HTTP header-based adaptable authentication mechanism

US 9,641,504 B2
Filed: 12/15/2014
Issued: 05/02/2017
Est. Priority Date: 12/15/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for exchanging data using a data transfer protocol between a first device and a second device, the method comprising:

receiving, at the first device, a first request message from a second device, the first request message requesting to download an application from the first device;

responsive to receipt of the first request message, sending, to the second device, a first response message having a first authentication query within header portions of the first response message;

receiving, at the first device, a second request message having first authentication credentials within header portions of the second request message, the first authentication credentials being responsive to the first authentication query;

determining whether the first authentication credentials satisfy the first authentication query;

responsive to determining that the first authentication credentials satisfy the first authentication query, sending, to the second device, a second response message having a second authentication query within header portions of the second response message;

receiving, at the first device, a third request message having second authentication credentials within header portions of the third request message, the second authentication credentials being responsive to the second authentication query;

determining whether the second authentication credentials satisfy the second authentication query, wherein each of the first and second authentication credentials rely upon different security mechanisms;

responsive to determining that the second authentication credentials satisfy the second authentication query; and

transmitting, to the second device, the application upon a predetermined number of authentication techniques having been used as determined by a request counter that updates in connection with the authentication queries.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure is generally directed to systems and methods for HTTP header-based authentication. For example, the systems and methods include receiving, at a mobile platform server, a first request message from a client device, the first request message requesting to download an application from the mobile platform server, sending, to the client device, a first response message having a first authentication query within header portions of the first response message, receiving, at the mobile platform server, a second request message having first authentication credentials within header portions of the second request message, sending, to the client device, a second response message having a second authentication query within header portions of the second response message, receiving, at the mobile platform server first device, a third request message having second authentication credentials within header portions of the third request message, and sending, to the client device, the application.

31 Citations

View as Search Results

16 Claims

1. A computer-implemented method for exchanging data using a data transfer protocol between a first device and a second device, the method comprising:
- receiving, at the first device, a first request message from a second device, the first request message requesting to download an application from the first device;
  
  responsive to receipt of the first request message, sending, to the second device, a first response message having a first authentication query within header portions of the first response message;
  
  receiving, at the first device, a second request message having first authentication credentials within header portions of the second request message, the first authentication credentials being responsive to the first authentication query;
  
  determining whether the first authentication credentials satisfy the first authentication query;
  
  responsive to determining that the first authentication credentials satisfy the first authentication query, sending, to the second device, a second response message having a second authentication query within header portions of the second response message;
  
  receiving, at the first device, a third request message having second authentication credentials within header portions of the third request message, the second authentication credentials being responsive to the second authentication query;
  
  determining whether the second authentication credentials satisfy the second authentication query, wherein each of the first and second authentication credentials rely upon different security mechanisms;
  
  responsive to determining that the second authentication credentials satisfy the second authentication query; and
  
  transmitting, to the second device, the application upon a predetermined number of authentication techniques having been used as determined by a request counter that updates in connection with the authentication queries.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, wherein the data transfer protocol standard is a hypertext transfer protocol (HTTP).
  - 3. The method according to claim 1, wherein the second authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms.
  - 4. The method according to claim 3, wherein a subsequent third authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms, and differs from the second authentication credential, ensured by the use of the request counter.

5. A non-transitory computer readable storage medium storing one or more programs configured to be executed by a processor, the one or more programs for exchanging data using a data transfer protocol between a first device and a second device, and comprising instructions for:
- receiving, at the first device, a first request message from a second device, the first request message requesting to download an application from the first device;
  
  responsive to receipt of the first request message, sending, to the second device, a first response message having a first authentication query within header portions of the first response message;
  
  receiving, at the first device, a second request message having first authentication credentials within header portions of the second request message, the first authentication credentials being responsive to the first authentication query;
  
  determining whether the first authentication credentials satisfy the first authentication query;
  
  responsive to determining that the first authentication credentials satisfy the first authentication query, sending, to the second device, a second response message having a second authentication query within header portions of the second response message;
  
  receiving, at the first device, a third request message having second authentication credentials within header portions of the third request message, the second authentication credentials being responsive to the second authentication query;
  
  determining whether the second authentication credentials satisfy the second authentication query, wherein each of the first and second authentication credentials rely upon different security mechanisms;
  
  responsive to determining that the second authentication credentials satisfy the second authentication query; and
  
  transmitting, to the second device, the application upon a predetermined number of authentication techniques having been used as determined by a request counter that updates in connection with the authentication queries.
- View Dependent Claims (6, 7, 8)
- - 6. The computer readable storage medium according to claim 5, wherein the data transfer protocol standard is a hypertext transfer protocol (HTTP).
  - 7. The computer readable storage medium according to claim 5, wherein the second authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms.
  - 8. The computer readable storage medium according to claim 7, wherein a subsequent third authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms, and differs from the second authentication credential, ensured by the use of the request counter.

9. A communication apparatus comprising:
- one or more processors; and
  
  a memory storing one or more programs for exchanging data using a data transfer protocol between a first device and a second device, and comprising instructions for execution by the one or more processors, the one or more programs including instructions for;
  
  receiving, at the first device, a first request message from a second device, the first request message requesting to download an application from the first device;
  
  responsive to receipt of the first request message, sending, to the second device, a first response message having a first authentication query within header portions of the first response message;
  
  receiving, at the first device, a second request message having first authentication credentials within header portions of the second request message, the first authentication credentials being responsive to the first authentication query;
  
  determining whether the first authentication credentials satisfy the first authentication query;
  
  responsive to determining that the first authentication credentials satisfy the first authentication query, sending, to the second device, a second response message having a second authentication query within header portions of the second response portion;
  
  receiving, at the first device, a third request message having second authentication credentials within header portions of the third request message, the second authentication credentials being responsive to the second authentication query;
  
  determining whether the second authentication credentials satisfy the second authentication query, wherein each of the first and second authentication credentials rely upon different security mechanisms;
  
  responsive to determining that the second authentication credentials satisfy the second authentication query; and
  
  transmitting, to the second device, the application upon a predetermined number of authentication techniques having been used as determined by a request counter that updates in connection with the authentication queries.
- View Dependent Claims (10, 11, 12)
- - 10. The communication apparatus according to claim 9, wherein the data transfer protocol standard is a hypertext transfer protocol (HTTP).
  - 11. The communication apparatus according to claim 9, wherein the second authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms.
  - 12. The communication apparatus according to claim 11, wherein a third subsequent authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, and security assertion markup language (SAML) mechanisms, and differs from the second authentication credential, ensured by the use of the request counter.

13. A computer-implemented method for exchanging data using a data transfer protocol between a first device and a second device, the method comprising:
- sending, at the first device, a first request message to a second device, the first request message requesting to download an application from the second device;
  
  receiving, from the second device, a first response message having a first authentication query within header portions of the first response message, the first authentication query being responsive to the first authentication message;
  
  responsive to receipt of the first authentication query, generating, at the first device, a first user interface to prompt an end user for first authentication credentials;
  
  sending, at the first device, a second request message having the first authentication credentials within header portions of the second request message;
  
  responsive to the second device determining that the first authentication credentials satisfy the first authentication query, receiving, from the second device, a second response message having a second authentication query within header portions of the second response;
  
  responsive to receipt of the second authentication query, generating, at the first device, a second user interface to prompt an end user for second authentication credentials;
  
  sending, at the first device, a third request message having the second authentication credentials within header portions of the third request message;
  
  responsive to the second device determining that the second authentication credentials satisfy the first authentication query, wherein each of the first and second authentication credentials rely upon different security mechanisms; and
  
  receiving, from the second device, the application upon a predetermined number of authentication techniques having been used as determined by a request counter that updates in connection with the authentication queries.
- View Dependent Claims (14, 15, 16)
- - 14. The method according to claim 13, wherein the data transfer protocol standard is a hypertext transfer protocol (HTTP).
  - 15. The method according to claim 13, wherein the second authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms.
  - 16. The method according to claim 13, wherein a third subsequent authentication credential is selected from secure sockets layer certificates, authorization tokens, basic authentication, Kerberos authentication, remote authentication dial in user service (RADIUS), and security assertion markup language (SAML) mechanisms, and differs from the second authentication credential, ensured by the use of the request counter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Stevens, Karl, Hoos, Jason, Hall, John, Xue, Yunjiao, Wang, Steven, Natarajan, Senthil
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/570,734
Publication Number

US 20160173466A1
Time in Patent Office

869 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04W 12/069   using certificates or pre-s...

H04W 4/60   Subscription-based services...

HTTP header-based adaptable authentication mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

HTTP header-based adaptable authentication mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links