SYSTEM AND METHOD FOR CONTROLLING ACCESS TO A RESOURCE

US 20130254848A1
Filed: 03/20/2012
Published: 09/26/2013
Est. Priority Date: 03/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a server computing system from a browser on a client computing system, a request to access a first web page;

in response to the receiving the request, sending, from the server computing system to the client computing system, a second web page including an embedded executable program configured to run within the browser on the client computing system, wherein the embedded executable program, when executed on the client computing system, is operable to obtain a ticket-granting ticket stored on the client computing system and send the ticket-granting ticket to the server computing system;

receiving, at the server computing system from the embedded executable program on the client computing system, the ticket-granting ticket;

determining whether a user associated with the ticket-granting ticket is authorized to access the first web page; and

in response to determining that the user is authorized to access the first web page, granting the requested access to the first web page.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and computer-readable storage media are provided. In some embodiments, a server receives from a browser on a client a request to access a first web page. In response to receiving the request, the server sends to the client a second web page including an embedded executable program configured to run within the browser on the client, wherein the embedded executable program, when executed on the client, is operable to obtain a ticket-granting ticket stored on the client and send the ticket-granting ticket to the server. The server receives the ticket-granting ticket from the embedded executable program on the client. Furthermore, the server determines whether a user associated with the ticket-granting ticket is authorized to access the first web page. In response to determining that the user is authorized to access the first web page, the server grants the requested access to the first web page.

Citations

19 Claims

1. A method comprising:
- receiving, at a server computing system from a browser on a client computing system, a request to access a first web page;
  
  in response to the receiving the request, sending, from the server computing system to the client computing system, a second web page including an embedded executable program configured to run within the browser on the client computing system, wherein the embedded executable program, when executed on the client computing system, is operable to obtain a ticket-granting ticket stored on the client computing system and send the ticket-granting ticket to the server computing system;
  
  receiving, at the server computing system from the embedded executable program on the client computing system, the ticket-granting ticket;
  
  determining whether a user associated with the ticket-granting ticket is authorized to access the first web page; and
  
  in response to determining that the user is authorized to access the first web page, granting the requested access to the first web page.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein in response to determining that the user is not authorized to access the first web page, denying the requested access to the first web page.
  - 3. The method of claim 1, wherein the embedded executable program comprises a signed Java applet.
  - 4. The method of claim 1, wherein the receiving the request, the sending the second web page, the receiving the ticket-granting ticket, the determining whether the user is authorized to access the first web page, and the granting the requested access to the first web page are performed over a period of time without requiring a user input operation for the duration of the period.
  - 5. The method of claim 1, wherein the receiving the ticket-granting ticket comprises receiving the ticket-granting ticket in an encrypted communication over a secure connection.
  - 6. The method of claim 1, wherein the first web page comprises a configuration web page for configuring an application on an image processing device, wherein the image processing device includes the server computing system.
  - 7. The method of claim 1, wherein the determining whether the user is authorized to access the first web page comprises:
    - using the ticket-granting ticket to obtain access to information associated with the user; and
      
      determining whether the user is authorized to access the first web page based on a predetermined policy and the information associated with the user.
  - 8. The method of claim 7, wherein the predetermined policy comprises granting a request to access a configuration web page from a user identified as a member of an administrator group, and denying a request to access the configuration web page from a user identified as not being a member of an administrator group.
  - 9. The method of claim 7, wherein the using the ticket-granting ticket to obtain access to the information associated with the user comprises:
    - sending, from the server computing system to an authentication service, the ticket-granting ticket and a request for a credential for use in accessing a directory service;
      
      receiving, at the server computing system from the authentication service, the credential;
      
      sending, from the server computing system to the directory service, the credential;
      
      receiving, at the server computing system from the directory service, an authentication success response based on the credential;
      
      sending, from the server computing system to the directory service, a request for the information associated with the user; and
      
      receiving, at the server computing system from the directory service, the information associated with the user.

10. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- receiving, at a server computing system from a browser on a client computing system, a request to access a first web page;
  
  in response to the receiving the request, sending, from the server computing system to the client computing system, a second web page including an embedded executable program configured to run within the browser on the client computing system, wherein the embedded executable program, when executed on the client computing system, is operable to obtain a ticket-granting ticket stored on the client computing system and send the ticket-granting ticket to the server computing system;
  
  receiving, at the server computing system from the embedded executable program on the client computing system, the ticket-granting ticket;
  
  determining whether a user associated with the ticket-granting ticket is authorized to access the first web page; and
  
  in response to determining that the user is authorized to access the first web page, granting the requested access to the first web page.

11. A system comprising:
- one or more processors; and
  
  memory coupled to the one or more processors and operable for storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, at a server computing system from a browser on a client computing system, a request to access a first web page;
  
  in response to the receiving the request, sending, from the server computing system to the client computing system, a second web page including an embedded executable program configured to run within the browser on the client computing system, wherein the embedded executable program, when executed on the client computing system, is operable to obtain a ticket-granting ticket stored on the client computing system and send the ticket-granting ticket to the server computing system;
  
  receiving, at the server computing system from the embedded executable program on the client computing system, the ticket-granting ticket;
  
  determining whether a user associated with the ticket-granting ticket is authorized to access the first web page; and
  
  in response to determining that the user is authorized to access the first web page, granting the requested access to the first web page.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein in response to determining that the user is not authorized to access the first web page, denying the requested access to the first web page.
  - 13. The system of claim 11, wherein the embedded executable program comprises a signed Java applet.
  - 14. The system of claim 11, wherein the receiving the request, the sending the second web page, the receiving the ticket-granting ticket, the determining whether the user is authorized to access the first web page, and the granting the requested access to the first web page are performed over a period of time without requiring a user input operation for the duration of the period.
  - 15. The system of claim 11, wherein the receiving the ticket-granting ticket comprises receiving the ticket-granting ticket in an encrypted communication over a secure connection.
  - 16. The system of claim 11, wherein the first web page comprises a configuration web page for configuring an application on an image processing device, wherein the image processing device includes the server computing system.
  - 17. The system of claim 11, wherein the determining whether the user is authorized to access the first web page comprises:
    - using the ticket-granting ticket to obtain access to information associated with the user; and
      
      determining whether the user is authorized to access the first web page based on a predetermined policy and the information associated with the user.
  - 18. The system of claim 17, wherein the predetermined policy comprises granting a request to access a configuration web page from a user identified as a member of an administrator group, and denying a request to access the configuration web page from a user identified as not being a member of an administrator group.
  - 19. The system of claim 17, wherein the using the ticket-granting ticket to obtain access to the information associated with the user comprises:
    - sending, from the server computing system to an authentication service, the ticket-granting ticket and a request for a credential for use in accessing a directory service;
      
      receiving, at the server computing system from the authentication service, the credential;
      
      sending, from the server computing system to the directory service, the credential;
      
      receiving, at the server computing system from the directory service, an authentication success response based on the credential;
      
      sending, from the server computing system to the directory service, a request for the information associated with the user; and
      
      receiving, at the server computing system from the directory service, the information associated with the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Information and Imaging Solutions, Inc. (Canon Inc.)
Original Assignee
Canon Information and Imaging Solutions, Inc. (Canon Inc.)
Inventors
Ge, Jiuyuan

Granted Patent

US 9,047,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/168   above the transport layer

SYSTEM AND METHOD FOR CONTROLLING ACCESS TO A RESOURCE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CONTROLLING ACCESS TO A RESOURCE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links