Automatic detection of authentication methods by a gateway
First Claim
1. A method for implementing an authentication mechanism at a gateway comprising:
- receiving a request for a first resource and a request for a second resource at the gateway;
analyzing, at the gateway, each of the request for the first resource and the request for the second resource for an indication that the first resource or the second resource requires authentication, wherein analyzing the request is performed without comparing the first resource or the second resource to a list of resources;
when the request for the first resource is determined at the gateway to contain an indication that the first resource requires authentication, thenaccessing an authentication rules database to identify an authentication process associated with the indication that the first resource requires authentication,executing the authentication process associated with the indication that the first resource requires authentication, andforwarding from the gateway the request to the first resource following the execution of the authentication process;
when the request for the second resource is determined at the gateway to contain an indication that the second resource requires authentication, thenaccessing the authentication rules database to identify an authentication process associated with the indication that the second resource requires authentication,executing the authentication process associated with the indication that the second resource requires authentication, andforwarding from the gateway the request to the first resource following the execution of the authentication process; and
when the request for the first resource is determined at the gateway not to contain the indication that the first resource requires authentication, then forwarding from the gateway the request to the first resource without execution of the authentication process; and
wherein the preceding steps are performed by at least one processor.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein is a system and method for allowing access to secure resources through a gateway without having to pre-configure the gateway with each specific URL that access is to be granted as well as maintaining the list of resources that are exposed. The gateway is configured to take incoming requests from client devices, such as the URL, and determine from the URL itself what type of authentication is required to gain access to the resource as opposed to comparing the URL with a managed list of URL'"'"'s. Once the authentication process is identified by the gateway that process is implemented. The gateway analyzes the responses from the resources that may include denials or user authentication requests from the resource to determine the authentication process to use to gain access to the resource. Once authenticated the communications traffic between the client/user and the resource is permitted through the gateway.
-
Citations
18 Claims
-
1. A method for implementing an authentication mechanism at a gateway comprising:
-
receiving a request for a first resource and a request for a second resource at the gateway; analyzing, at the gateway, each of the request for the first resource and the request for the second resource for an indication that the first resource or the second resource requires authentication, wherein analyzing the request is performed without comparing the first resource or the second resource to a list of resources; when the request for the first resource is determined at the gateway to contain an indication that the first resource requires authentication, then accessing an authentication rules database to identify an authentication process associated with the indication that the first resource requires authentication, executing the authentication process associated with the indication that the first resource requires authentication, and forwarding from the gateway the request to the first resource following the execution of the authentication process; when the request for the second resource is determined at the gateway to contain an indication that the second resource requires authentication, then accessing the authentication rules database to identify an authentication process associated with the indication that the second resource requires authentication, executing the authentication process associated with the indication that the second resource requires authentication, and forwarding from the gateway the request to the first resource following the execution of the authentication process; and when the request for the first resource is determined at the gateway not to contain the indication that the first resource requires authentication, then forwarding from the gateway the request to the first resource without execution of the authentication process; and wherein the preceding steps are performed by at least one processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for controlling access from a client device to a resource comprising:
-
at least one processor and at least one memory; a rules database storing at least two different authentication processes; and a gateway separating a first network from a second network, the gateway configured to receive requests from the client device on the first network for a first resource and a second resource on the second network and to select an authentication process from the rules database for each of the first resource and the second resource based on at least a portion of each request, and the gateway configured to analyze each request without comparing each resource to a list of resources, wherein the at least a portion of each request indicates that each of the first resource and the second resource on the second network requires authentication. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer readable storage device having computer executable instructions that when executed cause at least one computing device to:
-
receive requests for at least two different resources disposed on a second network from a client device disposed on a first network, each request having a corresponding resource of the at least two resources; analyze each request for the at least two different resources to determine if each of the requests contains an indication that the at least two different resources require authentication, wherein analyzing the requests is performed without comparing the at least two different resources requested to a list of resources; when the requests for the at least two different resources are determined at a gateway to contain the indications that the at least two different resources require authentication, then access an authentication rules database having a plurality of different authentication processes to identify an authentication process associated with each indication, and execute the authentication process associated with each indication for each of the requests; and when the requests for the at least two different resources are determined at the gateway not to contain the indications that the at least two different resources require authentication, then forward each of the requests to the corresponding resources following the execution of the identified authentication process.
-
Specification