US2011296503A1PendingUtilityA1
Domain based authentication scheme
Est. expiryNov 20, 2028(~2.4 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 67/02
49
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.
Claims
exact text as granted — not AI-modified1 . A method, comprising:
accessing an authentication request including a first authentication object of a first domain and containing information specifying a network resource of the first domain; comparing the request for the first domain to a core identity database; authenticating the first domain according to the comparison; if the first domain is authenticated, accessing assertions made by the core identity of the first domain; and sending messaging to a client indicating that the first domain is authenticated, wherein the messaging provides a second different authentication object for a second different domain.
2 . The method of claim 1 , further comprising:
accessing a subsequently received authentication request including the second authentication object of the second domain and information specifying a network resource of the second domain; comparing the subsequently received authentication request for the second domain to the same or another core identity database; authenticating the second domain according to the comparison; and if the second domain is authenticated, sending messaging indicating that the second domain is authenticated.
3 . The method of claim 2 , further comprising:
the client to display an entire document comprising at least one frame corresponding to the network resource of the first domain and at least one frame corresponding to the network resource of the second domain; wherein at the time the entire document is displayed, ownership of both domains has been authenticated by the authentication authority.
4 . The method of claim 2 , wherein the authentication authority computing device comprises a plurality of different servers.
5 . The method of claim 2 , further comprising:
the client encoded with instructions that, if executed, result in: generating a checksum for each authentication request; sending the authentication requests with the checksums included therein to a RADIUS server; and receiving the messaging and correlating authentication results included therein to a respective one of the authentication requests by analyzing the messaging for the checksums.
6 . The method of claim 2 , further comprising:
the client encoded with instructions that, if executed, result in: receiving the messaging and extracting domain authentication results therefrom; sending the domain authentication results to a reputation based authentication service for verification.
7 . The method of claim 2 , further comprising:
the client encoded with instructions that, if executed, result in: federating with a Security Assertion Markup Language (SAML) Identity Provider (IdP) server; and signaling the SAML IdP server to identify a particular reputation based authentication service device to be federated with the client and the SAML IdP server.
8 . The method of claim 4 , further comprising:
a realm server with instructions that, if executed, result in: analyzing the authentication objects included in the authentication requests; identifying a particular one of the plurality of servers for each of the authentication requests based on results of the analyses; and forwarding the authentication requests according to the identification.
9 . The method of claim 4 , further comprising:
a SAML Identity Provider (IdP) server with instructions that, if executed, result in: analyzing the first authentication object to identify a particular one of the plurality of servers; federating the identified particular server with the client; analyzing the second authentication object to identify another particular one of the plurality of servers; and federating the identified another particular server with the client, wherein the federations are sequential.
10 . The method of claim 2 , further comprising:
a content server with instructions that, if executed, result in: receiving the first authentication object from the authentication authority computing device; generating a table entry on the content server to associate the first authentication object with a particular network call; and providing the first authentication object from the table entry to the same or another client whenever the particular network call is received.
11 . The method of claim 1 , further comprising:
correlating the first domain to a particular one of a plurality of validation standards; and authenticating the first domain according to the correlated standard; wherein the plurality of standards includes at least a first standard and a second standard, and wherein if the first domain is authenticated according to the first standard then the authentication authority computing device enables a computing device of the first domain to submit assertions with respect to a network resource of another domain.
12 . A method, comprising:
accessing a multi origin document that draws content from a plurality of different servers; downloading only a portion of the content and receiving therewith an authentication object corresponding to the downloaded portion of the content; sending a first authentication request for the received authentication object and receiving back an authentication response including a second authentication object; sending a second authentication request for the second authentication object; and downloading another different portion of the content based on an authentication response for the second authentication request.
13 . The method of claim 12 , wherein the servers are associated with different domains, and wherein the initially downloaded portion is obtained from a first domain server and the second downloaded portion is obtained from a second domain server.
14 . The method of claim 12 , further comprising:
inserting checksums into the authentication requests, wherein each of the authentication requests contains a different checksum value; and correlating the authentication responses to the authentication requests based on a checksum value analysis of the authentication responses.
15 . The method of claim 12 , further comprising:
federating with one or more network devices that conduct the authentication based on the authentication requests; identifying an additional network device to monitor authentication; and federating with the additional network device.
16 . An apparatus, comprising:
a first database formatted with assertions correlating domains with owners; a second database formatted with second assertions from the owners; an authentication authority computing device to control access to the databases, wherein the authentication authority computing device is configured to correlate a particular one of a plurality of defined privilege levels with each owner and provide the owners access to the second database according to their respective defined privilege level.
17 . The apparatus of claim 16 , wherein based on the controlling by the authentication authority computing device, the first database contains only assertions that are validated by the authentication authority and the second database contains at least some assertions that are not validated by the authentication authority.
18 . The apparatus of claim 17 , wherein the second database contains assertions by one of the owners with regard to network resources of the domain belonging to the owner.
19 . The apparatus of claim 18 , wherein the authentication authority computing device is configured to use the assertions in both the databases to control downloading by a client for a multi origin document, and wherein the first database correlates a master authentication object to each domain, and wherein the first database correlates sub authentication objects to a unique network call of at least one of the domains.
20 . The apparatus of claim 19 , wherein the second domain repeats at least one of the correlations between a particular authentication object and a particular unique network call.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.