Method and system for resource based authentication

US 7,640,574 B1
Filed: 06/02/2004
Issued: 12/29/2009
Est. Priority Date: 06/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

intercepting, by a policy agent at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies;

in response to said intercepting;

determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy;

selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining;

if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and

if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy;

wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module and wherein each authentication module is configured to authenticate the client wherein at least one authentication module is an LDAP authentication module or a certificate authentication module;

the content server providing the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy;

wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for resource based authentication may include, in response to a client attempting to access a protected resource of a system, implementing resource based authentication. A policy agent may intercept the client access request and redirect it to an appropriate authentication gateway module based upon authentication polices. If the protected resource is not associated with any resource specific authentication technique, the policy agent may apply a default authentication technique. If, however, the protected resource is associated with a particular resource specific authentication technique, the policy agent may apply the resource specific authentication technique without applying the default authentication technique.

56 Citations

View as Search Results

15 Claims

1. A method, comprising:
- intercepting, by a policy agent at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies;
  
  in response to said intercepting;
  
  determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy;
  
  selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining;
  
  if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and
  
  if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy;
  
  wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module and wherein each authentication module is configured to authenticate the client wherein at least one authentication module is an LDAP authentication module or a certificate authentication module;
  
  the content server providing the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy;
  
  wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - in further response to said intercepting;
      
      if the protected resource has an associated resource specific authentication policy;
      
      allowing the client to access the protected resource if the resource specific authentication policy successfully authenticates the client; and
      
      not allowing the client to access the protected resource if the resource specific authentication policy does not successfully authenticates the client;
      
      if the protected resource does not have an associated resource specific authentication policy;
      
      allowing the client to access the protected resource if the default specific authentication policy successfully authenticates the client; and
      
      not allowing the client to access the protected resource if the default specific authentication policy does not successfully authenticates the client.
  - 3. The method of claim 2, further comprising:
    - the policy agent intercepting from the client another access request for a different protected resource of the system, wherein the different protected resource is associated with the resource specific authentication policy that successfully authenticated the user;
      
      allowing the client to access the second protected resource without applying the resource specific authentication policy a second time.
  - 4. The method of claim 1, further comprising providing a user interface for a user to associate the resource specific authentication policy with the protected resource.
  - 5. The method of claim 1, wherein the resource specific authentication policy comprises Certificate-based Authentication.

6. A device, comprising:
- a processor; and
  
  a memory storing program instructions executable by the processor to implement;
  
  a policy agent intercepting, at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies;
  
  in response to said intercepting;
  
  determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy;
  
  selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining;
  
  if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and
  
  if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy;
  
  wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module and wherein each authentication module is configured to authenticate the client wherein at least one authentication module is an LDAP authentication module or a certificate authentication module;
  
  instructing the content server to provide the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy;
  
  wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The device of claim 6, wherein the program instructions are further executable to:
    - in further response to said intercepting;
      
      if the protected resource has an associated resource specific authentication policy;
      
      allow the client to access the protected resource if the resource specific authentication policy successfully authenticates the client; and
      
      not allow the client to access the protected resource if the resource specific authentication policy does not successfully authenticates the client;
      
      if the protected resource does not have an associated resource specific authentication policy;
      
      allow the client to access the protected resource if the default specific authentication policy successfully authenticates the client; and
      
      not allow the client to access the protected resource if the default specific authentication policy does not successfully authenticates the client.
  - 8. The device of claim 7, wherein the program instructions are further executable to implement:
    - the policy agent intercepting from the client another access request for a different protected resource of the system, wherein the different protected resource is associated with the resource specific authentication policy that successfully authenticated the user;
      
      allow the client to access the second protected resource without applying the resource specific authentication policy a second time.
  - 9. The device of claim 6, wherein the program instructions are further executable to provide a user interface allowing a user to associate the resource specific authentication policy with the protected resource.
  - 10. The device of claim 6, wherein the resource specific authentication policy comprises Certificate-based Authentication.

11. A computer accessible storage medium, storing program instructions computer-executable to implement:
- intercepting, by a policy agent at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies;
  
  in response to said intercepting;
  
  determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy;
  
  selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining;
  
  if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and
  
  if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy;
  
  wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module, and wherein each authentication module is configured to authenticate the client, wherein at least one authentication module is an LDAP authentication module or a certificate authentication module;
  
  instructing the content server to provide the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy;
  
  wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer accessible storage medium of claim 11, wherein the program instructions are further computer-executable to implement:
    - in further response to said intercepting;
      
      if the protected resource has an associated resource specific authentication policy;
      
      allowing the client to access the protected resource if the resource specific authentication policy successfully authenticates the client; and
      
      not allowing the client to access the protected resource if the resource specific authentication policy does not successfully authenticates the client;
      
      if the protected resource does not have an associated resource specific authentication policy;
      
      allowing the client to access the protected resource if the default specific authentication policy successfully authenticates the client; and
      
      not allowing the client to access the protected resource if the default specific authentication policy does not successfully authenticates the client.
  - 13. The computer accessible storage medium of claim 12, wherein the program instructions are further computer-executable to implement:
    - the policy agent intercepting from the client another access request for a different protected resource of the system, wherein the different protected resource is associated with the resource specific authentication policy that successfully authenticated the user;
      
      allowing the client to access the second protected resource without applying the resource specific authentication policy a second time.
  - 14. The computer accessible storage medium of claim 11, wherein the program instructions are further computer-executable to implement a user interface allowing a user to associate the resource specific authentication policy with the protected resource.
  - 15. The computer accessible storage medium of claim 11, wherein the resource specific authentication policy comprises Certificate-based Authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Kim, Beomsuk, Uchil, Mrudul Pradeep, Ranganathan, Aravindan
Primary Examiner(s)
Dada; Beemnet W

Application Number

US10/858,763
Time in Patent Office

2,036 Days
Field of Search

726/1, 726/2, 726/4, 726/8, 726/10, 713/156, 713/164, 713/165, 713/168, 713/173, 713/193
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

Method and system for resource based authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and system for resource based authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others