REQUEST-SPECIFIC AUTHENTICATION FOR ACCESSING WEB SERVICE RESOURCES
First Claim
Patent Images
1. A computing system for controlling access to a protected Web service resource, the computing system comprising:
- a communication device for communicating across a communication network;
a processor communicatively connected to the communication device; and
memory storing program instructions, which when executed by the processor cause the computing system to perform a method of controlling access to the protected Web service resource, the method comprising;
(i) receiving a first request from a client to access the protected Web service resource from the communication network;
(ii) determining that the client has been authenticated according to a first factor;
(iii) granting the first request to access the protected Web service resource based on authentication according to the first factor;
(iv) receiving a second request from the client to access the protected Web service resource from the communication network;
(v) denying the second request to access the protected Web service resource based on the authentication according to the first factor being insufficient to grant the second request;
(vi) determining that the client has been authenticated according to a second factor, and(vii) granting the second request to access the protected Web service resource based on authentication according to the second factor.
0 Assignments
0 Petitions
Accused Products
Abstract
Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource.
14 Citations
20 Claims
-
1. A computing system for controlling access to a protected Web service resource, the computing system comprising:
-
a communication device for communicating across a communication network; a processor communicatively connected to the communication device; and memory storing program instructions, which when executed by the processor cause the computing system to perform a method of controlling access to the protected Web service resource, the method comprising; (i) receiving a first request from a client to access the protected Web service resource from the communication network; (ii) determining that the client has been authenticated according to a first factor; (iii) granting the first request to access the protected Web service resource based on authentication according to the first factor; (iv) receiving a second request from the client to access the protected Web service resource from the communication network; (v) denying the second request to access the protected Web service resource based on the authentication according to the first factor being insufficient to grant the second request; (vi) determining that the client has been authenticated according to a second factor, and (vii) granting the second request to access the protected Web service resource based on authentication according to the second factor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of authenticating a client for access to a Web service resource, the method comprising:
-
(i) receiving a request from the client to be authenticated; (ii) sending a challenge message to the client; (iii) receiving a confirmation response to the challenge message from the client; (iv) determining that the confirmation response meets a predetermined criterion; (v) determining that the request to be authenticated requires further authentication; (iv) repeating (ii) through (iv) with a second challenge message, a second confirmation response, and a second predetermined criterion; and (v) sending an authentication message to the client. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer readable storage medium containing computer executable instructions which when executed by a computer perform a method of controlling access to a protected resource, the method comprising:
-
receiving a request from a client identifying the protected resource of a Web service, sending a response to the client requesting authentication from an authentication service; receiving an authentication from the client after being authenticated from the authentication service; determining whether the authentication is sufficient to grant the request; granting the request if the authentication is sufficient; and denying the request if the authentication is not sufficient to grant the request. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification