Authenticating user through web extension using token based authentication scheme

US 8,898,764 B2
Filed: 11/16/2012
Issued: 11/25/2014
Est. Priority Date: 04/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method executed on a computing device for authenticating a user through a web extension using a token based authentication scheme, the method comprising:

receiving a token associated with the user at a client component of the web extension;

transmitting the token to a server component of the web extension to authenticate the user;

validating the token at the server component of the web extension;

mapping the user to the token and authenticating the user at the server component of the web extension;

determining an availability of a validation library to authenticate the user and the token for an automated validation at the server component;

affirming that the token is not expired at the server component; and

verifying that the token correctly addresses an associated client application, at the server component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A web extension authenticates a user using a token based authentication scheme. A token is retrieved from a client application to authenticate the user. The web extension transmits the token to a server component to have the server component authenticate the user. The server component validates the token using a validation library. The user is mapped to the token and authenticated upon validating the token.

53 Citations

View as Search Results

18 Claims

1. A method executed on a computing device for authenticating a user through a web extension using a token based authentication scheme, the method comprising:
- receiving a token associated with the user at a client component of the web extension;
  
  transmitting the token to a server component of the web extension to authenticate the user;
  
  validating the token at the server component of the web extension;
  
  mapping the user to the token and authenticating the user at the server component of the web extension;
  
  determining an availability of a validation library to authenticate the user and the token for an automated validation at the server component;
  
  affirming that the token is not expired at the server component; and
  
  verifying that the token correctly addresses an associated client application, at the server component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - detecting a user identifier associated with the user in the token; and
      
      determining a signature in the token from a server having authority over the user identifier.
  - 3. The method of claim 1, wherein the client component and the server component have separate identity providers to provide logon to their users.
  - 4. The method of claim 1, further comprising:
    - enabling a single sign-on for the associated client application across multiple computing devices without requesting user credentials on each computing device.
  - 5. The method of claim 1, further comprising:
    - receiving the token in an unencrypted state.
  - 6. The method of claim 1, further comprising:
    - validating the token by using a public key for a manual validation.
  - 7. The method of claim 1, further comprising:
    - extracting a user identifier from the token.
  - 8. The method of claim 7, further comprising:
    - authenticating the user by matching the user identifier to a set of registered users.
  - 9. The method of claim 7, further comprising:
    - requesting the client component of the web extension to prompt the user to provide credentials upon an inability to extract the user identifier from the token.
  - 10. The method of claim 9, further comprising:
    - receiving the credentials at the server component of the web extension;
      
      verifying the user by matching the credentials to a set of registered users;
      
      notifying the user of an inability to match the credentials upon a failure to locate the user; and
      
      mapping the user to the token by using a uniform resource locator (URL) of a public key used to sign the token upon matching the credentials to the set of registered users.

11. A web server for authenticating a user through a web extension using a token based authentication scheme, the web server comprising:
- a memory configured to store instructions; and
  
  a processor coupled to the memory, the processor executing an application in conjunction with the instructions stored in the memory, wherein the application is configured to;
  
  receive a token associated with the user at a client component of the web extension;
  
  transmit the token to a server component of the web extension to authenticate the user;
  
  detect a user identifier associated with the user in the token at the server component of the web extension;
  
  validate the token at the server component of the web extension by matching the user identifier to a set of registered users;
  
  map the user to the token and authenticate the user at the server component of the web extension;
  
  determine an availability of a validation library to authenticate the user at the server component;
  
  verify authority of an issuing server over the user identifier in the token at the server component;
  
  affirm that the token is not expired at the server component; and
  
  verify that the token correctly addresses an associated client application, at the server component.
- View Dependent Claims (12, 13, 14)
- - 12. The web server of claim 11, wherein the application is further configured to:
    - determine an unavailability of a validation library to authenticate the user.
  - 13. The web server of claim 12, wherein the application is further configured to:
    - validate that an audience parameter of the token corresponds to a uniform resource locator (URL) pointing to the web extension.
  - 14. The web server of claim 13, wherein the application is further configured to:
    - retrieve a public key to validate a signature of the token; and
      
      validate the signature.

15. A computer-readable memory device with instructions stored thereon for authenticating a user through a web extension using a token based authentication scheme, the instructions comprising:
- receiving a token associated with the user at a client component of the web extension;
  
  transmitting the token to a server component of the web extension to authenticate the user;
  
  detecting a user identifier associated with the user in the token at the server component of the web extension;
  
  determining a signature in the token from a server having authority over the user identifier at the server component of the web extension;
  
  validating the token at the server component of the web extension by;
  
  matching the user identifier to a set of registered users;
  
  validating the signature against the server by determining a validity of a certificate encompassing the signature;
  
  mapping the user to the token and authenticating the user at the server component of the web extension;
  
  determining an availability of a validation library to authenticate the user at the server component;
  
  affirming that the token is not expired at the server component; and
  
  verifying that the token correctly addresses an associated client application, at the server component.
- View Dependent Claims (16, 17, 18)
- - 16. The computer-readable memory device of claim 15, wherein the instructions further comprise:
    - optimizing the authentication scheme by;
      
      avoiding validation of the token during a predetermined time in which the token is valid; and
      
      one of;
      
      treating the token as a cookie and caching the token.
  - 17. The computer-readable memory device of claim 15, wherein the instructions further comprise:
    - optimizing the authentication scheme by caching a retrieved public key to validate the token for an extended predetermined time.
  - 18. The computer-readable memory device of claim 17, wherein the instructions further comprise:
    - retrieving a new public key to validate the token upon a failure to validate the token with the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kress, Brian, Salamatov, Andrew, Leibmann, Matthias, Henderson, Jason
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US13/679,581
Publication Number

US 20130283362A1
Time in Patent Office

739 Days
Field of Search

726/7, 726/19, 726/20, 726/4, 726/6, 726/9, 726/10, 726/28, 380/259, 380/279, 380/281, 380/282, 380/284, 709/217, 709/229, 713/155, 713/168, 713/171
US Class Current

726/7
CPC Class Codes

G06F 21/44 Program or device authentic...

Authenticating user through web extension using token based authentication scheme

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating user through web extension using token based authentication scheme

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links