Extending authentication and authorization capabilities of an application without code changes
US10069827B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 31, 2012 |
| Grant date | Sep 4, 2018 |
| Priority date | — |
| Expiry date | Nov 6, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0272
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A generic approach to extending the authentication and authorization capabilities of a client-server application (e.g., a VPN) without any code changes. To this end, the application is augmented with an authentication mechanism comprising a pair of cooperating components: an authentication agent that is associated with (and hooks into) the client-side of the application, and an authentication server that is associated with the server-side. In operation, the authentication server issues commands to the authentication agent to acquire all required data from the user, device or host environment, and the authentication agent (hooked into the VPN client) scrapes requests originating from the authentication server and injects (e.g., by auto-fill) the appropriate responses into the VPN client UI for transmission back through the VPN server and to the authentication server. The commands and responses are communicated using a challenge-response protocol (e.g., RADIUS) implemented by the VPN client-server.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.