System and method for securing authentication information in a networked environment

US 9,722,980 B2
Filed: 03/15/2016
Issued: 08/01/2017
Est. Priority Date: 07/03/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

encrypting, by a client device operated by a first party using a public key, original authentication information provided by the first party at the client device to generate encrypted authentication information, wherein the public key and an instruction for encrypting the authentication information were provided by a remote service operated by a second party in response to an access to the remote service by the client device operated by the first party;

the client device providing the encrypted authentication information to the remote service operated by the second party;

the remote service providing the encrypted authentication information to an on-premises component of an enterprise operated by a third party distinct from the first party and second party;

the on-premises component decrypting the encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information;

the on-premises component performing a validation on the original authentication information; and

the on-premises component returning a result of the validation to the remote service over a network, wherein the result is signed by the on-premises component using the private key such that the remote service operated by the second party can verify the result was sent by the on-premises component behind a firewall of the enterprise operated by the third party.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure is directed to systems and methods for securely communicating authentication information in a networked environment such as one involving a client device, a cloud based computing platform, and an enterprise computing environment. Some embodiments may include encrypting, by a client device using a public key, authentication information provided by a user. The encrypted authentication information is sent to a cloud based service which then sends it to an on-premises component residing behind a firewall of an enterprise. The on-premises component decrypts the authentication information using a private key, validates the authentication information, and returns the result to the cloud based service over a network. If validated, the cloud based service establishes a secure connection between the client device and the on-premises component such that the user can access the enterprise'"'"'s content without the enterprise having to share the authentication information with the cloud based service.

Citations

15 Claims

1. A method, comprising:
- encrypting, by a client device operated by a first party using a public key, original authentication information provided by the first party at the client device to generate encrypted authentication information, wherein the public key and an instruction for encrypting the authentication information were provided by a remote service operated by a second party in response to an access to the remote service by the client device operated by the first party;
  
  the client device providing the encrypted authentication information to the remote service operated by the second party;
  
  the remote service providing the encrypted authentication information to an on-premises component of an enterprise operated by a third party distinct from the first party and second party;
  
  the on-premises component decrypting the encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information;
  
  the on-premises component performing a validation on the original authentication information; and
  
  the on-premises component returning a result of the validation to the remote service over a network, wherein the result is signed by the on-premises component using the private key such that the remote service operated by the second party can verify the result was sent by the on-premises component behind a firewall of the enterprise operated by the third party.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein performing the validation comprises comparing the original authentication information to authentication information at the on-premises component.
  - 3. The method according to claim 1, wherein the instruction comprises an application executed at the client device.
  - 4. The method according to claim 3, wherein the application is a JavaScript application executed by a browser at the client device.
  - 5. The method according to claim 1, wherein the enterprise is operated by a fourth party distinct from the first party, the second party and the third party.

6. A non-transitory computer readable medium storing instructions translatable by at least one processor to perform:
- encrypting, by a client device operated by a first party using a public key, original authentication information provided by the first party at the client device to generate encrypted authentication information, wherein the public key and an instruction for encrypting the authentication information were provided by a remote service operated by a second party in response to an access to the remote service by the client device operated by the first party;
  
  the client device providing the encrypted authentication information to the remote service operated by the second party;
  
  the remote service providing the encrypted authentication information to an on-premises component of an enterprise operated by a third party distinct from the first party and second party;
  
  the on-premises component decrypting the encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information;
  
  the on-premises component performing a validation on the original authentication information; and
  
  the on-premises component returning a result of the validation to the remote service over a network, wherein the result is signed by the on-premises component using the private key such that the remote service operated by the second party can verify the result was sent by the on-premises component behind a firewall of the enterprise operated by the third party.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory computer readable medium according to claim 6, wherein performing the validation comprises comparing the original authentication information to authentication information at the on-premises component.
  - 8. The non-transitory computer readable medium according to claim 6, wherein the instruction comprises an application executed at the client device.
  - 9. The non-transitory computer readable medium according to claim 8, wherein the application is a JavaScript application executed by a browser at the client device.
  - 10. The non-transitory computer readable medium according to claim 6, wherein the enterprise is operated by a fourth party distinct from the first party, the second party and the third party.

11. A system, comprising:
- at least one processor; and
  
  at least one non-transitory computer readable medium storing instructions for configuring the at least one processor to perform the steps of;
  
  encrypting, by a client device operated by a first party using a public key, original authentication information provided by the first party at the client device to generate encrypted authentication information, wherein the public key and an instruction for encrypting the authentication information were provided by a remote service operated by a second party in response to an access to the remote service by the client device operated by the first party;
  
  the client device providing the encrypted authentication information to the remote service operated by the second party;
  
  the remote service providing the encrypted authentication information to an on- premises component of an enterprise operated by a third party distinct from the first party and second party;
  
  the on-premises component decrypting the encrypted authentication information using a private key corresponding to the public key provided by the remote service operated by the second party to obtain the original authentication information;
  
  the on-premises component performing a validation on the original authentication information; and
  
  the on-premises component returning a result of the validation to the remote service over a network, wherein the result is signed by the on-premises component using the private key such that the remote service operated by the second party can verify the result was sent by the on-premises component behind a firewall of the enterprise operated by the third party.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system according to claim 11, wherein performing the validation comprises comparing the original authentication information to authentication information at the on-premises component.
  - 13. The system according to claim 11, wherein the instruction comprises an application executed at the client device.
  - 14. The system according to claim 13, wherein the application is a JavaScript application executed by a browser at the client device.
  - 15. The system according to claim 11, wherein the enterprise is operated by a fourth party distinct from the first party, the second party and the third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SailPoint Technologies, Inc. (SailPoint Technologies Holdings, Inc.)
Original Assignee
SailPoint Technologies, Inc. (SailPoint Technologies Holdings, Inc.)
Inventors
Forster, Craig Robert William, Greff, Daniel Thomas, Goldenburg, Phillip, Chow, Crandall B. T.
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US15/070,805
Publication Number

US 20160197900A1
Time in Patent Office

504 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 9/30   Public key, i.e. encryption...

System and method for securing authentication information in a networked environment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing authentication information in a networked environment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links