US20170078271A1 - Emulation Of Federative Authentication - Google Patents

Emulation Of Federative Authentication Download PDF

Info

Publication number
US20170078271A1
US20170078271A1 US15/124,902 US201415124902A US2017078271A1 US 20170078271 A1 US20170078271 A1 US 20170078271A1 US 201415124902 A US201415124902 A US 201415124902A US 2017078271 A1 US2017078271 A1 US 2017078271A1
Authority
US
United States
Prior art keywords
user
federation
authentication
credentials
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/124,902
Inventor
Menno Stijl
Rik Peters
Reinier Maria Van Der Drift
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Authasas BV
Original Assignee
Authasas BV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Authasas BV filed Critical Authasas BV
Publication of US20170078271A1 publication Critical patent/US20170078271A1/en
Assigned to AUTHASAS B.V. reassignment AUTHASAS B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: STIJL, MENNO
Assigned to AUTHASAS B.V. reassignment AUTHASAS B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PETERS, RIK
Assigned to AUTHASAS B.V. reassignment AUTHASAS B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: VAN DER DRIFT, REINIER MARIA
Priority to US16/736,988 priority Critical patent/US11146544B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates in general to the problem of recognizing the authenticity of the identity of a person in electronic communication.
  • Internet is an example of a medium that has allowed information services to become easily available for the public.
  • the information may range from rather innocent general information to more sensitive and confidential information, such as medical information, banking information, etc.
  • the information manager is required to make sure that information is only disclosed to authorized persons, and when a request is received to provide information, the information manager needs to ascertain that the requester actually is the person who he claims to be.
  • One way of doing this is by issuing to the requester credentials such as username and password.
  • the requester is asked to input his credentials; only if these credentials are recognized as being correct or a correct combination, the access request is accepted.
  • the process of checking the identity of a person is indicated as “authentication”.
  • the website receiving the request has an associated memory (database) with necessary data relating to persons for identifying them, such as for instance name, address, client number, etc.
  • the database will further have data defining which part of the information managed by this website is accessible to a certain person, for instance a bank account number.
  • the database will further have, for each person, a code which a user will give to identify himself: this code is typically the username. But usernames can be “guessed”, and anyone can give a username that is valid per se but not his own.
  • the password serves to check that the username is given by the correct person. Thus, for each person, apart from the username, the database will also store the password. Only if both are correct, the user will be given access.
  • FIG. 1 is a diagram schematically illustrating the process of normal authentication.
  • the workstation 2 for instance: PC
  • the workstation 2 of a user 1 is connected to a source domain A (for instance: internal office network).
  • the user wishes to gain access to a target application 3 (for instance: shielded database) in a target domain B (for instance: bank).
  • An example may be: accessing bank account information.
  • the target application 3 is associated with a credentials memory 13 , which contains information, illustratively shown in the form of a table, which information includes, for each person that has enrolled with the target domain B or with the target application 3 , a name identifying that person (user name), a key code (pass word), and the level of permission associated with this person.
  • biometric data such as fingerprint, iris scan etc, or a chip such as in a credit card, and the like, can be used for increasing the security level.
  • Authentication is, of course, rather cumbersome for the user. If he is accessing different domains, he needs to give his credentials every time he enters a new domain, and these credentials may differ per domain and/or per application. For the case where he approaches a second domain from within the context of a first domain, a solution has been conceived for this problem, known as “federation”, having the advantage that the user needs to input his credentials only once.
  • FIG. 2 is a diagram schematically illustrating the process of authentication federation.
  • the workstation 2 for instance: PC
  • source domain A for instance: internal office network
  • the source domain A has an associated user memory (database) 12 containing a table with validated user credentials. It is noted that these credentials apply in source domain A and are therefore different from the user credentials that apply in target application 3 .
  • these credentials are indicated as NAMEA and KEYA in domain A, and the respective values associated with this user 1 in domain A are indicated as NA 1 and KA 1 .
  • the user wishes to gain access to a target application 3 (for instance: shielded database) in a target domain B (for instance: bank).
  • Domain B is linked to domain A by an authentication federation service.
  • An example may be: accessing bank account information.
  • the target application 3 is prepared to accept federative authorisation, which means that its memory 13 also, as an alternative to credentials NAME and KEY, contains a different type of key indicated as Request Acceptance Token RAT.
  • federative authorisation which means that its memory 13 also, as an alternative to credentials NAME and KEY, contains a different type of key indicated as Request Acceptance Token RAT.
  • R 1 for user 1
  • this value is stored in the credentials memory 13 in domain B.
  • the target application 3 would, in stead of the user's credentials, accept the special token RAT, which is known in target domain B but not in source domain A.
  • the target application 3 as such can not handle the request for federative authorisation: for this purpose, the target domain B has a federation site 4 comprising a federation memory 14 (database) containing per user the special token RAT that has issued to the user by the target domain's federation site 4 .
  • This federation memory 14 further contains, per user, a special token that has in advance been established between the target domain's federation site 4 and the source domain A.
  • the source domain A is associated with a user memory 12 , which contains information, illustratively shown in the form of a table, which information includes, for each person that has enrolled with the source domain A, the user credentials NAMEA and KEYA as well as the associated special token for federation.
  • the source domain A may have negotiated federation agreements with more than one target domain
  • the target domain B may have negotiated federation agreements with more than one source domain.
  • the relevant information is always stored in the corresponding user memory 12 and federation memory 14 , respectively.
  • the special token for use with target domain B is indicated as TOKEN-B
  • the special token for use with source domain A is indicated as TOKEN-A.
  • a first step 101 the user's workstation 2 sends a request message to application 3 .
  • the request message is a Request Access via Federative Authentication message RAFA, which contains information signalling to the target application 3 that the access request includes a request to use authentication via federation.
  • the user's workstation 2 does not necessarily know in advance that federation is possible with this specific target application 3 .
  • a possible response to be expected may be that the target application does not support federation, in which case the user's workstation 2 must proceed by sending a normal access request message ARM.
  • the target application 3 replies to the user and redirects the user 1 to the federation site 4 .
  • the user's workstation 2 resends the Request Access via Federative Authentication message RAFA to the federation site 4 .
  • the target domain's federation site 4 comprises a database that contains information defining approved source domains and a corresponding federation site 5 of the approved source domains.
  • the target domain's federation site 4 recognizes the user's workstation 2 as belonging to source domain A and sends a response message RM to the user's workstation 2 , containing information referring the user's workstation 2 to the source federation site 5 .
  • a fifth step 105 the user's workstation 2 sends an Authentication Confirmation Request Message ACRM to the source federation site 5 .
  • This Authentication Confirmation Request Message ACRM includes an indication that the authentication is intended for target domain B. If the user is not logged in yet, the Authentication Confirmation Request Message ACRM must include the user's credentials NAMEA and KEYA such as known to the source domain A, otherwise, the credentials may be dispensed with.
  • a sixth step 106 in response to the Authentication Confirmation Request Message ACRM, the source federation site 5 sends an Authentication Confirmation Message ACM to the user's worktation 2 , which includes an Authentication Confirmation Token ACT.
  • This Authentication Confirmation Token ACT is the TOKEN-B recognized by the target domain's federation site 4 , having value T 1 for this user.
  • a seventh step 107 the user's workstation 2 sends to the target domain's federation site 4 a Source Domain Token Message SDTM, which includes the Authentication Confirmation Token ACT.
  • the Authentication Confirmation Token ACT has the meaning that the source domain A has received, checked and approved the user's credentials.
  • the target domain's federation site 4 trusts the source domain A authentication procedure, and validates the user's request without requiring further authentication from the user.
  • the target domain's federation site 4 in an eighth step 108 sends to the user's workstation 2 a Request Acceptance Message RAM which includes the Request Acceptance Token RAT corresponding with the Authentication Confirmation Token ACT.
  • the Request Acceptance Token RAT has value R 1 in this case.
  • a ninth step 109 the user's workstation 2 sends to the target application 3 an Access Request Message ARM, which includes the Request Acceptance Token RAT, which is recognized by the target application 3 as indicating that the target federation site 4 has approved the Request Access via Federative Authentication message RAFA.
  • the target application 3 allows the user's workstation 2 access.
  • the present invention aims to solve this problem, i.e. to offer the same functionality of federation to the user without the user being aware that the target application 3 does not support federation, and/or without the user being hindered by this fact.
  • FIGS. 1-4 are diagrams illustrating information exchange between stations.
  • FIG. 3 is a diagram comparable to FIG. 2 , schematically illustrating the process of authentication federation emulation.
  • the target application 3 does not just accept a token but expects to receive user credentials (such as user name and password).
  • the table in the credentials memory 13 does not have the column “RAT”.
  • the present invention provides an Authentication Federation Emulator 20 , which comprises an emulation memory 21 containing a translation table that contains, per user, a relationship between the Request Acceptance Token RAT and the user credentials UCB in domain B. The operation is as follows.
  • a first step 201 the user's workstation 2 sends a Request Access via Federative Authentication message RAFA, which contains information signalling to the application 3 that the access request includes a request to use authentication via federation.
  • the target application 3 replies to the user and refers the user (more particularly: the browser operating in the user's workstation 2 ) to the Authentication Federation Emulator 20 .
  • the user's workstation 2 resends the Request Access via Federative Authentication message RAFA to the Authentication Federation Emulator 20 .
  • the Authentication Federation Emulator 20 comprises a database that contains information defining approved source domains and a corresponding federation site 5 of the approved source domains.
  • the Authentication Federation Emulator 20 recognizes the user's workstation 2 as belonging to source domain A, recognizes that it should emulate federative authentication, and sends to the user's workstation 2 a first response message RM 1 containing information referring the user's workstation 2 to the target domain's federation site 4 .
  • a fifth step 205 the user's workstation 2 resends the Request Access via Federative Authentication message RAFA to the target domain's federation site 4 .
  • the situation is now comparable to the situation after third step 103 in FIG. 2 .
  • the target domain's federation site 4 comprises a database that contains information defining approved source domains, approved workstations within the respective approved source domains, and a corresponding federation site 5 of the approved source domains.
  • the target domain's federation site 4 recognizes the user's workstation 2 as belonging to source domain A and sends a second response message RM 2 to the user's workstation 2 , containing information referring the user's workstation 2 to the source federation site 5 .
  • a seventh step 207 the user's workstation 2 sends an Authentication Confirmation Request Message ACRM to the source federation site 5 .
  • This Authentication Confirmation Request Message ACRM includes an indication that the authentication is intended for target domain B. If the user is not logged in yet, the Authentication Confirmation Request Message ACRM must include the user's credentials NAMEA and KEYA such as known to the source domain A, otherwise, the credentials may be dispensed with.
  • the source federation site 5 in response to the Authentication Confirmation Request Message ACRM, sends an Authentication Confirmation Message ACM to the user's workstation 2 , which includes an Authentication Confirmation Token ACT.
  • This Authentication Confirmation Token ACT is the TOKEN-B recognized by the target domain's federation site 4 , having value T 1 for this user.
  • a ninth step 209 the user's workstation 2 sends to the target domain's federation site 4 a Source Domain Token Message SDTM, which includes the Authentication Confirmation Token ACT.
  • the Authentication Confirmation Token ACT has the meaning that the source domain A has received, checked and approved the user's credentials.
  • the target domain's federation site 4 trusts the source domain A authentication procedure, and validates the user's request without requiring further authentication from the user.
  • the target domain's federation site 4 in a tenth step 210 sends to the user's workstation 2 a Request Acceptance Message RAM which includes the Request Acceptance Token RAT corresponding with the Authentication Confirmation Token ACT.
  • the Request Acceptance Token RAT has value R 1 in this case.
  • steps 203 to 210 may be identical to steps 103 to 108 discussed above with reference to FIG. 2 .
  • Workstation 2 now has the Request Acceptance Token RAT (R 1 ), which would be sufficient for accessing the target application 3 if this target application would accept that. But as already indicated, the target application only accepts user credentials UCB, i.e. NAME and KEY.
  • the user's workstation 2 sends to the Authentication Federation Emulator 20 a Credential Request Message CRM which includes the Request Acceptance Token RAT.
  • the Authentication Federation Emulator 20 consults its emulation memory 21 and, after having checked and approved the Request Acceptance Token RAT, the Authentication Federation Emulator 20 , in a twelfth step 212 , sends to the user's workstation 2 a Credentials Conveyance Message CCM which includes the user's credentials UCB for domain B.
  • the user's workstation 2 sends to the target application 3 an Access Request Message ARM, which includes the user credentials UCB.
  • the target application 3 recognizes the user credentials UCB and allows the user's workstation 2 access.
  • the Authentication Federation Emulator 20 could be present within target domain B. However, in that case the situation would be equivalent to the user credentials UCB being stored in the federation memory 14 of the target domain's federation site 4 . Also, the Authentication Federation Emulator 20 could be present within source domain A, but in that case the situation would be equivalent to W the user credentials UCB being stored in the source domain's user memory 12 .
  • An aspect of the strength of the present invention is that the Authentication Federation Emulator 20 can be implemented as an independent website, which delivers an independent emulation service to customer 1 (or A).
  • a first step 301 the user's workstation 2 sends an Enrolment Request message ER to the Authentication Federation Emulator 20 .
  • the Authentication Federation Emulator 20 in a second step 302 sends a first response message RM 1 to the user's workstation 2 , containing information referring the user's workstation 2 to the target domain's federation site 4 .
  • a third step 303 user's workstation 2 resends the Enrolment Request message ER to the target domain's federation site 4 .
  • the target domain's federation site 4 comprises a database that contains information defining approved source domains and a corresponding federation site 5 of the approved source domains.
  • the target domain's federation site 4 recognizes the user's workstation 2 as belonging to source domain A and sends a second response message RM 2 to the user's workstation 2 , containing information referring the user's workstation 2 to the source federation site 5 .
  • a fifth step 305 the user's workstation 2 sends an Authentication Message AM to the source federation site 5 .
  • This Authentication Message AM includes the user's credentials UCA such as known to the source domain A, in this case NA 1 and KA 1 .
  • a sixth step 306 in response to the Authentication Message AM, the source federation site 5 sends an Authentication Confirmation Message ACM to the user's workstation 2 , which includes an Authentication Confirmation Token ACT.
  • This Authentication Confirmation Token ACT is the TOKEN-B recognized by the target domain's federation site 4 , having value T 1 for this user.
  • a seventh step 307 the user's workstation 2 sends to the target domain's federation site 4 a Source Domain Token Message SDTM, which includes the Authentication Confirmation Token ACT.
  • the Authentication Confirmation Token ACT has the meaning that the source domain A has received, checked and approved the user's credentials.
  • the target domain's federation site 4 trusts the source domain A authentication procedure, and validates the user's request without requiring further authentication from the user.
  • the target domain's federation site 4 in an eighth step 308 sends to the user's workstation 2 a Request Acceptance Message RAM which includes the Request Acceptance Token RAT corresponding with the Authentication Confirmation Token ACT.
  • the Request Acceptance Token RAT has value R 1 in this case.
  • Workstation 2 now has the Request Acceptance Token RAT (R 1 ), ready to be stored at the Authentication Federation Emulator 20 .
  • the user's workstation 2 sends to the Authentication Federation Emulator 20 a Token Conveyance Message TCM which includes the Request Acceptance Token RAT, having value R 1 in this case.
  • the Authentication Federation Emulator 20 stores the Request Acceptance Token RAT (value R 1 ) in its emulation memory 21 .
  • the Authentication Federation Emulator 20 in an eleventh step 311 sends to the user's workstation 2 a Request Input Of Credentials Message RIOCM, requesting the user to enter the user credentials UCB for use in target domain B (or for use in target application 3 only).
  • RIOCM Request Input Of Credentials
  • these user credentials UCB are the user credentials that the user has agreed or will agree with target domain B or target application 3 , respectively, by a normal login procedure, either before or after the present enrolment procedure.
  • a twelfth step 312 the user's workstation 2 sends a User Credentials Message UCM to the Authentication Federation Emulator 20 .
  • the User Credentials Message UCM contains the user credentials UCB, in this case N 1 and K 1 , inputted by user 1 .
  • the Authentication Federation Emulator 20 stores the user credentials UCB in its emulation memory 21 . The enrolment is now complete.
  • the emulation memory 21 now contains the relationship between the Request Acceptance Token RAT and user credentials UCB.
  • the present invention provides a method for emulating authentication federation between a source domain A and a target domain B.
  • a user in the source domain wishes to gain access to a target application 3 in the target domain.
  • the target application needs to receive authorized user credentials UCB.
  • the user has already given his credentials in the source domain A, where these credentials have already been verified.
  • the target domain B comprises an Authentication Federation Emulator 20 comprising a relationship between a Request Acceptance Token RAT and user credentials UCB associated with a specific user. After having obtained the Request Acceptance Token RAT from a federation site 4 of the target domain B, the user accesses the Authentication Federation Emulator 20 for obtaining the corresponding user credentials UCB and sends them to the target application 3 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A method for emulating authentication federation between a source domain and a target domain. A user in the source domain wishes to gain access to a target application in the target domain. The target application needs to receive authorized user credentials. The target domain includes an Authentication Federation Emulator having a relationship between a Request Acceptance Token and user credentials associated with a specific user. After having obtained the Request Acceptance Token from a federation site of the target domain, the user accesses the Authentication Federation Emulator for obtaining the corresponding user credentials and sends them to the target application.

Description

    FIELD OF THE INVENTION
  • The present invention relates in general to the problem of recognizing the authenticity of the identity of a person in electronic communication.
    • BACKGROUND OF THE INVENTION
  • Internet is an example of a medium that has allowed information services to become easily available for the public. The information may range from rather innocent general information to more sensitive and confidential information, such as medical information, banking information, etc. Thus, the information manager is required to make sure that information is only disclosed to authorized persons, and when a request is received to provide information, the information manager needs to ascertain that the requester actually is the person who he claims to be. One way of doing this is by issuing to the requester credentials such as username and password. When making the request of access, the requester is asked to input his credentials; only if these credentials are recognized as being correct or a correct combination, the access request is accepted.
  • The process of checking the identity of a person is indicated as “authentication”. Normally, the website receiving the request has an associated memory (database) with necessary data relating to persons for identifying them, such as for instance name, address, client number, etc, The database will further have data defining which part of the information managed by this website is accessible to a certain person, for instance a bank account number. The database will further have, for each person, a code which a user will give to identify himself: this code is typically the username. But usernames can be “guessed”, and anyone can give a username that is valid per se but not his own. The password serves to check that the username is given by the correct person. Thus, for each person, apart from the username, the database will also store the password. Only if both are correct, the user will be given access.
  • FIG. 1 is a diagram schematically illustrating the process of normal authentication. The workstation 2 (for instance: PC) of a user 1 is connected to a source domain A (for instance: internal office network). The user wishes to gain access to a target application 3 (for instance: shielded database) in a target domain B (for instance: bank). An example may be: accessing bank account information. The target application 3 is associated with a credentials memory 13, which contains information, illustratively shown in the form of a table, which information includes, for each person that has enrolled with the target domain B or with the target application 3, a name identifying that person (user name), a key code (pass word), and the level of permission associated with this person. When user 1 wishes to gain access to the target application 3, he sends to the target application 3 an Access Request Message ARM, which contains the user credentials UCB for the target application 3, in this case N1 and K1. The target application 3 checks the received values N1 and K1 in its credentials memory 13, and grants permission P1.
  • It is noted that this check is not actually a guarantee that the person inputting the credentials actually is the person specified in the credentials memory 13. As alternative or in addition to a username and password, biometric data such as fingerprint, iris scan etc, or a chip such as in a credit card, and the like, can be used for increasing the security level.
  • Authentication is, of course, rather cumbersome for the user. If he is accessing different domains, he needs to give his credentials every time he enters a new domain, and these credentials may differ per domain and/or per application. For the case where he approaches a second domain from within the context of a first domain, a solution has been conceived for this problem, known as “federation”, having the advantage that the user needs to input his credentials only once.
  • FIG. 2 is a diagram schematically illustrating the process of authentication federation. The workstation 2 (for instance: PC) of user 1 is connected to source domain A (for instance: internal office network). The source domain A has an associated user memory (database) 12 containing a table with validated user credentials. It is noted that these credentials apply in source domain A and are therefore different from the user credentials that apply in target application 3. For distinction, these credentials are indicated as NAMEA and KEYA in domain A, and the respective values associated with this user 1 in domain A are indicated as NA1 and KA1.
  • The user wishes to gain access to a target application 3 (for instance: shielded database) in a target domain B (for instance: bank). Domain B is linked to domain A by an authentication federation service. An example may be: accessing bank account information. The target application 3 is prepared to accept federative authorisation, which means that its memory 13 also, as an alternative to credentials NAME and KEY, contains a different type of key indicated as Request Acceptance Token RAT. For each user who is allowed to use federative authorisation, a unique value for such token has been fixed, in this case R1 for user 1, and this value is stored in the credentials memory 13 in domain B.
  • Thus, the target application 3 would, in stead of the user's credentials, accept the special token RAT, which is known in target domain B but not in source domain A. However, the target application 3 as such can not handle the request for federative authorisation: for this purpose, the target domain B has a federation site 4 comprising a federation memory 14 (database) containing per user the special token RAT that has issued to the user by the target domain's federation site 4. This federation memory 14 further contains, per user, a special token that has in advance been established between the target domain's federation site 4 and the source domain A. The source domain A, in turn, is associated with a user memory 12, which contains information, illustratively shown in the form of a table, which information includes, for each person that has enrolled with the source domain A, the user credentials NAMEA and KEYA as well as the associated special token for federation.
  • It is noted that the source domain A may have negotiated federation agreements with more than one target domain, and that the target domain B may have negotiated federation agreements with more than one source domain. The relevant information is always stored in the corresponding user memory 12 and federation memory 14, respectively. Thus, in the user memory 12, the special token for use with target domain B is indicated as TOKEN-B, while in the federation memory 14, the special token for use with source domain A is indicated as TOKEN-A.
  • In a first step 101, the user's workstation 2 sends a request message to application 3. In contrast to the normal situation illustrated in FIG. 1, the request message is a Request Access via Federative Authentication message RAFA, which contains information signalling to the target application 3 that the access request includes a request to use authentication via federation. The user's workstation 2 does not necessarily know in advance that federation is possible with this specific target application 3. Thus, a possible response to be expected may be that the target application does not support federation, in which case the user's workstation 2 must proceed by sending a normal access request message ARM.
  • Thus, in a second step 102, the target application 3 replies to the user and redirects the user 1 to the federation site 4. This means that the reply message contains information of the address of the target domain's federation site 4. Subsequently, in a third step 103, the user's workstation 2 resends the Request Access via Federative Authentication message RAFA to the federation site 4.
  • The target domain's federation site 4 comprises a database that contains information defining approved source domains and a corresponding federation site 5 of the approved source domains. Thus, in a fourth step 104, the target domain's federation site 4 recognizes the user's workstation 2 as belonging to source domain A and sends a response message RM to the user's workstation 2, containing information referring the user's workstation 2 to the source federation site 5.
  • In a fifth step 105, the user's workstation 2 sends an Authentication Confirmation Request Message ACRM to the source federation site 5. This Authentication Confirmation Request Message ACRM includes an indication that the authentication is intended for target domain B. If the user is not logged in yet, the Authentication Confirmation Request Message ACRM must include the user's credentials NAMEA and KEYA such as known to the source domain A, otherwise, the credentials may be dispensed with.
  • In a sixth step 106, in response to the Authentication Confirmation Request Message ACRM, the source federation site 5 sends an Authentication Confirmation Message ACM to the user's worktation 2, which includes an Authentication Confirmation Token ACT. This Authentication Confirmation Token ACT is the TOKEN-B recognized by the target domain's federation site 4, having value T1 for this user.
  • In a seventh step 107, the user's workstation 2 sends to the target domain's federation site 4 a Source Domain Token Message SDTM, which includes the Authentication Confirmation Token ACT. To the target domain's federation site 4, the Authentication Confirmation Token ACT has the meaning that the source domain A has received, checked and approved the user's credentials. The target domain's federation site 4 trusts the source domain A authentication procedure, and validates the user's request without requiring further authentication from the user. Thus, after having checked and approved the Authentication Confirmation Token ACT, having value T1 in this case, the target domain's federation site 4 in an eighth step 108 sends to the user's workstation 2 a Request Acceptance Message RAM which includes the Request Acceptance Token RAT corresponding with the Authentication Confirmation Token ACT. Thus, the Request Acceptance Token RAT has value R1 in this case.
  • Finally, in a ninth step 109, the user's workstation 2 sends to the target application 3 an Access Request Message ARM, which includes the Request Acceptance Token RAT, which is recognized by the target application 3 as indicating that the target federation site 4 has approved the Request Access via Federative Authentication message RAFA. Thus, the target application 3 allows the user's workstation 2 access.
  • While federation is thus quite comfortable to the user, it does not work if the target application 3 does not support federation, i.e. if the target application 3 requires the input of user credentials.
  • The present invention aims to solve this problem, i.e. to offer the same functionality of federation to the user without the user being aware that the target application 3 does not support federation, and/or without the user being hindered by this fact.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • These and other aspects, features and advantages of the present invention will be further explained by the following description of one or more preferred embodiments with reference to the drawings, in which same reference numerals indicate same or similar parts, and in which:
  • FIGS. 1-4 are diagrams illustrating information exchange between stations.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • FIG. 3 is a diagram comparable to FIG. 2, schematically illustrating the process of authentication federation emulation. Different from the situation in FIG. 2, the target application 3 does not just accept a token but expects to receive user credentials (such as user name and password). The table in the credentials memory 13 does not have the column “RAT”. To solve this problem, the present invention provides an Authentication Federation Emulator 20, which comprises an emulation memory 21 containing a translation table that contains, per user, a relationship between the Request Acceptance Token RAT and the user credentials UCB in domain B. The operation is as follows.
  • In a first step 201, the user's workstation 2 sends a Request Access via Federative Authentication message RAFA, which contains information signalling to the application 3 that the access request includes a request to use authentication via federation. In a second step 202, the target application 3 replies to the user and refers the user (more particularly: the browser operating in the user's workstation 2) to the Authentication Federation Emulator 20. Subsequently, in a third step 203, the user's workstation 2 resends the Request Access via Federative Authentication message RAFA to the Authentication Federation Emulator 20.
  • The Authentication Federation Emulator 20 comprises a database that contains information defining approved source domains and a corresponding federation site 5 of the approved source domains. Thus, in a fourth step 204, the Authentication Federation Emulator 20 recognizes the user's workstation 2 as belonging to source domain A, recognizes that it should emulate federative authentication, and sends to the user's workstation 2 a first response message RM1 containing information referring the user's workstation 2 to the target domain's federation site 4.
  • Then, in a fifth step 205, the user's workstation 2 resends the Request Access via Federative Authentication message RAFA to the target domain's federation site 4. The situation is now comparable to the situation after third step 103 in FIG. 2.
  • The target domain's federation site 4 comprises a database that contains information defining approved source domains, approved workstations within the respective approved source domains, and a corresponding federation site 5 of the approved source domains. Thus, in a sixth step 206, the target domain's federation site 4 recognizes the user's workstation 2 as belonging to source domain A and sends a second response message RM2 to the user's workstation 2, containing information referring the user's workstation 2 to the source federation site 5.
  • In a seventh step 207, the user's workstation 2 sends an Authentication Confirmation Request Message ACRM to the source federation site 5. This Authentication Confirmation Request Message ACRM includes an indication that the authentication is intended for target domain B. If the user is not logged in yet, the Authentication Confirmation Request Message ACRM must include the user's credentials NAMEA and KEYA such as known to the source domain A, otherwise, the credentials may be dispensed with.
  • In an eighth step 208, in response to the Authentication Confirmation Request Message ACRM, the source federation site 5 sends an Authentication Confirmation Message ACM to the user's workstation 2, which includes an Authentication Confirmation Token ACT. This Authentication Confirmation Token ACT is the TOKEN-B recognized by the target domain's federation site 4, having value T1 for this user.
  • In a ninth step 209, the user's workstation 2 sends to the target domain's federation site 4 a Source Domain Token Message SDTM, which includes the Authentication Confirmation Token ACT. To the target domain's federation site 4, the Authentication Confirmation Token ACT has the meaning that the source domain A has received, checked and approved the user's credentials. The target domain's federation site 4 trusts the source domain A authentication procedure, and validates the user's request without requiring further authentication from the user. Thus, after having checked and approved the Authentication Confirmation Token ACT, having value T1 in this case, the target domain's federation site 4 in a tenth step 210 sends to the user's workstation 2 a Request Acceptance Message RAM which includes the Request Acceptance Token RAT corresponding with the Authentication Confirmation Token ACT. Thus, the Request Acceptance Token RAT has value R1 in this case.
  • It is noted that steps 203 to 210 may be identical to steps 103 to 108 discussed above with reference to FIG. 2. Workstation 2 now has the Request Acceptance Token RAT (R1), which would be sufficient for accessing the target application 3 if this target application would accept that. But as already indicated, the target application only accepts user credentials UCB, i.e. NAME and KEY.
  • In an eleventh step 211, the user's workstation 2 sends to the Authentication Federation Emulator 20 a Credential Request Message CRM which includes the Request Acceptance Token RAT. The Authentication Federation Emulator 20 consults its emulation memory 21 and, after having checked and approved the Request Acceptance Token RAT, the Authentication Federation Emulator 20, in a twelfth step 212, sends to the user's workstation 2 a Credentials Conveyance Message CCM which includes the user's credentials UCB for domain B.
  • Finally, in a thirteenth step 213, the user's workstation 2 sends to the target application 3 an Access Request Message ARM, which includes the user credentials UCB. The target application 3 recognizes the user credentials UCB and allows the user's workstation 2 access.
  • It is noted that the Authentication Federation Emulator 20 could be present within target domain B. However, in that case the situation would be equivalent to the user credentials UCB being stored in the federation memory 14 of the target domain's federation site 4. Also, the Authentication Federation Emulator 20 could be present within source domain A, but in that case the situation would be equivalent to W the user credentials UCB being stored in the source domain's user memory 12. An aspect of the strength of the present invention is that the Authentication Federation Emulator 20 can be implemented as an independent website, which delivers an independent emulation service to customer 1 (or A).
  • In order for federation emulation to be possible, the relation between Request Acceptance Token RAT and user credentials UC must first be defined and stored in the emulation memory 21. This process is indicated as “enrolment” and illustrated in FIG. 4.
  • In a first step 301, the user's workstation 2 sends an Enrolment Request message ER to the Authentication Federation Emulator 20. The Authentication Federation Emulator 20 in a second step 302 sends a first response message RM1 to the user's workstation 2, containing information referring the user's workstation 2 to the target domain's federation site 4. In a third step 303, user's workstation 2 resends the Enrolment Request message ER to the target domain's federation site 4.
  • The target domain's federation site 4 comprises a database that contains information defining approved source domains and a corresponding federation site 5 of the approved source domains. Thus, in a fourth step 304 step, the target domain's federation site 4 recognizes the user's workstation 2 as belonging to source domain A and sends a second response message RM2 to the user's workstation 2, containing information referring the user's workstation 2 to the source federation site 5.
  • In a fifth step 305, the user's workstation 2 sends an Authentication Message AM to the source federation site 5. This Authentication Message AM includes the user's credentials UCA such as known to the source domain A, in this case NA1 and KA1.
  • In a sixth step 306, in response to the Authentication Message AM, the source federation site 5 sends an Authentication Confirmation Message ACM to the user's workstation 2, which includes an Authentication Confirmation Token ACT. This Authentication Confirmation Token ACT is the TOKEN-B recognized by the target domain's federation site 4, having value T1 for this user.
  • In a seventh step 307, the user's workstation 2 sends to the target domain's federation site 4 a Source Domain Token Message SDTM, which includes the Authentication Confirmation Token ACT. To the target domain's federation site 4, the Authentication Confirmation Token ACT has the meaning that the source domain A has received, checked and approved the user's credentials. The target domain's federation site 4 trusts the source domain A authentication procedure, and validates the user's request without requiring further authentication from the user. Thus, after having checked and approved the Authentication Confirmation Token ACT, having value T1 in this case, the target domain's federation site 4 in an eighth step 308 sends to the user's workstation 2 a Request Acceptance Message RAM which includes the Request Acceptance Token RAT corresponding with the Authentication Confirmation Token ACT. Thus, the Request Acceptance Token RAT has value R1 in this case.
  • Workstation 2 now has the Request Acceptance Token RAT (R1), ready to be stored at the Authentication Federation Emulator 20. In a ninth step 309, the user's workstation 2 sends to the Authentication Federation Emulator 20 a Token Conveyance Message TCM which includes the Request Acceptance Token RAT, having value R1 in this case. In a tenth step 310, the Authentication Federation Emulator 20 stores the Request Acceptance Token RAT (value R1) in its emulation memory 21.
  • In response to the Token Conveyance Message TCM, the Authentication Federation Emulator 20 in an eleventh step 311 sends to the user's workstation 2 a Request Input Of Credentials Message RIOCM, requesting the user to enter the user credentials UCB for use in target domain B (or for use in target application 3 only). It is noted that these user credentials UCB are the user credentials that the user has agreed or will agree with target domain B or target application 3, respectively, by a normal login procedure, either before or after the present enrolment procedure.
  • In a twelfth step 312, the user's workstation 2 sends a User Credentials Message UCM to the Authentication Federation Emulator 20. The User Credentials Message UCM contains the user credentials UCB, in this case N1 and K1, inputted by user 1. In a thirteenth step 313, the Authentication Federation Emulator 20 stores the user credentials UCB in its emulation memory 21. The enrolment is now complete.
  • It should be clear that the emulation memory 21 now contains the relationship between the Request Acceptance Token RAT and user credentials UCB.
  • Thus, the present invention provides a method for emulating authentication federation between a source domain A and a target domain B.
    A user in the source domain wishes to gain access to a target application 3 in the target domain. The target application needs to receive authorized user credentials UCB. The user has already given his credentials in the source domain A, where these credentials have already been verified.
    The target domain B comprises an Authentication Federation Emulator 20 comprising a relationship between a Request Acceptance Token RAT and user credentials UCB associated with a specific user.
    After having obtained the Request Acceptance Token RAT from a federation site 4 of the target domain B, the user accesses the Authentication Federation Emulator 20 for obtaining the corresponding user credentials UCB and sends them to the target application 3.
  • It should be clear to a person skilled in the art that the present invention is not limited to the exemplary embodiments discussed above, but that several variations and modifications are possible within the protective scope of the invention as defined in the appending claims. For instance, two or more functions may be performed by one single entity, unit or processor. Even if certain features are recited in different dependent claims, the present invention also relates to an embodiment comprising these features in common. Any reference signs in a claim should not be construed as limiting the scope of that claim.
  • In the above, the present invention has been explained with reference to block diagrams, which illustrate functional blocks of the device according to the present invention. It is to be understood that one or more of these functional blocks may be implemented in hardware, where the function of such functional block is performed by individual hardware components, but it is also possible that one or more of these functional blocks are implemented in software, so that the function of such functional block is performed by one or more program lines of a computer program or a programmable device such as a microprocessor, microcontroller, digital signal processor, etc.

Claims (6)

1. Method of emulating authentication federation between a source domain and a target domain capable of communicating electronic messages to each other;
wherein the target domain comprises a target application and a target federation site;
wherein the target application is associated with a credentials memory containing authorized user credentials;
wherein the user needs to provide his specific user credentials to the target application in order to obtain access;
wherein the source domain comprises a source federation site and a user's workstation wishing to gain access to the target application;
wherein the source federation site comprises a user memory containing per user a relationship between authorized user source credentials and an Authentication Confirmation Token for use in target domain;
wherein the target federation site comprises a federation memory containing per user a relationship between Authentication Confirmation Token for use by source domain and a Request Acceptance Token;
wherein the method comprises the steps of:
providing an Authentication Federation Emulator that comprises an emulator memory containing per user a relationship between the Request Acceptance Token of federation memory and the user credentials of credentials memory.
2. Method according to claim 1, wherein the Authentication Federation Emulator is programmed to:
receive from the user a Credential Request Message containing the Request Acceptance Token; and
in response to receiving the Credential Request Message and based on the information in its emulation memory, to send to the user a Credentials Conveyance Message which includes the user credentials associated with the user's Request Acceptance Token.
3. Method according to claim 1, wherein the Authentication Federation Emulator is programmed to:
receive from the user a Request Access via Federative Authentication message; and
in response to receiving the Request Access via Federative Authentication message, to send to the user a first response message containing address information of the target federation site.
4. Method for granting a user's workstation in a source domain access to a target application in a target domain;
wherein the target application is associated with a credentials memory containing authorized user credentials;
wherein the user needs to provide his specific user credentials to the target application in order to obtain access;
wherein the method comprises the method of emulating authentication federation according to claim 1;
wherein the method further comprises successively:
a first access request stage in which:
the user's workstation sends to the target application a Request Access via Federative Authentication message containing information signaling to the target application that the access request includes a request to use authentication via federation;
the target application sends to the user a reply message containing address information of the Authentication Federation Emulator;
a federation stage in which the user's workstation is provided with the user's specific user credentials on the basis of his authorized user source credentials;
a second access request stage in which:
the user's workstation sends to the target application an Access Request Message (ARM) containing the specific user credentials;
wherein the federation stage comprises the steps of:
using the information received with the reply message from the target application, the user's workstation resends the Request Access via Federative Authentication message to the Authentication Federation Emulator;
the Authentication Federation Emulator replies to the user's workstation a first response message containing address information of the target federation site;
using the information received with the first response message from the Authentication Federation Emulator, the user's workstation resends the Request Access via Federative Authentication message to the target federation site;
the target domain's federation site replies to the user's workstation a second response message containing address information of the source federation site;
the user's workstation sends to the source federation site an Authentication Confirmation Request Message containing an indication of the specific target domain for which the authentication is intended and possibly containing the authorized user source credentials;
in response to the Authentication Confirmation Request Message, based on the information in its source memory, the source federation site sends to the user's workstation an Authentication Confirmation Message containing the Authentication Confirmation Token associated with the user's authorized user source credentials;
using the information received with the Authentication Confirmation Message from the source federation site, the user's workstation sends to the target federation site a Source Domain Token Message containing the Authentication Confirmation Token;
in response to the Source Domain Token Message, based on the information in its federation memory, the target federation site sends to the user's workstation a Request Acceptance Message which includes the Request Acceptance Token associated with the user's Authentication Confirmation Token;
using the information received with the Request Acceptance Message from the target federation site, the user's workstation sends to the Authentication Federation Emulator a Credential Request Message containing the Request Acceptance Token; and
in response to the Credential Request Message and based on the information in its emulation memory, the Authentication Federation Emulator sends to the user's workstation a Credentials Conveyance Message which includes the user credentials associated with the user's Request Acceptance Token.
5. Authentication Federation Emulator for use in a method according to claim 1, the Authentication Federation Emulator comprising an emulator memory containing per user a relationship between the Request Acceptance Token of the federation memory of the target domain and the user credentials of credentials memory of the target domain.
6. Method according to claim 2, wherein the Authentication Federation Emulator is programmed to:
receive from the user a Request Access via Federative Authentication message; and
in response to receiving the Request Access via Federative Authentication message, to send to the user a first response message containing address information of the target federation site.
US15/124,902 2013-03-08 2014-03-10 Emulation Of Federative Authentication Abandoned US20170078271A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/736,988 US11146544B2 (en) 2013-03-08 2020-01-08 Emulation of federative authentication

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
NL1040084A NL1040084C2 (en) 2013-03-08 2013-03-08 Emulation of federative authentication.
NL1040084 2013-03-08
PCT/NL2014/000010 WO2014137208A1 (en) 2013-03-08 2014-03-10 Emulation of federative authentication

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/NL2014/000010 A-371-Of-International WO2014137208A1 (en) 2013-03-08 2014-03-10 Emulation of federative authentication

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/736,988 Division US11146544B2 (en) 2013-03-08 2020-01-08 Emulation of federative authentication

Publications (1)

Publication Number Publication Date
US20170078271A1 true US20170078271A1 (en) 2017-03-16

Family

ID=49170781

Family Applications (2)

Application Number Title Priority Date Filing Date
US15/124,902 Abandoned US20170078271A1 (en) 2013-03-08 2014-03-10 Emulation Of Federative Authentication
US16/736,988 Active 2034-04-05 US11146544B2 (en) 2013-03-08 2020-01-08 Emulation of federative authentication

Family Applications After (1)

Application Number Title Priority Date Filing Date
US16/736,988 Active 2034-04-05 US11146544B2 (en) 2013-03-08 2020-01-08 Emulation of federative authentication

Country Status (4)

Country Link
US (2) US20170078271A1 (en)
EP (1) EP3117559A1 (en)
NL (1) NL1040084C2 (en)
WO (1) WO2014137208A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018004407A1 (en) * 2016-06-29 2018-01-04 Telefonaktiebolaget Lm Ericsson (Publ) Systems and methods for service access control

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6959336B2 (en) * 2001-04-07 2005-10-25 Secure Data In Motion, Inc. Method and system of federated authentication service for interacting between agent and client and communicating with other components of the system to choose an appropriate mechanism for the subject from among the plurality of authentication mechanisms wherein the subject is selected from humans, client applications and applets
US20040128541A1 (en) * 2002-12-31 2004-07-01 Iinternational Business Machines Corporation Local architecture for federated heterogeneous system
US8561161B2 (en) * 2002-12-31 2013-10-15 International Business Machines Corporation Method and system for authentication in a heterogeneous federated environment
US20040128546A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for attribute exchange in a heterogeneous federated environment
US7249375B2 (en) * 2003-08-05 2007-07-24 Oracle International Corp Method and apparatus for end-to-end identity propagation
US7698734B2 (en) * 2004-08-23 2010-04-13 International Business Machines Corporation Single sign-on (SSO) for non-SSO-compliant applications
US8028329B2 (en) * 2005-06-13 2011-09-27 Iamsecureonline, Inc. Proxy authentication network
US8281378B2 (en) * 2006-10-20 2012-10-02 Citrix Systems, Inc. Methods and systems for completing, by a single-sign on component, an authentication process in a federated environment to a resource not supporting federation
EP2913976B1 (en) * 2011-04-28 2017-08-09 Interdigital Patent Holdings, Inc. Sso framework for multiple sso technologies
WO2019213427A1 (en) * 2018-05-04 2019-11-07 Laibson Benjamin William Emulation of cloud computing service regions

Also Published As

Publication number Publication date
US20200145407A1 (en) 2020-05-07
WO2014137208A1 (en) 2014-09-12
US11146544B2 (en) 2021-10-12
NL1040084C2 (en) 2014-09-10
EP3117559A1 (en) 2017-01-18

Similar Documents

Publication Publication Date Title
US11336633B2 (en) Authentication using a feeder robot in a web environment
CA2975843C (en) Apparatus, system, and methods for a blockchain identity translator
US9680815B2 (en) Method and system for transmitting authentication context information
EP2689372B1 (en) User to user delegation service in a federated identity management environment
US8151326B2 (en) Using audio in N-factor authentication
US20160065579A1 (en) Method and system for interoperable identity and interoperable credentials
CN102801808B (en) WebLogic-oriented Form identification single sign on integration method
US8613059B2 (en) Methods, systems and computer program products for secure access to information
CN112651011B (en) Login verification method, device and equipment for operation and maintenance system and computer storage medium
AU2017275376B2 (en) Method and apparatus for issuing a credential for an incident area network
CN103986734B (en) Authentication management method and authentication management system applicable to high-security service system
CN109831310A (en) A kind of auth method, system and relevant apparatus
WO2020034101A1 (en) Software login method of in-vitro diagnosis device, device, server, and storage medium
US11146544B2 (en) Emulation of federative authentication
CN102694776A (en) Authentication system and method based on dependable computing
US20150066766A1 (en) Secure Generation of a User Account in a Service Server
CN105262747A (en) Polymorphic terminal identity verification system and method based on biological characteristic recognition
WO2023287977A1 (en) System and method for a trusted digital identity platform
Berbecaru et al. Federating e-identities across Europe, or how to build cross-border e-services
CN102457484A (en) Method for checking user information by combining user name/password authentication and check code
CN108616530B (en) Unified identity authentication system and method based on Internet Web end
KR100744749B1 (en) Method for issuing authentication data for mobile stock trade
Thota et al. User Authentication in LabVIEW Platform.
IT201600115265A1 (en) Process and computer system for the identification and authentication of the digital identity of a subject in possession of a personal telecommunication device.
WO2015120176A1 (en) Method and system of accessing computer accounts

Legal Events

Date Code Title Description
AS Assignment

Owner name: AUTHASAS B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PETERS, RIK;REEL/FRAME:044220/0408

Effective date: 20130307

Owner name: AUTHASAS B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:STIJL, MENNO;REEL/FRAME:044220/0405

Effective date: 20130307

Owner name: AUTHASAS B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VAN DER DRIFT, REINIER MARIA;REEL/FRAME:044220/0411

Effective date: 20130307

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING RESPONSE FOR INFORMALITY, FEE DEFICIENCY OR CRF ACTION

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION