Method and system for third party client authentication

US 8,918,848 B2
Filed: 04/26/2010
Issued: 12/23/2014
Est. Priority Date: 04/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a client using a third party authentication server, the method being performed by an intermediate server configured to communicate with the client and the third party authentication server, the method comprising:

requesting, by a plug-in executing on the intermediate server and associated with a third party authentication server, a list of supported credential types of said third party authentication server,wherein the list of supported credential types is selected from the group comprising;

a password, a single sign-on (SSO) authentication token, a PIN, and a smart card credential;

receiving, from the plug-in, said list of supported credential types of the third party authentication server;

sending, to the client, an identification of the supported credential types of the third party authentication server in the list;

receiving, from the client, credential information and a selected credential type from the list of supported credential types;

sending the credential information and the selected credential type to the plug-in;

determining, by the plug-in, if the selected credential type is supported by the third party authentication server, andtransmitting the credential information received from the client to the third party authentication server for authenticating the client, in response to determining the selected credential type is supported by the third party authentication server;

wherein the plug-in is selected from a plurality of plug-ins, and each of the plurality of plug-ins is associated with a different third party authentication server.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).

104 Citations

View as Search Results

15 Claims

1. A method of authenticating a client using a third party authentication server, the method being performed by an intermediate server configured to communicate with the client and the third party authentication server, the method comprising:
- requesting, by a plug-in executing on the intermediate server and associated with a third party authentication server, a list of supported credential types of said third party authentication server,wherein the list of supported credential types is selected from the group comprising;
  
  a password, a single sign-on (SSO) authentication token, a PIN, and a smart card credential;
  
  receiving, from the plug-in, said list of supported credential types of the third party authentication server;
  
  sending, to the client, an identification of the supported credential types of the third party authentication server in the list;
  
  receiving, from the client, credential information and a selected credential type from the list of supported credential types;
  
  sending the credential information and the selected credential type to the plug-in;
  
  determining, by the plug-in, if the selected credential type is supported by the third party authentication server, andtransmitting the credential information received from the client to the third party authentication server for authenticating the client, in response to determining the selected credential type is supported by the third party authentication server;
  
  wherein the plug-in is selected from a plurality of plug-ins, and each of the plurality of plug-ins is associated with a different third party authentication server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the intermediate server is associated with a service, and wherein a successful authentication permits access to applications provided by the service.
  - 3. The method of claim 1, further comprising receiving, from the client, an identification of the third party authentication server.
  - 4. The method of claim 1, wherein the supported credential types comprise a ticket-based authentication credential.
  - 5. The method of claim 1, wherein the credential information comprises a token, and wherein the third party authentication server supports a token-based authentication protocol.
  - 6. The method of claim 1, wherein the credential information and the selected credential type are received as encoded information.
  - 7. The method of claim 6, further comprising decoding the encoded information to generate the credential information and the selected credential type.

8. A non-transitory computer-readable medium storing instructions for authenticating a client using a third party authentication server, the instructions for execution by an intermediate server configured to communicate with the client and the third party authentication server, wherein when the instructions are executed, the instructions configure a processor of the intermediate server to:
- request, by a plug-in executing on the intermediate server and associated with the third party authentication server, a list of supported credential types of said third party authentication server,wherein the list of supported credential types is selected from the group comprising;
  
  a password, a single sign-on (SSO) authentication token, a PIN, and a smart card credential;
  
  receive, from the plug-in, said list of supported credential types of the third party authentication server;
  
  send, to a client, an identification of the supported credential types of the third party authentication server in the list;
  
  receive, from the client, credential information and a selected credential type from the list of supported credential types;
  
  send the credential information and the selected credential type to the plug-in;
  
  determine, by the plug-in, if the selected credential type is supported by the third party authentication server, andtransmit the credential information received from the client to the third party authentication server for authenticating the client, in response to determining the selected credential type is supported by the third party authentication server;
  
  wherein the plug-in is selected from a plurality of plug-ins, and each of the plurality of plug-ins is associated with a different third party authentication server.

9. An intermediate server configured to communicate with a client and a third party authentication server to allow the client to be authenticated using the third party authentication server, the intermediate server comprising:
- a hardware processor configured to provide a plug-in associated with the third party authentication server;
  
  wherein the hardware processor is further configured to;
  
  request, by the plug-in, a list of supported credential types of said third party authentication serverwherein the list of supported credential types is selected from the group comprising;
  
  a password, a single sign-on (SSO) authentication token, a PIN, and a smart card credential;
  
  receive, from the plug-in, said list of supported credential types of the third party authentication server;
  
  send, to a client, an identification of the supported credential types of the third party authentication server in the list;
  
  receive, from the client, credential information and a selected credential type from the list of supported credential types;
  
  send the credential information and the selected credential type to the plug-in;
  
  determine, by the plug-in, if the selected credential type is supported by the third party authentication server, andtransmit the credential information received from the client to the third party authentication server for authenticating the client, in response to determining the selected credential type is supported by the third party authentication server;
  
  wherein the plug-in is selected from a plurality of plug-ins, and each of the plurality of plug-ins is associated with a different third party authentication server.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The intermediate server of claim 9, wherein the intermediate server is associated with a service, and wherein a successful authentication permits access to applications provided by the service.
  - 11. The intermediate server of claim 9, wherein the hardware processor is further configured to receive, from the client, an identification of the third party authentication server.
  - 12. The intermediate server of claim 9, wherein the supported credential types comprise a ticket-based authentication credential.
  - 13. The intermediate server of claim 9, wherein the credential information comprises a token, and wherein the third party authentication server supports a token-based authentication protocol.
  - 14. The intermediate server of claim 9, wherein the credential information and the selected credential type are received as encoded information.
  - 15. The intermediate server of claim 14, wherein the hardware processor is further configured to decode the encoded information to generate the credential information and the selected credential type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Schneider, Kenneth Cyril, Sharma, Girish Kumar, Hon, Lenny Kwok-Ming, Burjoski, Joseph Daniel
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
MOHAMMADI, FAHIMEH M

Application Number

US12/767,067
Publication Number

US 20110265172A1
Time in Patent Office

1,702 Days
Field of Search

726 5- 10, 726/27, 726/12, 726/18, 713155-159, 713168-186, 380247-250, 705/18, 705/44, 709/225, 707/705
US Class Current

726/6
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/0884 by delegation of authentica...

Method and system for third party client authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for third party client authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links