HTTP authentication and authorization management
First Claim
Patent Images
1. A computer implemented method, comprising:
- receiving, at a processing node comprising a communication device, a request for a domain from a client browser;
determining if the client browser is both authenticated and authorized through the steps of;
determining a state of a plurality of states associated with the client browser based on data included with the request, wherein the plurality of states are managed by a state manager and the plurality of states comprise a plurality of authenticated states and an unauthenticated state;
determining whether the state comprises an authenticated state of the plurality of authenticated states,in response to the state comprises an authenticated state of the plurality of authenticated states,determining at the processing node whether the request includes domain authorization data for the requested domain;
in response to the request for the domain includes the domain authorization data, determining whether the domain authorization data matches with the requested domain,in response to the domain authorization data matches with the requested domain, allowing the request for the domain;
in response to the request for the domain does not include the domain authorization data, requesting authorized user data from the client browser;
in response to the request for the authorized user data, determining whether the client browser provided the authorized user data;
in response to the client browser provided the authorized user data, generating at the processing node the domain authorization data, allowing the request for the domain, and providing the domain authorization data to the client browser;
in response to if the client browser does not provide the authorized user data, requesting user authorization from the client browser.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains.
-
Citations
19 Claims
-
1. A computer implemented method, comprising:
-
receiving, at a processing node comprising a communication device, a request for a domain from a client browser; determining if the client browser is both authenticated and authorized through the steps of; determining a state of a plurality of states associated with the client browser based on data included with the request, wherein the plurality of states are managed by a state manager and the plurality of states comprise a plurality of authenticated states and an unauthenticated state; determining whether the state comprises an authenticated state of the plurality of authenticated states, in response to the state comprises an authenticated state of the plurality of authenticated states, determining at the processing node whether the request includes domain authorization data for the requested domain; in response to the request for the domain includes the domain authorization data, determining whether the domain authorization data matches with the requested domain, in response to the domain authorization data matches with the requested domain, allowing the request for the domain; in response to the request for the domain does not include the domain authorization data, requesting authorized user data from the client browser; in response to the request for the authorized user data, determining whether the client browser provided the authorized user data; in response to the client browser provided the authorized user data, generating at the processing node the domain authorization data, allowing the request for the domain, and providing the domain authorization data to the client browser; in response to if the client browser does not provide the authorized user data, requesting user authorization from the client browser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 16, 17, 18, 19)
-
-
11. A computer implemented method, comprising:
-
receiving, at a processing node comprising a communication device, an Hypertext Transfer Protocol (http) request from a client browser; analyzing at the processing node data associated with the http request; determining if the client browser is both authenticated and authorized through the steps of; determining a state of a plurality of states based on the data associated with the http request, wherein the plurality of states are managed by a state manager and the plurality of states comprise a plurality of authenticated states and an unauthenticated state; determining whether the state comprises one of the plurality of authenticated states, in response to the state comprises one of the plurality of authenticated states, determining whether the data associated with the http request; in response to the data associated with the http request included domain authorization data, determining whether the domain authorization data matches with the http request, in response to the domain authorization data matches with the http request, allowing the data associated the http request; in response to the data associated with the http request does not include domain authorization data, determining whether the data associated with the http request; in response to the data associated with the http request included authorized user data, generating domain authorization data based on the authorized user data; redirecting the client browser to submit a redirected http request to the processing node with the generated domain authorization data, in response to the data associated with the http request does not include authorized user data, instructing the client browser to obtain authorization; and determining whether the state comprises the unauthenticated state, in response to the state comprises the unauthenticated state, redirecting the client browser to an access agent for authentication, and wherein the access agent is separate from the processing node.
-
-
12. A non-transitory computer readable storage medium storing computer instructions, which when executed by a computer device, cause the computing device to perform the steps of:
-
receiving at a processing node a request for a Uniform Resource Locater (URL) at a domain; determining if a client browser associated with the request is both authenticated and authorized through the steps of; determining a state of a plurality of states based on the request, wherein the plurality of states are managed by a state manager and the plurality of states comprise a plurality of authenticated states and an unauthenticated state; determining whether the state comprises one of the plurality of authenticated states, in response to the state comprises one of the plurality of authenticated states, determining at the processing node whether the request includes domain authorization data for the domain of the request URL; in response to the request for the domain includes the domain authorization data, determining whether the domain authorization data matches with requested domain, in response to the domain authorization data matches with the requested domain, allowing the request for the URL; in response to the request for the domain does not include the domain authorization data, requesting authorized user data from the client browser; in response to the request for the authorized user data, determining whether the client browser provided the authorized user data; in response to the client browser provided the authorized user data, generating at the processing node the domain authorization data, allowing the request for the URL, and providing the domain authorization data to the client browser; in response to the client browser does not provide the authorized user data, requesting user authorization from the client browser. - View Dependent Claims (13, 14)
-
Specification