USER AUTHENTICATION FOR INTERMEDIATE REPRESENTATIONAL STATE TRANSFER (REST) CLIENT VIA CERTIFICATE AUTHORITY

US 20120260330A1
Filed: 04/05/2011
Published: 10/11/2012
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. A computer program product, the computer program product being tangibly embodied on a computer-readable storage medium and including executable code that, when executed, is configured to cause at least one data processing apparatus to:

receive a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID;

determine, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID;

obtain, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID;

impersonate, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID; and

access, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present description refers to a computer implemented method, computer program product, and computer system for receiving a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID, determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID, obtaining, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID, impersonating, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID, and accessing, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.

45 Citations

View as Search Results

20 Claims

1. A computer program product, the computer program product being tangibly embodied on a computer-readable storage medium and including executable code that, when executed, is configured to cause at least one data processing apparatus to:
- receive a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID;
  
  determine, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID;
  
  obtain, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID;
  
  impersonate, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID; and
  
  access, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer program product of claim 1 wherein the executable code causing the data processing apparatus to impersonate comprises executable code causing the data processing apparatus to establish by the REST client, a secure sockets layer (SSL) connection with the REST server using the certificate and the private key associated with the user ID.
  - 3. The computer program product of claim 1 wherein the executable code causing the data processing apparatus to obtain comprises executable code causing the data processing apparatus to:
    - send a certificate signing request from the REST client to the certificate authority, the certificate signing request including an unsigned certificate; and
      
      receive, at the REST client from the certificate authority, the certificate that has been signed by the certificate authority.
  - 4. The computer program product of claim 3 wherein the unsigned certificate includes the user ID and the public key associated with the user, and wherein the signed certificate received by the REST client from the certificate authority includes the certificate and a digital signature provided by the certificate authority based on a private key associated with the certificate authority.
  - 5. The computer program product of claim 1 wherein the executable code further causes the data processing apparatus to authenticate, by the REST client, the user.
  - 6. The computer program product of claim 1 wherein the executable code further causes the data processing apparatus to forward, by the REST client, the requested resource obtained from or via the REST server to the user.
  - 7. The computer program product of claim 1 wherein the executable code causing the data processing apparatus to determine a key pair comprises executable code causing the data processing apparatus to generate, by the REST client, a key pair, including a public key and a corresponding private key that are associated with the user ID and unknown to the user, and used by the REST client to impersonate the user with permission from the user in communicating with the REST server to access the requested resource, wherein the requested resource is stored by or controlled by the REST server and assigned to or associated with the user.
  - 8. The computer program product of claim 1 wherein the executable code causing the data processing apparatus to determine comprises executable code causing the data processing apparatus to:
    - retrieve from memory a previously generated key pair including a public key and a corresponding private key that are associated with the user ID to allow the REST client to impersonate the user to the REST server.
  - 9. The computer program product of claim 1 wherein the certificate comprises a X.509 certificate that includes the user ID, the public key associated with the user ID and a digital signature provided by the certificate authority based on the certificate authority'"'"'s private key.
  - 10. The computer program product of claim 1 wherein the certificate authority is an entity that that is separate from the REST client.
  - 11. The computer program product of claim 1 wherein the stateless protocol comprises hypertext transfer protocol secure (HTTPS).
  - 12. The computer program product of claim 1 wherein the REST client comprises a SSL-enabled client that implements hypertext transfer protocol secure (HTTPS) as a stateless protocol to communicate with the REST server.
  - 13. The computer program product of claim 1 wherein the executable code further causes the data processing apparatus to:
    - obtain, by the REST client, the requested resource from the REST server;
      
      process, by the REST client, the requested resource based on instructions received from the user; and
      
      provide, by the REST client to the user, the processed resource to the user.

14. A computer implemented method comprising:
- receiving a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID;
  
  determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID;
  
  obtaining, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID;
  
  impersonating, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID; and
  
  accessing, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.
- View Dependent Claims (15, 16, 17)
- - 15. The computer implemented method of claim 14 wherein the impersonating comprises establishing by the REST client, a secure sockets layer (SSL) connection with the REST server using the certificate and the private key associated with the user ID.
  - 16. The computer implemented method of claim 14 and further comprising forwarding, by the REST client, the requested resource obtained from or via the REST server to the user.
  - 17. The computer implemented method of claim 14 wherein the determining a key pair comprises generating, by the REST client, a key pair, including a public key and a corresponding private key that are associated with the user ID and unknown to the user, and used by the REST client to impersonate the user in communicating with the REST server to access the requested resource, and wherein the certificate comprises a X.509 certificate that includes the user ID, the public key associated with the user ID and a digital signature provided by the certificate authority based on the certificate authority'"'"'s private key.

18. An apparatus comprising:
- a transceiver configured to receive a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID;
  
  key determination logic configured to determine, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID;
  
  certificate acquisition logic configured to obtain, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID;
  
  impersonating logic configured to impersonate, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID; and
  
  accessing logic configured to access, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18 wherein the impersonating logic comprises SSL connection logic configured to establish by the REST client, a secure sockets layer (SSL) connection with a REST server using the certificate and the private key associated with the user ID.
  - 20. The apparatus of claim 18 wherein the key determination logic is configured to generate, by the REST client, a key pair, including a public key and a corresponding private key that are associated with the user ID and unknown to the user, and used by the REST client to impersonate the user in communicating with the REST server to access the requested resource, and wherein the certificate comprises a X.509 certificate that includes the user ID, the public key associated with the user ID and a digital signature provided by the certificate authority based on the certificate authority'"'"'s private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Steigmann, Uwe, Zlatarev, Stephan, Engler, Michael, Janzen, Wolfgang

Granted Patent

US 9,021,552 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2107   File encryption

G06F 2221/2117   User registration

H04L 63/0884   by delegation of authentica...

H04L 63/166   at the transport layer

H04L 67/142   Managing session states for...

H04L 9/3263   involving certificates, e.g...

USER AUTHENTICATION FOR INTERMEDIATE REPRESENTATIONAL STATE TRANSFER (REST) CLIENT VIA CERTIFICATE AUTHORITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATION FOR INTERMEDIATE REPRESENTATIONAL STATE TRANSFER (REST) CLIENT VIA CERTIFICATE AUTHORITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links