Trusted database authentication through an untrusted intermediary

US 8,555,351 B2
Filed: 09/29/2008
Issued: 10/08/2013
Est. Priority Date: 09/29/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for authenticating a user to a data source, comprising:

receiving a request to provide information on behalf of a user;

requesting the submission of user authentication credentials in a desired format;

receiving the requested user authentication credentials, the user authentication credentials generated in the desired format by a security token service;

validating the received user authentication credentials with the security token service, the validation performed by a back-end service; and

providing the requested information, the providing being based on successfully validating the received user authentication credentials; and

whereinthe receiving a request to provide information is to an intermediary;

the receiving the requested user authentication credentials is from the intermediary; and

,the providing the requested information is to the intermediary; and

whereinthe intermediary comprises a mashup, the mashup combining content in various formats and from multiple sources for presentation as a Web page.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer-usable medium are disclosed for validating user credentials submitted to a data source by an untrusted intermediary. An untrusted intermediary attempts to access a data source on behalf of a user. The untrusted intermediary challenges the user to provide credentials of the type and format required to access the data provided by the data source. The user'"'"'s trust client connects to an authentication service and identification credentials of the required type and format are generated. The identification credentials are conveyed to the user'"'"'s trust client, which then provides them to the user'"'"'s client, which in turn conveys them to the untrusted intermediary. The untrusted intermediary then presents the identification credentials to an authentication plug-in of the data source. The authentication plug-in validates the authenticity of the provided credentials with their associated authentication service. Once the credentials are successfully validated, the requested data is provided to the user'"'"'s client by the untrusted intermediary.

17 Citations

View as Search Results

14 Claims

1. A computer-implementable method for authenticating a user to a data source, comprising:
- receiving a request to provide information on behalf of a user;
  
  requesting the submission of user authentication credentials in a desired format;
  
  receiving the requested user authentication credentials, the user authentication credentials generated in the desired format by a security token service;
  
  validating the received user authentication credentials with the security token service, the validation performed by a back-end service; and
  
  providing the requested information, the providing being based on successfully validating the received user authentication credentials; and
  
  whereinthe receiving a request to provide information is to an intermediary;
  
  the receiving the requested user authentication credentials is from the intermediary; and
  
  ,the providing the requested information is to the intermediary; and
  
  whereinthe intermediary comprises a mashup, the mashup combining content in various formats and from multiple sources for presentation as a Web page.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the user authentication credentials are provided to the intermediary by the user, the provision in response to a request from the intermediary for the user authentication credentials.
  - 3. The method of claim 1, wherein the user authentication credentials are not received in the desired format and are subsequently transformed to the desired format.
  - 4. The method of claim 1, wherein the back-end service is not in the same administrative domain as the data source.

5. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a computer-usable medium embodying computer program code, the computer-usable medium being coupled to the data bus, the computer program code operable to authenticate a user to a data source and comprising instructions executable by the processor and configured for;
  
  receiving a request to provide information on behalf of a user;
  
  requesting the submission of user authentication credentials in a desired format;
  
  receiving the requested user authentication credentials, the user authentication credentials generated in the desired format by a security token service;
  
  validating the received user authentication credentials with the security token service, the validation performed by a back-end service; and
  
  providing the requested information, the providing being based on successfully validating the received user authentication credentials; and
  
  whereinthe receiving a request to provide information is to an intermediary;
  
  the receiving the requested user authentication credentials is from the intermediary; and
  
  ,the providing the requested information is to the intermediary; and
  
  whereinthe intermediary comprises a mashup, the mashup combining content in various formats and from multiple sources for presentation as a Web page.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein the user authentication credentials are provided to the intermediary by the user, the provision in response to a request from the intermediary for the user authentication credentials.
  - 7. The system of claim 5, wherein the user authentication credentials are not received in the desired format and are subsequently transformed to the desired format.
  - 8. The system of claim 5, wherein the back-end service is not in the same administrative domain as the data source.

9. A non-transitory computer-usable medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- receiving a request to provide information on behalf of a user;
  
  requesting the submission of user authentication credentials in a desired format;
  
  receiving the requested user authentication credentials, the user authentication credentials generated in the desired format by a security token service;
  
  validating the received user authentication credentials with the security token service, the validation performed by a back-end service; and
  
  providing the requested information, the providing being based on successfully validating the received user authentication credentials; and
  
  whereinthe receiving a request to provide information is to an intermediary;
  
  the receiving the requested user authentication credentials is from the intermediary; and
  
  ,the providing the requested information is to the intermediary; and
  
  whereinthe intermediary comprises a mashup, the mashup combining content in various formats and from multiple sources for presentation as a Web page.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer usable medium of claim 9, wherein the user authentication credentials are provided to the intermediary by the user, the provision in response to a request from the intermediary for the user authentication credentials.
  - 11. The computer usable medium of claim 9, wherein the user authentication credentials are not received in the desired format and are subsequently transformed to the desired format.
  - 12. The computer usable medium of claim 9, wherein the back-end service is not in the same administrative domain as the data source.
  - 13. The computer usable medium of claim 9, wherein the computer executable instructions are deployable to a client computer from a server at a remote location.
  - 14. The computer usable medium of claim 9, wherein the computer executable instructions are provided by a service provider to a customer on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation, ServiceNow Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Readshaw, Neil I., Milman, Ivan M.
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US12/240,102
Publication Number

US 20100083359A1
Time in Patent Office

1,835 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

H04L 9/321 involving a third party or ...

H04L 9/3271 using challenge-response

Trusted database authentication through an untrusted intermediary

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Trusted database authentication through an untrusted intermediary

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others