End user authentication using a virtual private network
First Claim
1. A method of authenticating a user of a Web service, said method comprising:
- at a gateway computer of said Web service, receiving a request to establish a virtual private network (VPN) that includes a digital certificate and a VPN identifier from a user computing device, said VPN identifier being a unique identifier of said user;
establishing said VPN between said user computing device and said gateway computer;
retrieving, by said gateway computer, from a first database of said Web service a user identifier using said VPN identifier as a key into said first database, said user identifier being distinct from said VPN identifier and identifying said user;
authorizing by said gateway computer, said user to use said Web service based upon said VPN identifier without requiring said user identifier and a password from said user; and
authenticating, by a proxy server computer that provides said Web service, that said user identifier represents a valid user of said Web service and providing said Web service to said user via said proxy server computer and said gateway computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A user is provisioned for a Web service by supplying a user name and password. A digital certificate and VPN identifier are generated and downloaded to the user'"'"'s computer. The VPN identifier and user identifier are stored into a database. The user accesses the Web service and establishes a VPN using the certificate and VPN identifier. A user identifier, user name or user password is not required. A gateway computer uses the VPN identifier to access the database previously established during the provisioning session to retrieve the user identifier. Retrieval of the user identifier validates that the computing device is authorized to use the Web service. The gateway computer stores the client IP address and a mapping to the user identifier into a database. A proxy server retrieves the user identifier from the database using the IP address and includes the user identifier in Web traffic for a remote computer.
-
Citations
20 Claims
-
1. A method of authenticating a user of a Web service, said method comprising:
-
at a gateway computer of said Web service, receiving a request to establish a virtual private network (VPN) that includes a digital certificate and a VPN identifier from a user computing device, said VPN identifier being a unique identifier of said user; establishing said VPN between said user computing device and said gateway computer; retrieving, by said gateway computer, from a first database of said Web service a user identifier using said VPN identifier as a key into said first database, said user identifier being distinct from said VPN identifier and identifying said user; authorizing by said gateway computer, said user to use said Web service based upon said VPN identifier without requiring said user identifier and a password from said user; and authenticating, by a proxy server computer that provides said Web service, that said user identifier represents a valid user of said Web service and providing said Web service to said user via said proxy server computer and said gateway computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of provisioning a user of a Web service, said method comprising:
-
receiving at a portal computer of a Web service a user name and a password from a user computing device; authenticating a user of said Web service using said user name and said password; generating a digital certificate and a virtual private network (VPN) identifier for said user, said VPN identifier being a unique identifier of said user; storing in a first database of said Web service a mapping from said VPN identifier to a user identifier that is distinct from said VPN identifier and uniquely identifies said user within said Web service; and downloading said digital certificate and said VPN identifier to said user computing device, whereby said user may establish a VPN with said Web service using said digital certificate and said VPN identifier in order to be authorized and to receive said Web service via a proxy server computer of said Web service without requiring said user identifier and a password from said user. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of authenticating a user of a Web service, said method comprising:
-
at a portal computer of said Web service, authenticating an end user using a user identifier received from a user computing device, said user identifier identifying said user who is authorized to use said Web service; downloading a digital certificate and a virtual private network (VPN) identifier to said user computing device, said VPN identifier being a unique identifier of said user and being distinct from said user identifier; storing said VPN identifier and said user identifier in association with each other in a first database of said Web service; establishing a VPN between said user computing device and a gateway computer of said Web service; retrieving, by said gateway computer, from said first database of said Web service said user identifier using said VPN identifier as a key into said first database; and authorizing, by said gateway computer, that said user computing device represents a valid user of said Web service based upon said VPN identifier without requiring said user identifier and a password from said user; and authenticating, by a proxy server computer that provides said Web service, that said user identifier represents a valid user of said Web service and providing said Web service to said user via said proxy server computer and said gateway computer. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification