IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0944473
(2010-11-11)
|
등록번호 |
US-8387155
(2013-02-26)
|
발명자
/ 주소 |
- Gregg, Richard L.
- Giri, Sandeep
- Goeke, Timothy C.
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
26 인용 특허 :
167 |
초록
▼
A system for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol. The system includes at least one authentication server and at least one access server. The at least one authentication server is adapted to authenticate identity data asso
A system for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol. The system includes at least one authentication server and at least one access server. The at least one authentication server is adapted to authenticate identity data associated with at least one client computer device, is adapted to authorize the at least one client computer device to receive at least a portion of protected computer resources, and is adapted to permit access to the at least a portion of the protected computer resources. The at least one access server is adapted to receive the identity data associated with the at least one client computer device and forward the identity data associated with the at least one claim computer device to the at least one authentication server.
대표청구항
▼
1. A system for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the system comprising: at least one authentication server having an associated database to store (i) identity data associated with at least one client computer device,
1. A system for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the system comprising: at least one authentication server having an associated database to store (i) identity data associated with at least one client computer device, and (ii) data associated with said protected computer resources;at least one access server adapted to receive said identity data from said at least one client computer device;said at least one access server adapted to forward said identity data received from said at least one client computer device to said at least one authentication server;said at least one authentication server adapted to authenticate said identity data responsive to a request for said protected computer resources by said at least one client computer device;said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said protected computer resources, based on said stored data associated with said protected computer resources; andsaid at least one authentication server adapted to permit access to said at least a portion of said protected computer resources upon successfully authenticating said identity data and upon successfully authorizing said at least once client computer device. 2. The system of claim 1, wherein said identity data is one of derived and generated from at least one internal hardware component of said at least one client computer device. 3. The system of claim 1, wherein said identity data is one of derived and generated from at least a portion of a plurality of hardware components of said at least one client computer device. 4. The system of claim 1, wherein said identity data is one of derived and generated from one of an external device and an external object connected to said at least one client computer device. 5. The system of claim 4, wherein said one of an external device and an external object is a subscriber identity module. 6. The system of claim 1, wherein said identity data is one of derived and generated from one of an external device and an external object inserted into a reader associated with said at least one client computer device. 7. The system of claim 6, wherein said one of an external device and an external object is a subscriber identity module. 8. The system of claim 1, wherein said identity data associated with said at least one client computer device comprises a digital certificate. 9. The system of claim 1, wherein at least a portion of said identity data associated with said at least one client computer device is encrypted. 10. The system of claim 1, wherein said identity data associated with said at least one client computer device contains at least one hash value. 11. The system of claim 1, wherein said at least one client computer device is adapted to authenticate said at least one access server. 12. The system of claim 1, wherein said at least one access server is adapted to receive said identity data associated with said at least one client computer device and at least one of a username and a password. 13. The system of claim 1, wherein said at least one access server is adapted to receive said identity data associated with said at least one client computer device via a network utilizing at least one Internet Protocol. 14. The system of claim 1, wherein said identity data associated with said at least one client computer device is forwarded to said at least one access server. 15. The system of claim 1, wherein said identity data associated with said at least one client computer device is known in advance. 16. The system of claim 1, wherein said identity data associated with said at least one client computer device is unique to said at least one client computer device. 17. The system of claim 1, wherein said identity data associated with said at least one client computer device is unique to a group of client computer devices comprising said at least one client computer device. 18. The system of claim 1, wherein said data associated with said protected computer resources is stored in a database of at least one server computer associated with said at least one authentication server. 19. The system of claim 1, wherein said at least the portion of said protected computer resources are provided via a network utilizing at least one Internet Protocol to said at least one client computer device by at least one server computer associated with said at least one access server upon said at least one authentication server permitting access to said at least the portion of said protected computer resources. 20. The system of claim 1, wherein said at least the portion of said protected computer resources are stored in at least one of a plurality of server computers associated with said at least one access server. 21. The system of claim 1, wherein said at least the portion of said protected computer resources are stored in a database associated with said at least one access server. 22. The system of claim 1, wherein at least one of a plurality of server computers associated with said at least one access server is adapted to provide said at least the portion of said protected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least the portion of said protected computer resources. 23. The system of claim 1, wherein said at least a portion of said protected computer resources is encrypted. 24. The system of claim 1, wherein said at least one authentication server is located on a computer separate from said at least one access server. 25. The system of claim 1, wherein said at least one authentication server is located on the same computer as said at least one access server. 26. The system of claim 1, wherein at least one of the functions of said at least one authentication server are performed by another server associated with said at least one authentication server. 27. The system of claim 1, wherein said at least one authentication server is adapted to authenticate multiple client computer devices. 28. The system of claim 1, wherein said at least one authentication server is adapted to authenticate multiple access servers. 29. The system of claim 1, wherein said at least one authentication server is one of a plurality of servers adapted to authenticate. 30. The system of claim 1, wherein said at least one authentication server is one of a plurality of servers adapted to authorize. 31. The system of claim 1, wherein said at least one authentication server is one of a plurality of servers adapted to permit access. 32. The system of claim 1, wherein said authentication server is adapted to assign one of a plurality of authorization levels to said at least a portion of said protected computer resources, is adapted to assign a particular authorization level to said identity data associated with said at least one client computer device, and is adapted to only permit access to particular protected computer resources by said at least one client computer device permitted by said particular authorization level. 33. The system of claim 1, wherein said at least one access server is adapted to selectively require said at least one client computer device to forward said identity data associated with said at least one client computer device to said at least one access server. 34. The system of claim 1, wherein said at least one access server is adapted to selectively prompt said at least one client computer device to provide said identity data associated with said at least one client computer device and at least one of a username and a password to said at least once access server. 35. The system of claim 1, wherein said at least one access server is adapted to selectively query said at least one client computer device to one of derive and generate said identity data associated with said at least one client computer device. 36. The system of claim 1, wherein said at least one access server is adapted to change said identity data associated with said at least one client computer device, and to forward said changed identity data to said at least one authentication server. 37. The system of claim 1, wherein at least one of said at least one access server and a server associated with said at least one authentication server is adapted to acquire, for billing purposes, usage data of said at least a portion of said protected computer resources provided to said at least one client computer device. 38. A system for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the system comprising: at least one authentication server having an associated database to store (i) identity data of at least one access server, (ii) identity data associated with at least one client computer device, and (iii) data associated with said protected computer resources;said at least one access server adapted to receive said identity data from said at least one client computer device;said access server adapted to forward said identity data of said at least one access server and said identity data associated with said at least one client computer device received from said at least one client computer device to said at least one authentication server;said at least one authentication server adapted to authenticate said identity data of said at least one access server and said identity data associated with said at least one client computer device responsive to a request for said protected computer resources by said at least one client computer device;said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said protected computer resources, based on said stored data associated with said protected computer resources; andsaid at least one authentication server adapted to permit access to said at least said portion of said protected computer resources upon successfully authenticating said identity data of said access server and said identity data associated with said at least one client computer device, and upon successfully authorizing said at least once client computer device. 39. The system of claim 38, wherein said identity data is one of derived and generated from at least one internal hardware component of said at least one client computer device. 40. The system of claim 38, wherein said identity data is one of derived and generated from at least a portion of a plurality of hardware components of said at least one client computer device. 41. The system of claim 38, wherein said identity data is one of derived and generated from one of an external device and an external object connected to said at least one client computer device. 42. The system of claim 41, wherein said one of an external device and an external object is a subscriber identity module. 43. The system of claim 38, wherein said identity data is one of derived and generated from one of an external device and an external object inserted into a reader associated with said at least one client computer device. 44. The system of claim 43, wherein said one of an external device and an external object is a subscriber identity module. 45. The system of claim 38, wherein said identity data associated with said at least one client computer device comprises a digital certificate. 46. The system of claim 38, wherein at least a portion of said identity data associated with said at least one client computer device is encrypted. 47. The system of claim 38, wherein said identity data associated with said at least one client computer device contains at least one hash value. 48. The system of claim 38, wherein said at least one client computer device is adapted to authenticate said at least one access server. 49. The system of claim 38, wherein said at least one access server is adapted to receive said identity data associated with said at least one client computer device and at least one of a username and a password. 50. The system of claim 38, wherein said at least one access server is adapted to receive said identity data associated with said at least one client computer device via a network utilizing at least one Internet Protocol. 51. The system of claim 38, wherein said identity data is forwarded to said at least one access server. 52. The system of claim 38, wherein said identity data associated with said at least one client computer device is known in advance. 53. The system of claim 38, wherein said identity data associated with said at least one client computer device is unique to said at least one client computer device. 54. The system of claim 38, wherein said identity data associated with said at least one client computer device is unique to a group of client computer devices comprising said at least one client computer device. 55. The system of claim 38, wherein said data associated with said protected computer resources is stored in a database of at least one server computer associated with said at least one authentication server. 56. The system of claim 38, wherein said at least the portion of said protected computer resources are provided via a network utilizing at least one Internet Protocol to said at least one client computer device by at least one server computer associated with said at least one access server upon said at least one authentication server permitting access to said at least the portion of said protected computer resources. 57. The system of claim 38, wherein said at least the portion of said protected computer resources are stored in at least one of a plurality of server computers associated with said at least one access server. 58. The system of claim 38, wherein said at least the portion of said protected computer resources are stored in a database associated with said at least one access server. 59. The system of claim 38, wherein at least one of a plurality of server computers associated with said at least one access server is adapted to provide said at least the portion of said protected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least the portion of said protected computer resources. 60. The system of claim 38, wherein said at least a portion of said protected computer resources is encrypted. 61. The system of claim 38, wherein said at least one authentication server is located on a computer separate from said at least one access server. 62. The system of claim 38, wherein said at least one authentication server is located on the same computer as said at least one access server. 63. The system of claim 38, wherein at least one of the functions of said at least one authentication server are performed by another server associated with said at least one authentication server. 64. The system of claim 38, wherein said at least one authentication server is adapted to authenticate multiple client computer devices. 65. The system of claim 38, wherein said at least one authentication server is adapted to authenticate multiple access servers. 66. The system of claim 38, wherein said at least one authentication server is one of a plurality of servers adapted to authenticate. 67. The system of claim 38, wherein said at least one authentication server is one of a plurality of servers adapted to authorize. 68. The system of claim 38, wherein said at least one authentication server is one of a plurality of servers adapted to permit access. 69. The system of claim 38, wherein said authentication server is adapted to assign one of a plurality of authorization levels to said at least a portion of said protected computer resources, is adapted to assign a particular authorization level to said identity data associated with said at least one client computer device, and is adapted to only permit access to particular protected computer resources by said at least one client computer device permitted by said particular authorization level. 70. The system of claim 38, wherein said at least one access server is adapted to selectively require said at least one client computer device to forward said identity data associated with said at least one client computer device to said at least one access server. 71. The system of claim 38, wherein said at least one access server is adapted to selectively prompt said at least one client computer device to provide said identity data associated with said at least one client computer device and at least one of a username and a password to said at least once access server. 72. The system of claim 38, wherein said at least one access server is adapted to selectively query said at least one client computer device to one of derive and generate said identity data associated with said at least one client computer device. 73. The system of claim 38, wherein said at least one access server is adapted to change said identity data associated with said at least one client computer device, and to forward said changed identity data to said at least one authentication server. 74. The system of claim 38, wherein at least one of said at least one access server and a server associated with said at least one authentication server is adapted to acquire, for billing purposes, usage data of said at least a portion of said protected computer resources provided to said at least one client computer device. 75. A system for controlling access to protected computer resources provided via a network utilizing at least one Internet Protocol, the system comprising: at least one authentication server having an associated database to store (i) identity data of at least one access server, (ii) identity data of a subscriber identity module associated with at least one client computer device, and (iii) authorization data associated with said protected computer resources;said at least one authentication server adapted to register said identity data of a subscriber identity module associated with said at least one client computer device;said at least one access server adapted to receive (i) said identity data of a subscriber identity module associated with said at least one client computer device and (ii) a request for said protected computer resources from said at least one client computer device;said at least one client computer device adapted to receive an acknowledgement for said request for said protected computer resources from said at least one access server;said at least one access server adapted to forward (i) said identity data of said at least one access server and (ii) said identity data of a subscriber identity module received from said at least one client computer device to said at least one authentication server;said at least one authentication server adapted to authenticate (i) said identity data of said at least one access server and (ii) said identity data of a subscriber identity module associated with said at least one client computer device responsive to a request for said protected computer resources by said at least one client computer device;said at least one authentication server adapted to authorize said at least one client computer device to receive at least a portion of said protected computer resources, based on said stored authorization data associated with said protected computer resources;said at least one authentication server adapted to permit access to said at least said portion of said protected computer resources (i) upon successfully authenticating said identity data of said access server and said identity data of a subscriber identity module associated with said at least one client computer device, and (ii) upon successfully authorizing said at least one client computer device;at least one of said at least one access server and a server associated with said at least one authentication server adapted to acquire, for billing purposes, usage data of said at least a portion of said protected computer resources provided to said at least one client computer device; andsaid at least one authentication server adapted to re-authenticate said identity data of a subscriber identity module associated with said at least one client computer device. 76. The system of claim 75, wherein said at least one client computer device is adapted to authenticate said at least one access server. 77. The system of claim 75, wherein said at least one access server is adapted to receive said identity data of a subscriber identity module associated with said at least one client computer device and at least one of a username and a password. 78. The system of claim 75, wherein said at least one access server is adapted to receive said identity data of a subscriber identity module associated with said at least one client computer device via a network utilizing at least one Internet Protocol. 79. The system of claim 75, wherein the storing of said authorization data associated with said protected computer resources is stored in a database of at least one server computer associated with said at least one authentication server. 80. The system of claim 75, wherein said at least the portion of said protected computer resources are provided via a network utilizing at least one Internet Protocol to said at least one client computer device by at least one server computer associated with said at least one access server upon said at least one authentication server permitting access to said at least the portion of said protected computer resources. 81. The system of claim 75, wherein said at least the portion of said protected computer resources are stored in at least one of a plurality of server computers associated with said at least one access server. 82. The system of claim 75, wherein said at least the portion of said protected computer resources are stored in a database associated with said at least one access server. 83. The system of claim 75, wherein at least one of a plurality of server computers associated with said at least one access server is adapted to provide said at least the portion of said protected computer resources to said at least one client computer device upon said at least one authentication server permitting access to said at least the portion of said protected computer resources. 84. The system of claim 75, wherein said at least a portion of said protected computer resources is encrypted. 85. The system of claim 75, wherein said at least one authentication server is located on a computer separate from said at least one access server. 86. The system of claim 75, wherein said at least one authentication server is located on the same computer as said at least one access server. 87. The system of claim 75, wherein at least one of the functions of said at least one authentication server are performed by another server associated with said at least one authentication server. 88. The system of claim 75, wherein said at least one authentication server is adapted to authenticate multiple client computer devices. 89. The system of claim 75, wherein said at least one authentication server is adapted to authenticate multiple access servers. 90. The system of claim 75, wherein said at least one authentication server is one of a plurality of servers adapted to authenticate. 91. The system of claim 75, wherein said at least one authentication server is one of a plurality of servers adapted to authorize. 92. The system of claim 75, wherein said at least one authentication server is one of a plurality of servers adapted to permit access. 93. The system of claim 75, wherein said authentication server is adapted to assign one of a plurality of authorization levels to said at least a portion of said protected computer resources, is adapted to assign a particular authorization level to said identity data associated with said at least one client computer device, and is adapted to only permit access to particular protected computer resources by said at least one client computer device permitted by said particular authorization level. 94. The system of claim 75, wherein said at least one access server is adapted to selectively require said at least one client computer device to forward said identity data associated with said at least one client computer device to said at least one access server. 95. The system of claim 75, wherein said at least one access server is adapted to selectively prompt said at least one client computer device to provide said identity data associated with said at least one client computer device and at least one of a username and a password to said at least once access server. 96. The system of claim 75, wherein said at least one access server is adapted to selectively query said at least one client computer device to one of derive and generate said identity data associated with said at least one client computer device. 97. The system of claim 75, wherein said at least one access server is adapted to change said identity data associated with said at least one client computer device, and to forward said changed identity data to said at least one authentication server.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.