SECURED REST EXECUTION INSIDE HEADLESS WEB APPLICATION

US 20180077137A1
Filed: 04/13/2017
Published: 03/15/2018
Est. Priority Date: 09/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method for securely connecting a client application with a data provider, the method comprising:

storing one or more credentials associated with a client application as security configuration information that is accessible to a server via a security gateway, wherein the one or more credentials are usable to access data from a data provider;

receiving a request message and token from the client application;

loading security information associated with the client application based on analysis of the request message and token, wherein the token includes information that indicates a web application that is used by the client application; and

using the security information to selectively retrieve and deliver data from the data provider to the client application based on the request message and information associated with the web application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for facilitating establishing a secure connection between a client application and a content provider. An example method includes employing a security gateway to authenticate a client for communications therewith; maintaining, for the client, security credentials for a data provider via a security configuration module, wherein the security credentials are associated with a description of data, which is associated with a data provider; using the gateway to determine which of the security credentials to use to fulfill the request message received by the security gateway from the client based on the request; and employing the selected security credentials to selectively retrieve data from and deliver the data to the client application. The example method may further include generating the request message when a User Interface (UI) control displayed in a UI display screen of a browser client is selected or activated.

9 Citations

View as Search Results

20 Claims

1. A method for securely connecting a client application with a data provider, the method comprising:
- storing one or more credentials associated with a client application as security configuration information that is accessible to a server via a security gateway, wherein the one or more credentials are usable to access data from a data provider;
  
  receiving a request message and token from the client application;
  
  loading security information associated with the client application based on analysis of the request message and token, wherein the token includes information that indicates a web application that is used by the client application; and
  
  using the security information to selectively retrieve and deliver data from the data provider to the client application based on the request message and information associated with the web application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein receiving further includes:
    - receiving the request message at the security gateway running on a server that is in communication with the data provider.
  - 3. The method of claim 2, wherein the request message is associated with one or more User Interface (UI) elements of a UI display screen presented via a browser.
  - 4. The method of claim 3, wherein the browser represents the client application.
  - 5. The method of claim 3, wherein the browser communicates with the client application, which includes a web application.
  - 6. The method of claim 1, wherein loading security information further includes:
    - analyzing the request message to determine a data provider that is associated with the request message.
  - 7. The method of claim 6, wherein analyzing the request message includes:
    - using content of the request message to determine a common configuration to associate with the request message.
  - 8. The method of claim 7, wherein the common configuration includes:
    - information specifying a data provider for which the security information is usable to log into the data provider.
  - 9. The method of claim 8, wherein the security information includes a password.
  - 10. The method of claim 1, further including:
    - connecting a UI element of a website displayed in a UI display screen of the client application to the security gateway;
      
      connecting the security gateway to an enterprise application;
      
      loading the security information from a security configuration module into the security gateway, wherein the security information includes one or more credentials associated with a user of the client application;
      
      using the security gateway to issue a call to the data provider to transfer data responsive to the request message to the client application; and
      
      using the client application to populate the UI element with the data that has been transferred from the data provider.

11. A tangible processor-readable storage device including instructions executable by one or more processors for:
- storing one or more credentials associated with a client application as security configuration information that is accessible to a server via a security gateway, wherein the one or more credentials are usable to access data from a data provider;
  
  receiving a request message and token from the client application;
  
  loading security information associated with the client application based on analysis of the request message and token, wherein the token includes information that indicates a web application that is used by the client application; and
  
  using the security information to selectively retrieve and deliver data from the data provider to the client application based on the request message and information associated with the web application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The tangible processor-readable storage of claim 11, wherein receiving further includes:
    - receiving the request message at the security gateway running on a server that is in communication with the data provider.
  - 13. The tangible processor-readable storage of claim 12, wherein the request message is associated with one or more User Interface (UI) elements of a UI display screen presented via a browser.
  - 14. The tangible processor-readable storage device of claim 13, wherein the browser represents the client application.
  - 15. The tangible processor-readable storage device of claim 13, wherein the browser communicates with the client application, which includes a web application.
  - 16. The tangible processor-readable storage device of claim 11, wherein loading security information further includes:
    - analyzing the request message to determine a data provider that is associated with the request message.
  - 17. The tangible processor-readable storage device of claim 16, wherein analyzing the request message includes:
    - using content of the request message to determine a common configuration to associate with the request message.
  - 18. The tangible processor-readable storage device of claim 17, wherein the common configuration includes:
    - information specifying a data provider for which the security information is usable to log into the data provider.
  - 19. The tangible processor-readable storage device of claim 18, wherein the security information includes a password.

20. An apparatus for facilitating authenticating a client application for securely connecting a client application with a data provider, the apparatus comprising:
- one or more processors;
  
  a tangible processor-readable storage device including instructions for;
  
  storing one or more credentials associated with a client application as security configuration information that is accessible to a server via a security gateway, wherein the one or more credentials are usable to access data from a data provider;
  
  receiving a request message and token from the client application;
  
  loading security information associated with the client application based on analysis of the request message and token, wherein the token includes information that indicates a web application that is used by the client application; and
  
  using the security information to selectively retrieve and deliver data from the data provider to the client application based on the request message and information associated with the web application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Thakkar, Dhiraj D.

Granted Patent

US 10,887,302 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

SECURED REST EXECUTION INSIDE HEADLESS WEB APPLICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SECURED REST EXECUTION INSIDE HEADLESS WEB APPLICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others