System and method for secure proxy-based authentication
First Claim
1. A proxy system comprising:
- at least one processor configured to;
receive from a client, via a native protocol, a first access request requesting access by the client to a target application;
determine target application access credentials based at least in part on the first access request and a policy enforced by the proxy system, wherein the target application access credentials are effective to authenticate the proxy system to the target application;
provide to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and
responsive to the proxy system being authenticated to the target application based on the target application access credentials, establish access for the client to the target application through the proxy system and via the native protocol, wherein the access is consistent with the policy and is established based on the target application access credentials, and the client is not exposed to the target application access credentials.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for secure authentication facilitates improving the security of authentication between a client and a target by using an innovative authentication module on a proxy. The client can connect to the proxy using a native protocol and provides client credentials to the proxy. The proxy uses an authentication module to authenticate the client and then to provide target access credentials for proxy-target authentication, thereby giving the client access to the target through the proxy. The invention facilitates connection between the client and the target without requiring the client to be in possession of the target access credentials. The proxy can optionally be connected to a privileged access management system which can provide and/or store target access credentials. Proxy-provided target access credentials facilitate preventing a client security breech from exposing target access credentials.
-
Citations
25 Claims
-
1. A proxy system comprising:
at least one processor configured to; receive from a client, via a native protocol, a first access request requesting access by the client to a target application; determine target application access credentials based at least in part on the first access request and a policy enforced by the proxy system, wherein the target application access credentials are effective to authenticate the proxy system to the target application; provide to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and responsive to the proxy system being authenticated to the target application based on the target application access credentials, establish access for the client to the target application through the proxy system and via the native protocol, wherein the access is consistent with the policy and is established based on the target application access credentials, and the client is not exposed to the target application access credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A non-transitory computer readable medium including instructions that, when executed by at least one processor of a proxy system, cause the at least one processor to perform operations comprising:
-
receiving from a client, via a native protocol, a first access request requesting access by the client to a target application; determining target application access credentials based at least in part on the first access request and a policy enforced by the proxy system, wherein the target application access credentials are effective to authenticate the proxy system to the target application; providing to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and responsive to the proxy system being authenticated to the target application based on the target application access credentials, establishing access for the client to the target application via the native protocol, wherein the access is consistent with the policy and is established based on the target application access credentials, and the client is not exposed to the target application access credentials. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented method comprising:
-
receiving from a client, by a proxy system via a native protocol, a first access request requesting access by the client to a target application; determining target application access credentials based at least in part on the first access request and a policy enforced by the proxy system, wherein the target application access credentials are effective to authenticate the proxy system to the target application; providing to the target application a second access request requesting access to the target application, wherein the second access request comprises the target application access credentials; and responsive to the proxy system being authenticated to the target application based on the target application access credentials, establishing access for the client to the target application via the native protocol, wherein the access is consistent with the policy and is established based on the target application access credentials, and the client is not exposed to the target application access credentials. - View Dependent Claims (22, 23, 24, 25)
-
Specification