CA2308797A1 - Method and apparatus for implementing an extensible authentication mechanism in a web application server - Google Patents
Method and apparatus for implementing an extensible authentication mechanism in a web application server Download PDFInfo
- Publication number
- CA2308797A1 CA2308797A1 CA002308797A CA2308797A CA2308797A1 CA 2308797 A1 CA2308797 A1 CA 2308797A1 CA 002308797 A CA002308797 A CA 002308797A CA 2308797 A CA2308797 A CA 2308797A CA 2308797 A1 CA2308797 A1 CA 2308797A1
- Authority
- CA
- Canada
- Prior art keywords
- authentication
- request
- providers
- host
- protect string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Abstract
A highly scalable, flexible, and extensible mechanism is provided for authenticating a request from a client. In a preferred embodiment, the invention comprises an authentication engine, an authentication host, a plurality of providers coupled to the host which implement selected authentification schemes, and a machine independent communication mechanism which enables the various components to communicate with each other irregardless of the machine each component resides on. The communication mechanism enables the invention to be distributed, which in turn, makes the invention highly scalable. In operation, the authentication engine receives a request having associated therewith a protect string. The protect string specifies the authentication scheme or schemes that need to be implemented for that request.
The authentication engine parses the protect string into one or more provider requests, and sends the requests to the authentication host.
In response, the host forwards the requests to the appropriate providers for processing. The results of the providers' processing are sent back to the authentication engine, which then processes the results according to the protect string to determine whether the request has been authenticated. With the present invention, it is possible to add providers to the system, or to substitute a new provider for an existing provider, without changing or recompiling any other component in the system.
It is also possible to change the authentication schemes associated with a request by simply changing the protect string. These aspects of the invention make it possible to change implementation at deployment time, as opposed to compile time. This makes the invention highly flexible and extensible.
The authentication engine parses the protect string into one or more provider requests, and sends the requests to the authentication host.
In response, the host forwards the requests to the appropriate providers for processing. The results of the providers' processing are sent back to the authentication engine, which then processes the results according to the protect string to determine whether the request has been authenticated. With the present invention, it is possible to add providers to the system, or to substitute a new provider for an existing provider, without changing or recompiling any other component in the system.
It is also possible to change the authentication schemes associated with a request by simply changing the protect string. These aspects of the invention make it possible to change implementation at deployment time, as opposed to compile time. This makes the invention highly flexible and extensible.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/961,796 | 1997-10-31 | ||
US08/961,796 US6446204B1 (en) | 1997-10-31 | 1997-10-31 | Method and apparatus for implementing an extensible authentication mechanism in a web application server |
PCT/US1998/022832 WO1999023786A2 (en) | 1997-10-31 | 1998-10-29 | Method and apparatus for implementing an extensible authentication mechanism in a web application server |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2308797A1 true CA2308797A1 (en) | 1999-05-14 |
CA2308797C CA2308797C (en) | 2008-03-25 |
Family
ID=25505024
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002308797A Expired - Lifetime CA2308797C (en) | 1997-10-31 | 1998-10-29 | Method and apparatus for implementing an extensible authentication mechanism in a web application server |
Country Status (8)
Country | Link |
---|---|
US (1) | US6446204B1 (en) |
EP (1) | EP1027795B9 (en) |
JP (1) | JP3853593B2 (en) |
AU (1) | AU750435B2 (en) |
CA (1) | CA2308797C (en) |
DE (1) | DE69821020T2 (en) |
HK (1) | HK1028687A1 (en) |
WO (1) | WO1999023786A2 (en) |
Families Citing this family (65)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6427238B1 (en) * | 1998-05-29 | 2002-07-30 | Opentv, Inc. | Module manager for interactive television system |
DE19910345A1 (en) * | 1999-03-09 | 2000-09-21 | Siemens Ag | Method for transmitting messages between a client instance assigned to a first process and at least one server instance assigned to at least one further process within a distributed system |
AU7596300A (en) * | 1999-09-20 | 2001-04-24 | Ethentica, Inc. | Cryptographic server with provisions for interoperability between cryptographic systems |
US7391865B2 (en) | 1999-09-20 | 2008-06-24 | Security First Corporation | Secure data parser method and system |
AU1966801A (en) | 1999-10-18 | 2001-04-30 | Stamps.Com | Secure and recoverable database for on-line value-bearing item system |
US7752141B1 (en) | 1999-10-18 | 2010-07-06 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
US6970641B1 (en) | 2000-09-15 | 2005-11-29 | Opentv, Inc. | Playback of interactive programs |
US7363361B2 (en) * | 2000-08-18 | 2008-04-22 | Akamai Technologies, Inc. | Secure content delivery system |
US7257542B2 (en) * | 2000-02-16 | 2007-08-14 | Stamps.Com | Secure on-line ticketing |
US7444368B1 (en) * | 2000-02-29 | 2008-10-28 | Microsoft Corporation | Methods and systems for selecting methodology for authenticating computer systems on a per computer system or per user basis |
US20050044405A1 (en) * | 2000-05-11 | 2005-02-24 | Spraggs Lynn D. | System and method of securing a computer from unauthorized access |
AU2001276932B2 (en) * | 2000-07-27 | 2007-06-21 | Oracle International Corporation | System and method for concentration and load-balancing of requests |
US7941669B2 (en) | 2001-01-03 | 2011-05-10 | American Express Travel Related Services Company, Inc. | Method and apparatus for enabling a user to select an authentication method |
FR2820533B1 (en) | 2001-02-07 | 2003-04-18 | Sagem | BIOMETRIC IDENTIFICATION OR AUTHENTICATION SYSTEM |
US7437437B2 (en) * | 2001-04-25 | 2008-10-14 | Hewlett-Packard Development Company, L.P. | Access authentication for distributed networks |
US7274659B2 (en) * | 2001-07-27 | 2007-09-25 | Western Digital Ventures, Inc. | Providing streaming media data |
US7320075B2 (en) * | 2001-11-20 | 2008-01-15 | Safenet, Inc. | Software protection method utilizing hidden application code in a protection dynamic link library object |
US7219231B2 (en) * | 2002-01-30 | 2007-05-15 | Hewlett-Packard Development Company, L.P. | Extensible authentication system and method |
US7107615B2 (en) * | 2002-01-30 | 2006-09-12 | Hewlett-Packard Development Company, L.P. | Parameter verification in an authentication system and method |
US7194473B1 (en) | 2002-02-15 | 2007-03-20 | Oracle International Corporation | Application platform development environment |
US7444410B1 (en) | 2002-02-15 | 2008-10-28 | Oracle International Corporation | Application platform execution environment |
US7191467B1 (en) * | 2002-03-15 | 2007-03-13 | Microsoft Corporation | Method and system of integrating third party authentication into internet browser code |
US7614077B2 (en) * | 2002-04-10 | 2009-11-03 | International Business Machines Corporation | Persistent access control of protected content |
US20040024771A1 (en) * | 2002-08-01 | 2004-02-05 | Oracle International Corporation | Buffered message queue architecture for database management systems with transactional enqueue support |
US7188359B2 (en) * | 2002-12-18 | 2007-03-06 | America Online, Inc. | Optimizing authentication service availability and responsiveness via client-side routing |
US7860957B1 (en) * | 2002-12-20 | 2010-12-28 | Cisco Technology, Inc. | System and method for managing network services in a distributed system |
US6888431B2 (en) * | 2003-01-30 | 2005-05-03 | Square D Company | Remotely operated circuit breaker for emergency lighting circuits |
US7685300B2 (en) * | 2003-09-04 | 2010-03-23 | International Business Machines Corporation | Method for access by server-side components using unsupported communication protocols through passthrough mechanism |
US9614772B1 (en) | 2003-10-20 | 2017-04-04 | F5 Networks, Inc. | System and method for directing network traffic in tunneling applications |
US20050198643A1 (en) * | 2004-02-17 | 2005-09-08 | Lachelt David J. | Journaling proxy in activation solution |
US7523145B2 (en) * | 2004-04-22 | 2009-04-21 | Opentv, Inc. | System for managing data in a distributed computing system |
US7818563B1 (en) * | 2004-06-04 | 2010-10-19 | Advanced Micro Devices, Inc. | Method to maximize hardware utilization in flow-thru IPsec processing |
US8499153B2 (en) * | 2004-06-24 | 2013-07-30 | Nokia Corporation | System and method of authenticating a user to a service provider |
US7428754B2 (en) * | 2004-08-17 | 2008-09-23 | The Mitre Corporation | System for secure computing using defense-in-depth architecture |
WO2006047694A1 (en) | 2004-10-25 | 2006-05-04 | Orsini Rick L | Secure data parser method and system |
US7779418B2 (en) * | 2004-12-30 | 2010-08-17 | Oracle International Corporation | Publisher flow control and bounded guaranteed delivery for message queues |
US7788490B2 (en) * | 2005-04-01 | 2010-08-31 | Lexmark International, Inc. | Methods for authenticating an identity of an article in electrical communication with a verifier system |
US8196150B2 (en) * | 2005-10-07 | 2012-06-05 | Oracle International Corporation | Event locality using queue services |
CN105978683A (en) | 2005-11-18 | 2016-09-28 | 安全第公司 | Secure data parser method and system |
US20070258459A1 (en) * | 2006-05-02 | 2007-11-08 | Harris Corporation | Method and system for QOS by proxy |
US8064464B2 (en) | 2006-06-16 | 2011-11-22 | Harris Corporation | Method and system for inbound content-based QoS |
US20070291767A1 (en) * | 2006-06-16 | 2007-12-20 | Harris Corporation | Systems and methods for a protocol transformation gateway for quality of service |
US7990860B2 (en) | 2006-06-16 | 2011-08-02 | Harris Corporation | Method and system for rule-based sequencing for QoS |
US8516153B2 (en) | 2006-06-16 | 2013-08-20 | Harris Corporation | Method and system for network-independent QoS |
US20070291765A1 (en) * | 2006-06-20 | 2007-12-20 | Harris Corporation | Systems and methods for dynamic mode-driven link management |
US8730981B2 (en) | 2006-06-20 | 2014-05-20 | Harris Corporation | Method and system for compression based quality of service |
US20080025318A1 (en) * | 2006-07-31 | 2008-01-31 | Harris Corporation | Systems and methods for dynamically customizable quality of service on the edge of a network |
US8300653B2 (en) | 2006-07-31 | 2012-10-30 | Harris Corporation | Systems and methods for assured communications with quality of service |
US20100238801A1 (en) * | 2006-07-31 | 2010-09-23 | Smith Donald L | Method and system for stale data detection based quality of service |
CA2670597A1 (en) | 2006-12-05 | 2008-06-12 | Don Martin | Improved tape backup method using a secure data parser |
US9779556B1 (en) | 2006-12-27 | 2017-10-03 | Stamps.Com Inc. | System and method for identifying and preventing on-line fraud |
US20080228922A1 (en) * | 2007-03-14 | 2008-09-18 | Taiwan Semiconductor Manufacturing Company, Ltd. | System and Method for Providing Client Awareness in High-Availability Application Architecture |
CN103152170A (en) * | 2007-09-14 | 2013-06-12 | 安全第一公司 | Systems and methods for managing cryptographic keys |
CA2710868A1 (en) | 2008-01-07 | 2009-07-16 | Security First Corp. | Systems and methods for securing data using multi-factor or keyed dispersal |
EP2163067B1 (en) | 2008-02-22 | 2013-12-25 | Security First Corp. | Systems and methods for secure workgroup management and communication |
US9832069B1 (en) | 2008-05-30 | 2017-11-28 | F5 Networks, Inc. | Persistence based on server response in an IP multimedia subsystem (IMS) |
CN102428686A (en) | 2009-05-19 | 2012-04-25 | 安全第一公司 | Systems and methods for securing data in the cloud |
CA2781872A1 (en) | 2009-11-25 | 2011-06-09 | Security First Corp. | Systems and methods for securing data in motion |
US9443097B2 (en) | 2010-03-31 | 2016-09-13 | Security First Corp. | Systems and methods for securing data in motion |
WO2011150346A2 (en) | 2010-05-28 | 2011-12-01 | Laurich Lawrence A | Accelerator system for use with secure data storage |
US8392452B2 (en) * | 2010-09-03 | 2013-03-05 | Hulu Llc | Method and apparatus for callback supplementation of media program metadata |
CN102801714B (en) * | 2012-07-26 | 2015-03-11 | 杭州电子科技大学 | Method for analyzing and reducing SQL (Structured Query Language) command in TNS (Transparent Network Substrate) protocol in by-pass manner |
US8925050B2 (en) * | 2012-10-29 | 2014-12-30 | Oracle International Corporation | Communication between authentication plug-ins of a single-point authentication manager and client systems |
US20140122437A1 (en) * | 2012-10-31 | 2014-05-01 | Kaseya International Limited | Dynamically provisioned storage server operating on a data communications network |
EP3206357A1 (en) | 2016-02-09 | 2017-08-16 | Secunet Security Networks Aktiengesellschaft | Using a non-local cryptography method after authentication |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100328516B1 (en) * | 1992-07-01 | 2002-11-27 | 텔레폰아크티에볼라게트 엘엠 에릭슨 | SYSTEM AND METHOD FOR SETTING COMMUNICATION PROTOCOL BETWEEN APPLICATIONS |
US5649099A (en) | 1993-06-04 | 1997-07-15 | Xerox Corporation | Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security |
CA2138302C (en) * | 1994-12-15 | 1999-05-25 | Michael S. Fortinsky | Provision of secure access to external resources from a distributed computing environment |
US5907675A (en) | 1995-03-22 | 1999-05-25 | Sun Microsystems, Inc. | Methods and apparatus for managing deactivation and shutdown of a server |
US5812776A (en) * | 1995-06-07 | 1998-09-22 | Open Market, Inc. | Method of providing internet pages by mapping telephone number provided by client to URL and returning the same in a redirect command by server |
AR003524A1 (en) * | 1995-09-08 | 1998-08-05 | Cyber Sign Japan Inc | A VERIFICATION SERVER TO BE USED IN THE AUTHENTICATION OF COMPUTER NETWORKS. |
US5903732A (en) * | 1996-07-03 | 1999-05-11 | Hewlett-Packard Company | Trusted gateway agent for web server programs |
-
1997
- 1997-10-31 US US08/961,796 patent/US6446204B1/en not_active Expired - Lifetime
-
1998
- 1998-10-29 WO PCT/US1998/022832 patent/WO1999023786A2/en active IP Right Grant
- 1998-10-29 JP JP2000519525A patent/JP3853593B2/en not_active Expired - Lifetime
- 1998-10-29 CA CA002308797A patent/CA2308797C/en not_active Expired - Lifetime
- 1998-10-29 AU AU12035/99A patent/AU750435B2/en not_active Expired
- 1998-10-29 EP EP98955165A patent/EP1027795B9/en not_active Expired - Lifetime
- 1998-10-29 DE DE69821020T patent/DE69821020T2/en not_active Expired - Lifetime
-
2000
- 2000-12-08 HK HK00107911A patent/HK1028687A1/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
EP1027795A2 (en) | 2000-08-16 |
JP3853593B2 (en) | 2006-12-06 |
AU750435B2 (en) | 2002-07-18 |
AU1203599A (en) | 1999-05-24 |
JP2001522115A (en) | 2001-11-13 |
DE69821020T2 (en) | 2004-10-21 |
EP1027795B1 (en) | 2004-01-07 |
US6446204B1 (en) | 2002-09-03 |
EP1027795B9 (en) | 2004-09-08 |
CA2308797C (en) | 2008-03-25 |
HK1028687A1 (en) | 2001-02-23 |
DE69821020D1 (en) | 2004-02-12 |
WO1999023786A3 (en) | 1999-07-15 |
WO1999023786A2 (en) | 1999-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2308797A1 (en) | Method and apparatus for implementing an extensible authentication mechanism in a web application server | |
AU694367B2 (en) | Internet server access control and monitoring systems | |
US8024777B2 (en) | Domain based authentication scheme | |
JP4108461B2 (en) | Authentication system, authentication distribution server, authentication method and program | |
WO2001042889A3 (en) | Client-side boot domains and boot rules | |
US20020133723A1 (en) | Method and system to provide and manage secure access to internal computer systems from an external client | |
HK1049750A1 (en) | Terminal communication system | |
WO2002033516A3 (en) | Method and apparatus for encrypted communications to a secure server | |
EP0665486A3 (en) | Method of protecting electronically published materials using cryptographic protocols | |
WO2007044613A3 (en) | Apparatus system and method for real-time migration of data related to authentication | |
SE519072C2 (en) | Method of access control in mobile communications | |
CA2330857A1 (en) | User specific automatic data redirection system | |
WO2004046849A3 (en) | Cryptographic methods and apparatus for secure authentication | |
CA2414376A1 (en) | Methods and systems for adaptation, diagnosis, optimization, and prescription technology for network based applications | |
RU2005128697A (en) | DEPLOYING AND GETTING THE SOFTWARE ON A NETWORK SENSITIVE TO Malicious DATA EXCHANGE | |
MX2011003223A (en) | Service provider access. | |
ATE345002T1 (en) | METHOD AND APPARATUS FOR AUTHENTICATED ACCESS TO A MULTIPLE NETWORK OPERATORS THROUGH A SINGLE LOGIN | |
EP0856820A3 (en) | IC card, IC card processing system, and IC card authentication method | |
US7506363B2 (en) | Methods, systems, and computer program products for user authorization levels in aggregated systems | |
CN110708313B (en) | System supporting multi-mode single sign-on | |
EP1063579A3 (en) | Method, apparatus and storage medium for authentication on the world wide web | |
CA2205637A1 (en) | Encryption apparatus | |
EP1194869A4 (en) | Technique for secure remote configuration of a system | |
WO2002101583A3 (en) | User selective reload of images | |
SE9700063D0 (en) | Secure data transmission system via electronic link |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20181029 |