Abstracting credentials for mobile client authentication

US 9,483,627 B1
Filed: 05/03/2012
Issued: 11/01/2016
Est. Priority Date: 05/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a proxy server computer, an authentication request from a mobile user device for access to a web application hosted in a cloud, wherein the authentication request comprises initial user credentials that are embedded in the mobile user device, and wherein the authentication request to the web application is routed to the proxy server computer via a Virtual Private Network (VPN) in view of a configuration profile of the mobile user device indicating that requests from a specific domain be routed to the proxy server computer;

determining that the authentication request is a candidate for modification based on the initial user credentials in the authentication request;

modifying, by the proxy server computer, the authentication request to include replacement user credentials that correspond to the initial user credentials; and

transmitting the modified authentication request to the web application in the cloud, wherein the web application determines whether the modified authentication request is valid based on the replacement user credentials.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system receives an authentication request from a user device for access to a web application hosted in a cloud and determines that the authentication request is a candidate for modification based on initial user credentials in the authentication request. The computing system modifies the authentication request to include replacement user credentials that correspond to the initial user credentials and transmits the modified authentication request to the web application in the cloud. The web application determines whether the modified authentication request is valid based on the replacement user credentials.

Citations

18 Claims

1. A method comprising:
- receiving, by a proxy server computer, an authentication request from a mobile user device for access to a web application hosted in a cloud, wherein the authentication request comprises initial user credentials that are embedded in the mobile user device, and wherein the authentication request to the web application is routed to the proxy server computer via a Virtual Private Network (VPN) in view of a configuration profile of the mobile user device indicating that requests from a specific domain be routed to the proxy server computer;
  
  determining that the authentication request is a candidate for modification based on the initial user credentials in the authentication request;
  
  modifying, by the proxy server computer, the authentication request to include replacement user credentials that correspond to the initial user credentials; and
  
  transmitting the modified authentication request to the web application in the cloud, wherein the web application determines whether the modified authentication request is valid based on the replacement user credentials.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the initial user credentials are Virtual Private Network credentials.
  - 3. The method of claim 1, wherein modifying the authentication request comprises:
    - locating the replacement user credentials that correspond to the initial user credentials in a data store that is coupled to the proxy server computer; and
      
      replacing the initial user credentials in the authentication request with the corresponding replacement user credentials.
  - 4. The method of claim 1, wherein the replacement user credentials are in a different format from the initial user credentials.
  - 5. The method of claim 1, wherein the replacement user credentials are in a same format as the initial user credentials.
  - 6. The method of claim 1, wherein receiving the authentication request from the mobile user device comprises:
    - intercepting the authentication based on a Virtual Private Network configuration of the mobile user device.

7. A system comprising:
- a memory; and
  
  a processing device coupled with the memory to;
  
  receive, by a proxy server computer executing the processing device, an authentication request from a mobile user device for access to a web application hosted in a cloud, wherein the authentication request comprises initial user credentials that are embedded in the mobile user device, and wherein the authentication request to the web application is routed to the proxy server computer via a Virtual Private Network (VPN) in view of a configuration profile of the mobile user device indicating that requests from a specific domain be routed to the proxy server computer;
  
  determine that the authentication request is a candidate for modification based on the initial user credentials in the authentication request;
  
  modify the authentication request to include replacement user credentials that correspond to the initial user credentials; and
  
  transmit the modified authentication request to the web application in the cloud, wherein the web application determines whether the modified authentication request is valid based on the replacement user credentials.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the initial user credentials are Virtual Private Network credentials.
  - 9. The system of claim 7, wherein the processing device is to modify the authentication request by:
    - locating the replacement user credentials that correspond to the initial user credentials in a data store that is coupled to the processing device; and
      
      replacing the initial user credentials in the authentication request with the corresponding replacement user credentials.
  - 10. The system of claim 7, wherein the replacement user credentials are a different format from the initial user credentials.
  - 11. The system of claim 7, wherein the replacement user credentials are a same format as the initial user credentials.
  - 12. The system of claim 7, wherein the processing device is to receive the authentication request from the mobile user device by:
    - intercepting the authentication based on a Virtual Private Network configuration of the mobile user device.

13. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform a method comprising:
- receiving, by a proxy server computer executing the processing device, an authentication request from a mobile user device for access to a web application hosted in a cloud, wherein the authentication request comprises initial user credentials that are embedded in the mobile user device, and wherein the authentication request to the web application is routed to the proxy server computer via a Virtual Private Network (VPN) in view of a configuration profile of the mobile user device indicating that requests from a specific domain be routed to the proxy server computer;
  
  determining that the authentication request is a candidate for modification based on the initial user credentials in the authentication request;
  
  modifying the authentication request to include replacement user credentials that correspond to the initial user credentials; and
  
  transmitting the modified authentication request to the web application in the cloud, wherein the web application determines whether the modified authentication request is valid based on the replacement user credentials.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable storage medium of claim 13, wherein the initial user credentials are Virtual Private Network credentials.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein modifying the authentication request comprises:
    - locating the replacement user credentials that correspond to the initial user credentials in a data store that is coupled to the processing device; and
      
      replacing the initial user credentials in the authentication request with the corresponding replacement user credentials.
  - 16. The non-transitory computer readable storage medium of claim 13, wherein the replacement user credentials are a different format from the initial user credentials.
  - 17. The non-transitory computer readable storage medium of claim 13, wherein the replacement user credentials are a same format as the initial user credentials.
  - 18. The non-transitory computer readable storage medium of claim 13, wherein receiving the authentication request from the mobile user device comprises:
    - intercepting the authentication via the Virtual Private Network and based on a Virtual Private Network configuration of the mobile user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Ferg, Barry, Krall, Gary, Popp, Nicolas, Koeten, Robert
Primary Examiner(s)
Brown, Anthony

Application Number

US13/463,749
Time in Patent Office

1,643 Days
Field of Search

726/2, 726 4- 6, 726/18, 726/21
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Abstracting credentials for mobile client authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Abstracting credentials for mobile client authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links