Method and system for authenticating a user in a web-based environment

US 20030115341A1
Filed: 12/17/2001
Published: 06/19/2003
Est. Priority Date: 12/17/2001
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter comprising:

presenting user information to the web adapter from the user privilege server proxy;

presenting the user information to a head end server;

presenting the user information to the privilege server from the head end server;

validating the user in response to the user information;

when a user is validated, generating a ticket for the user at the privilege server;

providing the ticket to the user privilege server proxy through the head end server;

forming a service access request token from the ticket and user identification;

sending the token from the user to the privilege server;

validating the user in response to the token;

forming a packet having a sequence number, session key and the ticket at the privilege server;

providing the packet to the head-end server;

in response to the packet, authenticating the user at the head end server;

providing the packet to the user privilege proxy;

sending the ticket and sequence number encrypted with the session key to a service server through the web adapter;

validating the user at the service server; and

granting the user role based privileges at the service server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authenticating a client having a privilege server, a head end server, and a web adapter performs the steps of negotiating an authentication scheme between the server proxy and the privilege server. User information is presented to the web adapter. The user information is provided to the head end server and in turn presents the information to the web adapter. The user is validated in accordance with the authentication scheme. When the user is validated a ticket is generated for the user. The ticket is presented to the client privilege server proxy that decrypts the ticket. A token is formed from the ticket and the client user identification. The token from the client is provided to the privilege server. A packet is formed having a sequence number and session key encrypted with the ticket. The packet is provided to the head end server which in turn authenticates the user. The packet is provided to the client privilege proxy which decrypts the packet and sends the ticket and the sequence number encrypted with the session key to the data server through the web adapter. User is validated at the data server and privileges are granted thereto.

92 Citations

View as Search Results

23 Claims

1. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter comprising:
- presenting user information to the web adapter from the user privilege server proxy;
  
  presenting the user information to a head end server;
  
  presenting the user information to the privilege server from the head end server;
  
  validating the user in response to the user information;
  
  when a user is validated, generating a ticket for the user at the privilege server;
  
  providing the ticket to the user privilege server proxy through the head end server;
  
  forming a service access request token from the ticket and user identification;
  
  sending the token from the user to the privilege server;
  
  validating the user in response to the token;
  
  forming a packet having a sequence number, session key and the ticket at the privilege server;
  
  providing the packet to the head-end server;
  
  in response to the packet, authenticating the user at the head end server;
  
  providing the packet to the user privilege proxy;
  
  sending the ticket and sequence number encrypted with the session key to a service server through the web adapter;
  
  validating the user at the service server; and
  
  granting the user role based privileges at the service server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1 further comprising the step of negotiating the authentication scheme between the server proxy and privilege server.
  - 3. A method as recited in claim 1 wherein negotiating an authentication scheme between the server proxy and privilege server comprises presenting at least one security mechanism from the user privilege proxy server to the privilege server;
    - accepting or rejecting the at least one security mechanism at the privilege server.
  - 4. A method as recited in claim 1 wherein the step of validating comprises validating in accordance with the authentication scheme.
  - 5. A method as recited in claim 1 further comprising the step of encrypting the ticket with a user password to form an encrypted ticket.
  - 6. A method as recited in claim 1 further comprising the step of decrypting the encrypted ticket at the user privilege server proxy.
  - 7. A method as recited in claim 1 further comprising the steps of forming a packet having a sequence number and session key encrypted with the ticket at the privilege server decrypting the packet at the user privilege server proxy.

8. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter comprising:
- negotiating an authentication scheme between the server proxy and privilege server;
  
  presenting user information to the web adapter;
  
  presenting the user information to a head end server;
  
  presenting the user information to the privilege server from the head end server;
  
  validating the user at the privilege server in response to the user information in accordance with the authentication scheme;
  
  when a user is validated, generating a ticket for the user at the privilege server;
  
  encrypting the ticket with a user password to form an encrypted ticket;
  
  providing the encrypted ticket to the user privilege server proxy through the head end server;
  
  decrypting the encrypted ticket;
  
  forming a service access request token from the ticket and user identification at the user privilege server proxy;
  
  sending the token from the user privilege server proxy to the privilege server;
  
  validating the user in response to the token;
  
  forming a packet having a sequence number and session key encrypted with the ticket at the privilege server;
  
  providing the packet to the head-end server;
  
  in response to the packet, authenticating the user at the head end server;
  
  providing the packet to the user privilege proxy;
  
  decrypting the packet;
  
  sending the ticket and sequence number encrypted with the session key to a service server through the web adapter;
  
  validating the user at the service server; and
  
  granting the user role based privileges at the service server.
- View Dependent Claims (9, 10, 11)
- - 9. A method as recited in claim 8 wherein negotiating an authentication scheme between the server proxy and privilege server comprises presenting at least one security mechanism from the user privilege proxy server to the privilege server;
    - accepting or rejecting the at least one security mechanism at the privilege server.
  - 10. A method as recited in claim 8 wherein the step of authenticating is performed by a policy engine within the privilege server.
  - 11. A method as recited in claim 8 wherein generating a ticket comprises generating a ticket by encrypting the user.

12. A method for accessing a service comprising:
- presenting a ticket and sequence number to a service through the web adapter;
  
  choosing a service in the service server;
  
  sending the session name encrypted with the ticket and user identification to the privilege server and requesting a session key and sequence number;
  
  receiving the session name from the user;
  
  validating the user ticket and privilege;
  
  when the user is validated, issuing the session key and sequence number for the ticket;
  
  encrypting the session key and sequence number with the ticket to from a packet;
  
  sending the packet and ticket to the service.

13. A system for authenticating a user having a user privilege server proxy for generating user information comprising:
- a web adapter coupled to said user privilege server proxy for receiving user information;
  
  a service server coupled to said web adapter;
  
  an intermediate server coupled to the web adapter for receiving said user information;
  
  a privilege server coupled to said intermediate server, said privilege server receiving said user information and validating said user in response to said use information, said privilege server generating a ticket;
  
  said user privilege server proxy receiving said ticket through said intermediate server and generating a token;
  
  said privilege server generating a packet having a sequence number and a session key in response to said token and coupling said packet to said user privilege server proxy;
  
  said user privilege server proxy coupling the ticket and sequence number to said service server through said web adapter;
  
  said service server validating said user and granting said user privileges in response to the ticket and session key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. A system as recited in claim 13 wherein said intermediate server comprises a head end server.
  - 15. A system as recited in claim 13 wherein said user information comprises a user identification number.
  - 16. A system as recited in claim 13 wherein said privilege server has a policy engine therein.
  - 17. A system as recited in claim 16 wherein said privilege server comprises a key generator coupled to the policy engine.
  - 18. A system as recited in claim 16 wherein said privilege server comprises a proxy coordinator coupled to the policy engine.
  - 19. A system as recited in claim 16 wherein said privilege server comprises an obfuscator/deobfuscator coupled to the policy engine.
  - 20. A system as recited in claim 16 wherein said privilege server comprises a store keeper coupled to the policy engine.
  - 21. A system as recited in claim 20 wherein said store keeper comprises a user information list and a session information list.
  - 22. A system as recited in claim 13 wherein said service server validating said user and granting said user privileges in response to the ticket, session key and sequence number.

23. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter, said method comprising:
- determining an authentication scheme at the privilege server;
  
  validating the user at the privilege server in response to user information in accordance with the authentication scheme;
  
  when a user is validated, generating a ticket for the user at the privilege server;
  
  encrypting the ticket with a user password to form an encrypted ticket;
  
  validating the user in response to a service access request token formed from the ticket and a user identification; and
  
  forming a packet having a sequence number and session key encrypted with the ticket at the privilege server to authenticate the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
One Touch Systems, Inc. (Apollo Education Group, Inc.)
Original Assignee
One Touch Systems, Inc. (Apollo Education Group, Inc.)
Inventors
Vennelakanti, Ravigopal, Sinha, Bhaskar, Rebala, Goplnath

Granted Patent

US 7,313,816 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 9/083   involving central third par...

H04L 9/3213   using tickets or tokens, e....

Method and system for authenticating a user in a web-based environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating a user in a web-based environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links