Elevating trust in user identity during RESTful authentication and authorization

US 10,110,584 B1
Filed: 09/15/2016
Issued: 10/23/2018
Est. Priority Date: 08/20/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authorizing an entity to access a protected resource, said method comprising:

receiving at a RESTful service implemented at a first server having a first processor and first memory a request by the entity to access the protected resource;

providing an indication of the request to a relying party implemented at a second server having a second processor and second memory that facilitates entity authentication;

receiving, at the RESTful service, a first credential transmitted upon a front channel;

receiving, at the RESTful service, a second credential comprising a SAML credential transmitted upon a back channel;

authenticating the entity based upon the first and second credentials, respectively; and

authorizing the entity, once authenticated, to access the protected resource based upon attributes contained in the SAML credential that comprises the second credential.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user'"'"'s identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential. Attributes from either credential can be used to determine authorization to a protected resource.

16 Citations

View as Search Results

16 Claims

1. A computer-implemented method for authorizing an entity to access a protected resource, said method comprising:
- receiving at a RESTful service implemented at a first server having a first processor and first memory a request by the entity to access the protected resource;
  
  providing an indication of the request to a relying party implemented at a second server having a second processor and second memory that facilitates entity authentication;
  
  receiving, at the RESTful service, a first credential transmitted upon a front channel;
  
  receiving, at the RESTful service, a second credential comprising a SAML credential transmitted upon a back channel;
  
  authenticating the entity based upon the first and second credentials, respectively; and
  
  authorizing the entity, once authenticated, to access the protected resource based upon attributes contained in the SAML credential that comprises the second credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein said authenticating comprises authenticating the entity based upon credential strengths of the first and second credentials.
  - 3. The method of claim 1 wherein said providing the indication comprises redirecting the request to the relying party.
  - 4. The method of claim 1 further comprising storing the first credential and the second credential at the relying party.
  - 5. The method of claim 4 wherein said receiving the first credential comprises receiving the first credential from the relying party.
  - 6. The method of claim 4 wherein said receiving the second credential comprises receiving the second credential from the relying party.
  - 7. The method of claim 1 wherein the second credential transmitted upon the back channel is transmitted in encrypted form.
  - 8. The method of claim 1 wherein the first credential comprises a CAS credential.

9. A computer-implemented system for authorizing an entity to access a protected resource, said system comprising:
- a RESTful service implemented at a first server having a first processor and first memory and operable to;
  
  receive a request by the entity to access the protected resource;
  
  provide an indication of the request to a relying party implemented at a second server having a second processor and second memory that facilitates entity authentication;
  
  receive a first credential transmitted upon a front channel;
  
  receive a second credential comprising a SAML credential transmitted upon a back channel;
  
  authenticate the entity based upon the first and second credentials, respectively; and
  
  authorize the entity to access the protected resource based upon attributes contained in the SAML credential that comprises the second credential.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9 wherein said RESTful service is operable to authenticate the entity based upon credential strengths of the first and second credentials.
  - 11. The system of claim 9 wherein said RESTful service is operable to provide the indication by redirecting the request to the relying party.
  - 12. The system of claim 9 wherein said RESTful service is further operable to store the first credential and the second credential at the relying party.
  - 13. The system of claim 12 wherein said RESTful service is operable to receive the first credential from the relying party.
  - 14. The system of claim 12 wherein said RESTful service is operable to receive the second credential from the relying party.
  - 15. The system of claim 9 wherein the second credential transmitted upon the back channel is transmitted in encrypted form.
  - 16. The system of claim 9 wherein the first credential comprises a CAS credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crowdstrike, Inc. (CrowdStrike Holdings Incorporated)
Original Assignee
Jericho Systems Corporation
Inventors
Schmoyer, Timothy, Dufel, Michael, Staggs, David, Subramanium, Vijayababu
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Lakhia, Viral S

Application Number

US15/266,096
Time in Patent Office

768 Days
Field of Search

726 1, 726 7, 726 14, 713180-182, 455558
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Elevating trust in user identity during RESTful authentication and authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Elevating trust in user identity during RESTful authentication and authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others