Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020091864 - CENTRALIZED AUTHENTICATION AND AUTHORIZATION

Publication Number WO/2020/091864
Publication Date 07.05.2020
International Application No. PCT/US2019/043786
International Filing Date 26.07.2019
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04W 12/06 2009.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
06Authentication
CPC
H04L 63/062
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
062for key distribution, e.g. centrally by trusted party
H04L 63/0807
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
0807using tickets, e.g. Kerberos
H04L 63/0892
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
0892by using authentication-authorization-accounting [AAA] servers or protocols
H04L 63/102
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
102Entity profiles
H04L 63/108
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
108when the policy decisions are valid for a limited amount of time
H04L 63/20
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
20for managing network security; network security policies in general
Applicants
  • INTUIT INC. [US]/[US]
Inventors
  • FEUTZ, Kevin
  • GOLOVINSKY, Eugene
  • KESELMAN, Gleb
  • LEVY, Varan
  • SHEFFER, Yaron
Agents
  • LAZAR, Dale, S.
  • PANNO, Nicholas
  • MINUTOLI, Gianni
  • NORTON, Lisa, K.
  • HEINTZ, James, M.
Priority Data
16/177,46601.11.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) CENTRALIZED AUTHENTICATION AND AUTHORIZATION
(FR) AUTHENTIFICATION ET AUTORISATION CENTRALISÉES
Abstract
(EN)
A processor of a central authority separate from a client and a service provider may receive an access request from the client. The access request may identify at least one of a client user and a client process. The processor may evaluate the access request to determine that the at least one of the client user and the client process complies with an access policy for the service provider. In response to determining that the at least one of the client user and the client process complies with the access policy, the processor may generate a credential including a key. The processor may send the credential to the client. The processor may receive the credential from the service provider. The processor may validate the key included in the credential. In response to the validating, the processor may cause the service provider to provide the client with access to the service.
(FR)
Selon la présente invention, un processeur d'une autorité centrale séparée d'un client et d'un fournisseur de services peut recevoir une demande d'accès en provenance du client. La demande d'accès peut identifier au moins l'un d'un utilisateur client et d'un processus client. Le processeur peut évaluer la demande d'accès afin de déterminer que l'utilisateur client et/ou le processus client sont conformes à une politique d'accès du fournisseur de services. En réponse à la détermination que l'utilisateur client et/ou le processus client sont conformes à la politique d'accès, le processeur peut générer un identifiant comprenant une clé. Le processeur peut envoyer l'identifiant au client. Le processeur peut recevoir l'identifiant du fournisseur de services. Le processeur peut valider la clé incluse dans l'identifiant. En réponse à la validation, le processeur peut amener le fournisseur de services à fournir au client un accès au service.
Latest bibliographic data on file with the International Bureau