User authentication for intermediate representational state transfer (REST) client via certificate authority
First Claim
1. A computer-readable storage device including executable code that, when executed, is configured to cause at least one data processing apparatus to:
- receive, by an intermediate representational state transfer (REST) client and from a separate user computer, a request for a resource stored on a REST server, the resource request including a user ID associated with a user;
determine, by the intermediate REST client and responsive to the resource request, that a key pair associated with the user ID is not stored on the intermediate REST client;
based on determining that a keypair associated with the user ID is not stored on the intermediate REST client;
generate, by the intermediate REST client, a public key and a corresponding private key, the generated public key and the corresponding generated private key included in a keypair associated with the user ID; and
store the generated keypair on the intermediate REST client in association with the user ID;
obtain, by the intermediate REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the generated public key associated with the user ID;
establish a connection between the intermediate REST client and the REST server using the certificate and the generated private key associated with the user ID; and
access, by the intermediate REST client on behalf of the user of the user computer, using a stateless protocol with the REST server, the requested resource.
2 Assignments
0 Petitions
Accused Products
Abstract
The present description refers to a computer implemented method, computer program product, and computer system for receiving a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID, determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID, obtaining, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID, impersonating, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID, and accessing, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.
-
Citations
20 Claims
-
1. A computer-readable storage device including executable code that, when executed, is configured to cause at least one data processing apparatus to:
-
receive, by an intermediate representational state transfer (REST) client and from a separate user computer, a request for a resource stored on a REST server, the resource request including a user ID associated with a user; determine, by the intermediate REST client and responsive to the resource request, that a key pair associated with the user ID is not stored on the intermediate REST client; based on determining that a keypair associated with the user ID is not stored on the intermediate REST client; generate, by the intermediate REST client, a public key and a corresponding private key, the generated public key and the corresponding generated private key included in a keypair associated with the user ID; and store the generated keypair on the intermediate REST client in association with the user ID; obtain, by the intermediate REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the generated public key associated with the user ID; establish a connection between the intermediate REST client and the REST server using the certificate and the generated private key associated with the user ID; and access, by the intermediate REST client on behalf of the user of the user computer, using a stateless protocol with the REST server, the requested resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer implemented method comprising:
-
receiving a resource request at an intermediate representational state transfer (REST) client from a separate user computer, a request for a resource stored on a REST server, the resource request including a user ID associated with a user; determining, by the intermediate REST client and responsive to the resource request, that a key pair associated with the user ID is not stored on the intermediate REST client; based on determining that a keypair associated with the user ID is not stored on the intermediate REST client; generating, by the intermediate REST client, a public key and a corresponding private key, the generated public key and the corresponding generated private key included in a keypair associated with the user ID; and store the generated keypair on the intermediate REST client in association with the user ID; obtaining, by the intermediate REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the generated public key associated with the user ID; establishing a connection between the intermediate REST client and the REST server using the certificate and the generated private key associated with the user ID; and accessing, by the intermediate REST client on behalf of the user of the user computer, using a stateless protocol with the REST server, the requested resource. - View Dependent Claims (15, 16, 17)
-
-
18. An apparatus comprising:
-
a transceiver configured to receive at an intermediate representational state transfer (REST) client and from a separate user computer, a request for a resource stored on a REST server, the resource request including a user ID associated with a user; key determination logic configured to; determine, by the intermediate REST client and responsive to the resource request, that a key pair associated with the user ID is not stored on the intermediate REST client, and based on determining by the key determination logic that a keypair associated with the user ID is not stored on the intermediate REST client; generate, by the intermediate REST client, a public key and a corresponding private key, the generated public key and the corresponding generated private key included in a keypair associated with the user ID; and store the generated keypair on the intermediate REST client in association with the user ID; certificate acquisition logic configured to obtain, by the intermediate REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the generated public key associated with the user ID; impersonating logic configured to establish a connection between the intermediate REST client and the REST server using the certificate and the generated private key associated with the user ID; and accessing logic configured to access, by the intermediate REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource. - View Dependent Claims (19, 20)
-
Specification