Mobile device user strong authentication for accessing protected network resources
US-2015215128-A1 · Jul 30, 2015 · US
Application authentication wrapper
US10075424B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10075424-B2 |
| Application number | US-201615082070-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 28, 2016 |
| Priority date | Mar 28, 2016 |
| Publication date | Sep 11, 2018 |
| Grant date | Sep 11, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system, comprising: a computing device comprising a processor, a memory, and a network interface; an application comprising machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least: receive a Kerberos authentication request from a Kerberos service executing on the computing device, the Kerberos authentication request specifying an internet protocol (IP) address of the computing device as an address for a Kerberos key distribution center (KDC) service; encrypt the Kerberos authentication request to generate an encrypted Kerberos authentication request; and forward the Kerberos encrypted authentication request to a reverse proxy server. 2. The system of claim 1 , wherein the application further causes the computing device to at least decrypt an authentication response received from the reverse proxy server. 3. The system of claim 2 , wherein the application further causes the computing device to at least provide the decrypted authentication response to the Kerberos service executing on the computing device. 4. The system of claim 1 , wherein the application further causes the computing device to at least embed the authentication request within a transmission control protocol (TCP) stream. 5. The system of claim 1 , wherein the application further causes the computing device to at least wrap the authentication request within a request encoded according to a version of the hypertext transport protocol (HTTP). 6. The system of claim 1 , wherein the authentication request is encrypted according to a version of the secure sockets layer (SSL) protocol or the transport layer security (TLS) protocol. 7. The system of claim 1 , wherein the authentication request complies with a version of the Kerberos protocol. 8. A method, comprising: receiving, by a computing device, a Kerberos authentication request from a Kerberos service executing on the computing device, the Kerberos authentication request specifying an internet protocol (IP) address of the computing device as an address for a Kerberos key distribution center (KDC) service encrypting, by the computing device, the Kerberos authentication request to generate an encrypted Kerberos authentication request; and forwarding, by the computing device, the encrypted Kerberos authentication request to a reverse proxy server. 9. The method of claim 8 , further comprising decrypting, by the computing device, an authentication response received from the reverse proxy server. 10. The method of claim 9 , further comprising providing the decrypted authentication response to the Kerberos service executing on the computing device. 11. The method of claim 8 , further comprising embedding, by the computing device, the authentication request within a transmission control protocol (TCP) stream. 12. The method of claim 8 , further comprising wrapping, by the computing device, the authentication request within a request encoded according to a version of the hypertext transport protocol (HTTP). 13. The method of claim 8 , wherein the authentication request is encrypted according to a version of the secure sockets layer (SSL) protocol or the transport layer security (TLS) protocol. 14. The method of claim 8 , wherein the authentication request complies with a version of the Kerberos protocol. 15. A non-transitory computer readable medium comprising machine readable instructions that, when executed by a processor of a computing device, cause the computing device to at least: receive a Kerberos authentication request from a Kerberos service executing on the computing device, the Kerberos authentication request specifying an internet protocol (IP) address of the computing device as an address for a Kerberos key distribution center (KDC) service; encrypt the Kerberos authentication request to generate an encrypted Kerberos authentication request; and forward the encrypted Kerberos authentication request to a reverse proxy server. 16. The non-transitory computer readable medium of claim 15 , wherein the machine readable instructions further cause the computing device to at least decrypt an authentication response received from the reverse proxy server. 17. The non-transitory computer readable medium of claim 16 , wherein the machine readable instructions further cause the computing device to provide the decrypted authentication response to the Kerberos service executing on the computing device. 18. The non-transitory computer readable medium of claim 15 , wherein the machine readable instructions further cause the computing device to at least embed the authentication request within a transmission control protocol (TCP) stream. 19. The non-transitory computer readable medium of claim 15 , wherein the machine readable instructions further cause the computing device to at least wrap the authentication request within a request encoded according to a version of the hypertext transport protocol (HTTP). 20. The non-transitory computer readable medium of claim 15 , wherein the authentication request is encrypted according to a version of the secure sockets layer (SSL) protocol or the transport layer security (TLS) protocol.
Assignees
Inventors
Classifications
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
at the transport layer · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10075424B2 cover?
- Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication re…
- Who is the assignee on this patent?
- Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 11 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).