Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
DC CAFCFirst Claim
1. A system for protecting resources of at least one server computer, said at least one server computer providing said protected resources to at least one client computer device via an untrusted network, without necessarily protecting other computer resources provided by said at least one server computer and by other server computers to other client computer devices, comprising:
- at least one clearinghouse for storing (i) identity data of said at least one server computer and (ii) identity data of each of said at least one client computer device and (iii) authorization data associated with said protected resources;
server software installed on said at least one server computer that forwards the identity data of said at least one server computer and the identity data of each of said at least one client computer device to said at least one clearinghouse;
client software installed on each of said at least one client computer device that forwards its identity data to said at least one server computer;
at least one hardware key associated with said at least one client computer device, said at least one hardware key generating a digital identification, the identity data of said at least one client computer device comprising said digital identification;
said server software installed on said at least one server computer selectively requiring said at least one client computer device to forward said digital identification to said at least one server computer;
said at least one clearinghouse authenticating the identity of said at least one client computer device responsive to a request for said protected resources of said at least one server computer by said at least one client computer device;
said at least one clearinghouse authenticating the identity of said at least one server computer responsive to said at least one client computer device making the request for said protected resources of said at least one server computer;
said at least one clearinghouse authorizing said at least one client computer device to receive said requested protected resources, based on said stored authorization data; and
,said at least one clearinghouse controlling access to said requested protected resources of said at least one server computer responsive to successful authentication of said at least one server computer and of said at least one client computer device making the request and responsive to successful authorization of said at least one client computer device.
3 Assignments
Litigations
0 Petitions
Reexaminations
Accused Products
Abstract
A method and system for controlling access, by an authentication server, to protected computer resources provided via an Internet Protocol network that includes storing (i) a digital identification associated with at least one client computer device, and (ii) data associated with the protected computer resources in at least one database associated with the authentication server; authenticating, by the authentication server, the digital identification forwarded by at least one access server; authorizing, by the authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the authentication server, to the at least the portion of the protected computer resources upon successfully authenticating the digital identification and upon successfully authorizing the at least once client computer device.
438 Citations
187 Claims
-
1. A system for protecting resources of at least one server computer, said at least one server computer providing said protected resources to at least one client computer device via an untrusted network, without necessarily protecting other computer resources provided by said at least one server computer and by other server computers to other client computer devices, comprising:
-
at least one clearinghouse for storing (i) identity data of said at least one server computer and (ii) identity data of each of said at least one client computer device and (iii) authorization data associated with said protected resources; server software installed on said at least one server computer that forwards the identity data of said at least one server computer and the identity data of each of said at least one client computer device to said at least one clearinghouse; client software installed on each of said at least one client computer device that forwards its identity data to said at least one server computer; at least one hardware key associated with said at least one client computer device, said at least one hardware key generating a digital identification, the identity data of said at least one client computer device comprising said digital identification; said server software installed on said at least one server computer selectively requiring said at least one client computer device to forward said digital identification to said at least one server computer; said at least one clearinghouse authenticating the identity of said at least one client computer device responsive to a request for said protected resources of said at least one server computer by said at least one client computer device; said at least one clearinghouse authenticating the identity of said at least one server computer responsive to said at least one client computer device making the request for said protected resources of said at least one server computer; said at least one clearinghouse authorizing said at least one client computer device to receive said requested protected resources, based on said stored authorization data; and
,said at least one clearinghouse controlling access to said requested protected resources of said at least one server computer responsive to successful authentication of said at least one server computer and of said at least one client computer device making the request and responsive to successful authorization of said at least one client computer device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for protecting resources of a server computer, said server computer providing said protected resources to a client computer device via an untrusted network, without necessarily protecting other computer resources provided by said sewer computer and by other server computers to other client computer devices, comprising:
-
a clearinghouse that stores (i) identity data of said client computer device and (ii) authorization data associated with said protected resources; said client computer device forwards its identity data to said server computer; a hardware key associated with said client computer device, said hardware key generating a digital identification, the identity data of said client computer device comprising said digital identification; said sewer computer selectively requiring said client computer device to forward said digital identification to said server computer; said clearinghouse authenticating the identity of said client computer device responsive to a request for said protected resources of said server computer by said client computer device; said clearinghouse authorizing said client computer device to receive said requested protected resources, based on said stored authorization data; and
,said clearinghouse controlling access to said requested protected resources of said server computer responsive to successful authentication of said client computer device making the request and responsive to successful authorization of said client comnuter device. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
-
62. A method for protecting resources of a server computer, the server computer providing the protected resources to a client computer device via an untrusted network, without necessarily protecting other computer resources provided by the server computer and by other server computers to other client computer devices, the method comprising:
-
storing (i) identity data of the server computer, (ii) identity data of the client computer device having a hardware key, and (iii) authorization data associated with the protected resources into a clearinghouse; generating a digital identification of the hardware key associated with the client computer device, the identity data of the client computer device comprising the digital identification; selectively requiring the client computer device to forward its identity data to the server computer; forwarding, by the client computer device, the identity data of the client computer device to the server computer; forwarding, by the server computer, the identity data of the server computer and the identity data of the client computer device to the clearinghouse; authenticating, by the clearinghouse, the identity of the client computer device responsive to the request for the protected resources of the server computer by the client computer device; authenticating, by the clearinghouse, the identity of the server computer responsive to the client computer device making the request for the protected resources of the server computer; authorizing, by the clearinghouse, the client computer device to receive the protected resources requested by the client computer device, based on the stored authorization data associated with the requested protected resources; and
,controlling by the clearinghouse access to the requested protected resources of the server computer responsive to successfully authenticating the server computer and the client computer device making the request and responsive to successfully authorizing the client computer device. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 89, 90, 91, 92)
-
-
87. A method for protecting resources of a server computer, the server computer providing the protected resources to a client computer device via an untrusted network, without necessarily protecting other computer resources provided by the server computer and by other server computers to other client computer devices, the method comprising:
-
storing (i) identity data of the client computer device having a hardware key and (ii) authorization data associated with the protected resources into a clearinghouse; generating a digital identification of the hardware key associated with the client computer device, the identity data of the client computer device comprising the digital identification; selectively requiring the client computer device to forward its identity data to the server computer; forwarding, by the client computer device, the identity data of the client computer device to the server computer; forwarding, by the server computer, the identity data of the client computer device to the clearinghouse; authenticating, by the clearinghouse, the identity of the client computer device responsive to the request for the protected resources of the server computer by the client computer device; authorizing, by the clearinghouse, the client computer device to receive the protected resources requested by the client computer device, based on the stored authorization data associated with the requested protected resources; and controlling, by the clearinghouse, access to the requested protected resources of the server computer responsive to successfully authenticating the client computer device making the request and responsive to successfully authorizing the client computer device. - View Dependent Claims (88, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115)
-
-
116. A method for protecting resources of a server computers, the server computer providing the protected resources to client computer device via an untrusted network, without necessarily protecting other computer resources provided by the server computer and by other server computers to other client computer devices,—
- the method comprising;
storing (i) identity data of the server computer, (ii) identity data of the client computer device having a hardware key, and (iii) authorization data associated with the protected resources into a clearinghouse;generating a digital identification of the hardware key associated with the client computer device, the identity data of the client computer device comprising the digital identification; intermittently requiring the client computer device to forward its digital identification to the server computer; forwarding the identity data of the client computer device to the server computer; forwarding the identity data of the server computer and the identity data of the client computer device to the clearinghouse; authenticating, by the clearinghouse, the identity of the client computer device responsive to the request for the protected resources of the server computer by the client computer device; authenticating, by the clearinghouse, the identity of the server computer responsive to the client computer device making the request for the protected resources of the server computer; authorizing, by the clearinghouse, the client computer device to receive the protected resources requested by the client computer device, based on the stored authorization data associated with the requested protected resources; controlling by the clearinghouse access to the requested protected resources of the server computer responsive to successfully authenticating the server computer and the client computer device making the request and responsive to successfully authorizing the client computer device; assigning at least one authorization levels to the identity data of the client computer device; only permitting access to particular protected resources of the server computer by the client computer device based upon the particular authorization level assigned to the client computer device; monitoring communications between the server computer and the client computer device; and
,acquiring and storing transaction data associated with the client computer device.
- the method comprising;
-
117. A system for controlling access to protected computer resources provided via an Internet Protocol network, the system comprising:
-
at least one authentication server having an associated database to store (i) identity data of at least one access server, (ii) a digital identification associated with at least one client computer device requesting access to said protected computer resources, and (iii) data associated with said protected computer resources; said at least one client computer device having an associated access key, said digital identification being derived from said access key; said at least one client computer device adapted to forward said digital identification to said at least one access server; said at least one access server adapted to forward, to said at least one authentication server, said identity data and said digital identification received from said at least one client computer device; said at least one authentication server adapted to authenticate said identity data and said digital identification responsive to a request for said protected computer resources by said at least once client computer device; said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said requested protected computer resources, based on said stored data associated with said requested protected computer resources; and said at least one authentication server adapted to permit access to said at least said portion of said requested protected computer resources upon successfully authenticating said identity data and said digital identification and upon successfully authorizing said at least once client computer device. - View Dependent Claims (118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149)
-
-
150. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
-
storing (i) identity data of at least one access server, (ii) a digital identification associated with at least one client computer device, and (iii) data associated with the protected computer resources in at least one database associated with the at least one authentication server; receiving, at the at least one access server, a request from the at least one client computer device for the protected computer resources; deriving the digital identification from an access key associated with the at least one client computer device; receiving, at the at least one access server, the digital identification from the at least one client computer device; forwarding, from the at least one access server, the identity data and the digital identification to the at least one authentication server; authenticating, by the at least one authentication server, the identity data and the digital identification forwarded by the at least one access server; authorizing, by the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the at least one authentication server, to the at least the portion of the protected computer resources upon successfully authenticating the identity data and the digital identification and upon successfully authorizing the at least once client computer device. - View Dependent Claims (151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184)
-
-
185. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
-
storing (i) identity data of at least one access server, (ii) digital identifications associated with a plurality of client computer devices, and (iii) data associated with the protected computer resources in at least one database associated with the at least one authentication server; receiving, at the at least one access server, a request from at least one client computer device for the protected computer resources; deriving the digital identification from an access key associated with the at least one client computer device; receiving, at the at least one access server, the digital identification from the at least one client computer device; forwarding, from the at least one access server, the identity data and the digital identification to the at least one authentication server; authenticating, by the at least one authentication server, the identity data and the digital identification forwarded by the at least one access server authorizing, by the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the at least one authentication server, to the at least the portion of the protected computer resources based upon the outcome of authenticating the identity data and the digital identification and upon successfully authorizing the at least once client computer device.
-
-
186. A method for controlling access, by at least one authentication server, to protected computer resources provided via an Internet Protocol network, the method comprising:
-
storing (i) a digital identification associated with at least one client computer device, and (ii) data associated with the protected computer resources in at least one database associated with the at least one authentication server; receiving, at an at least one access server, a request from the at least one client computer device for the protected computer resources; deriving the digital identification from an access key associated with the at least one client computer device; receiving, at the at least one access server, the digital identification from the at least one client computer device; forwarding, from the at least one access server, the digital identification to the at least one authentication server; authenticating, by the at least one authentication server, the digital identification forwarded by the at least one access server; authorizing, by the at least one authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the at least one authentication server, to the at least the portion of the protected computer resources upon successfully authenticating the digital identification and upon successfully authorizing the at least once client computer device.
-
-
187. A system for controlling access to protected computer resources provided via an Internet Protocol network, the system comprising:
-
at least one authentication server having an associated database to store (i) a digital identification associated with at least one client computer device requesting access to said protected computer resources, and (ii) data associated with said protected computer resources; said at least one client computer device having an associated access key, said digital identification being derived from said access key; said at least one client computer device adapted to forward said digital identification to at least one access server; said at least one access server adapted to forward, to said at least one authentication server, said digital identification received from said at least one client computer device; said at least one authentication server adapted to authenticate said digital identification responsive to a request for said protected computer resources by said at least once client computer device; said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said requested protected computer resources, based on said stored data associated with said requested protected computer resources; and said at least one authentication server adapted to permit access to said at least said portion of said requested protected computer resources upon successfully authenticating said digital identification and upon successfully authorizing said at least once client computer device.
-
Specification