GB2523851A

GB2523851A - An authentication method

Info

Publication number: GB2523851A
Application number: GB1407165.8A
Authority: GB
Inventors: Zdenek Kalenda; Patrick Carroll
Original assignee: Validsoft UK Ltd
Current assignee: Validsoft UK Ltd
Priority date: 2014-04-23
Filing date: 2014-04-23
Publication date: 2015-09-09
Also published as: GB201407165D0; WO2015162424A1

Abstract

In the independent claims a clients request to access an application server is met with an authentication request redirecting the client to a repository server. The client submits credentials to the repository server and is provided with authentication information (token, ticket?) if authentication is successful. The authentication information is then submitted to the application server. Dependent claims add further authentication steps. The application server may authenticate a credential locally before providing the redirect to the repository server. The application server may provide a further redirect a repository server for authentication of a credential upon receipt of the authentication information. Communications may be secured with signatures, message authentication/integrity codes (MAC/MIC) or encryption as appropriate.

Description

AN AUTHENTICATION METHOD

[0001] The present invention relates to an authentication method. In particular, certain embodiments of the present invention relates a more secure method of authenticating a client to an application server, when the client wishes to access services provided by the application server. Advantageously, certain embodiments of the present invention provide for more secure authentication while minimising the need to modify an existing application server.

BACKGROUND

[0002] The use of the Internet to access confidential information is increasing. This may include accessing online banking services. Other examples include accessing company or medical records. Typically a user will access such information through a standard web browser used to navigate web sites. In most cases web browsers incorporate the facility to provide communications security for communicating with a web server, for instance through the use of the Transport Layer Security (ILS) or Secure Sockets Layer (SSL) protocols. ILS and SSL allow for the exchange of a session key for encrypting data flowing between the parties, and for authentication of one or both parties by reference to a public key infrastructure.

[0003] In some cases, bespoke software may be used to provide increased security. For instance, online banking applications installed upon mobile devices may be used to provide a higher level of security. However, there is a recognised need to continually improve security when accessing confidential information.

[0004] With reference to Figure 1, when a client 100 is seeking access to an application server 102 to retrieve information or to access services, a key security step is for the server 102 to authenticate the client 100. According to the conventional prior art, authentication comprises the client 100 supplying at least one authentication credential to the server 102 across a communication channel 104. The authentication credential may comprise a previously shared secret, such as a username and password combination.

Secure authentication prevents confidential information from being transmitted to the wrong party. Secure authentication may also be a prerequisite for encrypting communications between a server and a client to prevent unauthorised interception of confidential information.

[0005] Over time the confidence placed in any one technique for authenticating a client to a server may decrease as new weaknesses are identified. It may be deemed desirable to provide an upgraded authentication method. Alternatively, for access to certain types of confidential information or for transactions that are considered to be high risk (for the example of online banking) it may be desired to provide additional authentication.

However, application servers are typically complex and it may be difficult or impossible to embed an alternative or additional authentication processes into the existing infrastructure.

This may be particularly the case where a proposed new authentication process differs fundamentally from the pre-existing authentication process, for instance where it is proposed to replace authentication based upon passwords with biometric authentication.

[0006] Known attempts to address this problem include OpenID (described at www.operud.net) and Security Assertion Markup Language (SAML) which both provide systems whereby password management is provided by a separate server. However, both rely on modifying an application server to communicate directly with a password management server, which may difficult and complex to achieve. The risk is therefore that weak authentication may be allowed to persist.

BRIEF SUMMARY OF THE DISCLOSURE

[0007] Certain embodiments of the present invention seek to improve communication security when a client accesses a server. In particular, certain embodiments of the present invention seek to provide an improved method for authenticating a client to a server. The present invention is not limited in application to a particular type of server or a particular type of service or confidential information provided by the server.

[0008] According to a first aspect of the present invention there is provided an authentication method comprising: receiving, at an application server from a client, a connection request; sending, from the application server to the client, a request for client authentication; receiving, at a repository server from the client, a first authentication request including a first authentication credential; authenticating the client at the repository server according to a first authentication method using the first authentication credential; sending, from the repository server to the client, first authentication information indicating whether the client is authenticated to the repository server; and forwarding the first authentication information from the client to the application server.

[0009] An advantage of certain embodiments of the present invention is that by providing a repository server arranged to implement authentication (or additional and! or alternative authentication) on behalf of an application server there is no need to modify the application server as new and improved authentication techniques become available. Each authentication method may be relatively weak, but by forming part of an authentication chain a gain in overall security is achieved. Furthermore, by allowing the application server and the repository server to communicate via the client, this allows the client to retain control of the authentication process and to optionally choose to withhold authentication credentials from the repository server or the application server if a security breach is suspected. Additionally, by separating out enhanced authentication from the application server this simplifies the operation of the application server which may make it more efficient. The repository server may be provided and / or operated by a separate entity, which may also contribute to enhanced security.

[0010] The connection request may further include a second authentication request including a second authentication credential. The method may further comprise: authenticating the client at the application server according to a second authentication method using the second authentication credential.

[0011] The first and second authentication methods may differ from one another or the first and second authentication credentials differ from one another.

[0012] The method may further comprise: determining, at the application server, whether the client is authenticated to the application server according to the second authentication method; if the client is authenticated to the application server according to the second authentication method, determining if further client authentication is required; and only sending the request for client authentication if it is determined that further authentication is required.

[0013] The method may further comprise: determining, at the application server, whether to permit the client to access services provided by the application server on the basis of the first authentication information; or determining, at the application server, whether to send a request for additional client authentication to the client on the basis of the first authentication information.

[0014] If it is determined at the application server to send a request for additional authentication to the client, the method may further comprise: receiving, at the client from the application server, a request for additional client authentication; receiving, at a repository server from the client, a third authentication request including a third authentication credential; authenticating the client at the repository server according to a third authentication method using the third authentication credential; sending, from the repository server to the client, additional authentication information indicating whether the client is authenticated to the repository server; and forwarding the additional authentication information from the client to the application server.

[0015] The first and third authentication methods may differ from one another, the first and third authentication credentials differ from one another or the repository server receiving the first authentication request differs from the repository server receiving the third authentication request.

[0016] The method may further comprise: signing, at the application server, a request for client authentication sent from the application server to the client such that the client cannot modify the request without detection; and generating, at the client, authentication requests by adding the an authentication credential to the signed request for client authentication.

[0017] The method may further comprise: signing, at the repository server, authentication information sent from the repository server to the client such that the client cannot modify the authentication information without detection.

[0018] The method may further comprise: encrypting messages sent between the client and the application server or the client and the repository server.

[0019] The or each request for client authentication sent form the application server to the client may indicate a repository server to be used or an authentication method to be used.

[0020] The method may further comprise: determining at the client whether to send an authentication request to a repository server indicated by the application server.

[0021] According to a second aspect of the present invention there is provided a method of operating an application server, the method comprising: receiving, from a client, a connection request; sending, to the client, a request for client authentication; and receiving, from the client, first authentication information indicating whether the client is authenticated to a repository server.

[0022] The connection request may further include a second authentication request including a second authentication credential; and wherein the method further comprises: authenticating the client according to a second authentication method using the second authentication credential; determining whether the client is authenticated to the application server according to the second authentication method; if the client is authenticated to the application server according to the second authentication method, determining if further authentication is required; and only sending the request for client authentication if it is determined that further authentication is required.

[0023] The method may further comprise: determining whether to permit the client to access services provided by the application server on the basis of the first authentication information; or determining whether to send a request for additional client authentication to the client on the basis of the first authentication information.

[0024] The method may further comprise: indicating in each request for client authentication a repository server to be used or an authentication method to be used.

[0025] According to a third aspect of the present invention there is provided a method of operating a client, the method comprising: sending, to an application server, a connection request; receiving, from the application server, a request for client authentication; sending, to a repository server, a first authentication request including a first authentication credential; receiving, from the repository server, first authentication information indicating whether the client is authenticated to the repository server; and forwarding the first authentication information to the application server.

[0026] The connection request may further include a second authentication request including a second authentication credential.

[0027] The method may further comprise: receiving, from the application server, confirmation of whether access to services provided by the application server is allowed.

[0028] The method may further comprise: receiving a request for addiUonal client authentication; sending, to a repository server, a third authentication request including a third authentication credential; receiving, from the repository server, additional authentication information indicating whether the client is authenticated to the repository server; and forwarding the additional authentication information from the client to the application server.

[0029] According to a fourth aspect of the present invention there is provided a method of operating a repository server, the method comprising: receiving, from a client, a first authentication request including a first authentication credential; authenticating the client according to a first authentication method using the first authentication credential; and sending, from the repository server to the client, first authentication information indicating whether the client is authenticated to the repository server; wherein the first authentication information is configured to confirm the identity of the client to an application server.

[0030] The method may further comprise: receiving, from the client, a third authentication request including a third authentication credential; authenticating the client according to a third authentication method using the third authentication credential; and sending, to the client, additional authentication information indicating whether the client is authenticated to the repository server.

[0031] According to a fifth aspect of the present invention there is provided an application server arranged to implement the method described above.

[0032] According to a sixth aspect of the present invention there is provided a client arranged to implement the method described above.

[0033] According to a seventh aspect of the present invention there is provided a repository server arranged to implement the method described above.

[0034] According to an eighth aspect of the present invention there is provided a system comprising: an application server as described above, a client as described above; and a repository server as described above.

[0035] Another aspect of the invention provides a computer program comprising instructions arranged, when executed, to implement a method in accordance with any one of the above-described aspects. A further aspect provides machine-readable storage storing such a program.

BRIEF DESCRIPTION OF THE DRAWINGS

[0036] Embodiments of the invention are further described hereinafter with reference to the accompanying drawings, in which: Figure 1 schematically illustrates communication between a client and an application server in accordance with the prior art; Figure 2 schematically illustrates communication between a client, an application server and a repository server implemented by, or collocated with, the application server, in accordance with an embodiment of the present invention; Figure 3 schematically illustrates communication between a client, an application server and a separate repository server in accordance with an embodiment of the present invention; Figure 4 is a flowchart illustrating the exchange of authentication information in accordance with an embodiment of the present invention; Figure 5 is a flowchart illustrating an authentication method implemented by an application server in accordance with an embodiment of the present invention; Figure 6 is a flowchart illustrating an authentication method implemented by an client in accordance with an embodiment of the present invention; and Figure 7 is a flowchart illustrating an authentication method implemented by a repository server in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION

[0037] The present inventors have recognised that the security of client authentication may be increased by implementing authentication procedures by a dedicated repository server. Advantageously, such a dedicated server may be readily provided and updated to take advantage of the most secure or appropriate authentication techniques. Such a server may be easier to maintain to ensure secure authentication than would be the case for implementing authentication through an application server. This repository server based authentication may be in addition to authentication procedures implemented natively by an application server, or may replace them entirely. By separately authenticating the same client two or more times using different credentials and I or authentication methods, either may the application server and the repository server or through the use of more than one repository server, a gain in security may be achieved as in order to compromise communications between the client and the server each authentication process must be separately defeated. Each authentication method may rely upon relatively weak authentication credentials, but in combination improved security is achieved. The gain in authentication security may be comparable to that achieved by providing for Out Of Band (OOB) authentication between the client and the server. As such the present invention may be referred to as Virtual OOB (VOOB) authentication. In OOB authentication a separate communication channel is used to exchange authentication credentials compared to the communication channel used to exchanging confidential information. For instance, online banking may use OOB authentication through a separate telephone call to authenticate the bank customer before authorising transactions.

[0038] In contrast to the conventional arrangement shown in Figure 1, whereby authentication credentials are exchanged only between a client and an application server, in accordance with certain embodiments of the present invention a repository server is also provided. Referring to Figure 2, the repository server 106 may be physically collocated with the application server 102, or the repository server 106 may be a virtual repository server implemented by the application server. In such a scenario communication between the client 100 and each server 102, 106 takes place across a single communication channel 104. Alternatively, the repository server 106 may be separate from the application server 102 as shown in Figure 3, and communications between the client 100 and the repository server 106 may take place across a different communication channel 108. The repository server 106 may be separately located. It will be understood that in practice at least part of the communication channels 104, 300 may be in common, for instance a network connection maintained by the client 100.

[0039] The repository server 106 serves to provide additional authentication services over and above those provided by the application server 102. The term "repository server5' refers to its role as a repository of authentication credentials for clients (or users of client devices) on behalf of the application server. The repository server 106 is arranged to implement authentication of the client 100. In practice the repository server may be any type of server or other computing device capable of fulfilling this role, and the term is not intended to be limiting beyond its ability to fulfil this role. The repository server 106 could indeed be an application server in respect of other applications and services.

[0040] In accordance with certain embodiments of the present invention the client 100 may authenticate itself to the application server 102 by providing a first authentication credential to the application server 102. However, the present invention is not limited to the client 100 authenticating itself to the application server 102, and in certain embodiments the client 100 may simply provide a connection request to the application server 102. If a first authentication credential is provided, the application server 102 can then apply a first authentication method to the first credential. If the application server 102 determines that additional authentication of the client is required (or that authentication is required if no preliminary authentication has been performed) then it sends a request for authentication or additional authentication to the client, which in turn sends a second authentication credential to the repository server 106. The repository server 106 can then authenticate the client 100 according to a second authentication method and send additional authentication information to the client 100, which in turn forwards the additional authentication information to the application server 102. If different authentication methods and / or credentials are used then an increase in overall authentication can be achieved.

There may be multiple requests for additional authentication directed to the repository server 106 or sent to different repository servers. Additionally, communications between the client 100, the application server 102 and the repository server 106 may be separately encrypted.

[0041] According to certain embodiments of the invention, encryption may be used to protect the secrecy of authentication credentials communicated from the client to the application server or the repository server. This encryption may be based on well-established public key encryption techniques using the public keys of the application server and the repository server respectively, which allows the authentication credentials to be encrypted before the secure authentication of the client has been completed.

According to certain embodiments of the invention, following each authentication process further communication between the client and each respective server may be separately encrypted using different encryption techniques so as to increase the complexity of the task presented to a would-be attacker. Furthermore, information exchanged between the application server and the repository server via the client may be separately encrypted, and thus may be doubly encrypted along each path of the communication pathway via the client. The present invention is not limited to the particular hardware arrangements shown in Figures 2 and 3. For instance, there may be multiple repository servers 106 and multiple different authentication methods applied, together with corresponding different encryption methods. In certain embodiments the application server 102 may require that the client 100 performs multiple authentication procedures with respect to multiple repository servers 106. The selection of repository server and authentication method is at the choice of the application server, though the present invention encompasses the option of the application server providing a selection of options to the client to choose between (for instance in the situation that different clients may be previously registered with or authenticated to different repository servers). Advantageously, according to the embodiments of the invention shown in Figures 2 and 3 the application server 102 may be largely unchanged. Further or alternative authentication methods may be added as needed by modifications to the repository server according to the nature of the confidential information to be exchanged or the transaction to be concluded.

[0042] According to certain embodiments of the present invention, the application server determines if additional if additional authentication is needed (over the authentication implemented by the application server, if any). According to certain embodiments of the present invention the application determines the nature of confidential information requested by the client or the nature of a transaction requested by the client. This may be through the use of a risk detection engine within the application server or accessed by the application server. If it is determined that additional authentication is required, certain embodiments of the present invention require that the application server has access to at least one known repository server that is trusted for additional authentication. In certain embodiments this knowledge and trust of the repository server may be preconfigured, for instance through exchange of public keys through a separate communication channel or offline such that the application server can recognise data signed by the secret key of the repository server and if required encrypt data to be sent to the repository server using the public key of the repository server, and vice versa.

[0043] In turn, certain embodiments of the present invention are reliant upon the repository server obtaining in advance authentication credentials for one or more client.

This may again require that the client trusts the repository server to store its authentication credentials. This collection of authentication credentials may be a one-time operation or a periodic process. The repository server can act on a simple collection of user and or device credentials but may be more advanced than this, such as incorporating the functionality to process complex biometric authentication for instance voice, retinal scan or face recognition. According to certain embodiments a repository server can learn and recognize user "habits" which serve as credentials, based, for example, on location at certain date and time, used applications or genre of music. While each credential may be weak in its own right, security is enhanced by it being part of an authentication chain. In certain embodiments of the invention a client device that has not previously been authenticated by the repository server may be used.

[0044] An authentication procedure based upon authenticating the user may be implemented, for instance based on biometric authentication. If the repository server is satisfied that the user has been authenticated then the repository server may gather credentials relating to the client device for use in future authentication procedures.

Another possible implementation is authentication based on zero knowledge whereby the repository server can determine whether the client is in possession of a secret (thereby authenticating the client) without the repository server knowing the secret in advance or the secret being disclosed to the repository server. Authentication based on a zero knowledge proof requires that the repository server poses a challenge or a series of challenges to the client that can only be correctly responded to assuming that the client does indeed hold that secret. Authentication based on a zero knowledge proof will be known to the skilled person, and is only a single example of a suitable authentication method that may be implemented as part of the present invention.

(0045] Authentication may be a complex and time consuming process. According to certain embodiments it is possible to keep the authentication trustworthy for future use, for instance for use in new sessions. This may be achieved by the use of X.509 user certificates issued by the repository server to the client for use in establishing TLS secure communications with the application server without the need to access the repository server again. The client is able to distribute its own attribute certificates (obtained from the repository server). The skilled person will be familiar with the conventional use of X.509 certificates and attribute certificates. As a further option, the certificates may be stored at the application server and the additional authentication information provided by the repository server may simply indicate the appropriate certificate for use by the application server for confirming the identity of the client.

(0046] An example of an authentication method in accordance with an embodiment of the present invention will now be described. In the following example the notation ["some-content"]R$P indicates that some-content" has been encrypted using the key RSP (the Public key of Repository Server) such that only the repository server can decrypt the content using its secret! private key. The notation f'some-content"}Rss indicates that "some-content" has been signed using the key RSS (the Secret/Private key of Repository Server) such that the recipient can have confidence that the content has not been modified and does originate from the repository server.

(0047] The additional authentication is performed between the client and the repository server and the result is passed by the client to the application server in the form of additional authentication information. Optionally, the client cannot change the additional authentication information without this being detectable by the application server owing to it being signed by the repository server. Optionally, the client may not be able to read the additional authentication information, if it is encrypted using the public key of the application server.

[0048] Each authentication procedure may rely on different credential exchange, different communication channels and different encryption methods. This leaves the attacker who has only partial knowledge of the different authentication attributes unable to intercept confidential information and it provides protection against identity theft. The communication channels can be physically different, though this is not essential according to the present invention. If one pad of the authentication is compromised the overall security is not affected. As an example, if the authentication method used to initially authenticate the client to the application server proves to be insecure (for instance, an easily guessed password) the application server will still ask for additional authentication, and the attacker will fail the additional authentication performed by the repository server.

The application server may be configured to detect unusual client behaviour, for instance multiple failures using a particular additional authentication method. One possible procedure could then be to block the client's access to the application server or to reset one or more of the authentication methods, for instance by distributing new passwords or by requiring out of band authentication to take place. This behaviour may be automatically implemented by the application server or may be as a result of an investigation by the application server administrator.

[0049] Additionally, if different authentication methods are used, the present invention provides protection even when a particular encryption method turns out to be insecure.

Additionally, if the repository server is able to implement a range of different authentication methods (or if multiple repository servers are used, each implementing different forms of authentication) then one or more can be omitted, when country regulations require the possibility of legal intervention during the time the client is visiting that country.

[0050] In order to further enhance the communications security, different encryption schemas may be used for each communication channel (client -application server, application server -repository server and for client -repository server). For instance, one communication channel may use AES (Rijndael) encryption while another may use Twofish (Bruce Schneier) encryption. As an example of different authentication methods the first communication channel (client and application server) may depend on user ID/password while the other (client and repository server) may depend on x509 certificates.

[0051] The exchange of authentication information will now be described in connection with Figure 4. Figure 4 illustrates an embodiment of the present invention in which the client first authenticates itself to the application server using an authentication procedure natively implemented by the application server. At step 400 the client wants to connect the application server. As discussed above, according to certain embodiments of the invention this step may be omitted and replaced with a connection request sent from the client to the application server. The client (C) sends an authentication request including an authentication credential to the application server (AS) according to the existing authentication method implemented by the application server. In certain embodiments this message may be sent in an encrypted foimat so as to preserve the secrecy of the first credential. This may be a user ID and password combination. This may be noted as: [0052] C "first credential" -* AS [0053] When receiving this authentication request the application server authenticates the client according to an existing authentication method implemented at the server.

Assuming this authentication is successful the application server has two options. The application server may accept this level of authentication and the client may be allowed to proceed to communicate with the application server. Alternatively the application server may ask for additional authentication. According to the second option, at step 402 the application server sends a request to the client for additional authentication. In the event that step 400 is a connection request without authentication then it will be understood that step 402 is the first request for authentication. The application seiver may be allowed to select from a preconfigured set of authentication methods which additional authentication is required. As an example, authentication method 3 may be selected. The request for additional authentication may contain the following attribute: authentication method (3 in this example). Optional additional attributes may include: user or alias name of the client; time stamp and URL of the application server AS; or the URL of the repository server (RS).

The attributes may be signed by the private key of the application servel such that they cannot be changed, undetected, by the client. Optionally at least part of the request for additional authentication may be encrypted. The (unencrypted but optionally signed) request for additional authentication may be noted as: [0054] AS "{additional authentication:3 required}ASS" -C [0055] At step 404 the client connects to the repository server and forwards the request for additional authentication, including a second authentication credential. In certain embodiments this message may be sent in an encrypted format so as to preseive the secrecy of the second credential. Typically, this authentication credential will be different from the authentication credential initially provided to the application server (if one was provided). Advantageously, if may be of a different type, thereby providing an increase in security due to the necessity of an attacker to defeat two different types of authentication.

This forwarded request may be noted as [0056] C "{additional authentication:3 required}$$, second credential" -RS [0057] The repository server then implements the additional authentication using authentication method 3 and the provided credential. The exact credential exchange depends on the authentication method selected by the application server.

[0058] After authenticating the client, the repository server constructs a message including additional authentication information at step 406 in order to inform the application server about the result of the additional authentication. The message may include: user or alias name; authentication method; OK or failed; time stamp; or URL of the application server. The data is signed by the private key of the repository server and optionally encrypted with the public key of the application server. This message might be partially encrypted and partially or fully readable as long as it is signed by the repository server to ensure that the client C is unable to change it (undetected). The unencrypted additional authentication information may be noted as: [0059] RS "{userlD,method:3,OK,time,URL}RSS" -. C [0060] The encrypted additional authentication information may be noted as: [0061] RS "[{userlD,method:3,OK,time,URL}R$$]ASF -* C [0062] At step 408 the client passes the additional authentication information to the application server: [0063] C"{userlD,method:3,OK,time,URL}RSS" -AS [0064] or [0065] C [{userl 0, method:3,OK,time, URL}RSS]ASP AS [0066] Upon receiving the additional authentication information the application server continues the login and authentication process. This may include sending further requests for additional authentication to the same repository server or different repository servers, optionally using different forms of authentication.

[0067] Referring to Figures 5 to 7, these illustrate in the form of flowcharts the implementation of an authentication method, according to the embodiment of the present invention according to Figure 4, at the application server, the client and the repository server respectively.

[0068] Referring to Figure 5, at step 500 the application server receives an authentication request including an authentication credential. At step 502 the application authenticates the client according to the authentication method native to the application server using the provided authentication credential. At step 504 the application server determines if additional authentication is required. If not then the process ends at step 510. If additional authentication is required then at step 506 the application server sends a request for additional authentication to the client. At step 508 the application server receives the additional authentication information from the client, allowing the application server to determine whether to communicate further with the client. When the application server has received the additional authentication information the application server determines whether that is sufficient to allow the client access to services and data. At step 510 the determination is made whether further additional authentication is required. If so, the process loops back to step 506. This request for additional authentication may be made repeatedly and may specify a different repository server and I or a different type of authentication each time. If the determination is made that no further additional authentication is required then the process ends at step 512.

[0069] Referring to Figure 6, at step 600 the client sends an authentication request including an authentication credentials to the application server. At step 602 the client determines whether a request for additional authentication is received. If not, then the process ends at step 610. If a request for additional authentication is received then at step 604 the client forwards the request for additional authentication to the repository server with an authentication credential. At step 606 the client receives the additional authentication information from the repository server. At step 608 the client forwards the additional authentication information to the application server. At step 610 a determination is made whether another request for additional authentication is received, and if not then the process ends at step 610. Otherwise, the process loops back to step 604.

[0070] An advantage of the present invention is that because the requests for additional authentication are communicated between the application server and the repository server via the client, the client retains the option not to engage with a particular request for additional authentication, and so not forward the additional authentication request and authentication credential to the repository server at step 604. This may be because the client is not currently registered with the repository server or does not recognise or trust the repository server or the authentication method. Optionally, the client may choose to communicate this back to the application server. The application server then has the option of how to proceed. The application server may choose to deny the client access to services and data, or to accept the client without further authentication. Alternatively, the application server may send a new request for additional authentication, optionally specifying a different repository server or a different authentication method.

[0071] Referring to Figure 7, at step 700 the repository server receives a request for additional authentication from the client. At step 702 the repository server authenticates the client according to the authentication method indicated by the request for additional authentication and the received authentication credential. At step 704 the repository server sends the additional authentication information to the client. The process ends at step 708 unless a further request for additional authentication is received at step 706.

[0072] According to certain embodiments of the present invention, the authentication of the client by the repository server at step 702 of Figure 7 may be based upon One Time Password (OTP) credentials sent by the client to the repository server at step 700. The OTP can be keyed-Hash Message Authentication Code (HMAC) based solution such as s/key. The skilled person will be aware of other pre-existing OTP based authentication methods that may be readily used. The selection of a particular authentication method may be according to the perceived strength and user convenience of each approach and the perceived value of the data to be protected. The present invention may be readily used with any authentication method reliant upon the client providing one or more authentication credential to the repository server.

[0073] As one example of a suitable authentication method, the client may have a X.509 certificate and a matching private key. The authentication of the client to the repository server is based on mutual key exchange. In order to use different encryption to the underlying TLS encryption between the client and the application server, elliptic curve encryption can be used instead of RSA encryption. On successful authentication the repository server provides the authentication proof (the additional authentication information) to the client. The client passes the additional authentication information to the application server. The application server now knows that the additional authentication succeeded and can accept the user or invoke extra authentication checks. In this particular case the communication between the client and application server can be upgraded in security using mutual certificate SSP/TLS connection using the client's authenticated X.509 certificate. However, this requires changing the configuration of the application server, though this configuration effoit is minimised as the repository server remains responsible for certificate validation.

[0074] As a further example of authentication by the repository server, attribute certificates may be used. Attribute certificates are defined in RFC 5755 and may be considered to be X.509 certificates containing authorisation attributes and not containing the subject's public key. The repository server can generate and send an attribute certificate upon successful authentication to the client. This is done in addition to the additional authentication information described above. This attribute certificate is generated by the repository server and defines the authorisation credentials for the client.

Optionally, the attribute certificate is published by the repository server. The client passes the data to the application server. Optionally, the client may announce the existence of the attribute certificate to the application server. Attributes certificates are a standardised authentication technique that will be well known to the skilled person. The application server may also cache the client certificate for its valid period to remove the need for further authentication of the client. It is also possible to enable the repository server to publish attribute certificates for use by other application servers, thereby avoiding the need for each application server to individually authenticate the same client.

[0075] According to a further embodiment of the present invention, upon receiving the additional authentication information from the client at step 508 of Figure 5 the application server may determine whether to accept the client or to invoke further authentication checks. Further authentication checks could involve the client sending further and different authentication credentials to the same repository server or a different repository server.

[0076] According to a further embodiment of the present invention, communications between the client and the application server may be encrypted. Some or all of the information exchanged between the application server and the repository server may be further encrypted. This further encryption may use a different encryption schema such that both encryption sessions would have to be compromised to gain access to the data.

Communications between the client and either the application server or the repository server may additionally be encrypted. It will be appreciated that according to certain embodiments of the invention, portions of the communications may be encrypted multiple times using different encryption protocols according to the authentication of the client to each respective server.

[0077] According to a further embodiment of the present invention, biometric authentication of a user of the client device may be used to authenticate the client to the repository server. For instance, voice biometric authentication may be used. Biometric authentication requires training during an enrolment process. Advantageously, by implementing this through a repository server the application server does not require modification to accommodate this complexity. The biometric authentication may be invoked by the application server in the same way as when invoking any other form of authentication, by indicating a selected authentication scheme in the request sent to the client at step 506 of Figure 5.

[0078] It will be appreciated that embodiments of the present invention can be realized in the form of hardware, software or a combination of hardware and software. Any such software may be stored in the form of volatile or non-volatile storage, for example a storage device like a ROM, whether erasable or rewritable or not, or in the form of memory, for example RAM, memory chips, device or integrated circuits or on an optically or magnetically readable medium, for example a CD, DVD, magnetic disk or magnetic tape or the like. It will be appreciated that the storage devices and storage media are embodiments of machine-readable storage that are suitable for storing a program or programs comprising instructions that, when executed, implement embodiments of the present invention.

[0079] Accordingly, embodiments provide a program comprising code for implementing apparatus or a method as claimed in any one of the claims of this specification and a machine-readable storage storing such a program. Still further, such programs may be conveyed electronically via any medium, for example a communication signal carried over a wired or wireless connection and embodiments suitably encompass the same.

[0080] Throughout the description and claims of this specification, the words "comprise" and "contain" and variations of them mean "including but not limited to", and they are not intended to (and do not) exclude other components, integers or steps. Throughout the description and claims of this specification, the singular encompasses the plural unless the context otherwise requires. In particular, where the indefinite article is used, the specification is to be understood as contemplating plurality as well as singularity, unless the context requires otherwise.

[0081] Features, integers or characteristics described in conjunction with a particular aspect, embodiment or example of the invention are to be understood to be applicable to any other aspect, embodiment or example described herein unless incompatible therewith.

All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive. The invention is not restricted to the details of any foregoing embodiments. The invention extends to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed. It will be also be appreciated that, throughout the description and claims of this specification, language in the general form of "X for Y" (where Y is some action, activity or step and X is some means for carrying out that action, activity or step) encompasses means X adapted or arranged specifically, but not exclusively, to do Y. [0082] The reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.

Claims

CLAIMS: 1. An authentication method comprising: receiving, at an application server from a client, a connection request; sending, from the application server to the client, a request for client authentication; receiving, at a repository server from the client, a first authentication request including a first authentication credential; authenticating the client at the repository server according to a first authentication method using the first authentication credential; sending, from the repository server to the client, first authentication information indicating whether the client is authenticated to the repository server; and forwarding the first authentication information from the client to the application server.
2. A method according to claim 1, wherein the connection request further includes a second authentication request including a second authentication credential; and wherein the method further comprises: authenticating the client at the application server according to a second authentication method using the second authentication credential.
3. A method according to claim 2, wherein the first and second authentication methods differ from one another or the first and second authentication credentials differ from one another.
4. A method according to claim 2 or claim 3, further comprising: determining, at the application server, whether the client is authenticated to the application server according to the second authentication method; if the client is authenticated to the application server according to the second authentication method, determining if further client authentication is required; and only sending the request for client authentication if it is determined that further authentication is required.
5. A method according to any one of claims 1 to 4, further comprising: determining, at the application server, whether to permit the client to access services provided by the application server on the basis of the first authentication information; or determining, at the application server, whether to send a request for additional client authentication to the client on the basis of the first authentication information.
6. A method according to claim 5, wherein if it is determined at the application server to send a request for additional authentication to the client, the method further comprises: receiving, at the client from the application server, a request for additional client authentication; receiving, at a repository server from the client, a third authentication request including a third authentication credential; authenticating the client at the repository server according to a third authentication method using the third authentication credential; sending, from the repository server to the client, additional authentication information indicating whether the client is authenticated to the repository server; and forwarding the additional authentication information from the client to the application server.
7. A method according to claim 6, wherein the first and third authentication methods differ from one another, the first and third authentication credentials differ from one another or the repository server receiving the first authentication request differs from the repository server receiving the third authentication request.
8. A method according to any one of the preceding claims, further comprising: signing, at the application server, a request for client authentication sent from the application server to the client such that the client cannot modify the request without detection; and generating, at the client, authentication requests by adding the an authentication credential to the signed request for client authentication.
9. A method according to any one of the preceding claims, further comprising: signing, at the repository server, authentication information sent from the repository server to the client such that the client cannot modify the authentication information without detection.
10. A method according to any one of the preceding claims, further comprising: encrypting messages sent between the client and the application server or the client and the repository server.
11. A method according to any one of the preceding claims, wherein the or each request for client authentication sent form the application server to the client indicates a repository server to be used or an authentication method to be used.
12. A method according to claim 11, further comprising: determining at the client whether to send an authentication request to a repository server indicated by the application server.
13. A method of operating an application server, the method comprising: receiving, from a client, a connection request; sending, to the client, a request for client authentication; and receiving, from the client, first authentication information indicating whether the client is authenticated to a repository server.
14. A method according to claim 13, wherein the connection request further includes a second authentication request including a second authentication credential; and wherein the method further comprises: authenticating the client according to a second authentication method using the second authentication credential; determining whether the client is authenticated to the application server according to the second authentication method; if the client is authenticated to the application server according to the second authentication method, determining if further authentication is required; and only sending the request for client authentication if it is determined that further authentication is required.
15. A method according to claim 13 to or claim 14, further comprising: determining whether to permit the client to access services provided by the application server on the basis of the first authentication information; or determining whether to send a request for additional client authentication to the client on the basis of the first authentication information.
16. A method according to any one claims 13 to 15, further comprising: indicating in each request for client authentication a repository server to be used or an authentication method to be used.
17. A method of operating a client, the method comprising: sending, to an application server, a connection request; receiving, from the application server, a request for client authentication; sending, to a repository server, a first authentication request including a first authentication credential; receiving, from the repository server, first authentication information indicating whether the client is authenticated to the repository server; and forwarding the first authentication information to the application server.
18. A method according to claim 1, wherein the connection request further includes a second authentication request including a second authentication credential.
19. A method of operating a client according to claim 17 or claim 18, further comprising: receiving, from the application server, confirmation of whether access to services provided by the application server is allowed.
20. A method according to claim 1701 claim 18, further comprising: receiving a request for additional client authentication; sending, to a repository server, a third authentication request including a third authentication credential; receiving, from the repository server, additional authentication information indicating whether the client is authenticated to the repository server; and forwarding the additional authentication information from the client to the application server.
21. A method of operating a repository server, the method comprising: receiving, from a client, a first authentication request including a first authentication credential; authenticating the client according to a first authentication method using the first authentication credential; and sending, from the repository server to the client, first authentication information indicating whether the client is authenticated to the repository server; wherein the first authentication information is configured to confirm the identity of the client to an application server.
22. A method according to claim 21, further comprising: receiving, from the client, a third authentication request including a third authentication credential; authenticating the client according to a third authentication method using the third authentication credential; and sending, to the client, additional authentication information indicating whether the client is authenticated to the repository server.
23. An application server arranged to implement the method of any one of claims 13 to 16.
24. A client arranged to implement the method of any one of claims 17 to 20.
25. A repository server arranged to implement the method of claim 21 or claim 22.
26. A system comprising: an application server according to claim 23, a client according to claim 24; and a repository server according to claim 25.CLAIMS: 1. A method of authenticating a client, the method comprising: receiving, at an application server from a client, a connection request; sending, from the application server to the client, a request for client authentication identifying at least one repository server and at least one associated authentication method; selecting, at the client, an identified repository server and an associated first authentication method; sending, from the client to the selected repository server, a first authentication request including a first authentication credential indicated by the selected authentication method; authenticating the client at the repository server according to the first authentication method using the first authentication credential; sending, from the repository server to the client, first authentication information indicating whether the client is authenticated to the repository server; and forwarding the first authentication information from the client to the application server. rr. . . 2. A method according to claim 1, wherein the connection request further includes a second authentication request including a second authentication credential; and wherein the method further comprises: authenticating the client at the application server according to a second authentication method using the second authentication credential.3. A method according to claim 2, wherein the first and second authentication methods differ from one another or the first and second authentication credentials differ from one another.4. A method according to claim 2 or claim 3, further comprising: determining, at the application server, whether the client is authenticated to the application server according to the second authentication method; if the client is authenticated to the application server according to the second authentication method, determining if further client authentication is required; and only sending the request for client authentication if it is determined that further authentication is required.5. A method according to any one of the preceding claims, further comprising: determining, at the application server, whether to permit the client to access services provided by the application server on the basis of the first authentication information; or determining, at the application server, whether to send a request for additional client authentication to the client on the basis of the first authentication information.6. A method according to claim 5, wherein if it is determined at the application server to send a request for additional authentication to the client, the method further comprises: receiving, at the client from the application server, a request for additional client authentication identifying at least one repository server and at least one associated authentication method; selecting, at the client, an identified repository server and an associated first authentication method; sending, from the client to the selected repository server, a third authentication request including a third authentication credential indicated by the selected authentication method; authenticating the client at the repository server according to a third authentication method using the third authentication credential; sending, from the repository server to the client, additional authentication r information indicating whether the client is authenticated to the repository server; and forwarding the additional authentication information from the client to the application server.7. A method according to claim 6, wherein the first and third authentication methods differ from one another, the first and third authentication credentials differ from one another or the repository server receiving the first authentication request differs from the repository server receiving the third authentication request.8. A method according to any one of the preceding claims, further comprising: signing, at the application server, a request for client authentication sent from the application server to the client such that the client cannot modify the request without detection; and generating, at the client, authentication requests by adding the an authentication credential to the signed request for client authentication.9. A method according to any one of the preceding claims, further comprising: signing, at the repository server, authentication information sent from the repository server to the client such that the client cannot modify the authentication information without detection.10. A method according to any one of the preceding claims, further comprising: encrypting messages sent between the client and the application server or the client and the repository server.11. A method according to claim 10, further comprising: encrypting messages sent between the application server and a repository server are separately encrypted using a different encryption technique such that the messages are doubly encrypted between the client and the application server or between the client and a repository server.12. A method according to any one of the preceding claims, further comprising: determining at the client whether to send an authentication request to a repository server indicated by the application server.13. A method of operating an application server, the method comprising: r..receiving, from a client, a connection request; sending, to the client, a request for client authentication identifying at least one repository server and at least one associated authentication method; and receiving, from the client, first authentication information indicating whether the client is authenticated to a repository server.14. A method according to claim 13, wherein the connection request further includes a second authentication request including a second authentication credential; and wherein the method further comprises: authenticating the client according to a second authentication method using the second authentication credential; determining whether the client is authenticated to the application server according to the second authentication method; if the client is authenticated to the application server according to the second authentication method, determining if further authentication is required; and only sending the request for client authentication if it is determined that further authentication is required.15. A method according to claim l3to or claim 14, further comprising: determining whether to permit the client to access services provided by the application server on the basis of the first authentication information; or determining whether to send a request for additional client authentication to the client on the basis of the first authentication information.16. A method according to any one claims 13 to 15, further comprising: indicating in each request for client authentication a repository server to be used or an authentication method to be used.17. A method of operating a client, the method comprising: sending, to an application server, a connection request; receiving, from the application server, a request for client authentication identifying at least one repository server and at least one associated authentication method; selecting an identified repository server and an associated first authentication method; sending, to the selected repository server, a first authentication request including a first authentication credential indicated by the selected authentication method; receiving, from the repository server, first authentication information indicating r..whether the client is authenticated to the repository server; and forwarding the first authentication information to the application server.18. A method according to claim 17, wherein the connection request further includes a second authentication request including a second authentication credential.19. A method of operating a client according to claim 17 or claim 18, further comprising: receiving, from the application server, confirmation of whether access to services provided by the application server is allowed.20. A method according to claim 1701 claim 18, further comprising: receiving a request for additional client authentication; sending, to a repository server, a third authentication request including a third authentication credential; receiving, from the repository server, additional authentication information indicating whether the client is authenticated to the repository server; and forwarding the additional authentication information from the client to the application server.21. A method of operating a repository server, the method comprising: receiving, from a client, a first authentication request including a first authentication credential; authenticating the client according to a first authentication method using the first authentication credential; and sending, from the repository server to the client, first authentication information indicating whether the client is authenticated to the repository server; wherein the first authentication information is configured to confirm the identity of the client to an application server; and wherein the repository server and the first authentication method are selected by the client from at least one repository server and at least one associated authentication method identified by a request for client authentication sent from the application server to the client.22. A method according to claim 21, further comprising: receiving, from the client, a third authentication request including a third r authentication credential; authenticating the client according to a third authentication method using the third authentication credential; and sending, to the client, additional authentication information indicating whether the client is authenticated to the repository server.23. An application server arranged to implement the method of any one of claims 13 to 16.24. A client arranged to implement the method of any one of claims 17 to 20.25. A repository server arranged to implement the method of claim 21 or claim 22.26. A system comprising: an application server according to claim 23, a client according to claim 24; and a repository server according to claim 25.