Authenticated database connectivity for unattended applications

US 8,839,414 B2
Filed: 06/01/2009
Issued: 09/16/2014
Est. Priority Date: 05/30/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing secure credentials for accessing a target resource, which when executed on one or more processors, causes the one or more processors to perform steps of:

receiving a connection request to the target resource from an unattended requestor application, the connection request including target resource information identifying the target resource and configuration information necessary to authenticate the requestor application, wherein the configuration information of the requestor application is fingerprint information, which uniquely identifies a node of the requestor application;

decoding the request to extract the target resource information and the configuration information required by a credential manager to authenticate the requestor application and to retrieve the secure credentials for accessing the target resource, the credential manager managing and storing credentials for the target resource;

securely communicating the extracted information to the credential manager to retrieve credentials;

generating a native target resource connection request to the target resource, including the retrieved credentials; and

passing the native target resource connection request to a native target resource connectivity component to establish a connection between the requestor application and the target resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A custom database connectivity component is deployed in conjunction with a native database connectivity component and a credential manager. The custom connectivity component has a requestor interface for communicating with a requestor application, a credential service interface for communicating with the credential manager, a native database connectivity interface for communicating with native connectivity components, and a decision engine for determining how to convert a request from a requestor to an appropriate API call to the credential manager. The custom connectivity component provides an authenticated and authorized database connection for a requestor application. The component transparently serves retrieves database, or other target resource, credentials on a real time basis, without requiring code changes to the requestor application.

28 Citations

View as Search Results

20 Claims

1. A computer-implemented method for providing secure credentials for accessing a target resource, which when executed on one or more processors, causes the one or more processors to perform steps of:
- receiving a connection request to the target resource from an unattended requestor application, the connection request including target resource information identifying the target resource and configuration information necessary to authenticate the requestor application, wherein the configuration information of the requestor application is fingerprint information, which uniquely identifies a node of the requestor application;
  
  decoding the request to extract the target resource information and the configuration information required by a credential manager to authenticate the requestor application and to retrieve the secure credentials for accessing the target resource, the credential manager managing and storing credentials for the target resource;
  
  securely communicating the extracted information to the credential manager to retrieve credentials;
  
  generating a native target resource connection request to the target resource, including the retrieved credentials; and
  
  passing the native target resource connection request to a native target resource connectivity component to establish a connection between the requestor application and the target resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein decoding the request comprises parsing the request.
  - 3. The method of claim 1, wherein securely communicating the extracted information to the credential manager comprises encrypting communications with the credential manager.
  - 4. The method of claim 1, wherein the credentials include username and password.
  - 5. The method of claim 1, wherein the method implements Java Database Connectivity (JDBC) Application Programming Interfaces (APIs).
  - 6. The method of claim 5, wherein receiving the connection request comprises receiving a custom Uniform Resource Locator (URL) that encodes a JDBC URL containing a target resource URL, and a target alias for retrieving the credentials from the credential manager.
  - 7. The method of claim 6, wherein generating the native target resource connection request comprises packaging the retrieved credentials with the target resource URL to provide a native JDBC URL.
  - 8. The method of claim 1, wherein the method implements Open Database Connectivity (ODBC) APIs.
  - 9. The method of claim 8, wherein receiving the connection request comprises receiving an ODBC connection request containing a target alias for retrieving the credentials from the credential manager, and a connection string for the native target resource connectivity component.
  - 10. The method of claim 9, wherein generating the native target resource connection request comprises packaging the retrieved credentials with the connection string.

11. A computer program product comprising a computer-readable medium storing computer executable instructions which, when executed by one or more processors, cause said one or more processors to provide a method of providing secure credentials for accessing a target resource comprising:
- receiving a connection request to the target resource from an unattended requestor application, the connection request including target resource information identifying the target resource and configuration information necessary to authenticate the requestor application, wherein the configuration information of the requestor application is fingerprint information, which uniquely identifies a node of the requestor application;
  
  decoding the request to extract the target resource information and the configuration information required by a credential manager to authenticate the requestor application and to retrieve the secure credentials for accessing the target resource, the credential manager managing and storing credentials for the target resource;
  
  securely communicating the extracted information to the credential manager;
  
  based on the extracted information, authenticating, by the credential manager, the requestor application and in response to the success of the authentication retrieving, by the credential manager, corresponding one or more credential for accessing the target resource;
  
  generating a native database connection request to the target resource, including the retrieved credential; and
  
  passing the native database connection request to the native database connectivity component to establish the connection.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer program product of claim 11, wherein decoding the request comprises parsing the request.
  - 13. The computer program product of claim 11, wherein securely communicating the extracted information to the credential manager comprises encrypting communications with the credential manager.
  - 14. The computer program product of claim 11, wherein the credentials include username and password.
  - 15. The computer program product of claim 11, wherein the function modules comprise Java Database Connectivity (JDBC) Application Programming Interfaces (APIs).
  - 16. The computer program product of claim 15, wherein the connection request comprises a custom Uniform Resource Locator (URL) that encodes a JDBC URL containing a target resource URL, and a target alias for retrieving the credentials from the credential manager.
  - 17. The computer program product of claim 16, wherein generating the native database connection request comprises packaging the retrieved credentials with the target resource URL to provide a native JDBC URL.
  - 18. The computer program product of claim 11, wherein the functional modules comprise Open Database Connectivity (ODBC) APIs.
  - 19. The computer program product of claim 18, wherein the connection request comprises an ODBC connection request containing a target alias for retrieving the credentials from the credential manager, and a connection string for the native target resource connectivity component.
  - 20. The computer program product of claim 19, wherein generating the native database connection request comprises packaging the retrieved credentials with the connection string.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto B.V. (MultiChoice Group Ltd.)
Original Assignee
Irdeto Canada Corporation (MultiChoice Group Ltd.)
Inventors
Mantle, James Alexander Sydney, Adams, Garney David
Primary Examiner(s)
Lipman, Jacob

Application Number

US12/992,325
Publication Number

US 20110093937A1
Time in Patent Office

1,933 Days
Field of Search

726/19
US Class Current

726/19
CPC Class Codes

G06F 21/44 Program or device authentic...

G06F 21/6218 to a system of files or obj...

Authenticated database connectivity for unattended applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated database connectivity for unattended applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links