Local claim-based security service with cross-browser compatibility
First Claim
Patent Images
1. A computing system, comprising:
- at least one processor on a user machine; and
memory storing instructions executable by the at least one processor on the user machine, wherein the instructions, when executed, provide;
web application interaction logic, in a local authority service running on the user machine, whereinthe web application interaction logic is configured to interact with a web application running on the user machine to receive an authentication request from the web application, andthe authentication request requests authentication to a remote computing system, that is remote from the user machine;
hardware key reader interaction logic, in the local authority service, wherein the hardware key reader interaction logic is configured to, based on the authentication request, interact with a hardware key reader to obtain a representation of a hardware-protected key corresponding to a user; and
secure backend communication logic, in the local authority service, configured to;
provide a token to an authentication system of the remote computing system, the token being generated based, at least in part, on the hardware-protected key; and
receive an operation result performed by the authentication system using the token,wherein the web application interaction logic is configured to provide an indication of the operation result to the web application, and the web application interaction logic is configured to interact with a plurality of different web applications.
1 Assignment
0 Petitions
Accused Products
Abstract
A web application that is attempting to access a site hosted by a system that needs authentication based on a hardware-protected key is redirected to a local authority service on the machine. The local authority service interacts with a hardware key reader to obtain authentication information from a hardware key holder. The local authority service illustratively interacts with the system being accessed in order to obtain an operation result, based on the hardware-protected key obtained through the hardware key reader. The operation result is then posted to the web application, by the local authority service, for use in authenticating the user.
15 Citations
20 Claims
-
1. A computing system, comprising:
-
at least one processor on a user machine; and memory storing instructions executable by the at least one processor on the user machine, wherein the instructions, when executed, provide; web application interaction logic, in a local authority service running on the user machine, wherein the web application interaction logic is configured to interact with a web application running on the user machine to receive an authentication request from the web application, and the authentication request requests authentication to a remote computing system, that is remote from the user machine; hardware key reader interaction logic, in the local authority service, wherein the hardware key reader interaction logic is configured to, based on the authentication request, interact with a hardware key reader to obtain a representation of a hardware-protected key corresponding to a user; and secure backend communication logic, in the local authority service, configured to; provide a token to an authentication system of the remote computing system, the token being generated based, at least in part, on the hardware-protected key; and receive an operation result performed by the authentication system using the token, wherein the web application interaction logic is configured to provide an indication of the operation result to the web application, and the web application interaction logic is configured to interact with a plurality of different web applications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer implemented method, comprising:
-
running, on a user machine, a local authority service configured to interact with a plurality of different web applications; receiving, at the local authority service, an authentication request from a particular web application that is running on the user machine, the authentication request requesting authentication to a remote computing system that is remote from the user machine; using the local authority service to, based on the authentication request, interact with a hardware key reader to obtain a representation of a hardware-protected key corresponding to a user, and providing a token to an authentication system of the remote computing system, the token being generated based, at least in part, on the hardware-protected key; receiving, at the local authority service, an operation result performed by the authentication system using the token; and providing an indication of the operation result to the particular web application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A data center computing system comprising:
-
at least one processor; and memory storing instructions executable by the at least one processor, wherein the instructions, when executed, configure the data center computing system to; interact with a web application running on a user machine; redirect an authentication request, corresponding to the web application, to a local authority service running on the user machine, with a standard hypertext transfer protocol (http) re-direct action, the local authority service being configured to interact with a plurality of different web applications; and receive, from the local authority service running on the user machine, a signed claim-based token, signed with a hardware protected key corresponding to a user; generate an operation result based on the signed claim-based token; send the operation result to the local authority service; and interact with the web application, using the operation result, to authenticate the user to the data center computing system. - View Dependent Claims (20)
-
Specification