Systems and methods for state-less authentication
DCFirst Claim
1. A method of enabling access to a resource of a distributed application server or processing system by a user/client application possessing a valid security-context, comprising the steps of:
- receiving the security-context and an appended protected security-context renewal request provided by the user to an access authorization component of the application server or processing system;
verifying the validity of the security-context and the security-context renewal request;
extracting content of both the security-context and the security-context renewal request;
comparing current time to an expiration time identifying time of expiration of the security-context;
if the expiration time is less than the current time, comparing the security-context renewal request with stored identity and authorization information comprising at least one of a user identifier, an organization identifier, a sub-organization identifier, a key, an authentication certificate, an user location, a user role, and an user position identifying the user to the access authorization component and generating a new symmetric key, and other access and authorization information;
generating an updated security-context based on the verifying of the user'"'"'s identity and authorization and based on the user having requested authority for access to the resource and services;
providing the updated security context to the user; and
sending the updated security-context and a request for access to the resource and services by the user to the application server or processing system.
8 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Systems and methods for providing user logon and state-less authentication are described in a distributed processing environment. Upon an attempted access by a user to an online resource, transaction, or record, a logon component asks the user to supply a logon ID and a password. The logon component verifies the provided information, and upon successful identification, a security context is constructed from information relevant to the user. The security context is sent to the user and is presented to the system each time the user attempts to invoke a new resource, such as a program object, transaction, record, or certified printer avoiding the need for repeated logon processing.
-
Citations
13 Claims
-
1. A method of enabling access to a resource of a distributed application server or processing system by a user/client application possessing a valid security-context, comprising the steps of:
-
receiving the security-context and an appended protected security-context renewal request provided by the user to an access authorization component of the application server or processing system; verifying the validity of the security-context and the security-context renewal request; extracting content of both the security-context and the security-context renewal request; comparing current time to an expiration time identifying time of expiration of the security-context; if the expiration time is less than the current time, comparing the security-context renewal request with stored identity and authorization information comprising at least one of a user identifier, an organization identifier, a sub-organization identifier, a key, an authentication certificate, an user location, a user role, and an user position identifying the user to the access authorization component and generating a new symmetric key, and other access and authorization information; generating an updated security-context based on the verifying of the user'"'"'s identity and authorization and based on the user having requested authority for access to the resource and services; providing the updated security context to the user; and sending the updated security-context and a request for access to the resource and services by the user to the application server or processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification