METHOD AND SYSTEM TO PROVIDE ADDITIONAL SECURITY MECHANISM FOR PACKAGED WEB APPLICATIONS

US 20150180850A1
Filed: 12/19/2014
Published: 06/25/2015
Est. Priority Date: 12/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a client application attempting to access a protected resource stored on a resource server, the method comprising:

receiving, by an authorization server, a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource; and

redirecting, by the authorization server, the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, wherein the redirect identifier is intercepted by a web runtime engine prior to the redirect.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a client application attempting to access a protected resource on a resource server includes receiving a request to access the protected resource at an authorization server. The request is received from the client application authorized by a resource owner of the protected resource. Further, the method includes redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application. The redirect identifier is intercepted by a web run time engine prior to the redirect. Furthermore, the method includes determining a match between the intercepted redirect identifier and a pre-assigned redirect identifier with the client application stored at the web run time engine to authenticate the client application prior to providing access to the protected resource.

Citations

20 Claims

1. A method for authenticating a client application attempting to access a protected resource stored on a resource server, the method comprising:
- receiving, by an authorization server, a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource; and
  
  redirecting, by the authorization server, the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, wherein the redirect identifier is intercepted by a web runtime engine prior to the redirect.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 3. The method of claim 2, wherein the redirect identifier is a configurable redirect identifier, wherein each parameter is configured with a run time by at least one of the client application and the authentication server.
  - 4. The method of claim 1, wherein a pre-assigned redirect identifier is allocated to each the client application during registration of the client application, wherein the pre-assigned redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 5. The method of claim 1, wherein the method further comprises granting, by the resource server, an access to the protected resource in response to determining the match.

6. An authorization server apparatus for authenticating a client application attempting to access a protected resource stored on a resource server, the apparatus comprising:
- a processor configured to receive a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and to redirect the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, wherein the redirect identifier is intercepted by a web runtime engine prior to the redirect.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 8. The apparatus of claim 7, wherein the redirect identifier is a configurable redirect identifier, wherein each the parameter is configured with a run time by at least one of the client application and the authentication server.
  - 9. The apparatus of claim 6, wherein a pre-assigned redirect identifier is allocated to each the client application during registration of the client application, wherein the pre-assigned redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 10. The apparatus of claim 6, wherein the resource server is configured to grant an access to the protected resource in response to determining the match.

11. A method for authenticating a client application attempting to access a protected resource stored on a resource server by a web runtime engine, the method comprising:
- in response to an authorization server receiving a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application,intercepting the redirect identifier prior to the redirect; and
  
  determining a match between the intercepted redirect identifier and a pre-assigned redirect identifier associated with the client application stored at the web runtime engine to authenticate the client application prior to providing an access to the protected resource.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 13. The method of claim 12, wherein the redirect identifier is a configurable redirect identifier, wherein each the parameter is configured with a run time by at least one of the client application and the authentication server.
  - 14. The method of claim 11, wherein a pre-assigned redirect identifier is allocated to each the client application during registration of the client application, wherein the pre-assigned redirect identifier comprises at least one parameter having at least one of authority, path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 15. The method of claim 11, wherein a computer executable program code when executed causing further actions including granting, by the resource server, an access to the protected resource in response to determining the match.

16. A web runtime engine for authenticating a client application attempting to access a protected resource stored on a resource server, the web runtime engine comprising:
- a processor configured to, in response to an authorization server receiving a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application,intercept the redirect identifier prior to the redirect; and
  
  determine a match between the intercepted redirect identifier and a pre-assigned redirect identifier associated with the client application stored at the web runtime engine to authenticate the client application prior to providing an access to the protected resource.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The web runtime engine of claim 16, wherein the redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 18. The web runtime engine of claim 17, wherein the redirect identifier is a configurable redirect identifier, wherein each parameter is configured with a run time by at least one of the client application and the authentication server.
  - 19. The web runtime engine of claim 16, wherein the pre-assigned redirect identifier is allocated to each client application during registration of the client application, wherein the pre-assigned redirect identifier comprises at least one parameter having at least one of an authority, a path, a Uniform Resource Identifier (URI), a query portion of the URI, and a unique value.
  - 20. The web runtime engine of claim 16, wherein the resource server is configured to grant an access to the protected resource in response to determining the match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Venkataramana, Balaji Nerella, Das, Kaushik, Jamadagni, Satish Nanjunda Swamy, Perumal, Prabhavathi

Granted Patent

US 10,554,643 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

METHOD AND SYSTEM TO PROVIDE ADDITIONAL SECURITY MECHANISM FOR PACKAGED WEB APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM TO PROVIDE ADDITIONAL SECURITY MECHANISM FOR PACKAGED WEB APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links