Strong authentication with feeder robot in a federated identity web environment
First Claim
1. An authentication server in communication with a controlled access application of an enterprise system that requires at least a first Identifier (ID) factor and a second ID factor for authentication, the authentication server comprising:
- at least one hardware processor; and
memory storing instructions that, when executed by the at least one hardware processor, causes the authentication server to perform operations including;
receiving a request to authenticate a user to the controlled access application using the first ID factor and the second ID factor;
selecting and activating, at the authentication server, a feeder robot configured to interact with a host verification server associated with the first ID factor and the second ID factor using HTTP protocol or HTTPS protocol;
obtaining, via the feeder robot, first information to complete the first ID factor, at least some of the first information being obtained from the user, attempting to access the controlled access application through a user interface provided by the enterprise system;
opening a connection between the host verification server and the authentication server;
requesting, in an HTTP or HTTPS request made via the feeder robot, a first authentication user interface from the host verification server via the connection;
receiving, in an HTTP or HTTPS response received via the feeder robot, the first authentication user interface in response to the request, wherein the first authentication user interface is not presented to the user;
generating a token for the feeder robot,generating, via the feeder robot, a first web form using the first information and information used to maintain the connection that is extracted from the first authentication user interface;
submitting, via the feeder robot, the token and the first web form to the host verification server, wherein submitting the first web form simulates a first submission by the user, wherein the token verifies to the host verification server that the feeder robot from the feeder robot is not a web-crawling robot;
receiving, in an HTTP or HTTPS response received via the feeder robot, an indication of successful verification from the host verification server, the indication including a second authentication user interface, wherein the second authentication user interface is not presented to the user;
obtaining, via the feeder robot, a second information to complete the second ID factor, at least some of the second information being obtained from the user;
generating, via the feeder robot, a second web form using the second information and information used to maintain the connection that is extracted from the second authentication user interface;
submitting the second web form to the host verification server, wherein submitting the second web form simulates a second submission by the user;
receiving an indication of successful verification from the host verification server;
cleaning up the feeder robot, including closing the connection with the host verification server; and
initiating, in response to receiving the indication of successful verification, access to the controlled access application.
1 Assignment
0 Petitions
Accused Products
Abstract
Method, system, and programs for performing two-factor authentication for a controlled access application via one or more third-party host verification servers. An example method includes receiving a request to a controlled access application after a user has successfully logged into an enterprise system with a first Identifier (ID) factor, the controlled access application requiring additional authentication with a second ID factor, obtaining first information to complete the second ID factor, at least some of the first information being obtained from the user, and generating a first web form using the first information. The method also includes submitting the first web form to a host verification server, receiving an indication of successful verification from the host verification server; and initiating, in response to receiving the indication of successful verification, access to the controlled access application.
311 Citations
23 Claims
-
1. An authentication server in communication with a controlled access application of an enterprise system that requires at least a first Identifier (ID) factor and a second ID factor for authentication, the authentication server comprising:
-
at least one hardware processor; and memory storing instructions that, when executed by the at least one hardware processor, causes the authentication server to perform operations including; receiving a request to authenticate a user to the controlled access application using the first ID factor and the second ID factor; selecting and activating, at the authentication server, a feeder robot configured to interact with a host verification server associated with the first ID factor and the second ID factor using HTTP protocol or HTTPS protocol; obtaining, via the feeder robot, first information to complete the first ID factor, at least some of the first information being obtained from the user, attempting to access the controlled access application through a user interface provided by the enterprise system; opening a connection between the host verification server and the authentication server; requesting, in an HTTP or HTTPS request made via the feeder robot, a first authentication user interface from the host verification server via the connection; receiving, in an HTTP or HTTPS response received via the feeder robot, the first authentication user interface in response to the request, wherein the first authentication user interface is not presented to the user; generating a token for the feeder robot, generating, via the feeder robot, a first web form using the first information and information used to maintain the connection that is extracted from the first authentication user interface; submitting, via the feeder robot, the token and the first web form to the host verification server, wherein submitting the first web form simulates a first submission by the user, wherein the token verifies to the host verification server that the feeder robot from the feeder robot is not a web-crawling robot; receiving, in an HTTP or HTTPS response received via the feeder robot, an indication of successful verification from the host verification server, the indication including a second authentication user interface, wherein the second authentication user interface is not presented to the user; obtaining, via the feeder robot, a second information to complete the second ID factor, at least some of the second information being obtained from the user; generating, via the feeder robot, a second web form using the second information and information used to maintain the connection that is extracted from the second authentication user interface; submitting the second web form to the host verification server, wherein submitting the second web form simulates a second submission by the user; receiving an indication of successful verification from the host verification server; cleaning up the feeder robot, including closing the connection with the host verification server; and initiating, in response to receiving the indication of successful verification, access to the controlled access application. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
receiving, at an authentication server associated with an enterprise system, a request to access a controlled access application after a user has successfully logged into the enterprise system with a first Identifier (ID) factor, the controlled access application requiring additional authentication with a second ID factor; selecting and activating, at the authentication server, a feeder robot configured to interact with a host verification server associated with the second ID factor using HTTP protocol or HTTPS protocol; obtaining, via the feeder robot, first information to complete the second ID factor, at least some of the first information being obtained from the user through a user interface provided by the enterprise system; opening a connection between the host verification server associated with the second ID factor and the authentication server; requesting, in an HTTP or HTTPS request made via the feeder robot, an authentication user interface from the host verification server via the connection; receiving, in an HTTP or HTTPS response received via the feeder robot, the authentication user interface in response to the request, wherein the authentication user interface is not presented to the user; generating a token for the feeder robot; generating, via the feeder robot, a first web form using the first information and information used to maintain the connection that is extracted from the authentication user interface; submitting, via the feeder robot, the first web form and the token to the host verification server, wherein submitting the first web form simulates a submission by the user, wherein the token verifies to the host verification server that the feeder robot from the feeder robot is not a web-crawling robot; receiving an indication of successful verification from the host verification server; cleaning up the feeder robot, including closing the connection with the host verification server; and initiating, in response to receiving the indication of successful verification, access to the controlled access application. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
receiving a request from a user to access a controlled access application, the request including a first Identifier (ID) factor and a second ID factor and identifying the user; selecting a first feeder robot configured to obtain first information for the first ID factor; opening a first connection with a first host verification server associated with the first ID factor; requesting, in an HTTP or HTTPS request, a first authentication user interface from the first host verification server via the first connection; receiving, in an HTTP or HTTPS response, the first authentication user interface in response to the request, wherein the first authentication user interface is not presented to the user; activating the first feeder robot to generate a first web form using the first information, at least some of the first information being information obtained from the user and some of the first information being information used to maintain the first connection that is extracted from the first authentication user interface; generating a token for the feeder robot; submitting the token and the first web form to the first host verification server, wherein submitting the first web form simulates a submission by the user and the token verifies to the host verification server that the feeder robot from the feeder robot is not a web-crawling robot; receiving an indication of successful verification from the first host verification server; closing the first connection with the first host verification server; selecting a second feeder robot configured to obtain second information for the second ID factor; opening a second connection with a second host verification server associated with the second ID factor; requesting, in an HTTP or HTTPS request, a second authentication user interface from the second host verification server via the second connection; receiving, in an HTTP or HTTPS response, the second authentication user interface in response to the request, wherein the second authentication user interface is not presented to the user; activating the second feeder robot to generate a second web form using the second information, at least some of the second information being information obtained from the user and at least some of the second information being information used to maintain the second connection that is extracted from the second authentication user interface; submitting the second web form to the second host verification server, wherein submitting the second web form simulates a submission by the user; and initiating, in response to receiving an indication of successful verification from the second host verification server, access to the controlled access application. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification