Simplified management of authentication credentials for unattended applications
First Claim
1. A system for providing unattended authorization to a requesting software application to access resources, the system comprising:
- a credentials manager node including a memory and a processor, the credentials manager node executing a credentials manager (CM) module for authorizing access to said resources by said requesting software application and for providing credentials for access to said resources by said requesting software application;
a requestor node on which said requesting software application is resident, said requestor node including a memory and a processor and executing a server password manager (SPM) module resident thereon, said SPM module being configured to;
receive a request for access to said resources from said requesting software application;
determine fingerprint data uniquely identifying said requestor node, said fingerprint data being derived from configuration information of said requestor node, said fingerprint data being for uniquely identifying said requestor node to said CM module;
create a request package for transmission to said CM module, said request package containing said request and data uniquely identifying said requesting software application to said CM module;
encrypt said request package using cryptographic keys previously generated by said CM module, said cryptographic keys being specifically for communications between said CM module and said requestor node; and
transmit said request package and said fingerprint data to said CM module, said fingerprint data authenticating said requestor node and thereby authenticating said request package prior to decryption by said CM module;
wherein said SPM module and said requesting software application are previously authenticated by and registered with said CM module.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for unattended authentication of software applications to provide these applications with access to shared resources. A server password manager (SPM) module resident on a node also occupied by a requester software application requesting access to resources receives the requestor'"'"'s request. The SPM module creates a request package containing the requestor'"'"'s information as well as the node'"'"'s identifying information. The request package is then transmitted to a credentials manager (CM) module in a CM node. The request package, encrypted by the SPM module with encryption keys previously generated by the CM module, is decrypted by the CM module. The contents are checked against data stored by the CM module regarding the SPM module and the requestor application when these were registered with the CM. If the data matches, then the CM provides credentials which are used to give the requestor application access to the requested resources.
26 Citations
12 Claims
-
1. A system for providing unattended authorization to a requesting software application to access resources, the system comprising:
-
a credentials manager node including a memory and a processor, the credentials manager node executing a credentials manager (CM) module for authorizing access to said resources by said requesting software application and for providing credentials for access to said resources by said requesting software application; a requestor node on which said requesting software application is resident, said requestor node including a memory and a processor and executing a server password manager (SPM) module resident thereon, said SPM module being configured to; receive a request for access to said resources from said requesting software application; determine fingerprint data uniquely identifying said requestor node, said fingerprint data being derived from configuration information of said requestor node, said fingerprint data being for uniquely identifying said requestor node to said CM module; create a request package for transmission to said CM module, said request package containing said request and data uniquely identifying said requesting software application to said CM module; encrypt said request package using cryptographic keys previously generated by said CM module, said cryptographic keys being specifically for communications between said CM module and said requestor node; and transmit said request package and said fingerprint data to said CM module, said fingerprint data authenticating said requestor node and thereby authenticating said request package prior to decryption by said CM module; wherein said SPM module and said requesting software application are previously authenticated by and registered with said CM module. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable medium storing code and instructions which, when executed by one or more processors, cause the one or more processors to perform a method for requesting authorization for access to resources for a requesting software application, the method comprising:
-
a) receiving a request for access to resources from said requesting software application, said requesting software application being resident on a requestor node; b) determining fingerprint data uniquely identifying said requestor node, said fingerprint data being derived from configuration information of said requestor node, said fingerprint data being for uniquely identifying said requestor node to a credentials manager (CM) module resident on a credentials manager node; c) creating a request package for transmission to said CM module, said request package containing said request and data uniquely identifying said requesting software application to said CM module; d) encrypting said request package using cryptographic keys previously generated by said CM module, said cryptographic keys being specifically for communications between said CM module and said requestor node; and e) transmitting said request package and said fingerprint data to said CM module, said fingerprint data authenticating said requestor node and thereby authenticating said request package prior to decryption by said CM module, wherein said requesting software application and said requestor node are previously registered and authenticated by said CM module; and
said resources are previously registered with said CM module. - View Dependent Claims (7, 8, 9)
-
-
10. A non-transitory computer-readable medium storing code and instructions which, when executed by one or more processors, cause the one or more processors to perform a method for providing access to resources by a requesting software application, the method comprising the steps of:
-
a) receiving, at a credentials manager (CM) module, an encrypted request package and fingerprint data from a server password manager (SPM) module resident on a requestor node on which said requesting software application is also resident, said encrypted request package containing a request for the resources and data uniquely identifying said requesting software application, and said fingerprint data being derived from configuration information of said requestor node; b) identifying and authenticating said requestor node by way of said fingerprint data; c) if the requestor node is authenticated, determining decryption keys for use in decrypting said request package based on an identity of said requestor node; d) decrypting said request package using said decryption keys to retrieve the request for the resources and the data uniquely identifying said requesting software application; e) determining if the data uniquely identifying said requesting software application matches stored data stored by the CM module; and f) if the data uniquely identifying said requesting software application matches said stored data, transmitting credentials required to provide access to said resources for said requesting software application; wherein said SPM module and said requesting software application are previously authenticated by and registered with said CM module. - View Dependent Claims (11, 12)
-
Specification