United States Patent (10) Patent N0.: US 7,290,288 B2 Gregg Et A]
Total Page:16
File Type:pdf, Size:1020Kb
US007290288B2 (12) United States Patent (10) Patent N0.: US 7,290,288 B2 Gregg et a]. (45) Date of Patent: Oct. 30, 2007 (54) METHOD AND SYSTEM FOR 4,977,594 A 12/1990 Shear CONTROLLING ACCESS, BY AN 5,032,979 A 7/1991 Hecht et a1. AUTHENTICATION SERVER, T() 5,060,263 A 10/1991 Bosen et a1. PROTECTED COMPUTER RESOURCES 5,081,676 A 1/1992 Chou et e1~ PROVIDED VIA AN INTERNET PROTOCOL (Continued) NETWORK FOREIGN PATENT DOCUMENTS (75) Inventors: Richard L. Gregg, Omaha, NE (US); sandeep Gm’ Omaha, NE (Us); EP 941115818 2/1995 Timothy C. Goeke, Elkhorn, NE (US) (Continued) (73) Assignee: Prism Technologies, L.L.C., Omaha, OTHER PUBLICATIONS NE (Us) RFC 912*Authenticati0n Service, Internet Engineering Task Force, Sep. 1984. ( * ) Notice: Subject to any disclaimer, the term of this _ patent is extended or adjusted under 35 (comlnued) U'S'C' 154(1)) by 44 days‘ Primary ExamineriKambiZ Zand Assistant ExamineriAndreW L. Nalven (21) Appl' NO" 10/230’638 (74) Attorney, Agent, or FirmiMartin & Ferraro, LLP (22) F1led: Aug. 29, 2002 (57) ABSTRACT (65) Pnor Pubhcatlon Data A method and system for controlling access, by an authen US 2003/0046589 A1 Mar. 6, 2003 tication server, to protected computer resources provided via an lntemet Protocol network that includes storing (i) a (51) Int. Cl. digital identi?cation associated With at least one client H04L 21/00 (2006.01) computer device, and (ii) data associated With the protected (52) U.S. Cl. ......................................... .. 726/28; 705/51 computer resources in at least one database associated With (58) Field of Classi?cation Search .............. .. 713/201, the authentication server; authenticating, by the anthentiea 713/182, 165; 705/51; 726/28 tion server, the digital identi?cation forwarded by at least See application ?le for Complete Search history one access server; authorizing, by the authentication server, _ the at least one client computer device to receive at least a (56) References Clted portion of the protected computer resources requested by the U.S. PATENT DOCUMENTS at least one client computer device, based on the stored data associated With the requested protected computer resources; 4,691,355 A 9/1987 Wirstrom et a1. and permitting access, by the authentication server, to the at 4,694,492 A 9/1987 Wirstrom et a1. least the portion of the protected computer resources upon 4,864,494 A 9/1989 Kobus, Jr. successfully authenticating the digital identi?cation and 4,885,789 A 12/1989 Burger et a1. upon successfully authorizing the at least once client com 4,907,268 A 3/1990 Bosen et a1. 4,916,738 A 4/1990 Chandra et a1. puter device. 4,932,054 A 6/1990 Chou et a1. 4,962,449 A 10/1990 Schlesinger 187 Claims, 27 Drawing Sheets - ACCOUNT HOLDER SOFTWARE - ACCOUNT HOLDER ACCESS DEVICE (OPTIONAL) ' SECURE TRANSACTION SERVER SOFTWARE - SECURE TRANSACTION SERVER SITE ADMINISTRATION SOFTWARE ' ACCOUNT HOLDER ADMINISTRATION SOFTWARE ' TRANSACTION CLEARINGHOUSE SERVER SOFTWARE ‘ TRANSACTION CLEARNGHOUSE DATABASE ' SOL SERVER BACK END SYSTEM US 7,290,288 B2 Page 2 U.S. PATENT DOCUMENTS 5,809,144 A 9/1998 Sirbu et a1. 5,841,970 A * 11/1998 Tabuki ..................... .. 713/201 5,199,066 A 3/1993 Logan ......................... .. 380/4 5,878,142 A 3/1999 Caputo et 31‘ 5,204,961 A 4/1993 Barlow 5,889,958 A 3/1999 Willens 5,222,133 A 6/1993 Chou et al. .................. .. 380/4 5,922,074 A 7/1999 Richards et a1‘ 5,229,764 A 7/1993 Matchett et al. ......... .. 340/5.52 5,926,624 A 7/1999 KatZ et 31‘ 5,235,642 A 8/1993 Wobber et a1. 5,943,423 A g/1999 Muftic 5,247,575 A 9/1993 Spragne er 91 5,969,316 A 10/1999 Greer et al. 5,291,598 A 3/1994 Grundy .................... .. 395/650 5,982,898 A 11/1999 Hsu et 31‘ 5,315,657 A 5/ 1994 Abndi er nl- 5,987,232 A 11/1999 Tabuki 5,347,580 A 9/ 1994 Mnlvn er n1~ 5,999,711 A 12/1999 Misra et a1. 5349643 A 9/ 1994 COX er nl- 6,003,135 A 12/1999 Bialick et al. ............ .. 713/201 5,357,573 A 10/1994 Walters ..................... .. 380/25 6,005,939 A 12/1999 Fortenben-y et a1‘ ________ u 380/2l 5,371,794 A 12/1994 Dif?e er nl- 6,006,332 A 12/1999 Rabne etal. 5373561 A 12/1994 Hnberet nl- 6,021,202 A 2/2000 Anderson etal. 5,375,240 A 12/1994 Grundy .................... .. 395/700 6,035,402 A 3/2()()() Vaeth et 31‘ 5,379,343 A l/ 1995 6,041,411 A 3/2000 Wyatt ....................... .. 713/200 5,414,844 A 5/1995 6,047,376 A 4/2000 Hosoe 5,416,842 A 5/1995 __ 6,075,860 A 6/2000 Ketcham 5,428,745 A 6/1995 de Bruljn et a1. 6,088,451 A 7/2000 He et 31‘ 5,442,708 A 8/ 1995 Adams, 1n er nl- 6,212,634 B1 4/2001 Geer, Jr. et al. 5,444,782 A 8/1995 Adams, Jr. et al. 6,219,790 B1 4/2001 Lloyd et 31‘ 5,455,953 A 10/ 1995 Russell 6,223,984 B1 5/2001 Renner et al. 5483596 A l/ 1996 RnnenOW er nl- 6,249,873 B1 6/2001 Richard et al. 5,485,409 A V1996 Gupta et 81 6,377,994 B1* 4/2002 Aultetal. ................ .. 709/229 5,491,804 A 2/1996 Heath ....................... .. 395/275 6,553,492 B1 4/2003 Hosoe 5,497,421 A 3/1996 Kaufman et al. 5,499,297 A 3/19% Boeben FOREIGN PATENT DOCUMENTS 5,502,766 A 3/1996 Boebert et al. 5,502,831 A 3/1996 Grube ...................... .. 395/427 EP 96306390.4 9/1996 5,511,122 A 4/1996 Atkinson JP 07231159 9/1995 5,535,276 A 7/1996 Ganesan JP 07231160 9/1995 5,539,828 A 7/1996 Davis JP 10285156 10/1998 5,546,463 A 8/ 1996 Caputo et a1. WO WO94/26044 11/ 1994 5,572,673 A 11/1996 Shurts WO WO96/07256 3/1996 5,588,059 A 12/1996 Chandos et al. WO PCT/US00/03489 2/2000 5,590,197 A 12/1996 Chen et al. 5,590,199 A 12/1996 Krajewski, Jr. et al. OTHER PUBLICATIONS 5,592,553 A 1/1997 Guski et al. 5,604,804 A 2/l997 Micah RFC 931*Authentication Server, Internet Engineering Task Force, 5,606,615 A 2/1997 Lapointe et al. ............ .. 380/25 Jnn 1985 5,623,637 A 4/1997 Jones et a1‘ RFC 1004*A Distributed-Protocol Authentication Scheme, 5,629,980 A 5/1997 Ste?k et 31‘ Internet Engineering Task Force, Apr. 1987. 5,634,012 A 57997 Ste?k et a1‘ RFC 1507*DASS Distributed Authentication Security Service, 5,657,390 A 8/1997 Elgamal et 31‘ Internet Engineering Task Force, Sep. 1993. 5,659,616 A 8/1997 Sudia RFC1510~The Kerberos Network Authentication Service (V5), 5,666,411 A 9/1997 McCarthy .................... .. 380/4 Internet Engineering Task Force, Sen 1993 5,666,416 A 9/ 1997 Micah RFC 1 661*The Point-to-Point Protocol (PPP), Internet Engineer 5,677,953 A 10/1997 Dolphin lng Task Force, M 1994 5,677,955 A l0/l997 Doggett et a1‘ RFC 1636*Report of IAB Workshop on Security in the Internet 5,679,945 A 10/1997 Renner et a1‘ Architecture, Internet Engineering Task Force, Jun. 1994. 5,687,235 A 1 H1997 Perlman et a1‘ RFC 1704*On Internet Authentication, Internet Engineering Task 5,696,824 A 12/1997 Walsh Force, on 1994 5,699,431 A 12/1997 Van Ocschot et a1‘ RFC 1 731*IMAP4 Authentication Mechanisms, Internet Engineer 5,706,427 A 1/1998 Tabuki i118 Task Force, D99 1994 5,708,780 A 1/199g Levergood et a1, RFC 1826*IP Authentication Header, Internet Engineering Task 5,710,884 A 1/1998 Dedrick .................... .. 709/217 Force, A118 1995 5,715,} 14 A 2/1998 Payne et a1, RFC 1828*IP Authentication Using Keyed MD5, Internet Engi 5,717,756 A 2/1998 Coleman .................. .. 713/155 neering Task Force, Aug. 1995. 5,717,757 A 2/1998 Micali RFC 1994*PPP Challenge Handshake Authentication Protocol 5,717,758 A 2/1998 Micall (CHAP), Internet Engineering Task Force, Aug. 1996. 5,721,781 A 2/1998 Deo et a1. RFC 2002*IP Mobility Support, Internet Engineering Task Force, 5,724,424 A 3/1998 Gifford Oct. 1996. 5,740,361 A 4/1998 Brown RF C 2058*RemoteAuthentication Dial In User Service (RADIUS), 5,754,864 A 5/1998 Hill .......................... .. 395/712 Internet Engineering Task Force, Jan. 1997. 5,757,907 A 5/1998 Cooper et a1~ ~~~~~~~~~~~~~~~ ~~ 380/4 RFC 2069*An Extension to HTTP.‘ Digest Access Authentication, 5,761,309 A 6/1998 Ohashi 6t {11. .............. .. 380/25 Internet Engineering Task Force, Jan, 1997, 5,761,649 A 6/1998 Hill ........................... .. 705/27 RFC 2082*R1P-) MD 5 Authentication, Internet Engineering Task 5,765,152 A 6/1998 Erickson Force, Jan, 1997, 5,774,552 A 6/1998 Grimmer RFC 2085*HMAC-MD5 IP Authentication With Replay Preven 5,778,071 A 7/1998 Caputo et a1. tion, Internet Engineering Task Force, Feb. 1997. 5,781,723 A 7/ 1998 Yee et a1. RFC 21 39*RADI US Accounting, Internet Engineering Task Force, 5,793,868 A 8/1998 Micali Apr.