Method and system for modular authentication and session management
First Claim
1. A method comprising:
- receiving, by a computer for providing security to a networked computing system, authentication credentials from an authentication client, wherein said authentication credentials are provided in response to a first request from a client and, wherein, based upon said first request, said authentication client invokes an Application Programming Interface (API) corresponding to a request type, associated with said first request, causing a corresponding interface to be displayed at a business application of said client, and wherein said interface facilitates collection of said authentication credentials;
validating, by said computer, said authentication credentials received from said business application via said authentication client;
determining, by said computer and based upon stored user data, a manner by which said client was validated and access type information identifying characteristics of said first request; and
issuing, by said computer and in response to said determining, a session token to said client, wherein said session token includes data indicating said manner by which said client was validated and said access type information identifying characteristics of said first request,generating, by said computer, said session token by;
generating random data based on said authentication credentials;
retrieving a timestamp;
creating an incremental token identifier;
concatenating said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB); and
,applying an encryption algorithm with a fixed key to said BLOB to create said session token;
wherein a separate computer for providing security compares said session token to a previous session token issued to said client.
3 Assignments
0 Petitions
Accused Products
Abstract
Modular authentication and session management involves the use of discrete modules to perform specific tasks in a networked computing environment. There may be a separate authentication server that verifies the identity of the user and an authorization client that grants various levels of access to users. There may also be an authentication client that receives an initial request from a requesting application and forwards the request to the authentication server to verify the identity of the use. The authorization client may then be invoked to provide the necessary level of access. The use of discrete modules allows multiple business applications to use the same modules to perform user authentication tasks, thus alleviating the unnecessary multiplication of code.
33 Citations
17 Claims
-
1. A method comprising:
-
receiving, by a computer for providing security to a networked computing system, authentication credentials from an authentication client, wherein said authentication credentials are provided in response to a first request from a client and, wherein, based upon said first request, said authentication client invokes an Application Programming Interface (API) corresponding to a request type, associated with said first request, causing a corresponding interface to be displayed at a business application of said client, and wherein said interface facilitates collection of said authentication credentials; validating, by said computer, said authentication credentials received from said business application via said authentication client; determining, by said computer and based upon stored user data, a manner by which said client was validated and access type information identifying characteristics of said first request; and issuing, by said computer and in response to said determining, a session token to said client, wherein said session token includes data indicating said manner by which said client was validated and said access type information identifying characteristics of said first request, generating, by said computer, said session token by; generating random data based on said authentication credentials; retrieving a timestamp; creating an incremental token identifier; concatenating said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB); and
,applying an encryption algorithm with a fixed key to said BLOB to create said session token; wherein a separate computer for providing security compares said session token to a previous session token issued to said client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
receiving, by an authentication client, a first request from a client; selecting, by said authentication client, an Application Programming Interface (API) corresponding to a request type associated with said first request; invoking, by said authentication client, said API causing an interface corresponding to said API to be displayed at a business application of said client; receiving, by said authentication client, authentication credentials from said client, wherein said authentication credentials are retrieved in accordance with said interface; and transmitting, by said authentication client, said authentication credentials to an authentication service, wherein said authentication service validates said authentication credentials and, in response to said validating said authentication credentials, issues a session token to said client, wherein said session token includes data indicating a manner by which said client was validated and access type information identifying characteristics of said first request, wherein a separate authentication client compares said session token to a previous session token issued to said client, wherein said authentication service generates said session token by generating random data based on said authentication credentials, retrieves a timestamp, creates an incremental token identifier, concatenates said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB), and applies an encryption algorithm with a fixed key to said BLOB to create said session token.
-
-
17. A method comprising:
-
sending, by a client system, a first request from a client to an authentication client, wherein said authentication client selects an Application Programming Interface (API) corresponding to a request type associated with said first request, and invokes said API causing an interface corresponding to said API to be displayed at a business application of said client; displaying, by said client, said interface; receiving, by said client, authentication credentials via said interface; generating, by said client, a session token by generating random data based on said authentication credentials, retrieving a timestamp, creating an incremental token identifier, concatenating said random data, said timestamp, and said incremental token identifier to create a Binary Large Object (BLOB); and
, applying an encryption algorithm with a fixed key to said BLOB to create said session token; andsending said authentication credentials from said client to said authentication client, wherein said authentication credentials are retrieved by said authentication client in accordance with said interface and said authentication credentials are transmitted by said authentication client to an authentication service, and wherein said authentication service validates said authentication credentials and, in response to said validating said authentication credentials, issues said session token to said client, wherein said session token includes data indicating a manner by which said client was validated and access type information identifying characteristics of said first request, and wherein a separate authentication client compares said session token to a previous session token issued to said client.
-
Specification