Authentication proxy agent

US 9,654,473 B2
Filed: 06/28/2013
Issued: 05/16/2017
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A system including instructions stored on a non-transitory computer readable storage medium and executable by at least one processor, the system comprising:

an authentication engine configured to cause the at least one processor toreceive, at a server, an authentication request and credentials from a client;

generate, at the server, a proxy agent;

send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;

receive, at the proxy agent, an assertion of authentication of the client from the identity provider; and

provide the assertion from the proxy agent to the server to satisfy the authentication request.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication engine may be configured to receive an authentication request and credentials from a client. The authentication engine may then generate a proxy agent configured to interact with an identity provider to authenticate the client on behalf of the client, using the credentials. In this way, the authentication engine may receive an assertion of authentication of the client from the identity provider, by way of the proxy agent.

Citations

20 Claims

1. A system including instructions stored on a non-transitory computer readable storage medium and executable by at least one processor, the system comprising:
- an authentication engine configured to cause the at least one processor toreceive, at a server, an authentication request and credentials from a client;
  
  generate, at the server, a proxy agent;
  
  send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;
  
  receive, at the proxy agent, an assertion of authentication of the client from the identity provider; and
  
  provide the assertion from the proxy agent to the server to satisfy the authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the authentication engine is implemented by a mobile server providing services to the client, and the client includes a mobile client.
  - 3. The system of claim 1, wherein the authentication engine is configured to cause the at least one processor, in response to the receipt of the authentication request and credentials, to resolve a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client.
  - 4. The system of claim 1, wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider.
  - 5. The system of claim 1, wherein the proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client.
  - 6. The system of claim 5, wherein the virtual browser manager is configured to access a virtual browser pool storing a plurality of available virtual browsers, and to select the virtual browser therefrom.
  - 7. The system of claim 1, wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identity provider, including receiving the assertion therefrom, on behalf of the client.
  - 8. The system of claim 1, further comprising a session manager configured to create a session for the client, based on the assertion.
  - 9. The system of claim 8, wherein the authentication engine is provided by a mobile server, and wherein the session provides access to multiple services of the mobile server to the client.

10. A method comprising:
- receiving, at a server, an authentication request and credentials from a client;
  
  generating, at the server, a proxy agent;
  
  sending, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;
  
  receiving, at the proxy agent, an assertion of authentication of the client from the identity provider; and
  
  providing the assertion from the proxy agent to the server to satisfy the authentication request.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein receiving the authentication request and credentials further comprises resolving a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client.
  - 12. The method of claim 10, wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider.
  - 13. The method of claim 10, wherein the proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client.
  - 14. The method of claim 10, wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identify provider, including receiving the assertion therefrom, on behalf of the client.

15. A computer program product including instructions recorded on a non-transitory computer readable storage medium and configured to cause at least one processor to:
- receive, at a server, an authentication request and credentials from a client;
  
  generate, at the server, a proxy agent;
  
  send, from the proxy agent, the credentials to an identity provider to authenticate the client on behalf of the client, using the credentials;
  
  receive, at the proxy agent, an assertion of authentication of the client from the identity provider; and
  
  provide the assertion from the proxy agent to the server to satisfy the authentication request.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the instructions, when executed, are further configured, in response to the receipt of the authentication request and credentials, to resolve a previously-stored authentication configuration, including identifying the identity provider from among a plurality of identity providers as being associated with the client.
  - 17. The computer program product of claim 15, wherein the proxy agent is configured to store configuration data governing content, format, and timing of interactions with the identity provider.
  - 18. The computer program product of claim 15, wherein proxy agent includes a virtual browser manager configured to implement a virtual browser used to relay the credentials to the identity provider on behalf of the client.
  - 19. The computer program product of claim 18, wherein the virtual browser manager is configured to access a virtual browser pool storing a plurality of available virtual browsers, and to select the virtual browser therefrom.
  - 20. The computer program product of claim 15, wherein the proxy agent is configured to execute the Security Assertion Markup Language (SAML) standard with the identify provider, including receiving the assertion therefrom, on behalf of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BMC Software Incorporated (KKR & Co., Inc.)
Original Assignee
BMC Software Incorporated (KKR & Co., Inc.)
Inventors
Miller, Karl Frederick
Primary Examiner(s)
Lim, Krisna

Application Number

US13/931,560
Publication Number

US 20150007291A1
Time in Patent Office

1,418 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/12   Applying verification of th...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/32   including means for verifyi...

H04W 12/04   Key management, e.g. using ...

H04W 12/062   Pre-authentication

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Authentication proxy agent

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication proxy agent

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links