Application-specific session authentication
US-10587697-B2 · Mar 10, 2020 · US
Providing isolated containers for user request processing
US11368459B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11368459-B2 |
| Application number | US-202017037953-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 30, 2020 |
| Priority date | Sep 30, 2020 |
| Publication date | Jun 21, 2022 |
| Grant date | Jun 21, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, computer program products, and/or systems are provided that can perform the following operations: receiving a connection request from a first user device; creating an authentication container for the first user device; authenticating the first user device using the authentication container; in response to authentication for the first user device being successful, creating a first user request processing container for the first user device; and processing user requests received from the first user device using the first user request processing container.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: receiving a connection request from a first user device and a second user device; creating an authentication container for the first user device and an authentication container for the second user device; creating an authentication forwarding process shared among the authentication container for the first user device and the authentication container for the second user device; mapping, by the authentication forwarding process, an authentication request with an identifier associated with the authentication container for the first user device; authenticating the first user device using the authentication container for the first user device; forwarding, by the authentication forwarding process, the authentication request from the authentication container for the first user device to the first user device; in response to authentication for the first user device being successful, creating a first user request processing container for the first user device and a user request forwarding process; wherein access restricted resources assigned to the first user request processing container are not assigned to a second user request processing container created for the second user device, and where the second user device cannot access the access restricted resources; providing to the user request forwarding process, an identifier associated with the first user request processing container; mapping, by the user request forwarding process, user requests containing the identifier associated with the first user request processing container; delivering, by the user request forwarding process, user requests from the first device to the first user request processing container; and processing the user requests delivered by the first user request forwarding process using the first user request processing container. 2. The computer-implemented method of claim 1 , wherein the first user request processing container is dedicated to the first user device. 3. The computer-implemented method of claim 1 , further comprising: mapping, by the authentication forwarding process, authentication requests with identifiers associated with the authentication container for the second user device to the authentication container for the second user device; and forwarding, by the authentication forwarding process, the authentication requests from the authentication container for the second user device to the second user device. 4. The computer-implemented method of claim 3 , further comprising: in response to authentication for the second user device being successful, creating a second user request processing container; providing to the user request forwarding process, an identifier associated with the second user request processing container; and mapping, by the user request forwarding process, user requests containing the identifier associated with the second user request processing container. 5. The computer-implemented method of claim 4 , further comprising: delivering, by the user request forwarding process, user requests from the second device to the second user request processing container; and processing the user requests delivered by the second user request forwarding process using the second user request processing container. 6. The computer-implemented method of claim 1 , wherein authenticating the first user device using the authentication container further comprises: receiving an authentication response from the first user device using the authentication forwarding process; and providing the authentication response to the authentication container for the first user device based on the identifier associated with the authentication container for the first user device. 7. The computer-implemented method of claim 1 , wherein computing resources assigned to the first user request processing container are determined based on features of the first user device. 8. The computer-implemented method of claim 1 , wherein responses for the user requests containing the identifier associated with the first user request processing container are provided in an unprivileged process inside the first user request processing container established to process the user requests. 9. The computer-implemented method of claim 1 , wherein the user request forwarding process is an unprivileged process. 10. A computer system, comprising: one or more processors; and a computer-readable memory coupled to the processors, the computer-readable memory including instructions that when executed by the processors perform operations of: receiving a connection request from a first user device and a second user device; creating an authentication container for the first user device and an authentication container for the second user device; creating an authentication forwarding process shared among the authentication container for the first user device and the authentication container for the second user device; mapping, by the authentication forwarding process, an authentication request with an identifier associated with the authentication container for the first user device; authenticating the first user device using the authentication container for the first user device; forwarding, by the authentication forwarding process, the authentication request from the authentication container for the first user device to the first user device; in response to authentication for the first user device being successful, creating a first user request processing container for the first user device and a user request forwarding process; wherein access restricted resources assigned to the first user request processing container are not assigned to a second user request processing container created for the second user device, and where the second device cannot access the access restricted resource; providing to the user request forwarding process, an identifier associated with the first user request processing container; mapping, by the user request forwarding process, user requests containing the identifier associated with the first user request processing container; delivering, by the user request forwarding process, user requests from the first device to the first user request processing container; and processing the user requests delivered by the first user request forwarding process using the first user request processing container. 11. The computer system of claim 10 , wherein the first user request processing container is dedicated to the first user device. 12. The computer system of claim 10 , wherein the operations further comprise: mapping, by the authentication forwarding process, authentication requests with identifiers associated with the authentication container for the second user device to the authentication container for the second user device; and forwarding, by the authentication forwarding process, the authentication requests from the authentication container for the second user device to the second user device. 13. The computer system of claim 12 , wherein the operations further comprise: in response to authentication for the second user device being successful, creating a second user request processing container; providing to the user request forwarding process, an identifier associated with the second user request processing container; and mapping, by the user request forwarding process, user requests containing the identifier associated with the second user request processing container. 14. The computer system of claim 13 , wherein processing user requests received from the first us
Assignees
Inventors
Classifications
- H04L63/0876Primary
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Remote procedure calls [RPC]; Web services · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11368459B2 cover?
- Methods, computer program products, and/or systems are provided that can perform the following operations: receiving a connection request from a first user device; creating an authentication container for the first user device; authenticating the first user device using the authentication container; in response to authentication for the first user device being successful, creating a first user …
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0876. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 21 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).