Mixed-mode authentication
First Claim
1. A method comprising:
- obtaining an authentication request from a client for access to resources from a service provider;
performing mixed-mode authentication to authenticate the client including determining whether a secure mode for the authentication is enabled; and
responsive to authentication of the client, issuing one or more tokens to the client based on the determining, such that;
a secure token and an insecure token configured for access to secure and insecure resources, respectively, are issued when the secure mode is enabled; and
an insecure token configured for access to both secure and insecure resources is issued to the client when the secure mode is disabled.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.
-
Citations
20 Claims
-
1. A method comprising:
-
obtaining an authentication request from a client for access to resources from a service provider; performing mixed-mode authentication to authenticate the client including determining whether a secure mode for the authentication is enabled; and responsive to authentication of the client, issuing one or more tokens to the client based on the determining, such that; a secure token and an insecure token configured for access to secure and insecure resources, respectively, are issued when the secure mode is enabled; and an insecure token configured for access to both secure and insecure resources is issued to the client when the secure mode is disabled. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more computer-readable storage devices comprising instructions stored thereon that, in response to execution by one or more components of a computing system, cause the computing system to implement an authentication service to perform operations to authenticate clients to access resources over a network from a service provider, the operations including for each client that is authenticated:
-
determining whether a secure mode for authentication is enabled or disabled for the client; and responsive to the determination that the secure mode is enabled, issuing to the client both a secure token to enable access to secure sites of the service provider that use secure communications and an insecure token to enable access to other sites of the service provider that do not support secure communications, the insecure token configured to include a indication that secure mode is enabled that is detectable by the secure sites and causes the secure sites not to accept the insecure token. - View Dependent Claims (14, 15)
-
-
16. A system comprising:
-
one or more processing devices; one or more computer-readable memories storing instructions that, responsive to execution by the one or more processing devices, cause the one or more processing devices to implement an authentication service operable to; selectively issue tokens to authenticated clients to enable access to resources from a service provider based upon a determination regarding whether a secure mode is enabled or disabled for the authenticated clients, including for each client; issuing both a secure token and an insecure token to the client when the secure mode is enabled for the client;
orissuing a single insecure token to the client when the secure mode is disabled for the client; and configure a mixed-mode flag included with tokens that are issued to the authenticated clients to indicate whether the secure mode is enabled. - View Dependent Claims (17, 18, 19, 20)
-
Specification