System and Method for Secure Proxy-Based Authentication
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for secure authentication facilitates improving the security of authentication between a client and a target by using an innovative authentication module on a proxy. The client can connect to the proxy using a native protocol and provides client credentials to the proxy. The proxy uses an authentication module to authenticate the client and then to provide target access credentials for proxy-target authentication, thereby giving the client access to the target through the proxy. The invention facilitates connection between the client and the target without requiring the client to be in possession of the target access credentials. The proxy can optionally be connected to a privileged access management system which can provide and/or store target access credentials. Proxy-provided target access credentials facilitate preventing a client security breech from exposing target access credentials.
7 Citations
43 Claims
-
1-18. -18. (canceled)
-
19. A system comprising:
at least one processor configured to; receive from a client, via a native protocol, a first access request requesting access by the client to a target application, wherein the first access request comprises client access credentials associated with a user; determine target application access credentials based at least on the first access request, wherein the target application access credentials are distinct from the client access credentials and the client is not exposed to the target application access credentials; provide to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and in response to providing the second access request, establish access for the client to the target application through the system and via the native protocol, wherein the access is established based on the target application access credentials. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
29. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:
-
receiving from a client, via a native protocol, a first access request requesting access by the client to a target application, wherein the first access request comprises client access credentials associated with a user; determining target application access credentials based at least on the first access request, wherein the target application access credentials are distinct from the client access credentials and the client is not exposed to the target application access credentials; providing to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and in response to providing the second access request, establishing access for the client to the target application via the native protocol, wherein the access is established based on the target application access credentials. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computer-implemented method comprising:
-
receiving from a client, via a native protocol, a first access request requesting access by the client to a target application, wherein the first access request comprises client access credentials associated with a user; determining target application access credentials based at least on the first access request, wherein the target application access credentials are distinct from the client access credentials and the client is not exposed to the target application access credentials; providing to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and in response to providing the second access request, establishing access for the client to the target application via the native protocol, wherein the access is established based on the target application access credentials. - View Dependent Claims (40, 41, 42, 43)
-
Specification