End user authentication using a virtual private network

US 9,942,200 B1
Filed: 12/02/2014
Issued: 04/10/2018
Est. Priority Date: 12/02/2014
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user of a Web service, said method comprising:

at a gateway computer of said Web service, receiving a request to establish a virtual private network (VPN) that includes a digital certificate and a VPN identifier from a user computing device, said VPN identifier being a unique identifier of said user;

establishing said VPN between said user computing device and said gateway computer;

retrieving, by said gateway computer, from a first database of said Web service a user identifier using said VPN identifier as a key into said first database, said user identifier being distinct from said VPN identifier and identifying said user;

authorizing by said gateway computer, said user to use said Web service based upon said VPN identifier without requiring said user identifier and a password from said user; and

authenticating, by a proxy server computer that provides said Web service, that said user identifier represents a valid user of said Web service and providing said Web service to said user via said proxy server computer and said gateway computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user is provisioned for a Web service by supplying a user name and password. A digital certificate and VPN identifier are generated and downloaded to the user'"'"'s computer. The VPN identifier and user identifier are stored into a database. The user accesses the Web service and establishes a VPN using the certificate and VPN identifier. A user identifier, user name or user password is not required. A gateway computer uses the VPN identifier to access the database previously established during the provisioning session to retrieve the user identifier. Retrieval of the user identifier validates that the computing device is authorized to use the Web service. The gateway computer stores the client IP address and a mapping to the user identifier into a database. A proxy server retrieves the user identifier from the database using the IP address and includes the user identifier in Web traffic for a remote computer.

Citations

20 Claims

1. A method of authenticating a user of a Web service, said method comprising:
- at a gateway computer of said Web service, receiving a request to establish a virtual private network (VPN) that includes a digital certificate and a VPN identifier from a user computing device, said VPN identifier being a unique identifier of said user;
  
  establishing said VPN between said user computing device and said gateway computer;
  
  retrieving, by said gateway computer, from a first database of said Web service a user identifier using said VPN identifier as a key into said first database, said user identifier being distinct from said VPN identifier and identifying said user;
  
  authorizing by said gateway computer, said user to use said Web service based upon said VPN identifier without requiring said user identifier and a password from said user; and
  
  authenticating, by a proxy server computer that provides said Web service, that said user identifier represents a valid user of said Web service and providing said Web service to said user via said proxy server computer and said gateway computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1 further comprising:
    - receiving an IP address of said user computing device during said establishing; and
      
      storing said IP address in conjunction with said user identifier in a second database of said Web service; and
      
      retrieving said user identifier from said second database by a server computer of said Web service using said IP address as a key into said second database.
  - 3. The method as recited in claim 1 further comprising:
    - performing said authenticating by determining that said VPN identifier exists in said first database.
  - 4. The method as recited in claim 1 further comprising:
    - performing said authenticating by determining that said user identifier exists in said first database.
  - 5. The method as recited in claim 1 further comprising:
    - performing said authenticating by determining that said retrieved user identifier matches a valid user identifier in possession of said gateway computer.
  - 6. The method as recited in claim 2 further comprising:
    - performing said authenticating by said server computer only via use of said IP address received from said user computing device.
  - 7. The method as recited in claim 1 further comprising:
    - performing said authenticating only via use of said VPN identifier received from said user computing device.

8. A method of provisioning a user of a Web service, said method comprising:
- receiving at a portal computer of a Web service a user name and a password from a user computing device;
  
  authenticating a user of said Web service using said user name and said password;
  
  generating a digital certificate and a virtual private network (VPN) identifier for said user, said VPN identifier being a unique identifier of said user;
  
  storing in a first database of said Web service a mapping from said VPN identifier to a user identifier that is distinct from said VPN identifier and uniquely identifies said user within said Web service; and
  
  downloading said digital certificate and said VPN identifier to said user computing device, whereby said user may establish a VPN with said Web service using said digital certificate and said VPN identifier in order to be authorized and to receive said Web service via a proxy server computer of said Web service without requiring said user identifier and a password from said user.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method as recited in claim 8 further comprising:
    - performing said authenticating and downloading by said portal computer.
  - 10. The method as recited in claim 8 wherein said digital certificate includes said VPN identifier.
  - 11. The method as recited in claim 8 wherein said digital certificate is common to any user of said Web service.
  - 12. The method as recited in claim 8 further comprising:
    - ending a session between said user computing device and said portal computer before any other connection between said user computing device and said Web service is established.

13. A method of authenticating a user of a Web service, said method comprising:
- at a portal computer of said Web service, authenticating an end user using a user identifier received from a user computing device, said user identifier identifying said user who is authorized to use said Web service;
  
  downloading a digital certificate and a virtual private network (VPN) identifier to said user computing device, said VPN identifier being a unique identifier of said user and being distinct from said user identifier;
  
  storing said VPN identifier and said user identifier in association with each other in a first database of said Web service;
  
  establishing a VPN between said user computing device and a gateway computer of said Web service;
  
  retrieving, by said gateway computer, from said first database of said Web service said user identifier using said VPN identifier as a key into said first database; and
  
  authorizing, by said gateway computer, that said user computing device represents a valid user of said Web service based upon said VPN identifier without requiring said user identifier and a password from said user; and
  
  authenticating, by a proxy server computer that provides said Web service, that said user identifier represents a valid user of said Web service and providing said Web service to said user via said proxy server computer and said gateway computer.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method as recited in claim 13 further comprising:
    - ending a session between said user computing device and said Web service after said storing; and
      
      beginning a new session between said user computing device and said Web service upon said establishing.
  - 15. The method as recited in claim 13 further comprising:
    - receiving a request to establish said VPN from said user computing device that includes a digital certificate and said VPN identifier.
  - 16. The method as recited in claim 13 further comprising:
    - receiving an IP address of said user computing device during said establishing; and
      
      storing said IP address in conjunction with said user identifier in a second database of said Web service; and
      
      retrieving said user identifier from said second database by a server computer of said Web service using said IP address as a key into said second database.
  - 17. The method as recited in claim 13 further comprising:
    - performing said authenticating by determining that said VPN identifier exists in said first database.
  - 18. The method as recited in claim 13 further comprising:
    - performing said authenticating by determining that said user identifier exists in said first database.
  - 19. The method as recited in claim 13 further comprising:
    - performing said authenticating by determining that said retrieved user identifier matches a valid user identifier in possession of said gateway computer.
  - 20. The method as recited in claim 13 further comprising:
    - performing said authenticating without receiving said user identifier or a password from said user computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Tan, Dan, Wang, Lei, Shi, Bin, Yang, Liulin
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GUNDRY, STEPHEN T

Application Number

US14/558,669
Time in Patent Office

1,225 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

End user authentication using a virtual private network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

End user authentication using a virtual private network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links