×

Request-specific authentication for accessing web service resources

  • US 8,656,472 B2
  • Filed: 02/01/2008
  • Issued: 02/18/2014
  • Est. Priority Date: 04/20/2007
  • Status: Active Grant
First Claim
Patent Images

1. A computing system for controlling access to a protected Web service resource, the computing system comprising:

  • a communication device for communicating across a communication network having a type;

    a processor communicatively connected to the communication device; and

    memory storing program instructions, which when executed by the processor cause the computing system to;

    receiving a first request from a client to access the protected Web service resource from the communication network, the first request being associated with a first authentication level, a type and one or more properties of the Web service resource, and further including credentials of the client;

    evaluating the first request upon receiving the first request, and determining whether authentication is required to access the protected Web service resource by evaluating the type of the communication network, the type and the one or more properties of the protected Web service resource associated with the first request, and the credentials of the client associated with the first request;

    responding with a fault generated by the processor indicating that at least one authentication process must be completed in order for the first request to be processed when it is determined by the processor that authentication is required;

    receiving a first authentication token from the client after the client has been authenticated by an authentication service according to a first factor and using the first authentication token to determine that the client has been authenticated according to the first factor;

    granting the first request to access the protected Web service resource after determining that the client requires authentication and has been authenticated according to the first factor, and that authentication according to the first factor is sufficient for the first authentication level;

    receiving a second request from the client to access the protected Web service resource from the communication network, the second request being associated with a second authentication level higher than the first authentication level;

    denying the second request to access the protected Web service resource, based on the first authentication token according to the first factor being insufficient for the second authentication level;

    responding with a second fault generated by the processor indicating that at least one additional authentication process must be completed in order for the second request to be processed when it is determined by the processor that authentication is required;

    receiving a second authentication token from the client after the client has been authenticated by the authentication service according to a second factor and using the second authentication token to determine that the client has been authenticated according to the second factor; and

    granting the second request to access the protected Web service resource after determining that the client has been authenticated according to the second factor, and that authentication according to the second factor is sufficient for the second authentication level.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×