Method and System for Modular Authentication and Session Management

US 20090044020A1
Filed: 10/21/2008
Published: 02/12/2009
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing security to a networked computing system comprising:

receiving authentication credentials from an authentication client, wherein said authentication credentials are provided in response to a first request from a client and, wherein said authentication client invokes an Application Programming Interface (API) corresponding to a request type causing a corresponding interface to be displayed at a business application of said client, and wherein said interface facilitates collection of said authentication credentials; and

,validating said authentication credentials received from said business application via said authentication client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.

Citations

20 Claims

1. A method for providing security to a networked computing system comprising:
- receiving authentication credentials from an authentication client, wherein said authentication credentials are provided in response to a first request from a client and, wherein said authentication client invokes an Application Programming Interface (API) corresponding to a request type causing a corresponding interface to be displayed at a business application of said client, and wherein said interface facilitates collection of said authentication credentials; and
  
  ,validating said authentication credentials received from said business application via said authentication client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising generating a session token.
  - 3. The method of claim 1, further comprising generating a session token by:
    - generating random data based on said authentication credentials;
      
      retrieving a UNIX timestamp;
      
      creating an incremental token identifier;
      
      concatenating said random data, said UNIX timestamp, and said incremental token identifier to create a Binary Large Object (BLOB); and
      
      ,applying an encryption algorithm with a fixed key to said BLOB to create said session token.
  - 4. The method of claim 3, wherein said fixed key is at least one of:
    - Data Encryption Standard (DES), triple DES, or Advanced Encryption Standard (AES).
  - 5. The method of claim 1, further comprising generating a session token, wherein said session token is encrypted using at least one of a standard encryption protocol, a proprietary encryption protocol, or an algorithm.
  - 6. The method of claim 1, further comprising generating a session token, wherein said session token comprises at least one of random data, data indicative of a time of creation of said session token, or data indicative of a number of said session tokens previously created.
  - 7. The method of claim 1, further comprising generating a session token, wherein said session token facilitates session management based on confirmed identities of said client, a user and a server.
  - 8. The method of claim 1, further comprising issuing a session token to said client.
  - 9. The method of claim 1, further comprising issuing a session token to said client when said authentication credentials are validated, wherein said session token corresponds to stored user data comprising authentication level information identifying a manner by which a user of said client was validated and access type information identifying characteristics of said first request.
  - 10. The method of claim 1, further comprising receiving a second request from said client, wherein said second request includes a session token, and validating said session token.
  - 11. The method of claim 1, further comprising retrieving from stored user data, using a session token, user permissions corresponding to said session token.
  - 12. The method of claim 1, further comprising retrieving from stored user data, using a session token, user permissions corresponding to said session token, wherein said stored user data includes information regarding previous access attempts by a user.
  - 13. The method of claim 1, further comprising comparing said first request to user permissions, evaluating authentication level information, and evaluating access type information to determine that a second request is permissible.
  - 14. The method of claim 1, further comprising transmitting a response to an application service indicative of a second request being permissible.
  - 15. The method of claim 1, wherein said validating step is performed by an authorization component.
  - 16. The method of claim 1, wherein said authentication credentials comprise at least one of textual input and biometric data.
  - 17. The method of claim 1, further comprising retrieving from stored user data, using a session token, user permissions corresponding to said session token, wherein said stored user data further comprises at least one of an expiration time, host identifier, security realm, public globally unique identifier (GUID), private GUID, electronic signature, process identifier, parent process identifier, token type, version, or maximum inactivity time.
  - 18. The method of claim 1, further comprising retrieving from stored user data, using a session token, user permissions corresponding to said session token, wherein said stored user data further comprises at least one of a most recent session access, a copy of user profile data, current status of said user, expiration time of session, host information where said user logged in, security characteristics of a session, a globally unique identifier, electronic signature, process identifier, parent process identifier, token type, token version, or maximum inactivity time allowed.

19. A method for an authentication client to facilitate authentication of a user of a client within a networked computing system comprising:
- receiving a first request from said client;
  
  selecting an Application Programming Interface (API) corresponding to a request type;
  
  invoking said API causing an interface corresponding to said API to be displayed at a business application of said client;
  
  receiving authentication credentials from said client, wherein said authentication credentials are retrieved in accordance with said interface; and
  
  ,transmitting said authentication credentials to an authentication service.

20. A method for a client to facilitate authentication of a user of a client within a networked computing system comprising:
- sending a first request from said client to an authentication client, wherein said authentication client selects an Application Programming Interface (API) corresponding to a request type, and invokes said API causing an interface corresponding to said API to be displayed at a business application of said client;
  
  displaying an interface, corresponding to said API, at a business application of said client; and
  
  ,sending authentication credentials from said client to said authentication client, wherein said authentication credentials are retrieved by said authentication client in accordance with said interface and said authentication credentials are transmitted by said authentication client to an authentication service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Johnson, Rick D., More, Scott, Laidlaw, Robert, Royer, Coby

Granted Patent

US 8,291,228 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

Method and System for Modular Authentication and Session Management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Modular Authentication and Session Management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links