Method for protecting subscriber identification between service and content providers
First Claim
Patent Images
1. A computerized method for protecting an identifier of a subscriber, during data transfer between a service provider and a content provider, when said subscriber sends a request to said service provider to obtain data belonging to said content provider, said computerized method comprising:
- executing on at least one computer the steps including;
upon reception of said subscriber request by said service provider for each new subscriber session;
dynamically generating for each new session an encrypted token using said identifier of said subscriber, wherein a lifetime of the encrypted token is a user session lifetime, the generating using one of a symmetric and asymmetric encryption algorithm comprising;
determining a separator (S);
determining a time varying value (T);
concatenating the subscriber identifier with T in a string such that the subscriber identifier and T are separated with S;
encrypting the string with one of a symmetric and asymmetric encryption algorithm; and
,transmitting said subscriber request and said encrypted token to said content provider;
upon reception by said service provider of a Simple Object Access Protocol (SOAP) certification request comprising an encrypted token, sent by said content provider;
extracting said encrypted token from said SOAP certification request, wherein the encrypted token is in one of the SOAP body and a predefined SOAP header;
decrypting said extracted encrypted token using a decryption algorithm corresponding to the encryption algorithm;
retrieving the subscriber identifier using the separator;
checking said determined subscriber identifier; and
,transmitting a success or failure indication to said content provider in a SOAP response to said certification request;
upon reception of said data belonging to said content provider by said service provider, transmitting said data belonging to said content provider to said subscriber;
memorizing said encrypted token so that it can be reused during the user session lifetime without having to be recomputed; and
formatting said data belonging to said content provider in a format suitable and usable by the subscriber.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for protecting the identification of a subscriber when a service provider transmits a subscriber request to a content provider in a distributed network environment, such as Internet. After the user sends a request to a service provider to which he has subscribed, the service provider encrypts the user identifier before transmitting this request with the encrypted user identifier to the content provider. Upon reception, the content provider uses an authentication Web Service supplied by the service provider for certifying the user identifier. If the user identifier is certified, the content provider transmits the requested content to the service provider, which formats it before sending it to the user. The content provider may charge the user through the service provider.
27 Citations
4 Claims
-
1. A computerized method for protecting an identifier of a subscriber, during data transfer between a service provider and a content provider, when said subscriber sends a request to said service provider to obtain data belonging to said content provider, said computerized method comprising:
executing on at least one computer the steps including; upon reception of said subscriber request by said service provider for each new subscriber session; dynamically generating for each new session an encrypted token using said identifier of said subscriber, wherein a lifetime of the encrypted token is a user session lifetime, the generating using one of a symmetric and asymmetric encryption algorithm comprising; determining a separator (S); determining a time varying value (T); concatenating the subscriber identifier with T in a string such that the subscriber identifier and T are separated with S; encrypting the string with one of a symmetric and asymmetric encryption algorithm; and
,transmitting said subscriber request and said encrypted token to said content provider; upon reception by said service provider of a Simple Object Access Protocol (SOAP) certification request comprising an encrypted token, sent by said content provider; extracting said encrypted token from said SOAP certification request, wherein the encrypted token is in one of the SOAP body and a predefined SOAP header; decrypting said extracted encrypted token using a decryption algorithm corresponding to the encryption algorithm; retrieving the subscriber identifier using the separator; checking said determined subscriber identifier; and
,transmitting a success or failure indication to said content provider in a SOAP response to said certification request; upon reception of said data belonging to said content provider by said service provider, transmitting said data belonging to said content provider to said subscriber; memorizing said encrypted token so that it can be reused during the user session lifetime without having to be recomputed; and formatting said data belonging to said content provider in a format suitable and usable by the subscriber. - View Dependent Claims (2, 3, 4)
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCresp, Jacques, Livigni, Fabrice, Bazot, Philippe, Sert, Richard
-
Primary Examiner(s)Vu; Kimyen
-
Assistant Examiner(s)PATEL, NIRAV B
-
Application NumberUS10/681,613Publication NumberTime in Patent Office1,931 DaysField of Search705/44, 705/26, 705 64- 67, 705/50, 705/51, 713168-170, 713/181, 713/182, 713/185, 380/255, 380/262, 380/268, 380/36, 380/43, 726/9, 726/10, 726/20, 726/2, 726 4- 6, 726 27- 30, 709/223, 709/225, 709/229, 707/9, 707/1, 707/2US Class Current726/9CPC Class CodesG06F 21/31 User authenticationG06F 21/6263 during internet communicati...G06F 2221/2115 Third partyH04L 63/0407 wherein the identity of one...H04L 63/08 for authentication of entit...H04L 63/0884 by delegation of authentica...
