Authentication proxy agent

US 10,104,079 B2
Filed: 05/11/2017
Issued: 10/16/2018
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A server comprising:

an authentication engine configured to cause at least one processor of the server to receive, at the server, an authentication request and credentials from a client;

store the credentials at the server;

generate, at the server, a proxy agent;

send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;

receive, at the proxy agent, an assertion of authentication of the client from the identity provider;

create a session for the client, based on the assertion; and

delete the stored credentials at the server.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication engine may be configured to receive an authentication request and credentials from a client. The authentication engine may then generate a proxy agent configured to interact with an identity provider to authenticate the client on behalf of the client, using the credentials. In this way, the authentication engine may receive an assertion of authentication of the client from the identity provider, by way of the proxy agent.

64 Citations

20 Claims

1. A server comprising:
- an authentication engine configured to cause at least one processor of the server to receive, at the server, an authentication request and credentials from a client;
  
  store the credentials at the server;
  
  generate, at the server, a proxy agent;
  
  send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;
  
  receive, at the proxy agent, an assertion of authentication of the client from the identity provider;
  
  create a session for the client, based on the assertion; and
  
  delete the stored credentials at the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The server of claim 1, wherein the authentication engine is implemented by a mobile server providing services to the client, and the client includes a mobile client.
  - 3. The server of claim 1, wherein the authentication engine is configured to cause the at least one processor, in response to the receipt of the authentication request and credentials, to resolve a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client.
  - 4. The server of claim 1, wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider.
  - 5. The server of claim 1, wherein the proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client.
  - 6. The server of claim 5, wherein the virtual browser manager is configured to access a virtual browser pool storing a plurality of available virtual browsers, and to select the virtual browser therefrom.
  - 7. The server of claim 1, wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identity provider, including receiving the assertion therefrom, on behalf of the client.
  - 8. The server of claim 1, wherein the server includes a mobile server, and the authentication engine is provided by the mobile server, and wherein the session provides access to multiple services of the mobile server to the client.

9. A method comprising:
- receiving, at a server, an authentication request and credentials from a client;
  
  storing the credentials at the server;
  
  generating, at the server, a proxy agent;
  
  sending, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;
  
  receiving, at the proxy agent, an assertion of authentication of the client from the identity provider;
  
  creating a session for the client, based on the assertion; and
  
  deleting the stored credentials at the server.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein receiving the authentication request and credentials further comprises resolving a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client.
  - 11. The method of claim 9, wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider.
  - 12. The method of claim 9, wherein the proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client.
  - 13. The method of claim 9, wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identify provider, including receiving the assertion therefrom, on behalf of the client.
  - 14. The method of claim 9, wherein the server includes a mobile server, and wherein the session provides access to multiple services of the mobile server to the client.

15. A computer program product including instructions recorded on a non-transitory computer readable storage medium and configured to cause at least one processor to:
- receive, at a server, an authentication request and credentials from a client;
  
  store the credentials at the server;
  
  generate, at the server, a proxy agent;
  
  send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;
  
  receive, at the proxy agent, an assertion of authentication of the client from the identity provider;
  
  create a session for the client, based on the assertion; and
  
  delete the stored credentials at the server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the instructions, when executed, are further configured, in response to the receipt of the authentication request and credentials, to resolve a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client.
  - 17. The computer program product of claim 15, wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider.
  - 18. The computer program product of claim 15, wherein proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client.
  - 19. The computer program product of claim 18, wherein the virtual browser manager is configured to access a virtual browser pool storing a plurality of available virtual browsers, and to select the virtual browser therefrom.
  - 20. The computer program product of claim 15, wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identify provider, including receiving the assertion therefrom, on behalf of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BMC Software Incorporated (KKR & Co., Inc.)
Original Assignee
BMC Software Incorporated (KKR & Co., Inc.)
Inventors
Miller, Karl Frederick
Primary Examiner(s)
Lim, Krisna

Application Number

US15/593,232
Publication Number

US 20170250984A1
Time in Patent Office

523 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/12   Applying verification of th...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/32   including means for verifyi...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Authentication proxy agent

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication proxy agent

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links