IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9699168 B1

PDFFull Text
Date of Patent:
Jul. 04, 2017

Filed:

Dec. 13, 2010

Method and system for authenticating a rich client to a web or cloud application

Applicants:

Olgierd Stanislaw Pieczul, Dublin, IE;

Mark Alexander Mcgloin, Dublin, IE;

Mary Ellen Zurko, Groton, MA (US);

David Scott Kern, Billerica, MA (US);

Brent Allan Hepburn, Boston, MA (US);

Inventors:

Olgierd Stanislaw Pieczul, Dublin, IE;

Mark Alexander McGloin, Dublin, IE;

Mary Ellen Zurko, Groton, MA (US);

David Scott Kern, Billerica, MA (US);

Brent Allan Hepburn, Boston, MA (US);

Assignee:

International Business Machines Corporation, Armonk, NY (US);

Attorneys:

David B. Woycechowsky

David H. Judson

Jeffrey S. LaBaw

Primary Examiner:

Tae Kim

Assistant Examiner:

Shiuh-Huei Ku

Int. Cl.
CPC ...
H04L 29/06 (2006.01); H04L 29/08 (2006.01); G06F 21/31 (2013.01); G06F 21/62 (2013.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
H04L 63/0815 (2013.01); H04L 67/02 (2013.01); H04L 63/0884 (2013.01);
Abstract

A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.

Find Patent Forward Citations

Loading…