Token-Based Client To Server Authentication Of A Secondary Communication Channel By Way Of Primary Authenticated Communication Channels
First Claim
1. A method for authentication in a system having a client application, a server application, a resource location, an authenticated primary communication channel between the client application and the resource location, and an authenticated primary communication channel between the server application and the resource location, the method comprising:
- creating a secondary communication channel with the server application, submitting a request to the server application for granting access by way of the secondary communication channel,granting access to the client application by way of the secondary communication channel when the authentication has been successful,initiating the generation of an authentication token to be stored at the resource location, the authentication token being accessible to the client application by way of the authenticated primary communication channel between the client application and the resource location,retrieving the authentication token from the resource location by way of the authenticated primary communication channel between the client application and the resource location,returning the authentication token to the server application by way of the secondary communication channel,authenticating the client application by checking that the authentication token returned by the client application to the server application matches the generated authentication token stored at the resource location upon initiation of the server application.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure relates to authenticating a secondary communication channel between a client application and a server application when an authenticated primary communication channel has already been established between the client application and a resource application, on which the server application can store a generated authentication token that only privileged users including the client application user can read-access and send back to the server application by way of the secondary communication channel.
48 Citations
17 Claims
-
1. A method for authentication in a system having a client application, a server application, a resource location, an authenticated primary communication channel between the client application and the resource location, and an authenticated primary communication channel between the server application and the resource location, the method comprising:
-
creating a secondary communication channel with the server application, submitting a request to the server application for granting access by way of the secondary communication channel, granting access to the client application by way of the secondary communication channel when the authentication has been successful, initiating the generation of an authentication token to be stored at the resource location, the authentication token being accessible to the client application by way of the authenticated primary communication channel between the client application and the resource location, retrieving the authentication token from the resource location by way of the authenticated primary communication channel between the client application and the resource location, returning the authentication token to the server application by way of the secondary communication channel, authenticating the client application by checking that the authentication token returned by the client application to the server application matches the generated authentication token stored at the resource location upon initiation of the server application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for authentication having a client device running a client application, a server device running a server application, a resource location, an authenticated primary communication channel between the client device and the resource location and an authenticated primary communication channel between the server device and the resource location, the system comprising a computer usable medium embodying computer program code, the computer program code comprising instructions executable by a processor and configured for:
-
creating a secondary communication channel with the server application, submitting a request to the server application for granting access by way of the secondary communication channel, granting access to the client application by way of the secondary communication channel when the authentication has been successful, initiating the generation of an authentication token to be stored at the resource location, the authentication token being accessible to the client application by way of the authenticated primary communication channel between the client application and the resource location, retrieving the authentication token from the resource location by way of the authenticated primary communication channel between the client application and the resource location, returning the authentication token to the server application by way of the secondary communication channel, authenticating the client application by checking that the authentication token returned by the client application to the server application matches the generated authentication token stored at the resource location upon initiation of the server application. - View Dependent Claims (16, 17)
-
Specification