Authentication architecture
First Claim
1. A computer implemented system that utilizes a processor and that facilitates an application to produce a response to an authentication challenge, comprising the following computer executable components:
- a learning component that determines anticipated authentication challenges to resource requests from applications based upon run-time learning during previous resource requests by applications;
an authentication manager that receives first data associated with the communication challenge and processes the first data into second data of a first type appropriate for a first authentication module, the authentication manager further communicates the second data to at least one authentication module, the authentication manager further communicates the second data to the at least one different authentication module if the first module is unable to process the authentication challenge, the second data is related to the first data and the authentication challenge, the authentication manager also generates one or more pseudo-challenges of its own not in response to the authentication challenge and communicates the data associated with the pseudo-challenges to at least one authentication module;
at least one authentication module that receives the second data from the authentication manager and produces third data related to responding to the authentication challenge; and
a cache that stores one or more third data related to responding to the authentication challenge and the one or more pseudo-challenges.
2 Assignments
0 Petitions
Accused Products
Abstract
A system enabling an application desiring access to a resource addressable by a URI to produce a response to an authentication challenge to a request to access the URI without including code specific to an authentication system and/or method is provided. The system includes an authentication manager that can pass an authentication challenge to authentication modules and/or objects operable to produce a response to the authentication challenge. The system may also include a cache adapted to store one or more responses to the authentication challenge communicated from the authentication modules, with such cache also being employed to facilitate pre-authenticating test challenges and/or pseudo-challenges.
62 Citations
25 Claims
-
1. A computer implemented system that utilizes a processor and that facilitates an application to produce a response to an authentication challenge, comprising the following computer executable components:
-
a learning component that determines anticipated authentication challenges to resource requests from applications based upon run-time learning during previous resource requests by applications; an authentication manager that receives first data associated with the communication challenge and processes the first data into second data of a first type appropriate for a first authentication module, the authentication manager further communicates the second data to at least one authentication module, the authentication manager further communicates the second data to the at least one different authentication module if the first module is unable to process the authentication challenge, the second data is related to the first data and the authentication challenge, the authentication manager also generates one or more pseudo-challenges of its own not in response to the authentication challenge and communicates the data associated with the pseudo-challenges to at least one authentication module; at least one authentication module that receives the second data from the authentication manager and produces third data related to responding to the authentication challenge; and a cache that stores one or more third data related to responding to the authentication challenge and the one or more pseudo-challenges. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer implemented method that utilizes a processor for enabling an application to produce a response to an authentication challenge, comprising:
-
anticipating an authentication challenge to a resource request from an application based upon run-time machine learning during previous resource requests by applications; pre-authenticating the resource request by generating and storing an authentication response to the anticipated authentication challenge; generating a pseudo-challenge not in response to the authentication challenge and storing a response to the pseudo-challenge; employing a component implemented on a computer readable medium to accept the authentication challenge; passing a first data associated with the authentication challenge to an authentication manager, where the authentication manager processes the first data into second data of a first type appropriate for a first authentication module, further where the authentication manager processes the first data into second data of a second type appropriate for a second authentication module if the first module is unable to process the authentication challenge, the first and second authentication modules having different requirements for the second data; passing at least one of the second data associated with the authentication challenge or pseudo-challenge to one or more authentication modules, where the authentication modules are registered with the authentication manager, registering the modules includes informing the authentication manager of which system authentication challenges the module is capable of processing and where the authentication modules are operatively connected to the authentication manager; producing one or more responses to the authentication challenge and the pseudo challenge; and using a cache to store one or more third data related to responding to the authentication challenge and the one or more pseudo-challenges. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer implemented method that utilizes a processor for enabling an application to produce a response to an authentication challenge, comprising:
-
generating a pre-authentication challenge test message based upon anticipating an authentication challenge to a resource request from an application based upon run-time learning during previous resource requests by applications; generating a pseudo-challenge message not in response to the authentication challenge and storing a response to the pseudo-challenge; utilizing a component implemented on a computer readable medium to pass a first data associated with the pre-authentication challenge test message to an authentication manager, where the authentication manager processes the first data into second data of a first type appropriate for a first authentication module, further where the authentication manager processes the first data into second data of a second type appropriate for a second authentication module, the first and second authentication modules having different requirements for second data; passing at least one of the second data associated with the pre-authentication challenge test message to an appropriate authentication module, if the module is unable to process the challenge passing the at least one of the second data to the at least one different authentication module, where the authentication modules are registered with the authentication manager, and where the authentication modules are operatively connected to the authentication manager; producing one or more responses to the pre-authentication challenge test message; and caching the one or more responses to the pre-authentication challenge test message and one or more pseudo-challenges. - View Dependent Claims (21, 22, 23)
-
-
24. A computer readable medium having computer executable instructions operable to perform a method comprising:
-
generating a pre-authentication challenge test message based upon anticipating an authentication challenge to a resource request from an application based upon run-time learning during previous resource requests by applications; generating a pseudo-challenge not in response to the authentication challenge and storing a response to the pseudo-challenge; passing a first data associated with the pre-authentication challenge test message to an authentication manager, where the authentication manager processes the first data into second data of a first type appropriate for a first authentication module, further where the authentication manager processes the first data into second data of a second type appropriate for a second authentication module, the first and second authentication modules having different requirements for second data; employing a component implemented on a computer readable medium to pass at least one of the second data associated with the pre-authentication challenge test message to an appropriate authentication module, if the module is unable to process the challenge, passing the test message to one or more authentication modules, where the authentication modules are registered with the authentication manager, and where the authentication modules are operatively connected to the authentication manager; producing one or more responses to the pre-authentication challenge test message; and caching the one or more responses to the pre-authentication challenge test message and the one or more pseudo challenges.
-
-
25. A system that utilizes a processor enabling an application to respond to a challenge to a request to access a resource addressable by a URI, comprising:
-
means for anticipating an authentication challenge to a resource request from an application based upon run-time learning during previous resource requests by applications; means for receiving the challenge, the receiving means separate from the application; means for processing data associated with the challenge into second data of a first type appropriate for a first authentication module and second data of a second type appropriate for a second authentication module and distributing at least one of the second data to appropriate producing means, if the first producing means is unable to process the challenge, distributing the at least one of the second data to one or more producing means, the distributing means being separate from the application, the first and second authentication modules having different requirements for second data, the means for processing data generates one or more of its own pseudo challenges not in response to the authentication challenge; means for producing a response to the challenge the producing means being separate from the application; means for storing a response to the challenge; and means for storing one or more third data related to responding to the authentication challenge and the one or more pseudo-challenges.
-
Specification