Systems and methods for an extensible authentication framework

US 9,686,255 B2
Filed: 07/21/2010
Issued: 06/20/2017
Est. Priority Date: 07/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing credential gathering requirements to an agent executing on a client, to gather credentials from a user, the method comprising:

(a) receiving, by an agent executing on a client, a logon point configuration including credential gathering requirements from a device intermediary to the client and one or more servers, wherein the logon point configuration identifies an authentication flow type and the credential gathering requirements define a credential type and an input field type, the input field type defining a type of user interface element from which to obtain input to provide a credential corresponding to the credential type;

(b) detecting, by the agent, a request to access a logon point corresponding to the logon point configuration;

(c) implementing, by the agent, an authentication workflow process corresponding to the authentication flow type;

(d) displaying, by the agent via a user interface generated by the agent in accordance with the received credential gathering requirements, the type of user interface element corresponding to the input field type, the displayed type of user interface element to receive as input a credential from a user at the client, the credential identified by the credential type; and

(e) transmitting, by the agent independent of the user interface, to the device for authentication, the credential received from the user via the user interface element generated by the agent.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials. The flexible, configurable and extendable authentication framework supports a wide variety of authentication scheme and supports third party, proprietary and customized authentication schemes.

13 Citations

View as Search Results

20 Claims

1. A method for providing credential gathering requirements to an agent executing on a client, to gather credentials from a user, the method comprising:
- (a) receiving, by an agent executing on a client, a logon point configuration including credential gathering requirements from a device intermediary to the client and one or more servers, wherein the logon point configuration identifies an authentication flow type and the credential gathering requirements define a credential type and an input field type, the input field type defining a type of user interface element from which to obtain input to provide a credential corresponding to the credential type;
  
  (b) detecting, by the agent, a request to access a logon point corresponding to the logon point configuration;
  
  (c) implementing, by the agent, an authentication workflow process corresponding to the authentication flow type;
  
  (d) displaying, by the agent via a user interface generated by the agent in accordance with the received credential gathering requirements, the type of user interface element corresponding to the input field type, the displayed type of user interface element to receive as input a credential from a user at the client, the credential identified by the credential type; and
  
  (e) transmitting, by the agent independent of the user interface, to the device for authentication, the credential received from the user via the user interface element generated by the agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein (a) further comprises receiving, by the agent, the credential gathering requirements identifying a label for the input field type.
  - 3. The method of claim 2, wherein (b) further comprises displaying, by the agent, the user interface element with the label identified by the credential gathering requirements.
  - 4. The method of claim 1, wherein (a) further comprises receiving, by the agent, the credential gathering requirements identifying a label type of a label for an input field corresponding to the input field type.
  - 5. The method of claim 4, wherein (b) further comprises displaying, by the agent, the label for the input field, the label having the label type identified by the credential gathering requirements.
  - 6. The method of claim 1, wherein (a) further comprises receiving, by the agent, the credential gathering requirements identifying one or more input constraints.
  - 7. The method of claim 6, wherein (b) further comprises restricting, by the agent, a user'"'"'s input via the user interface element based on the one or more input constraints identified by the credential gathering requirements.
  - 8. The method of claim 1, wherein (b) further comprises displaying, by the agent, the user interface of one of a type or a form native to the client and not determined by the device transmitting the credential gathering requirements.
  - 9. The method of claim 1, further comprising identifying, by the credential gathering requirements, a credential type of one of a user name, password, pin or a certificate.
  - 10. The method of claim 1, wherein (a) further comprises receiving, by the agent, the logon point configuration identifying the authentication flow type comprising at least one of:
    - multiple authentication schemes, cascading authentication schemes, or a second authentication scheme that conditionally may be executed after a first authentication scheme.

11. A system for providing credential gathering requirements to an agent executing on a client, to gather credentials from a user, comprising:
- at least one processor of the client; and
  
  an agent executed on the at least one processor, the agent configured to;
  
  receive a logon point configuration including credential gathering requirements from a device intermediary to the client and one or more servers, wherein the logon point configuration identifies an authentication flow type and the credential gathering requirements define a credential type and an input field type, the input field type defining a type of user interface element from which to obtain input to provide a credential corresponding to the credential type;
  
  detect a request to access a logon point corresponding to the logon point configuration;
  
  implement an authentication workflow process corresponding to the authentication flow type;
  
  display, via a user interface generated in accordance with the received credential gathering requirements, the type of user interface element corresponding to the input field type, the displayed type of user interface element to receive as input a credential from a user at the client, the credential identified by the credential type; and
  
  transmit, independent of the user interface, to the device for authentication, the credential received from the user via the user interface element.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the agent is further configured to receive the credential gathering requirements identifying a label for the input field type.
  - 13. The system of claim 12, wherein the agent is further configured to display the user interface element with the label identified by the credential gathering requirements.
  - 14. The system of claim 11, wherein the agent is further configured to receive the credential gathering requirements identifying a label type of a label for an input field corresponding to the input field type.
  - 15. The system of claim 14, wherein the agent is further configured to display the label for the input field, the label having the label type identified by the credential gathering requirements.
  - 16. The system of claim 14, wherein the agent is further configured to receive the credential gathering requirements identifying one or more input constraints.
  - 17. The system of claim 16, wherein the agent is further configured to restrict user input via the user interface element based on the one or more input constraints identified by the credential gathering requirements.
  - 18. The system of claim 11, wherein the agent is further configured to display the user interface of one of a type or a form native to the client and not determined by the device transmitting the credential gathering requirements.
  - 19. The system of claim 11, wherein the agent is further configured to identify the credential gathering requirements, a credential type of one of a user name, password, pin or a certificate.
  - 20. The system of claim 11, wherein the agent is further configured to receive the logon point configuration identifying the authentication flow type comprising at least one of:
    - multiple authentication schemes, cascading authentication schemes, or a second authentication scheme that conditionally may be executed after a first authentication scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rafiq, Pierre
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US12/840,932
Publication Number

US 20120023558A1
Time in Patent Office

2,526 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/205 involving negotiation or de...

Systems and methods for an extensible authentication framework

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for an extensible authentication framework

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links