Elevating trust in user identity during RESTful authentication

US 8,893,293 B1
Filed: 03/15/2013
Issued: 11/18/2014
Est. Priority Date: 08/20/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of authenticating an entity, comprising:

receiving, by a RESTful service running on one or more processors, a request for authentication of an entity;

redirecting the authentication request to a relying party, wherein the relying party facilitates the authentication of the entity and stores a first credential and a back channel SAML credential;

receiving, by the RESTful service, the first credential from the relying party, wherein the first credential is received through a front channel;

receiving, by the RESTful service, the back channel SAML credential from the relying party, wherein the back channel SAML credential is received through a back channel; and

authenticating the entity at a level of confidence based on the credential strength of the first credential and the back channel SAML credential.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user'"'"'s identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential.

90 Citations

View as Search Results

20 Claims

1. A computer-implemented method of authenticating an entity, comprising:
- receiving, by a RESTful service running on one or more processors, a request for authentication of an entity;
  
  redirecting the authentication request to a relying party, wherein the relying party facilitates the authentication of the entity and stores a first credential and a back channel SAML credential;
  
  receiving, by the RESTful service, the first credential from the relying party, wherein the first credential is received through a front channel;
  
  receiving, by the RESTful service, the back channel SAML credential from the relying party, wherein the back channel SAML credential is received through a back channel; and
  
  authenticating the entity at a level of confidence based on the credential strength of the first credential and the back channel SAML credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the relying party facilitates the authentication of the entity using an OpenID identity provider.
  - 3. The method of claim 1, wherein the back channel SAML assertion has the credential strength of DoDI 8520.03 level C.
  - 4. The method of claim 1, wherein the back channel SAML assertion has an SP 800-63 level of assurance 3.
  - 5. The method of claim 1, wherein the back channel SAML assertion has an SP 800-63 level of assurance 4.
  - 6. The method of claim 1, wherein the back channel SAML assertion passed by the relying party contains X.509 attributes.
  - 7. The method of claim 1, wherein information passed on the back channel is encrypted using SSL protocol.
  - 8. The method of claim 1, wherein information passed on the back channel is encrypted using TLS protocol.
  - 9. The method of claim 1, wherein information passed on the back channel is exchanged using SOAP protocol.
  - 10. The method of claim 1, wherein the first credential is a CAS credential.

11. A computer-implemented authentication system, comprising:
- a RESTful service running on one or more processors and comprising an authentication component operable to;
  
  receive a request for authentication of an entity using an entity agent,redirect the entity agent to a relying party,receive a first credential related to the authentication request, wherein the first credential is received from the relying party and through a front channel,receive a back channel SAML credential related to the authentication request, wherein the back channel SAML credential is received from the relying party and through a back channel, andauthenticate the entity at a level of confidence based on the credential strength of the first credential and the back channel SAML credential;
  
  a relying party operable to;
  
  facilitate the authentication of the entity,store the first credential and the back channel SAML credential,send, through the front channel, the first credential to the authentication component, andsend, through the back channel, the back channel SAML credential to the authentication component.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the relying party is further operable to facilitate authentication by using an Open ID profile.
  - 13. The method of claim 11, wherein the back channel SAML assertion has the credential strength of DoDI 8520.03 level C.
  - 14. The method of claim 11, wherein the back channel SAML assertion has an SP 800-63 level of assurance 3.
  - 15. The method of claim 11, wherein the back channel SAML assertion has an SP 800-63 level of assurance 4.
  - 16. The method of claim 11, wherein the back channel SAML assertion contains X.509 attributes.
  - 17. The method of claim 11, wherein the relying party is further operable to encrypt the back channel using SSL protocol.
  - 18. The method of claim 11, wherein the relying party is further operable to encrypt the back channel using TLS protocol.
  - 19. The method of claim 11, wherein relying party is further operable to use SOAP protocol on the back channel.
  - 20. The method of claim 11, wherein the first credential is a CAS credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crowdstrike, Inc. (CrowdStrike Holdings Incorporated)
Original Assignee
Jericho Systems Corporation
Inventors
Dufel, Michael, Subramanium, Vijayababu, Schmoyer, Timothy, Staggs, David
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Lakhia, Viral

Application Number

US13/844,622
Time in Patent Office

613 Days
Field of Search

726/1, 726/14, 726/4, 726/26, 713/182, 455/558
US Class Current

726/26
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Elevating trust in user identity during RESTful authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Elevating trust in user identity during RESTful authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links