×

SYSTEM AND METHODS FOR PROVIDING STATELESS SECURITY MANAGEMENT FOR WEB APPLICATIONS USING NON-HTTP COMMUNICATIONS PROTOCOLS

  • US 20100306547A1
  • Filed: 05/27/2010
  • Published: 12/02/2010
  • Est. Priority Date: 05/28/2009
  • Status: Active Grant
First Claim
Patent Images

1. A computer implemented method providing stateless security management for web applications using non-HTTP communications protocols, said method comprising the steps of:

  • a) first initiating, from a client application executed within a Web-browser client on a client system, a WebSocket connection directed to a remote Web service, wherein said connection is identified by a communications protocol identifier, said step of first initiating including the steps of;

    i) performing an authentication challenge directed to a user of said Web-browser client where a secure token is not present in a local store instance corresponding to said client application, wherein said secure token corresponds to said communications protocol identifier, said authentication challenge obtaining first user credentials, sending said first user credentials to a gateway server, receiving said secure token from said gateway server, and storing said secure token in said local store instance;

    ii) obtaining said secure token from said local store instance; and

    iii) sending a first connect message to said gateway server, wherein said connect message is protocol specific to said communications protocol identifier and wherein said first connect message includes said secure token; and

    b) second initiating, from said gateway server, a WebSocket connection directed to said remote Web service in response to receipt said first connect message, said step of second initiating including the steps of;

    i) inspecting said first connect message to identify said secure token;

    ii) evaluating said secure token to obtain second user credentials;

    iii) injecting, in replacement of said secure token, said second user credentials into a second connect message corresponding to said first connect message; and

    iv) sending said second connect message to said remote Web service.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×