METHOD AND SYSTEM FOR SESSION MANAGEMENT IN AN AUTHENTICATION ENVIRONMENT

US 20100077457A1
Filed: 09/23/2008
Published: 03/25/2010
Est. Priority Date: 09/23/2008
Status: Abandoned Application

First Claim

Patent Images

1. A computer readable storage medium comprising computer readable program code embodied therein for causing a computer system to:

receive, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level;

identify a second authentication context using the second authentication level;

generate an authentication request using the second authentication context;

send the authentication request to an identity provider, wherein the identity provider;

identifies an authentication scheme corresponding to the second authentication context,obtains authentication information from the user,authenticates the user using the authentication information, andgenerates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme;

receive the assertion;

associate the session with the second authentication level to generate an upgraded session; and

allow the user access to the resource using the upgraded session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authentication. The method includes receiving a re-directed access request for a resource associated with a second authentication level, where a user has requested, the user is associated with a session, and the session associated with a first authentication level. The method further includes identifying a second authentication context using the second authentication level, generating an authentication request using the second authentication context, and sending the authentication request to an identity provider. In response the identity provider identifies an authentication scheme corresponding to the second authentication context, obtains authentication information from the user, authenticates the user using the authentication information, and generates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme. The method further includes receiving the assertion, associating the session with the second authentication level to generate an upgraded session to the user access to the resource.

50 Citations

View as Search Results

20 Claims

1. A computer readable storage medium comprising computer readable program code embodied therein for causing a computer system to:
- receive, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level;
  
  identify a second authentication context using the second authentication level;
  
  generate an authentication request using the second authentication context;
  
  send the authentication request to an identity provider, wherein the identity provider;
  
  identifies an authentication scheme corresponding to the second authentication context,obtains authentication information from the user,authenticates the user using the authentication information, andgenerates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme;
  
  receive the assertion;
  
  associate the session with the second authentication level to generate an upgraded session; and
  
  allow the user access to the resource using the upgraded session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer readable storage medium of claim 1, wherein the first authentication level is associated with a first authentication context.
  - 3. The computer readable storage medium of claim 1, wherein the identity provider identifies the authentication scheme corresponding to the second authentication context using an authentication context-to-scheme map.
  - 4. The computer readable storage medium of claim 1, wherein identifying the second authentication context further comprises using an authentication context-to-level map.
  - 5. The computer readable storage medium of claim 1, wherein the assertion is defined using Security Assertion Markup Language (SAML) version 2.0.
  - 6. The computer readable medium of claim 1, wherein the identity provider obtains authentication information from the user by prompting the user to enter the authentication information.
  - 7. The computer readable storage medium of claim 1, wherein the resource comprises a software application.

8. A service provider, configured to:
- receive, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level;
  
  identify a second authentication context using the second authentication level;
  
  generate an authentication request using the second authentication context;
  
  send the authentication request to an identity provider, wherein the identity provider;
  
  identifies an authentication scheme corresponding to the second authentication context,obtains authentication information from the user,authenticates the user using the authentication information, andgenerates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme;
  
  receive the assertion;
  
  associate the session with the second authentication level to generate an upgraded session; and
  
  allow the user access to the resource using the upgraded session.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the first authentication level is associated with a first authentication context.
  - 10. The system of claim 8, wherein the identity provider identifies the authentication scheme corresponding to the second authentication context using an authentication context-to-scheme map.
  - 11. The system of claim 8, wherein identifying the second authentication context further comprises using an authentication context-to-level map.
  - 12. The system of claim 8, wherein the assertion is defined using Security Assertion Markup Language (SAML) version 2.0.
  - 13. The system of claim 8, wherein the resource comprises a software application.

14. A method for authentication, comprising:
- receiving, from a resource system, a re-directed access request for a resource associated with a second authentication level, wherein a user has requested access to the resource, wherein the user is associated with a session, and wherein the session associated with a first authentication level;
  
  identifying a second authentication context using the second authentication level;
  
  generating an authentication request using the second authentication context;
  
  sending the authentication request to an identity provider, wherein the identity provider;
  
  identifies an authentication scheme corresponding to the second authentication context,obtains authentication information from the user,authenticates the user using the authentication information, andgenerates an assertion, in response to successful authentication, using the second authentication level, and the authentication scheme;
  
  receiving the assertion;
  
  associating the session with the second authentication level to generate an upgraded session; and
  
  allowing the user access to the resource using the upgraded session.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the first authentication level is associated with a first authentication context.
  - 16. The method of claim 14, wherein the identity provider identifies the authentication scheme corresponding to the second authentication context using an authentication context-to-scheme map.
  - 17. The method of claim 14, wherein identifying the second authentication context further comprises using an authentication context-to-level map.
  - 18. The method of claim 14, wherein the assertion is defined using Security Assertion Markup Language (SAML) version 2.0.
  - 19. The method of claim 14, wherein the identity provider obtains authentication information from the user by prompting the user to enter the authentication information.
  - 20. The method of claim 14, wherein the resource comprises a software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Xu, Emily H., Cheng, Qingwen

Application Number

US12/236,287
Publication Number

US 20100077457A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/105 Multiple levels of security

METHOD AND SYSTEM FOR SESSION MANAGEMENT IN AN AUTHENTICATION ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SESSION MANAGEMENT IN AN AUTHENTICATION ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links