Authentication system and method
DC
First Claim
Patent Images
1. A method for authorizing transaction specific access to a secured resource having a secured resource identity, said method comprising the steps of:
- receiving at a messaging gateway having a first set of instructions embodied in a computer readable medium, said first set of instructions operable to receive a request for transaction specific access to a secured resource by a service client;
determining a key string with a server in communication with said messaging gateway, said server having a second set of instructions embodied in a computer readable medium operable to determine said key string known to both said server and an authorized user of said secured resource, said key string being associated with the secured resource identity within a key string table accessible by the server and providing a basis for authenticating the secured resource identity by searching the key string table for the key string;
determining transaction specific information with the server in communication with the messaging gateway, said server having a third set of instructions embodied in a computer readable medium operable to identify transaction specific information within the request;
determining an authentication credential with the server in communication with said messaging gateway, the server having a fourth set of instructions operable to identify within the request an authentication credential uniquely associated with said transaction specific information and said key string, said authentication credential having been provided by the authorized user;
evaluating said authentication credential by the server, the server having a fifth set of instructions operable to compare the key string and the transaction specific information with the authentication credential to verify that the transaction specific access to the secured resource by the service client is authorized by the authorized user; and
wherein the key string and authentication credential do not reveal any primary identifier associated with said secured resource.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access to the secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response sting to authenticate the identity of the requestor.
38 Citations
3 Claims
-
1. A method for authorizing transaction specific access to a secured resource having a secured resource identity, said method comprising the steps of:
-
receiving at a messaging gateway having a first set of instructions embodied in a computer readable medium, said first set of instructions operable to receive a request for transaction specific access to a secured resource by a service client; determining a key string with a server in communication with said messaging gateway, said server having a second set of instructions embodied in a computer readable medium operable to determine said key string known to both said server and an authorized user of said secured resource, said key string being associated with the secured resource identity within a key string table accessible by the server and providing a basis for authenticating the secured resource identity by searching the key string table for the key string; determining transaction specific information with the server in communication with the messaging gateway, said server having a third set of instructions embodied in a computer readable medium operable to identify transaction specific information within the request; determining an authentication credential with the server in communication with said messaging gateway, the server having a fourth set of instructions operable to identify within the request an authentication credential uniquely associated with said transaction specific information and said key string, said authentication credential having been provided by the authorized user; evaluating said authentication credential by the server, the server having a fifth set of instructions operable to compare the key string and the transaction specific information with the authentication credential to verify that the transaction specific access to the secured resource by the service client is authorized by the authorized user; and wherein the key string and authentication credential do not reveal any primary identifier associated with said secured resource. - View Dependent Claims (2)
-
-
3. A method for authorizing transaction specific access to a secured resource having a secured resource identity, said method comprising the steps of:
-
receiving at a messaging gateway having a first set of instructions embodied in a computer readable medium, said first set of instructions operable to receive a request for transaction specific access to a secured resource by a service client; generating a key string with a server in communication with said messaging gateway, said server having a second set of instructions embodied in a computer readable medium operable to generate the key string known to both said server and an authorized user of said secured resource, said key string being associated with the secured resource within a key string table accessible by the server and providing a basis for authenticating the secured resource identity by searching the key string table for the key string; determining transaction specific information with the server, the server having a third set of instructions embodied in a computer readable medium operable to identify transaction specific information within the request; communicating said key string to said authorized user; receiving an authentication credential from said service client, said authentication credential having been provided to said service client by said authorized user; and evaluating said authentication credential; and wherein the key string and authentication credential do not reveal any primary identifier associated with said secured resource.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
Litigation Data
-
Current AssigneeTextile Computer Systems, Inc.
-
Original AssigneeTextile Computer Systems, Inc.
-
InventorsNandakumar, Gopal
-
Primary Examiner(s)Potratz, Daniel
-
Application NumberUS14/260,047Publication NumberTime in Patent Office1,042 DaysField of Search726/5US Class Current1/1CPC Class CodesG06F 21/30 Authentication, i.e. establ...G06F 21/36 by graphic or iconic repres...G06F 21/40 by quorum, i.e. whereby two...G06F 2221/2103 Challenge-responseG06Q 20/24 Credit schemes, i.e. "pay a...G06Q 20/34 using cards, e.g. integrate...G06Q 20/383 Anonymous user systemG06Q 20/4014 Identity check for transact...H04L 63/0407 wherein the identity of one...H04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...
