Align session security for connected systems

US 10,623,185 B2
Filed: 03/23/2018
Issued: 04/14/2020
Est. Priority Date: 02/25/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of granting an aligned secured access to a system resource for a client system during a session having a predefined session time, the method comprising:

receiving, from the client system, a first authentication token comprising an authorization for accessing the system resource and comprising the predefined session time, the authorization for accessing the system resource being generated by a first server, and the first authentication token originating from the first server based on an authentication between the client system and the first server, wherein the receiving is by a second server that provides access to the system resource, wherein the predefined session time comprises a preset duration of time for the session, the session to be established between the client system and the second server for accessing the system resource, and wherein a first validity time period value related to the first authentication token defines a time period during which the first authentication token is valid; and

based on receiving the first authentication token, sending, to the client system, by the second server, a second authentication token for a second validity period during which the second authentication token is valid, such that an aligned secured access is granted for the client system to the system resource, wherein a second validity time period value of the second validity period of the second authentication token for a service provided by the second server to the client system defines the time period during which the second authentication token is valid and is set equal to said predefined session time received as part of the first authentication token from the client system, thereby making the time period during which the second authentication token is valid correspond to the preset duration of time, which is indicated by the predefined session time in the first authentication token, for the session between the client system and the second server for accessing the system resource.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Granting an aligned secured access to a resource for a client system. A first authentication token and a first validity time period value are received from a first server. The first authentication token includes an authorization for accessing the system resource and the predefined session time. The first authentication token including the predefined session time is sent from the client system to a second server. A second validity period value of a second validity period of a second authentication token for a service provided by the second server to the client system is set equal to the received predefined session time. The second authentication token for the second validity period is sent from the second server to the client system such that an aligned secured access is granted for the client system to the resource.

Citations

18 Claims

1. A computer-implemented method of granting an aligned secured access to a system resource for a client system during a session having a predefined session time, the method comprising:
- receiving, from the client system, a first authentication token comprising an authorization for accessing the system resource and comprising the predefined session time, the authorization for accessing the system resource being generated by a first server, and the first authentication token originating from the first server based on an authentication between the client system and the first server, wherein the receiving is by a second server that provides access to the system resource, wherein the predefined session time comprises a preset duration of time for the session, the session to be established between the client system and the second server for accessing the system resource, and wherein a first validity time period value related to the first authentication token defines a time period during which the first authentication token is valid; and
  
  based on receiving the first authentication token, sending, to the client system, by the second server, a second authentication token for a second validity period during which the second authentication token is valid, such that an aligned secured access is granted for the client system to the system resource, wherein a second validity time period value of the second validity period of the second authentication token for a service provided by the second server to the client system defines the time period during which the second authentication token is valid and is set equal to said predefined session time received as part of the first authentication token from the client system, thereby making the time period during which the second authentication token is valid correspond to the preset duration of time, which is indicated by the predefined session time in the first authentication token, for the session between the client system and the second server for accessing the system resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the method further comprises:
    - initially receiving a request from the client system to access the system resource;
      
      based on receiving the request from the client system, redirecting the client system to the first server for authentication and authorization for accessing the system resource; and
      
      receiving from the client system, based on the redirecting, the first authentication token comprising the authorization for accessing the system resource.
  - 3. The method of claim 1, wherein the second server has stored a default session time for new sessions with client devices, and wherein the second validity time period value for the session between the client system and the second server is set as the predefined session time, in lieu of the default session time, based on the second server receiving the predefined session time as part of the first authentication token from the client device.
  - 4. The method of claim 1, wherein the authorization for accessing the system resource is generated by the first server based on a timestamp and a private key of the first server or a destination identifier of the second server, and wherein the second sever has stored a public key related to the private key of the first server.
  - 5. The method of claim 1, wherein the second server grants access to the system resource using the first authentication token.
  - 6. The method of claim 1, wherein a plurality of second validity time period values are used by the second server, each one related to one of a plurality of first authentication tokens received.
  - 7. The method of claim 1, wherein the first validity time period value of the first authentication token is smaller than the second validity period value of the second authentication token.
  - 8. The method of claim 1, wherein the predefined session time is different for different users of the client system.

9. A computer system for granting an aligned secured access to a system resource for a client system during a session having a predefined session time, the computer system comprising:
- a memory; and
  
  a processor in communication with the memory, wherein the computer system is configured to perform a method, the method comprising;
  
  receiving, from the client system, a first authentication token comprising an authorization for accessing the system resource and comprising the predefined session time, the authorization for accessing the system resource being generated by a first server, and the first authentication token originating from the first server based on an authentication between the client system and the first server, wherein the receiving is by a second server that provides access to the system resource, wherein the predefined session time comprises a preset duration of time for the session, the session to be established between the client system and the second server for accessing the system resource, and wherein a first validity time period value related to the first authentication token defines a time period during which the first authentication token is valid; and
  
  based on receiving the first authentication token, sending, to the client system, by the second server, a second authentication token for a second validity period during which the second authentication token is valid, such that an aligned secured access is granted for the client system to the system resource, wherein a second validity time period value of the second validity period of the second authentication token for a service provided by the second server to the client system defines the time period during which the second authentication token is valid and is set equal to said predefined session time received as part of the first authentication token from the client system, thereby making the time period during which the second authentication token is valid correspond to the preset duration of time, which is indicated by the predefined session time in the first authentication token, for the session between the client system and the second server for accessing the system resource.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer system of claim 9, wherein the method further comprises:
    - initially receiving a request from the client system to access the system resource;
      
      based on receiving the request from the client system, redirecting the client system to the first server for authentication and authorization for accessing the system resource; and
      
      receiving from the client system, based on the redirecting, the first authentication token comprising the authorization for accessing the system resource.
  - 11. The computer system of claim 9, wherein the second server has stored a default session time for new sessions with client devices, and wherein the second validity time period value for the session between the client system and the second server is set as the predefined session time, in lieu of the default session time, based on the second server receiving the predefined session time as part of the first authentication token from the client device.
  - 12. The computer system of claim 9, wherein the authorization for accessing the system resource is generated by the first server based on a timestamp and a private key of the first server or a destination identifier of the second server, and wherein the second sever has stored a public key related to the private key of the first server.
  - 13. The computer system of claim 9, wherein the second server grants access to the system resource using the first authentication token.
  - 14. The computer system of claim 9, wherein the first validity time period value of the first authentication token is smaller than the second validity period value of the second authentication token.

15. A computer program product for granting an aligned secured access to a system resource for a client system during a session having a predefined session time, the computer program product comprising:
- a non-transitory computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising;
  
  receiving, from the client system, a first authentication token comprising an authorization for accessing the system resource and comprising the predefined session time, the authorization for accessing the system resource being generated by a first server, and the first authentication token originating from the first server based on an authentication between the client system and the first server, wherein the receiving is by a second server that provides access to the system resource, wherein the predefined session time comprises a preset duration of time for the session, the session to be established between the client system and the second server for accessing the system resource, and wherein a first validity time period value related to the first authentication token defines a time period during which the first authentication token is valid; and
  
  based on receiving the first authentication token, sending, to the client system, by the second server, a second authentication token for a second validity period during which the second authentication token is valid, such that an aligned secured access is granted for the client system to the system resource, wherein a second validity time period value of the second validity period of the second authentication token for a service provided by the second server to the client system defines the time period during which the second authentication token is valid and is set equal to said predefined session time received as part of the first authentication token from the client system, thereby making the time period during which the second authentication token is valid correspond to the preset duration of time, which is indicated by the predefined session time in the first authentication token, for the session between the client system and the second server for accessing the system resource.
- View Dependent Claims (16, 17, 18)
- - 16. The computer program product of claim 15, wherein the method further comprises:
    - initially receiving a request from the client system to access the system resource;
      
      based on receiving the request from the client system, redirecting the client system to the first server for authentication and authorization for accessing the system resource; and
      
      receiving from the client system, based on the redirecting, the first authentication token comprising the authorization for accessing the system resource.
  - 17. The computer program product of claim 15, wherein the second server has stored a default session time for new sessions with client devices, and wherein the second validity time period value for the session between the client system and the second server is set as the predefined session time, in lieu of the default session time, based on the second server receiving the predefined session time as part of the first authentication token from the client device.
  - 18. The computer program product of claim 15, wherein the authorization for accessing the system resource is generated by the first server based on a timestamp and a private key of the first server or a destination identifier of the second server, and wherein the second sever has stored a public key related to the private key of the first server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workday Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Schefenacker, Sascha, Schmitt, Stefan
Primary Examiner(s)
Reza, Mohammad W

Application Number

US15/933,831
Publication Number

US 20180212774A1
Time in Patent Office

753 Days
Field of Search

713155
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

Align session security for connected systems

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Align session security for connected systems

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links