Method and system for authenticating a user in a web-based environment
First Claim
1. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter comprising:
- presenting user information to the web adapter from the user privilege server proxy;
presenting the user information to a head end server;
presenting the user information to the privilege server from the head end server;
validating the user in response to the user information;
when a user is validated, generating a ticket for the user at the privilege server;
providing the ticket to the user privilege server proxy through the head end server;
forming a service access request token from the ticket and user identification;
sending the token from the user to the privilege server;
validating the user in response to the token;
forming a packet having a sequence number, session key and the ticket at the privilege server;
providing the packet to the head-end server;
in response to the packet, authenticating the user at the head end server;
providing the packet to the user privilege proxy;
sending the ticket and sequence number encrypted with the session key to a service server through the web adapter;
validating the user at the service server; and
granting the user role based privileges at the service server.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for authenticating a client having a privilege server, a head end server, and a web adapter performs the steps of negotiating an authentication scheme between the server proxy and the privilege server. User information is presented to the web adapter. The user information is provided to the head end server and in turn presents the information to the web adapter. The user is validated in accordance with the authentication scheme. When the user is validated a ticket is generated for the user. The ticket is presented to the client privilege server proxy that decrypts the ticket. A token is formed from the ticket and the client user identification. The token from the client is provided to the privilege server. A packet is formed having a sequence number and session key encrypted with the ticket. The packet is provided to the head end server which in turn authenticates the user. The packet is provided to the client privilege proxy which decrypts the packet and sends the ticket and the sequence number encrypted with the session key to the data server through the web adapter. User is validated at the data server and privileges are granted thereto.
92 Citations
23 Claims
-
1. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter comprising:
-
presenting user information to the web adapter from the user privilege server proxy;
presenting the user information to a head end server;
presenting the user information to the privilege server from the head end server;
validating the user in response to the user information;
when a user is validated, generating a ticket for the user at the privilege server;
providing the ticket to the user privilege server proxy through the head end server;
forming a service access request token from the ticket and user identification;
sending the token from the user to the privilege server;
validating the user in response to the token;
forming a packet having a sequence number, session key and the ticket at the privilege server;
providing the packet to the head-end server;
in response to the packet, authenticating the user at the head end server;
providing the packet to the user privilege proxy;
sending the ticket and sequence number encrypted with the session key to a service server through the web adapter;
validating the user at the service server; and
granting the user role based privileges at the service server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter comprising:
-
negotiating an authentication scheme between the server proxy and privilege server;
presenting user information to the web adapter;
presenting the user information to a head end server;
presenting the user information to the privilege server from the head end server;
validating the user at the privilege server in response to the user information in accordance with the authentication scheme;
when a user is validated, generating a ticket for the user at the privilege server;
encrypting the ticket with a user password to form an encrypted ticket;
providing the encrypted ticket to the user privilege server proxy through the head end server;
decrypting the encrypted ticket;
forming a service access request token from the ticket and user identification at the user privilege server proxy;
sending the token from the user privilege server proxy to the privilege server;
validating the user in response to the token;
forming a packet having a sequence number and session key encrypted with the ticket at the privilege server;
providing the packet to the head-end server;
in response to the packet, authenticating the user at the head end server;
providing the packet to the user privilege proxy;
decrypting the packet;
sending the ticket and sequence number encrypted with the session key to a service server through the web adapter;
validating the user at the service server; and
granting the user role based privileges at the service server. - View Dependent Claims (9, 10, 11)
-
-
12. A method for accessing a service comprising:
-
presenting a ticket and sequence number to a service through the web adapter;
choosing a service in the service server;
sending the session name encrypted with the ticket and user identification to the privilege server and requesting a session key and sequence number;
receiving the session name from the user;
validating the user ticket and privilege;
when the user is validated, issuing the session key and sequence number for the ticket;
encrypting the session key and sequence number with the ticket to from a packet;
sending the packet and ticket to the service.
-
-
13. A system for authenticating a user having a user privilege server proxy for generating user information comprising:
-
a web adapter coupled to said user privilege server proxy for receiving user information;
a service server coupled to said web adapter;
an intermediate server coupled to the web adapter for receiving said user information;
a privilege server coupled to said intermediate server, said privilege server receiving said user information and validating said user in response to said use information, said privilege server generating a ticket;
said user privilege server proxy receiving said ticket through said intermediate server and generating a token;
said privilege server generating a packet having a sequence number and a session key in response to said token and coupling said packet to said user privilege server proxy;
said user privilege server proxy coupling the ticket and sequence number to said service server through said web adapter;
said service server validating said user and granting said user privileges in response to the ticket and session key. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of authenticating a user having a user privilege server proxy for a network system having a privilege server, a head end server and a web adapter, said method comprising:
-
determining an authentication scheme at the privilege server;
validating the user at the privilege server in response to user information in accordance with the authentication scheme;
when a user is validated, generating a ticket for the user at the privilege server;
encrypting the ticket with a user password to form an encrypted ticket;
validating the user in response to a service access request token formed from the ticket and a user identification; and
forming a packet having a sequence number and session key encrypted with the ticket at the privilege server to authenticate the user.
-
Specification