Delivery of authentication information to a RESTful service using token validation scheme

US 9,300,653 B1
Filed: 04/21/2014
Issued: 03/29/2016
Est. Priority Date: 08/20/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of authenticating an entity, comprising:

receiving, by an authentication component of a RESTful service, a service request from an entity agent;

redirecting, by the authentication component, the entity agent to a relying party;

redirecting, by the relying party, the entity agent to an identity provider, wherein the identity provider authenticates the entity using entity-supplied information;

accepting, by the relying party, a service ticket and a SAML assertion from the identity provider;

sending, by the relying party, the service ticket to the authentication component, wherein the sending is via the entity agent through an HTTP redirect; and

retrieving, by the authentication component, entity-related information from the relying party, wherein the retrieved entity-related information is encoded in the SAML assertion and transferred via a back channel.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.

57 Citations

View as Search Results

19 Claims

1. A computer-implemented method of authenticating an entity, comprising:
- receiving, by an authentication component of a RESTful service, a service request from an entity agent;
  
  redirecting, by the authentication component, the entity agent to a relying party;
  
  redirecting, by the relying party, the entity agent to an identity provider, wherein the identity provider authenticates the entity using entity-supplied information;
  
  accepting, by the relying party, a service ticket and a SAML assertion from the identity provider;
  
  sending, by the relying party, the service ticket to the authentication component, wherein the sending is via the entity agent through an HTTP redirect; and
  
  retrieving, by the authentication component, entity-related information from the relying party, wherein the retrieved entity-related information is encoded in the SAML assertion and transferred via a back channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the identity provider is selected using the entity agent.
  - 3. The method of claim 1, wherein the entity-supplied information comprises information from a smart card.
  - 4. The method of claim 3, wherein the smart card is a CAC.
  - 5. The method of claim 3, wherein the smart card is a PIV card.
  - 6. The method of claim 3, wherein the entity-supplied information comprises an X.509 certificate.
  - 7. The method of claim 1, wherein the entity-supplied information is used to locate entity-related information for retrieval.
  - 8. The method of claim 7, wherein the entity-supplied information that is used to locate entity-related information is sent to the identity provider using Attribute Exchange OpenID 2.0 protocol.
  - 9. The method of claim 7, wherein the retrieving of entity-related information comprises accessing a SAR.
  - 10. The method of claim 1, wherein the service ticket is CAS compliant.

11. A computer system providing entity-authentication, comprising:
- a network connected RESTful server system comprising an authentication component, the authentication component operable to;
  
  redirect an entity agent to a relying party,receive a service ticket,send a validate service ticket request via a back channel,receive a SAML assertion via a back channel, wherein the SAML assertion encodes entity-related information, andauthenticate an entity making a RESTful service request, wherein the authentication is based, at least in part, on entity-related information;
  
  an identity provider system running on one or more processors operable to return entity-related information based, at least in part, on entity-supplied information from the entity agent; and
  
  a relying party system operable to;
  
  receive a request for entity-related information from the authentication component,receive entity-related information from the identity provider,send a service ticket associated with the request for entity-related information, wherein the service ticket is sent by redirecting the entity agent from the relying party to the authentication component,receive a validate service ticket request from the authentication component, wherein the validate service ticket request is via a back channel, andsend a SAML assertion to the authentication component via a back channel, wherein the SAML assertion is associated with the request for entity related information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the identity provider is operable to accept entity-supplied information from a smart card.
  - 13. The system of claim 12, wherein the smart card is a CAC.
  - 14. The system of claim 12, wherein the smart card is a PIV card.
  - 15. The system of claim 12, wherein the entity-supplied information comprises a X.509 certificate.
  - 16. The system of claim 11, wherein the entity-supplied information is used to locate entity-related information for retrieval.
  - 17. The system of claim 16, wherein the entity-supplied information that is used to locate entity-related information is received by the identity provider using Attribute Exchange OpenID 2.0 protocol.
  - 18. The system of claim 16, wherein the retrieval of entity-related information comprises accessing a SAR.
  - 19. The system of claim 11, wherein the service ticket is CAS compliant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crowdstrike, Inc. (CrowdStrike Holdings Incorporated)
Original Assignee
Jericho Systems Corporation
Inventors
Dufel, Michael, Subramanium, Vijayababu, Chowdhury, Mizanul
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US14/257,123
Time in Patent Office

708 Days
Field of Search

726/1, 726/9, 726/22, 713/182, 709/224
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Delivery of authentication information to a RESTful service using token validation scheme

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Delivery of authentication information to a RESTful service using token validation scheme

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others