
  - 11. A method as claimed in claim 1, wherein the structured user message includes a device identifier that identifies the device used to generate the structured user message.

12. An authentication server operably coupled to an electronic communications network,said authentication server forming part of an authentication system for authenticating the legitimacy of a request for a resource by a user,said authentication system including one or more resource provider servers, arranged to receive a user request message from a user, said user request message comprising a user verified message and a resource identifier that identifies the resource being requested, and said one or more resource provider servers operable to create a resource provider message by at least adding a resource identifier to the user request message and forward the resource provider message to the authentication server,said user verified message comprising a structured user message including a user identifier and said resource identifier and a digital signature created using a signing key held by the user,said user verified message having been created in part by encrypting the structured user message and at least partially composed of a verification string derived from at least part of the structured user message,said authentication server being operable to receive and de-assemble said resource provider message as an input, and arranged to confirm said verification string accords with a well-formed structured user message according to a predetermined criteria,said authentication server being operable to decrypt the user verified message to yield the structured user message and verifying the digital signature of the structured user message,said authentication server being arranged to determine whether the resource identifier in the structured user message is equal or equivalent to the identified resource in the resource provider message,said authentication server being operable to determine whether the user identifier in the structured user message is a valid user identifier,said authentication server being operable to generate an authentication result including a result indicator as to the legitimacy of the resource provider message based on the result of confirming and determining, andsaid authentication server having a communications means to receive a resource provider message, and return an authentication result determined.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. An authentication server as claimed in claim 12, wherein the verification string is ciphertext generated using an asymmetric key algorithm.
  - 14. An authentication server as claimed in claim 13, wherein the predetermined criteria comprises:
    - decrypting the user verified message using decryption key B_dto obtain the structured user message and a digital signature, the digital signature having been created by a signing key A_sheld by the user, said user verified message having been encrypted by an encryption key Be held by the user, andconfirming the integrity of the user verified message by applying verification key A_vagainst the structured user message, to confirm that the digital signature is valid.
  - 15. An authentication server as claimed in claim 12, wherein the structured user message includes a sufficiently unique identifier, to ensure that collations of the contents of the structured user message are not repeatable.
  - 16. An authentication server as claimed in claim 12, wherein the authentication system being operable to store log entries in a parseable format, and to thereafter parse and process the plurality of log entries created over time, to generate zero or more suspicious activity criteria based on using a classification analysis processor.
  - 17. An authentication server as claimed in claim 16, wherein each log entry includes a digital signature, to create an unforgettable log entry.
  - 18. An authentication server as claimed in claim 16, wherein the authentication server being operable to determine whether any information associated with the resource provider message matches any of the suspicious activity criteria.
  - 19. An authentication server as claimed in claim 12, wherein the structured user message includes a timestamp of when the request was created, and being operable to check that the timestamp was generated within a predetermined preceding time period.
  - 20. An authentication server as claimed in claim 12, wherein said communications means utilizes a secure communications channel, in part using a TLS client certificate.
  - 21. An authentication server as claimed in claim 12, wherein the resource is a request for an Internet resource over the IP protocol, and the resource provider message includes the user'"'"'s IP address.
  - 22. An authentication server as claimed in claim 12, wherein the structured user message includes a device identifier that identifies the device used to generate the structured user message.

23. A non-transitory computer readable medium encoded with processing instructions which when executed using one or more processors cause performing a method of authenticating the legitimacy of a request for a resource by a user, in an electronic communication system, after the following predetermined steps have occurred:
- a structured user message having been created, said structured user message including a resource identifier to identify the resource, and a user identifier to identify the user that is requesting the resource and a digital signature having been created using a signing key held by the user;
  
  a user verified message having been created in part by encrypting the structured user message, said user verified message at least partially comprising a verification string derived from at least part of the structured user message,a user request message having been assembled, said user request message including the user verified message, and the resource identifier to identify the resource being requested of the resource provider,the user request message having been sent to a resource provider,a process having been run by the resource provider receiving the user request message to create a resource provider message by at least adding a resource identifier to the user request message,said method including the steps of;
  
  receiving and de-assembling the resource provider message,confirming the integrity of the user request message by checking the verification string accords with a well-formed structured user message,decrypting the user verified message to yield the structured user message and verifying the digital signature of the structured message,creating a result indicator as to the legitimacy of the resource provider message by performing two or more authenticity checks, including a first authenticity check that the resource identifier in the structured user message is equal or equivalent to the identified resource in the resource provider message, and a second authenticity check that the user identifier in the structured user message is correlated with a known and valid user, andsending an authentication result including said result indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robojar Ip Holdings LLC
Original Assignee
Robojar Pty Ltd
Inventors
Chester, Jacques Noel Marc
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
LAPIAN, ALEXANDER R

Application Number

US14/110,699
Publication Number

US 20160285861A1
Time in Patent Office

1,855 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/44   Program or device authentic...

G06F 21/6272   by registering files or doc...

G06F 21/645   using a third party

G06F 2221/2115   Third party

G06F 2221/2135   Metering

G06Q 2220/12   Usage or charge determination

H04L 2209/60   Digital content management,...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/1433   Vulnerability analysis

H04L 63/166   at the transport layer

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method for authenticating the legitimacy of a request for a resource by a user

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating the legitimacy of a request for a resource by a user

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links