System and method for providing access to protected services
First Claim
Patent Images
1. A method for providing access to application data stored on a protected resource computer, the method comprising the steps of:
- validating a request for an application received from a user computer wherein the request includes authenticated credentials and an IP address of the user computer;
generating an identification token for each validated request;
storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer;
sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer;
receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application;
verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and
sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system for allowing computer-executable applications to efficiently and securely obtain credentials required to access data from a protected Web service utilizes an ID token. The ID token is associated with an IP address of a user'"'"'s computer, and is validated before providing the credentials to the user'"'"'s computer.
-
Citations
25 Claims
-
1. A method for providing access to application data stored on a protected resource computer, the method comprising the steps of:
-
validating a request for an application received from a user computer wherein the request includes authenticated credentials and an IP address of the user computer; generating an identification token for each validated request; storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer; sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer; receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application; verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method for providing access to services stored on a protected resource computer, the method comprising the steps of:
-
validating a request for an application received from a user computer wherein the request includes authenticated credentials and an IP address of the user computer; generating an identification token for each validated request; storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer; sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer; receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application; verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.
-
-
12. A system for providing access to application data stored on a protected resource computer, the system comprising:
-
a credential validator communicatively connected to a user computer, wherein the credential validator is configured to validate a request for an application received from the user computer, and wherein the request includes authenticated credentials and an IP address of the user computer; and an application server communicatively connected to the credential validator, wherein the application server is configured to; generate an identification token for each validated request, store an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the application server, send the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer, receive a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application, verify that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory, and send the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring a user to input authentication information for each request. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer-readable storage medium storing computer code for providing access to application data stored on a protected resource computer, wherein the computer code comprises:
-
code for validating a request for an application received from a user computer, wherein the request includes authenticated credentials and an IP address of the user computer; code for generating an identification token for each validated request; code for storing an association between the identification token, the credentials, and the IP address in a computer-readable memory communicatively connected to the protected resource computer; code for sending the requested application and the identification token to the user computer, wherein the requested application is stored locally on the user computer; code for receiving a request for credentials from the requested application stored locally on the user computer, wherein the request for credentials includes an identification token and an IP address, and wherein the request for credentials is generated upon execution of the requested application; code for verifying that the identification token and the IP address received from the requested application match the identification token and the IP address stored in the computer-readable memory; and code for sending the credentials to the requested application stored locally on the user computer, wherein the credentials allow the requested application to submit one or more requests for application data stored on the protected resource computer without requiring the user to input authentication information for each request.
-
Specification