Secure resource access in a distributed environment
First Claim
1. In a computer network, a method for granting a request from a first resource to access a second resource, comprising:
- receiving a request to access the second resource;
verifying that the request was received from the first resource;
verifying that the request was originated by a user; and
authenticating credentials presented for a user.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing a first network resource with secure but limited access to a second network resource. A method embodying the invention includes receiving a request to access the second resource. It is verified that the source of the request is the first resource. It is then verified that the request was originated by a user through, for example, a web browser, and then a user'"'"'s credentials are authenticated. Only when the request can be properly verified and the user credentials authenticated, is access to the second resource granted. Beneficially, the first resource cannot access the second without the user'"'"'s knowledge or, at least, implicit consent.
87 Citations
33 Claims
-
1. In a computer network, a method for granting a request from a first resource to access a second resource, comprising:
-
receiving a request to access the second resource;
verifying that the request was received from the first resource;
verifying that the request was originated by a user; and
authenticating credentials presented for a user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a computer network, a method for granting a request from a first resource to access a second resource, comprising:
-
receiving, from a client, directions for the first resource to access the second resource;
directing the client to access the second resource;
receiving, from the client, a first request to access the second resource;
obtaining user credentials from the client;
authenticating the user credentials;
receiving, from the first resource, a second request to access the second resource;
verifying the second request was received from the first resource; and
verifying that the second request was originated by the client. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for providing a distributed application access to a network resource, comprising:
-
receiving, from a client, user credentials and a session identifier;
receiving, from the distributed application, application credentials and the session identifier;
authenticating the application credentials;
authenticating the user credentials; and
matching the session identifier received from the client with the session identifier received from the distributed application.
-
-
15. A method for providing a distributed application with access to a network resource, comprising:
-
a client, requesting the distributed application to access the network resource;
establishing an application session;
providing the client with a session identifier;
directing the client to access the network resource;
the client, requesting access to the network resource;
the client, presenting user credentials and the session identifier to the network resource;
the distributed application, requesting access to the network resource presenting application credentials and the session identifier;
authenticating the application credentials;
authenticating the user credentials;
matching the session identifier presented by the client with the session identifier presented by the distributed application; and
granting the distributed application access to the network resource only where the application credentials and the user credentials are properly authenticated and where the session identifiers presented by the client and the distributed application are matched.
-
-
16. A computer readable medium having instructions for:
-
receiving a request from a first resource to access a second resource;
verifying that the request was received from the first resource;
verifying that the request was originated by a user;
authenticating credentials presented for a user; and
granting the first resource access to the second resource. - View Dependent Claims (17, 18, 19)
-
-
20. A computer readable medium having instruction for:
-
receiving, from a client, directions for a first resource to access a second resource;
directing the client to access the second resource;
receiving, from the client, a first request to access the second resource;
obtaining user credentials from the client;
authenticating the user credentials;
receiving, from the first resource, a second request to access the second resource;
verifying the second request was received from the first resource; and
verifying that the second request was originated by the client. - View Dependent Claims (21, 22)
-
-
23. A computer readable medium having instructions for:
-
receiving, from a client, user credentials and a session identifier;
receiving, from a distributed application, application credentials and the session identifier;
authenticating the application credentials;
authenticating the user credentials; and
matching the session identifier received from the client with the session identifier received from the distributed application.
-
-
24. A computer readable medium having instructions for:
-
receiving instruction to access a network resource;
establishing an application session;
providing a client with a session identifier;
directing the client to access the network resource to present user credentials and the session identifier; and
requesting access to the network resource presenting application credentials and the session identifier.
-
-
25. A computer readable medium having instructions for:
-
receiving instruction to access a network resource;
establishing an application session;
providing a client with a session identifier;
directing the client to access the network resource to present user credentials and the session identifier;
requesting access to the network resource presenting application credentials and the session identifier;
authenticating the application credentials;
authenticating the user credentials; and
matching the session identifier presented by the client with the session identifier presented by the distributed application.
-
-
26. An authentication system used to grant a first resource'"'"'s request to access to a second resource, comprising:
-
a request verifier operable to verify that the request was received from the first resource;
an origin verifier operable to verify that the request originated from a user; and
a gate keeper operable to grant a request to access the second resource only where the request verifier and the origin verifier each verify that request. - View Dependent Claims (27)
-
-
28. A data access system, comprising:
-
a client;
a first resource;
a second resource operable to request access to the first resource according to directions initiated by the client;
a request verifier operable to verify that a request to access the first resource was received from the second resource;
an origin verifier operable to verify that the request originated from the client; and
a gate keeper operable to grant a request to access the first resource only where the request verifier and the origin verifier each verify that request. - View Dependent Claims (29, 30)
-
-
31. A data access system, comprising:
-
a client;
a first resource operable to manage user data;
a second resource operable, when accessed by the client, provide the client with a session identifier, to direct the client to access the first resource in order to present the session identifier and to present user credentials, and to request access to user data presenting the session identifier to the first resource;
a request verifier operable to verify that a request to access the first resource was received from the second resource;
an origin verifier operable to match a session identifier presented by the client with a session identifier presented by the second resource;
a user verifier operable to authenticate user credentials presented by the client; and
a gate keeper operable to grant a request to access user data only where the request verifier verifies that the request was received from the second resource, the origin verifier matches session identifiers presented by the client and the second resource, and the user identifier authenticates user credentials presented by the client.
-
-
32. An authentication system used to grant a first resource'"'"'s request to access to a second resource, comprising:
-
a means for verifying that the request was received from the first resource;
a means for verifying that the request originated from a user; and
a means for granting the request to access the second resource only where it can be verified that the request was received from the first resource and that the request originated from a user.
-
-
33. A data access system, comprising:
-
a client;
a first resource operable to manage user data;
a second resource operable, when accessed by the client, to provide the client with a session identifier, to direct the client to access the first resource in order to present the session identifier and to present user credentials, and to request access to user data presenting the session identifier to the first resource;
a means for verifying that a request to access the first resource was received from the second resource;
a means for matching a session identifier presented by the client with a session identifier presented by the second resource;
a means for authenticating user credentials presented by the client; and
a means for granting a request to access user data only where the request verifier verifies that the request was received from the second resource, the origin verifier matches session identifiers presented by the client and the second resource, and the user identifier authenticates user credentials presented by the client.
-
Specification