System and methods for providing stateless security management for web applications using non-HTTP communications protocols
US8527774B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 27, 2010 |
| Grant date | Sep 3, 2013 |
| Priority date | — |
| Expiry date | Aug 25, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A gateway server interoperates with client and remote server systems to provide stateless security management for a distributed Web application. A Web client application on the client system initiates a WebSocket connection directed to a remote Web service by performing an authentication challenge directed to a user of the Web-browser client where a secure token is not present in a local store instance corresponding to the client application. The authentication challenge obtains the user credentials and then exchanges the user credentials with the gateway server for a secure token. The secure token is then sent in a protocol specific connect message to the gateway server. The gateway server, in response to receipt of the connect message, initiates a WebSocket connection directed to the remote Web service by inspecting the connect message to recover the secure token, evaluating the secure token to obtain user credentials, injecting the secure token with the user credentials, and sending the connect message to the remote Web service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.