Enterprise System Authentication and Authorization via Gateway

US 20150319174A1
Filed: 04/30/2014
Published: 11/05/2015
Est. Priority Date: 04/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource;

transmitting, by the computing device to the enterprise device, information comprising authentication credentials associated with the client device and further comprising a request for authorization information associated with the enterprise resource;

receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client device, the authorization information associated with the enterprise resource;

transmitting, by the computing device to the enterprise resource, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource; and

passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.

49 Citations

View as Search Results

20 Claims

1. A method comprising:
- passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource;
  
  transmitting, by the computing device to the enterprise device, information comprising authentication credentials associated with the client device and further comprising a request for authorization information associated with the enterprise resource;
  
  receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client device, the authorization information associated with the enterprise resource;
  
  transmitting, by the computing device to the enterprise resource, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource; and
  
  passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - receiving, by the computing device from the client device, the authentication credentials associated with the client device;
      
      authenticating, by the computing device, the client device using the authentication credentials associated with the client device; and
      
      transmitting, by the computing device and in response to a successful authentication of the client device on the computing device, a session cookie to the client device, the session cookie authenticating the client device on the computing device for a first session.
  - 3. The method of claim 1, further comprising receiving, by the computing device from the enterprise device and in response to passing the request transmitted by the client device for access to the enterprise resource, a message indicating a denial of the request.
  - 4. The method of claim 3, wherein the message indicating a denial of the request comprises an identification of the authorization information associated with the enterprise resource.
  - 5. The method of claim 4, wherein the message indicating a denial of the request further comprises an identification of a location of where to retrieve the authorization information associated with the enterprise resource.
  - 6. The method of claim 1, wherein the authorization information associated with the enterprise resource comprises one or more tokens.
  - 7. The method of claim 1, wherein receiving the authorization information associated with the enterprise resource comprises receiving, by the computing device, a first token from a first source and a second token from a second source, the method further comprising:
    - transmitting, by the computing device, the first token to the enterprise device;
      
      receiving, by the computing device from the enterprise device and based on the first token, access to information associated with the first source;
      
      transmitting, by the computing device, the second token to the enterprise device; and
      
      receiving, by the computing device from the enterprise device and based on the second token, access to information associated with the second source; and
      
      passing, by the computing device to the client device, information associated with at least one of the first and second sources.
  - 8. The method of claim 7, wherein the first and second sources comprise services associated with the enterprise resource.
  - 9. The method of claim 7, wherein the first source comprises the enterprise resource and the second source comprises a different enterprise resource.
  - 10. The method of claim 1, further comprising retrieving, by the computing device, the authorization information associated with the enterprise resource from one of a local memory of the computing device and an external source.

11. A system, comprising:
- at least one processor; and
  
  at least one memory storing instructions that, when executed by the at least one processor, cause the system to perform;
  
  passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource;
  
  transmitting, by the computing device to the enterprise device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource;
  
  receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client device, the authorization information associated with the enterprise resource;
  
  transmitting, by the computing device to the enterprise resource, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource; and
  
  passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, the instructions further cause the system to perform:
    - receiving, by the computing device from the client device, the authentication credentials associated with the client device;
      
      authenticating, by the computing device, the client device using the authentication credentials associated with the client device; and
      
      transmitting, by the computing device and in response to a successful authentication of the client device on the computing device, a session cookie to the client device, the session cookie authenticating the client device on the computing device for a first session.
  - 13. The system of claim 11, the instructions further cause the system to perform receiving, by the computing device from the enterprise device and in response to passing the request transmitted by the client device for access to the enterprise resource, a message indicating a denial of the request.
  - 14. The system of claim 13, wherein the message indicating a denial of the request comprises an identification of the authorization information associated with the enterprise resource.
  - 15. The system of claim 14, wherein the message indicating a denial of the request further comprises an identification of a location of where to retrieve the authorization information associated with the enterprise resource.
  - 16. The system of claim 11, wherein the authorization information associated with the enterprise resource comprises one or more tokens.
  - 17. The system of claim 11, wherein receiving the authorization information associated with the enterprise resource comprises receiving, by the computing device, a first token from a first source and a second token from a second source, the instructions further cause the system to perform:
    - transmitting, by the computing device, the first token to the enterprise device;
      
      receiving, by the computing device from the enterprise device and based on the first token, access to information associated with the first source;
      
      transmitting, by the computing device, the second token to the enterprise device; and
      
      receiving, by the computing device from the enterprise device and based on the second token, access to information associated with the second source; and
      
      passing, by the computing device to the client device, information associated with at least one of the first and second sources.

18. One or more non-transitory computer-readable storage media having instructions stored thereon, that when executed by one or more processors, cause the one or more processors to perform:
- passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource;
  
  transmitting, by the computing device to the enterprise device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource;
  
  receiving, by the computing device and in response to a successful authentication of the authentication credentials associated with the client device, the authorization information associated with the enterprise resource;
  
  transmitting, by the computing device to the enterprise resource, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource; and
  
  passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource.
- View Dependent Claims (19, 20)
- - 19. The one or more non-transitory computer-readable storage media of claim 18, the instructions further cause the one or more processors to perform:
    - receiving, by the computing device from the client device, the authentication credentials associated with the client device;
      
      authenticating, by the computing device, the client device using the authentication credentials associated with the client device; and
      
      transmitting, by the computing device and in response to a successful authentication of the client device on the computing device, a session cookie to the client device, the session cookie authenticating the client device on the computing device for a first session.
  - 20. The one or more non-transitory computer-readable storage media of claim 18, wherein receiving the authorization information associated with the enterprise resource comprises receiving, by the computing device, a first token from a first source and a second token from a second source, the instructions further cause the one or more processors to perform:
    - transmitting, by the computing device, the first token to the enterprise device;
      
      receiving, by the computing device from the enterprise device and based on the first token, access to information associated with the first source;
      
      transmitting, by the computing device, the second token to the enterprise device; and
      
      receiving, by the computing device from the enterprise device and based on the second token, access to information associated with the second source; and
      
      passing, by the computing device to the client device, information associated with at least one of the first and second sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Hayton, Richard, Innes, Andrew

Granted Patent

US 9,584,515 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/205   involving negotiation or de...

H04W 12/069   using certificates or pre-s...

Enterprise System Authentication and Authorization via Gateway

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise System Authentication and Authorization via Gateway

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links