System and method for providing access to protected services

US 7,665,127 B1
Filed: 02/07/2005
Issued: 02/16/2010
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing access to application data stored on a protected resource computer, the method comprising the steps of:

validating a request for an application received from a user computer wherein the request includes authenticated credentials and an IP address of the user computer;

generating an identification token for each validated request;

storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer;

sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer;

receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application;

verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and

sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for allowing computer-executable applications to efficiently and securely obtain credentials required to access data from a protected Web service utilizes an ID token. The ID token is associated with an IP address of a user'"'"'s computer, and is validated before providing the credentials to the user'"'"'s computer.

Citations

25 Claims

1. A method for providing access to application data stored on a protected resource computer, the method comprising the steps of:
- validating a request for an application received from a user computer wherein the request includes authenticated credentials and an IP address of the user computer;
  
  generating an identification token for each validated request;
  
  storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer;
  
  sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer;
  
  receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application;
  
  verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and
  
  sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the requested application includes a Microsoft®
    - Excel file.
  - 3. The method of claim 1, wherein the requested application is sent to the user with the identification token embedded within the requested application.
  - 4. The method of claim 1, wherein the requested application is sent to the user with the identification token provided as a filename of the requested application.
  - 5. The method of claim 1, wherein the authenticated credentials are provided to the user computer by a user authentication system.
  - 6. The method of claim 1, wherein the request for the application further includes a time stamp.
  - 7. The method of claim 6, further comprising the step of using the time stamp to determine whether the request for the application has expired.
  - 8. The method of claim 1, wherein the identification token is randomly generated.
  - 9. The method of claim 1, wherein the association is removed from the computer-readable memory following verification of the identification token.
  - 10. The method of claim 1, wherein the one or more requests for application data are submitted as a cookie.

11. A computer-implemented method for providing access to services stored on a protected resource computer, the method comprising the steps of:
- validating a request for an application received from a user computer wherein the request includes authenticated credentials and an IP address of the user computer;
  
  generating an identification token for each validated request;
  
  storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer;
  
  sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer;
  
  receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application;
  
  verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and
  
  sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.

12. A system for providing access to application data stored on a protected resource computer, the system comprising:
- a credential validator communicatively connected to a user computer, wherein the credential validator is configured to validate a request for an application received from the user computer, and wherein the request includes authenticated credentials and an IP address of the user computer; and
  
  an application server communicatively connected to the credential validator, wherein the application server is configured to;
  
  generate an identification token for each validated request,store an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the application server,send the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer,receive a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application,verify that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory, andsend the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring a user to input authentication information for each request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 13. The system of claim 12, wherein the requested application includes a Microsoft®
    - Excel file.
  - 14. The system of claim 12, wherein the requested application is sent to the user computer with the identification token embedded within the requested application.
  - 15. The system of claim 12, wherein the requested application is sent to the user computer with the identification token provided as a filename of the requested application.
  - 16. The system of claim 12, wherein the authenticated credentials are provided to the user computer by a user authentication system.
  - 17. The system of claim 12, wherein the request for application further includes a time stamp.
  - 18. The system of claim 17, wherein the time stamp is used to determine whether the request for the application has expired.
  - 19. The system of claim 12, wherein the identification token is randomly generated.
  - 20. The system of claim 12, wherein the association is removed from the memory following verification of the identification token.
  - 21. The system of claim 12, wherein the one or more requests for application data are submitted as a cookie.
  - 22. The system of claim 12, further comprising a user authentication system for providing the authenticated credentials.
  - 23. The system of claim 12, wherein the user computer communicates with the credential validator using HyperText Transmission Protocol.
  - 24. The system of claim 12, wherein the user computer communicates with the credential validator using HyperText Transmission Protocol, Secure.

25. A computer-readable storage medium storing computer code for providing access to application data stored on a protected resource computer, wherein the computer code comprises:
- code for validating a request for an application received from a user computer, wherein the request includes authenticated credentials and an IP address of the user computer;
  
  code for generating an identification token for each validated request;
  
  code for storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer;
  
  code for sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer;
  
  code for receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application;
  
  code for verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and
  
  code for sending the credentials to the requested application stored locally on the user computer,wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Rao, Srinivasan N., Chen, Lioun
Primary Examiner(s)
Dada; Beemnet W

Application Number

US11/052,677
Time in Patent Office

1,835 Days
Field of Search

726 7- 10, 713/165, 713/167, 713/171, 713/172, 713/185, 709/225, 709/229
US Class Current

726/9
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/629   to features or functions of...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

System and method for providing access to protected services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing access to protected services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links