PROXY AUTHENTICATION FOR SINGLE SIGN-ON

US 20160205089A1
Filed: 09/25/2014
Published: 07/14/2016
Est. Priority Date: 09/25/2013
Status: Active Grant

First Claim

Patent Images

1. A computing apparatus for providing a network gateway, comprising:

a first data connection operable to communicatively couple the gateway to a network service;

a second data connection operable to communicatively couplet the gateway to a client device; and

one or more logic elements comprising an authentication proxy engine operable for;

receiving a request from the client device via the second data connection; and

providing authentication data to the network service via the first data connection.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a web gateway is described, including an authentication proxy engine (PAE). The PAE authenticates a user device via, for example, a username and password, biometric data, or two-factor authentication. The web gateway then provides seamless and transparent single sign-on (SSO) for one or more web services. When the user requests a web page from the web service, the PAE inserts custom code that detects a login action. When the user logs in, a one-time token may be provided to auto-fill the username and password field. When the user submits the form, the PAE provides the actual credentials to the web service. The PAE may also provide authentication via authentication headers.

21 Citations

View as Search Results

25 Claims

1. A computing apparatus for providing a network gateway, comprising:
- a first data connection operable to communicatively couple the gateway to a network service;
  
  a second data connection operable to communicatively couplet the gateway to a client device; and
  
  one or more logic elements comprising an authentication proxy engine operable for;
  
  receiving a request from the client device via the second data connection; and
  
  providing authentication data to the network service via the first data connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computing apparatus of claim 1, wherein the proxy engine is further operable for:
    - receiving an authentication validation from the network service via the first data connection; and
      
      providing the authentication validation to the client device via the second data connection.
  - 3. The computing apparatus of claim 1, wherein the proxy engine is further operable for:
    - receiving a request for a data page from the client device via the second data connection;
      
      receiving the data page from the network service via the first data connection; and
      
      forwarding the data page to the client device via the second data connection.
  - 4. The computing apparatus of claim 3, wherein the proxy engine is further operable for modifying the data page request by inserting an authentication header into the data page.
  - 5. The computing apparatus of claim 3, wherein the proxy engine is further operable for modifying the data page before forwarding the data page.
  - 6. The computing apparatus of claim 5, wherein modifying the data page comprises inserting instructions for detecting and intercepting a login action.
  - 7. The computing apparatus of claim 5, wherein the data page comprises a username or password field, and wherein modifying the data page comprises inserting a one-time random or pseudo-random token into the username or password field.
  - 8. The computing apparatus of claim 1, wherein the proxy engine is further operable for authenticating the client device via the second data connection.
  - 9. The computing apparatus of claim 8, wherein authenticating the client device comprises receiving biometric authentication data from the client device.
  - 10. The computing apparatus of claim 8, wherein authenticating the client device comprises two-factor authentication.
  - 11. The computing apparatus of claim 1, wherein the proxy engine is further operable for providing a token to the client device via the second data connection, wherein the token is different from the authentication data.
  - 12. The computing apparatus of claim 11, wherein the token comprises a pseudo-username or pseudo-password.
  - 13. The computing apparatus of claim 1, wherein the proxy engine is further operable for providing a learning mode.

14. One or more computer-readable mediums having stored thereon executable instructions for providing a proxy engine operable for:
- receiving a request for a network service from a client device via a second data connection;
  
  providing authentication data to the network service via a first data connection;
  
  receiving an authentication validation from a network service via a first data connection; and
  
  providing the authentication validation to the client device via a second data connection.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The one or more computer-readable mediums of claim 14, wherein the proxy engine is further operable for:
    - receiving a request for a data page from the client device via the second data connection;
      
      receiving the data page from the network service via the first data connection; and
      
      forwarding the data page to the client device via the second data connection.
  - 16. The one or more computer-readable mediums of claim 15, wherein the proxy engine is further operable for modifying the data page comprising inserting an authentication header into the data page.
  - 17. The one or more computer-readable mediums of claim 15, wherein the proxy engine is further operable for modifying the data page before forwarding the data page.
  - 18. The one or more computer-readable mediums of claim 17, wherein modifying the data page comprises inserting instructions for detecting and intercepting a login action.
  - 19. The one or more computer-readable mediums of claim 17, wherein the data page comprises a username or password field, and wherein modifying the data page comprises inserting a one-time random or pseudo-random token into the username or password field.
  - 20. The one or more computer-readable mediums of claim 14, wherein the proxy engine is further operable for authenticating the client device via the second data connection.
  - 21. The one or more computer-readable mediums of claim 20, wherein authenticating the client device comprises receiving biometric authentication data from the client device or two-factor authentication.
  - 22. The one or more computer-readable mediums of claim 14, wherein the proxy engine is further operable for providing a token to the client device via the second data connection, wherein the token is different from the authentication data.
  - 23. The one or more computer-readable mediums of claim 22, wherein the token comprises a pseudo-username or pseudo-password.

24. A method of providing a proxy engine, comprising:
- communicatively coupling to a network service via a first data connection;
  
  authenticating a client device via a second data connection;
  
  receiving a login request from the client device via the second data connection; and
  
  providing authentication data to the network service via the first data connection.
- View Dependent Claims (25)
- - 25. The method of claim 24, wherein authenticating the client device comprises biometric authentication or two-factor authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Ott, Alexey, Homann, Ulrich, Schnellbacher, Jan F.

Granted Patent

US 10,554,624 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/18   using different networks or...

H04L 9/32   including means for verifyi...

PROXY AUTHENTICATION FOR SINGLE SIGN-ON

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

PROXY AUTHENTICATION FOR SINGLE SIGN-ON

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links