SECURITY PROXYING FOR END-USER APPLICATIONS

US 20080141341A1
Filed: 10/04/2007
Published: 06/12/2008
Est. Priority Date: 12/07/2006
Status: Active Grant

First Claim

Patent Images

1. In an end-user application, a method comprising:

receiving input from an interface, the input soliciting an operation of the end-user application;

sending to a security proxy a request for a service of a backend server that provides the solicited operation, the request having insufficient security information to access the requested service, the request to cause the security proxy to inject authentication information into the request for the service of the backend server and forward the request to the backend server;

receiving a response from the backend server that includes data related to the solicited operation, based on the authentication information injected by the security proxy; and

providing a representation of the received data in the interface.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses enable a service mediator to provide security proxying services to an end-user application requesting a backend service of an enterprise network. The end-user application generates a request for a service of the backend system. The request does not have sufficient security information to enable access to the backend system. The service mediator can detect that one or more items of required security information are not present in the request and injects the necessary security information into the request. The end-user application need not even have access to the security information or even be aware that security information is needed to access the service. The request having the required security information is sent to the backend to enable access to the backend service.

226 Citations

24 Claims

1. In an end-user application, a method comprising:
- receiving input from an interface, the input soliciting an operation of the end-user application;
  
  sending to a security proxy a request for a service of a backend server that provides the solicited operation, the request having insufficient security information to access the requested service, the request to cause the security proxy to inject authentication information into the request for the service of the backend server and forward the request to the backend server;
  
  receiving a response from the backend server that includes data related to the solicited operation, based on the authentication information injected by the security proxy; and
  
  providing a representation of the received data in the interface.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the end-user application comprises a desktop widget.
  - 3. The method of claim 1, wherein the end-user application has no self-contained access to security information.
  - 4. The method of claim 1, wherein the end-user application is unaware of a need for security information to be included in the request to the backend server.
  - 5. The method of claim 1, wherein the security proxy comprises a service mediator that provides services to the end-user application, including a security proxy service.

6. An article of manufacture comprising a machine readable medium having content stored thereon to provide instructions that cause a machine to perform operations including:
- receiving input from an interface, the input soliciting an operation of the end-user application;
  
  sending to a security proxy a request for a service of a backend server that provides the solicited operation, the request having insufficient security information to access the requested service, the request to cause the security proxy to inject authentication information into the request for the service of the backend server and forward the request to the backend server;
  
  receiving a response from the backend server that includes data related to the solicited operation, based on the authentication information injected by the security proxy; and
  
  providing a representation of the received data in the interface.
- View Dependent Claims (7, 8)
- - 7. The article of manufacture of claim 6, wherein the content to provide instructions for receiving the input soliciting the operation of the end-user application comprises content to provide instructions forreceiving input soliciting an operation of a desktop widget.
  - 8. The article of manufacture of claim 7, wherein the content to provide instructions for receiving the input soliciting the operation of the desktop widget comprises content to provide instructions forreceiving input soliciting an operation of an enterprise widget having self-contained access to an enterprise backend server.

9. In a service mediator that provides services to an end-user application, a method comprising:
- receiving from an end-user application a request for a service of a backend server;
  
  determining that the request for the service requires security information;
  
  determining that the request from the end-user application does not include the required security information;
  
  injecting the required security information into the request; and
  
  forwarding the request for the service to the backend server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, wherein the end-user application comprises a desktop widget.
  - 11. The method of claim 9, wherein determining that the request for the service requires security information comprises:
    - sending the request to the backend server; and
      
      receiving a response from the backend server requiring authentication information.
  - 12. The method of claim 9, wherein determining that the request from the end-user application does not include the required security information comprises:
    - identifying the request as being from one of a particular type of applications.
  - 13. The method of claim 9, wherein determining that the request from the end-user application does not include the required security information comprises:
    - identifying the request as being received on a particular interface.
  - 14. The method of claim 9, wherein injecting the security information comprises:
    - providing single sign-on (SSO) authentication information.
  - 15. The method of claim 14, wherein providing the SSO authentication information further comprises:
    - obtaining the SSO authentication information from an SSO manager executing on a common operating environment with the end-user application.
  - 16. The method of claim 9, wherein injecting the security information comprises:
    - providing user name and password information with the request.
  - 17. The method of claim 9, further comprising:
    - receiving a response from the backend server that includes data related to the requested service; and
      
      forwarding the response to the end-user application.

18. An article of manufacture comprising a machine readable medium having content stored thereon to provide instructions that cause a machine to perform operations including:
- receiving from an end-user application a request for a service of a backend server;
  
  determining that the request for the service requires security information;
  
  determining that the request from the end-user application does not include the required security information;
  
  injecting the required security information into the request; and
  
  forwarding the request for the service to the backend server.
- View Dependent Claims (19, 20)
- - 19. The article of manufacture of claim 18, wherein the content to provide instructions for determining that the request from the end-user application does not include the required security information comprises content to provide instructions foridentifying the request as being at least one of a request from one of a particular type of applications, or a request received on a particular interface.
  - 20. The article of manufacture of claim 18, wherein the content to provide instructions for injecting the security information comprises content to provide instructions forproviding single sign-on (SSO) authentication information.

21. A system comprising:
- an end-user application operating out of memory, the end-user application to generate a request for a backend service, the request lacking security information required to access the backend service; and
  
  a security proxy coupled to the end-user application to obtain and inject the security information into the request to enable the end-user application to access the backend service.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 21, wherein the end-user application comprises an enterprise widget having self-contained access to an enterprise backend server.
  - 23. The system of claim 21, wherein the end-user application has no self-contained access to security information.
  - 24. The system of claim 21, wherein the security proxy injects security information including single sign-on (SSO) authentication information obtained from an SSO manager executing on a common operating environment with the end-user application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Vinogradov, Ilja, Wood, Eric R.B.

Granted Patent

US 8,424,058 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 21/629 to features or functions of...

SECURITY PROXYING FOR END-USER APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

226 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY PROXYING FOR END-USER APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

226 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links