Delivery of authentication information to a RESTful service using token validation scheme

US 8,745,718 B1
Filed: 10/02/2012
Issued: 06/03/2014
Est. Priority Date: 08/20/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing entity-related information, comprising:

receiving, at a relying party, a request for entity-related information, the request being from a RESTful service authentication component,wherein an entity agent is redirected from the RESTful service authentication component to the relying party;

redirecting the entity agent by the relying party to an identity provider;

authenticating an entity to the identity provider using entity-supplied information;

retrieving the entity-related information;

returning, by the relying party, a service ticket to the RESTful service authentication component,wherein the service ticket is returned by redirecting the entity agent to the RESTful service authentication component;

receiving, at the relying party using a back channel, a validate service ticket request associated with the request for the entity-related information; and

returning, using the back channel, the entity-related information associated with the validate service ticket request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.

Citations

33 Claims

1. A computer-implemented method of providing entity-related information, comprising:
- receiving, at a relying party, a request for entity-related information, the request being from a RESTful service authentication component,wherein an entity agent is redirected from the RESTful service authentication component to the relying party;
  
  redirecting the entity agent by the relying party to an identity provider;
  
  authenticating an entity to the identity provider using entity-supplied information;
  
  retrieving the entity-related information;
  
  returning, by the relying party, a service ticket to the RESTful service authentication component,wherein the service ticket is returned by redirecting the entity agent to the RESTful service authentication component;
  
  receiving, at the relying party using a back channel, a validate service ticket request associated with the request for the entity-related information; and
  
  returning, using the back channel, the entity-related information associated with the validate service ticket request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the identity provider is selected using the entity agent.
  - 3. The method of claim 1, wherein the entity-supplied information comprises information from a smart card.
  - 4. The method of claim 3, wherein the smart card is a CAC.
  - 5. The method of claim 3, wherein the smart card is a PIV card.
  - 6. The method of claim 1, wherein the entity-supplied information is used to locate entity-related information for retrieval.
  - 7. The method of claim 6, wherein the request to locate entity-related information for retrieval uses Attribute Exchange OpenID 2.0 protocol.
  - 8. The method of claim 6, wherein the entity-supplied information comprises data from a smart card.
  - 9. The method of claim 8, wherein the entity-supplied information comprises an X.509 certificate.
  - 10. The method of claim 6, wherein the retrieving entity-related information comprises accessing a SAR.
  - 11. The method of claim 6, wherein retrieved entity-related information is in a SAML assertion.
  - 12. The method of claim 6, wherein retrieved entity-related information is in a token.
  - 13. The method of claim 11, wherein retrieved entity-related information is in a SAML token.
  - 14. The method of claim 1, wherein the service ticket is CAS compliant.
  - 15. The method of claim 1, wherein the returning the entity-related information comprises a SAML assertion.
  - 16. The method of claim 1, wherein the returning the entity-related information comprises a token.
  - 17. The method of claim 16, wherein the returning the entity-related information comprises a SAML token.

18. A computer system providing entity-related information, comprising:
- a relying party configured to receive a request for entity-related information, the request being from a RESTful service authentication component,wherein the relying party receives the request from an entity agent redirected by the RESTful service authentication component;
  
  an identity provider configured to;
  
  accept the entity-related information request;
  
  receive the request for entity-related information from the entity agent redirected from the relying party;
  
  authenticate an entity using entity-supplied information; and
  
  retrieve the entity-related information;
  
  a service ticket associated with the request for entity-related information,wherein the service ticket is returned by redirecting the entity agent to the RESTful service authentication component; and
  
  a back channel operable to receive at the relying party a validate service ticket request associated with the request for the entity-related information,wherein the back channel is operable to return the entity-related information associated with the validate service ticket request.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The system of claim 18, wherein the relying party is configured to allow the entity to select the identity.
  - 20. The system of claim 18, wherein the identity provider is configured to accept entity-supplied information from a smart card.
  - 21. The system of claim 20, wherein the smart card is a CAC.
  - 22. The system of claim 20, wherein the smart card is a PIV card.
  - 23. The system of claim 20, wherein the entity-supplied information is used to locate entity-related information for retrieval.
  - 24. The system of claim 23, wherein the request to locate entity-related information for retrieval uses Attribute Exchange OpenID 2.0 protocol.
  - 25. The system of claim 23, wherein the entity-supplied information comprises an X.509 certificate.
  - 26. The system of claim 18, wherein the retrieval of entity-related information comprises accessing a SAR.
  - 27. The system of claim 18, wherein the entity-related information retrieved by the identity provider is in a SAML assertion.
  - 28. The system of claim 18, wherein the entity-related information retrieved by the identity provider is in a token.
  - 29. The system of claim 28, wherein the entity-related information retrieved by the identity provider is in a SAML token.
  - 30. The system of claim 18, wherein the service ticket is CAS compliant.
  - 31. The system of claim 18, wherein the entity-related information returned using the back channel is in a SAML assertion.
  - 32. The system of claim 18, wherein the entity-related information returned using the back channel is in a token.
  - 33. The system of claim 32, wherein the entity-related information returned using the back channel is in a SAML token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crowdstrike, Inc. (CrowdStrike Holdings Incorporated)
Original Assignee
Jericho Systems Corporation
Inventors
Dufel, Michael, Subramanium, Vijayababu, Chowdhury, Mizanul
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US13/633,656
Time in Patent Office

609 Days
Field of Search

726 2- 9, 713/193, 713/155, 455/558
US Class Current

726/9
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Delivery of authentication information to a RESTful service using token validation scheme

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Delivery of authentication information to a RESTful service using token validation scheme

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links