SYSTEM AND METHOD FOR SECURING AUTHENTICATION INFORMATION IN A NETWORKED ENVIRONMENT

US 20160197900A1
Filed: 03/15/2016
Published: 07/07/2016
Est. Priority Date: 07/03/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

encrypting, by a client device using a public key, original authentication information provided by a user at the client device to generate encrypted authentication information;

the client device providing the encrypted authentication information to a cloud based service;

the cloud based service providing the encrypted authentication information to an on-premises component residing behind a firewall of an enterprise;

the on-premises component decrypting the encrypted authentication information using a private key to obtain the original authentication information;

the on-premises component performing a validation on the original authentication information; and

the on-premises component returning a result of the validation to the cloud based service over a network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure is directed to systems and methods for securely communicating authentication information in a networked environment such as one involving a client device, a cloud based computing platform, and an enterprise computing environment. Some embodiments may include encrypting, by a client device using a public key, authentication information provided by a user. The encrypted authentication information is sent to a cloud based service which then sends it to an on-premises component residing behind a firewall of an enterprise. The on-premises component decrypts the authentication information using a private key, validates the authentication information, and returns the result to the cloud based service over a network. If validated, the cloud based service establishes a secure connection between the client device and the on-premises component such that the user can access the enterprise'"'"'s content without the enterprise having to share the authentication information with the cloud based service.

16 Citations

View as Search Results

20 Claims

1. A method, comprising:
- encrypting, by a client device using a public key, original authentication information provided by a user at the client device to generate encrypted authentication information;
  
  the client device providing the encrypted authentication information to a cloud based service;
  
  the cloud based service providing the encrypted authentication information to an on-premises component residing behind a firewall of an enterprise;
  
  the on-premises component decrypting the encrypted authentication information using a private key to obtain the original authentication information;
  
  the on-premises component performing a validation on the original authentication information; and
  
  the on-premises component returning a result of the validation to the cloud based service over a network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - based on the result of the validation being valid, the cloud based service establishing a secure connection between the client device and the on-premises component.
  - 3. The method according to claim 2, further comprising:
    - the on-premises component providing the client device, via the secure connection, access to an on-premises system operating behind the firewall of the enterprise.
  - 4. The method according to claim 3, wherein communications between the on-premises component and the on-premises system are not encrypted.
  - 5. The method according to claim 1, further comprising:
    - subsequent to receiving the encrypted authentication information from the client device, the cloud based service opening a direct connection to the on-premises component and providing the encrypted authentication information to the on-premises component via the direct connection.
  - 6. The method according to claim 1, further comprising:
    - configuring an interface running on the client device with the public key, wherein the interface encrypts the original authentication information using the public key before sending the encrypted authentication information to the cloud based service.
  - 7. The method according to claim 1, wherein the on-premises component utilizes the original authentication information or the encrypted authentication information to access a third-party service not controlled by the enterprise.

8. A computer program product comprising at least one non-transitory computer readable medium storing instructions translatable by at least one processor to perform:
- encrypting, using a public key, original authentication information provided by a user at a client device to generate encrypted authentication information;
  
  providing the encrypted authentication information from the client device to a cloud based service;
  
  providing the encrypted authentication information from the cloud based service to an on-premises component residing behind a firewall of an enterprise;
  
  decrypting the encrypted authentication information using a private key to obtain the original authentication information;
  
  performing a validation on the original authentication information; and
  
  returning a result of the validation to the cloud based service over a network.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - based on the result of the validation being valid, establishing a secure connection between the client device and the on-premises component.
  - 10. The computer program product of claim 9, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - providing the client device, via the secure connection, access to an on-premises system operating behind the firewall of the enterprise.
  - 11. The computer program product of claim 10, wherein communications between the on-premises component and the on-premises system are not encrypted.
  - 12. The computer program product of claim 8, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - subsequent to receiving the encrypted authentication information from the client device, opening a direct connection from the cloud based service to the on-premises component and providing the encrypted authentication information to the on-premises component via the direct connection.
  - 13. The computer program product of claim 8, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - configuring an interface running on the client device with the public key, wherein the interface encrypts the original authentication information using the public key before sending the encrypted authentication information to the cloud based service.

14. A system, comprising:
- at least one processor; and
  
  at least one non-transitory computer readable medium storing instructions translatable by the at least one processor to perform;
  
  encrypting, using a public key, original authentication information provided by a user at a client device to generate encrypted authentication information;
  
  providing the encrypted authentication information from the client device to a cloud based service;
  
  providing the encrypted authentication information from the cloud based service to an on-premises component residing behind a firewall of an enterprise;
  
  decrypting the encrypted authentication information using a private key to obtain the original authentication information;
  
  performing a validation on the original authentication information; and
  
  returning a result of the validation to the cloud based service over a network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - based on the result of the validation being valid, establishing a secure connection between the client device and the on-premises component.
  - 16. The system of claim 15, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - providing the client device, via the secure connection, access to an on-premises system operating behind the firewall of the enterprise.
  - 17. The system of claim 16, wherein communications between the on-premises component and the on-premises system are not encrypted.
  - 18. The system of claim 14, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - subsequent to receiving the encrypted authentication information from the client device, opening a direct connection from the cloud based service to the on-premises component and providing the encrypted authentication information to the on-premises component via the direct connection.
  - 19. The system of claim 14, wherein the at least one non-transitory computer readable medium stores further instructions translatable by the at least one processor to perform:
    - configuring an interface running on the client device with the public key, wherein the interface encrypts the original authentication information using the public key before sending the encrypted authentication information to the cloud based service.
  - 20. The system of claim 14, wherein the on-premises component utilizes the original authentication information or the encrypted authentication information to access a third-party service not controlled by the enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SailPoint Technologies, Inc. (SailPoint Technologies Holdings, Inc.)
Original Assignee
SailPoint Technologies, Inc. (SailPoint Technologies Holdings, Inc.)
Inventors
Forster, Craig Robert William, Greff, Daniel Thomas, Chow, Crandall B.T., Goldenburg, Phillip

Granted Patent

US 9,722,980 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 9/30   Public key, i.e. encryption...

SYSTEM AND METHOD FOR SECURING AUTHENTICATION INFORMATION IN A NETWORKED ENVIRONMENT

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURING AUTHENTICATION INFORMATION IN A NETWORKED ENVIRONMENT

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links