HTTP PASSWORD MEDIATOR

US 20140245372A1
Filed: 02/26/2013
Published: 08/28/2014
Est. Priority Date: 02/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising;

identifying a hypertext transfer protocol (HTTP) request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed for a user of the client application at a destination system;

obtaining user credentials using the HTTP request;

requesting security information for the user with respect to the destination system, wherein the security information comprises a password;

determining, by a processor, whether the user is allowed to perform the operation in view of the security information; and

upon determining that the user is allowed to perform the operation, modifying the HTTP request in view of the security information and sending the modified HTTP request to the destination system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for password mediation including identifying an HTTP request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed for a user of the client application at a destination system, obtaining user credentials using the HTTP request, requesting security information for the user with respect to the destination system, determining whether the user is allowed to perform the operation based on the security information, and upon determining that the user is allowed to perform the operation, modifying the HTTP request based on the security information and sending the modified HTTP request to the destination system.

23 Citations

View as Search Results

20 Claims

1. A method comprising;
- identifying a hypertext transfer protocol (HTTP) request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed for a user of the client application at a destination system;
  
  obtaining user credentials using the HTTP request;
  
  requesting security information for the user with respect to the destination system, wherein the security information comprises a password;
  
  determining, by a processor, whether the user is allowed to perform the operation in view of the security information; and
  
  upon determining that the user is allowed to perform the operation, modifying the HTTP request in view of the security information and sending the modified HTTP request to the destination system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein determining whether the user is allowed to perform the operation comprises:
    - determining whether the HTTP request contains an HTTP basic credential;
      
      upon determining that the HTTP request contains the HTTP basic credential, determining whether the user can be identified in a data store;
      
      upon determining that the user can be identified in the data store, identifying the user in the data store, and obtaining the security information from the data store; and
      
      determining whether the user is allowed to perform the requested operation in view of the rules in the security information.
  - 3. The method of claim 2 further comprising upon determining that the HTTP request does not contain the HTTP basic credential, sending the HTTP request unmodified to the destination system.
  - 4. The method of claim 2 further comprising upon determining that the user cannot be identified in the data store, sending the HTTP request unmodified to the destination system.
  - 5. The method of claim 2 further comprising upon determining that the user is not allowed to perform the requested operation, sending the HTTP request unmodified to the destination system.
  - 6. The method of claim 1, wherein the modified HTTP request comprises the HTTP request with the security information appended.
  - 7. The method of claim 1 further comprising recording the HTTP request from the user application to a user log.

8. A system comprising:
- a memory; and
  
  a processing device coupled to the memory to;
  
  identify a hypertext transfer protocol (HTTP) request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed by a user of the client application at a destination system;
  
  obtain user credentials using the HTTP request;
  
  request security information for the user with respect to the destination system, wherein the security information comprises a password;
  
  determine, by a processor, whether the user is allowed to perform the operation in view of the security information; and
  
  upon determining that the user is allowed to perform the operation, modify the HTTP request in view of the security information and send the modified HTTP request to the destination system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein to determine whether the user is allowed to perform the operation, the processing device is further to:
    - determine whether the HTTP request contains an HTTP basic credential;
      
      upon determining that the HTTP request contains the HTTP basic credential, determine whether the user can be identified in a database;
      
      upon determining that the user can be identified in the data store, identify the user in the data store, and obtaining the security information from the data store; and
      
      determine whether the user is allowed to perform the requested operation in view of the rules in the security information.
  - 10. The system of claim 9, wherein the processing device is further to, upon determining that the HTTP request does not contain the HTTP basic credential, send the HTTP request unmodified to the destination system.
  - 11. The system of claim 9, wherein the processing device is further to, upon determining that the user cannot be identified in the data store, send the HTTP request unmodified to the destination system.
  - 12. The system of claim 9, wherein the processing device is further to, upon determining that the user is not allowed to perform the requested operation, send the HTTP request unmodified to the destination system.
  - 13. The system of claim 8, wherein the modified HTTP request comprises the HTTP request with the security information appended.
  - 14. The system of claim 8, wherein the processing device is further to record a log of the HTTP request from the user application to a user log.

15. A non-transitory computer-readable storage medium including instructions that, when executed by a computer system, cause the computer system to perform a set of operations comprising:
- identifying a hypertext transfer protocol (HTTP) request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed for a user of the client application at a destination system;
  
  obtaining user credentials using the HTTP request;
  
  requesting security information for the user with respect to the destination system, wherein the security information comprises a password;
  
  determining whether the user is allowed to perform the operation in view of the security information; and
  
  upon determining that the user is allowed to perform the operation, modifying the HTTP request in view of the security information and sending the modified HTTP request to the destination system.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise:
    - determining whether the HTTP request contains an HTTP basic credential;
      
      upon determining that the HTTP request contains the HTTP basic credential, determining whether the user can be identified in a data store;
      
      upon determining that the user can be identified in the data store, identifying the user in the data store, and obtaining the security information from the data store; and
      
      determining whether the user is allowed to perform the requested operation in view of the rules in the security information.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the operations further comprise, upon determining that the HTTP request does not contain the HTTP basic credential, sending the HTTP request unmodified to the destination system.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the operations further comprise, upon determining that the user cannot be identified in the data store, sending the HTTP request unmodified to the destination system.
  - 19. The non-transitory computer-readable storage medium of claim 16, wherein the operations further comprise, upon determining that the user is not allowed to perform the requested operation, sending the HTTP request unmodified to the destination system.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the modified HTTP request comprises the HTTP request with the security information appended.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Elias, Filip, Nguyen, Filip

Granted Patent

US 9,985,991 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

H04L 63/20   for managing network securi...

HTTP PASSWORD MEDIATOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HTTP PASSWORD MEDIATOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links