SYSTEM AND METHODS FOR PROVIDING STATELESS SECURITY MANAGEMENT FOR WEB APPLICATIONS USING NON-HTTP COMMUNICATIONS PROTOCOLS
First Claim
Patent Images
1. A computer implemented method providing stateless security management for web applications using non-HTTP communications protocols, said method comprising the steps of:
- a) first initiating, from a client application executed within a Web-browser client on a client system, a WebSocket connection directed to a remote Web service, wherein said connection is identified by a communications protocol identifier, said step of first initiating including the steps of;
i) performing an authentication challenge directed to a user of said Web-browser client where a secure token is not present in a local store instance corresponding to said client application, wherein said secure token corresponds to said communications protocol identifier, said authentication challenge obtaining first user credentials, sending said first user credentials to a gateway server, receiving said secure token from said gateway server, and storing said secure token in said local store instance;
ii) obtaining said secure token from said local store instance; and
iii) sending a first connect message to said gateway server, wherein said connect message is protocol specific to said communications protocol identifier and wherein said first connect message includes said secure token; and
b) second initiating, from said gateway server, a WebSocket connection directed to said remote Web service in response to receipt said first connect message, said step of second initiating including the steps of;
i) inspecting said first connect message to identify said secure token;
ii) evaluating said secure token to obtain second user credentials;
iii) injecting, in replacement of said secure token, said second user credentials into a second connect message corresponding to said first connect message; and
iv) sending said second connect message to said remote Web service.
4 Assignments
0 Petitions
Accused Products
Abstract
A gateway server interoperates with client and remote server systems to provide stateless security management for a distributed Web application. A Web client application on the client system initiates a WebSocket connection directed to a remote Web service by performing an authentication challenge directed to a user of the Web-browser client where a secure token is not present in a local store instance corresponding to the client application. The authentication challenge obtains the user credentials and then exchanges the user credentials with the gateway server for a secure token. The secure token is then sent in a protocol specific connect message to the gateway server. The gateway server, in response to receipt of the connect message, initiates a WebSocket connection directed to the remote Web service by inspecting the connect message to recover the secure token, evaluating the secure token to obtain user credentials, injecting the secure token with the user credentials, and sending the connect message to the remote Web service.
-
Citations
16 Claims
-
1. A computer implemented method providing stateless security management for web applications using non-HTTP communications protocols, said method comprising the steps of:
-
a) first initiating, from a client application executed within a Web-browser client on a client system, a WebSocket connection directed to a remote Web service, wherein said connection is identified by a communications protocol identifier, said step of first initiating including the steps of; i) performing an authentication challenge directed to a user of said Web-browser client where a secure token is not present in a local store instance corresponding to said client application, wherein said secure token corresponds to said communications protocol identifier, said authentication challenge obtaining first user credentials, sending said first user credentials to a gateway server, receiving said secure token from said gateway server, and storing said secure token in said local store instance; ii) obtaining said secure token from said local store instance; and iii) sending a first connect message to said gateway server, wherein said connect message is protocol specific to said communications protocol identifier and wherein said first connect message includes said secure token; and b) second initiating, from said gateway server, a WebSocket connection directed to said remote Web service in response to receipt said first connect message, said step of second initiating including the steps of; i) inspecting said first connect message to identify said secure token; ii) evaluating said secure token to obtain second user credentials; iii) injecting, in replacement of said secure token, said second user credentials into a second connect message corresponding to said first connect message; and iv) sending said second connect message to said remote Web service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A gateway server providing stateless secure authorization for distributed web applications executed cooperatively by client and remote server systems, said gateway server comprising:
-
a) a computer server system coupleable through a communications network with a client system and a remote server, wherein said client system is configured to execute a client application in a Web-browser client on a client system and wherein said remote server is configured to execute a Web service; and b) a Web server, executed by said computer server system, said Web server including an authorization control processor, a packet inspection processor, and a credential injection processor, wherein said authorization control processor is operative to generate a secure token upon receipt and validation of first user credentials provided by said client application, wherein said authorization control processor interoperates with said client application to store said secure token in a local store instance on said client system in a scope associated with said client application, wherein said packet inspection processor, responsive to a connect message, embedding said secure token, provided by said client application, is operative to detect said connect message and provide said secure token to said authorization control processor, wherein said authorization control processor is operative to recover second user credentials corresponding to said secure token, wherein said credential injection processor, responsive to said authorization control processor, is operative to inject said second user credentials into said connect message, and wherein said Web server is operative to transmit said connect message to said remote server. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKaazing Corp.
-
Original AssigneeKaazing Corp.
-
InventorsSalim, Frank J., Fallows, John R.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/178
-
CPC Class CodesG06F 21/305 by remotely controlling dev...G06F 21/31 User authenticationG06F 2221/2103 Challenge-responseH04L 2209/56 Financial cryptography, e.g...H04L 63/0815 providing single-sign-on or...H04L 63/168 above the transport layerH04L 67/02 based on web technology, e....H04L 69/16 Implementation or adaptatio...H04L 69/162 involving adaptations of so...H04L 9/3234 involving additional secure...H04L 9/3271 using challenge-responseH04L 9/3297 involving time stamps, e.g....
