SYSTEMS AND METHODS FOR AN EXTENSIBLE AUTHENTICATION FRAMEWORK

US 20120023558A1
Filed: 07/21/2010
Published: 01/26/2012
Est. Priority Date: 07/21/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing credential gathering requirements separate from a client that gathers credentials from a user, the method comprising:

(a) receiving, by an agent executing on a client, credential gathering requirements from a device intermediary to the client and one or more servers, the credential gathering requirements identifying a credential type and an input field type;

(b) displaying, by the agent via a user interface, a user interface element corresponding to the input field type and to input a credential identified by the credential type; and

(c) transmitting, by the agent to the device for authentication, the credential received from the user via the user interface element.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials. The flexible, configurable and extendable authentication framework supports a wide variety of authentication scheme and supports third party, proprietary and customized authentication schemes.

Citations

20 Claims

1. A method for providing credential gathering requirements separate from a client that gathers credentials from a user, the method comprising:
- (a) receiving, by an agent executing on a client, credential gathering requirements from a device intermediary to the client and one or more servers, the credential gathering requirements identifying a credential type and an input field type;
  
  (b) displaying, by the agent via a user interface, a user interface element corresponding to the input field type and to input a credential identified by the credential type; and
  
  (c) transmitting, by the agent to the device for authentication, the credential received from the user via the user interface element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein step (a) further comprises receiving, by the agent, the credential gathering requirements identifying a label for the input field type.
  - 3. The method of claim 2, wherein step (b) further comprises displaying, by the agent, the user interface element with the label identified by the credential gathering requirements.
  - 4. The method of claim 1, wherein step (a) further comprises receiving, by the agent, the credential gathering requirements identifying a label type of a label for an input field corresponding to the input field type.
  - 5. The method of claim 4, wherein step (b) further comprises displaying, by the agent, the label for the user interface element, the label having the label type identified by the credential gathering requirements.
  - 6. The method of claim 1, wherein step (a) further comprises receiving, by the agent, the credential gathering requirements identifying one or more input constraints.
  - 7. The method of claim 6, wherein step (b) further comprises restricting, by the agent, a user'"'"'s input via the user interface element based on the one or more input constraints identified by the credential gathering requirements.
  - 8. The method of claim 1, wherein step (b) further comprises displaying, by the agent, the user interface of one of a type or a form native to the client and not determined by the device transmitting the credential gathering requirements.
  - 9. The method of claim 1, further comprises identifying, by the credential gathering requirements, a credential type of one of a user name, password, pin or a certificate.
  - 10. The method of claim 1, further comprises identifying, by the credential gathering requirements, the credential type of one of a user name, password, pin or a certificate.
  - 11. The method of claim 1, further comprises identifying, by the credential gathering requirements, the input field type of one of an edittext, passwordtext, checkbox, a combo box or a button.

12. A method of providing authentication implementation information for implementing a specified authentication scheme by an agent of a client, the method comprising:
- (a) receiving, by an agent executing on a client, authentication implementation information from a device intermediary to the client and one or more servers, the authentication implementation information identifying an authentication scheme, an authenticator and one or more parameters for authenticating via the authenticator;
  
  (b) obtaining, by the agent, the one or more parameters of the authentication implementation information to perform the authentication scheme identified by the authentication implementation information; and
  
  (c) communicating, by the agent, the one or more parameters to the authenticator identified by the authentication implementation information.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein step (a) further comprises receiving, by the agent, the authentication implementation information comprising a list of user friendly names strings indexed by language.
  - 14. The method of claim 13, wherein step (b) further comprising using, by the agent, one or more of the user friendly names in providing a user interface to a user for gathering the one or more parameters.
  - 15. The method of claim 12, wherein step (a) further comprises receiving, by the agent, the authentication implementation information comprising identification of a realm.
  - 16. The method of claim 13, wherein step (c) further comprising using, by the agent, the realm in performing the authentication scheme.

17. A method for providing an authentication flow type for authenticating via a specified logon point, the method comprising:
- (a) receiving, by an agent executing on a client, a logon point configuration from a device intermediary to the client and one or more servers, the login point configuration identifying an authentication flow type;
  
  (b) detecting, by the agent, a request to access a logon point corresponding to the logon point configuration; and
  
  (c) executing, by the agent responsive to the detection, an authentication flow identified by the authentication flow type.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein step (a) further comprises receiving, by the agent, the logon point configuration identifying the authentication flow type comprising multiple authentication schemes.
  - 19. The method of claim 17, wherein step (a) further comprises receiving, by the agent, the logon point configuration identifying the authentication flow type comprising cascading authentication schemes.
  - 20. The method of claim 17, wherein step (a) further comprises receiving, by the agent, the logon point configuration identifying the authentication flow type comprising a second authentication scheme that conditionally may be executed after a first authentication scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rafiq, Pierre

Granted Patent

US 9,686,255 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/205 involving negotiation or de...

SYSTEMS AND METHODS FOR AN EXTENSIBLE AUTHENTICATION FRAMEWORK

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR AN EXTENSIBLE AUTHENTICATION FRAMEWORK

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links