主权项 |
1. A computer-implemented method for client-side authentication, the method comprising:
at a client device: receiving a cookie, and a timestamp from a trusted server that is trusted by a user of the client device, associating a plug-in identifier (ID) to correspond to a single plug-in that invokes a web service provided by a non-trusted server that is not trusted by the user of the client-side computer, determining, with the one or more processors, a signing key and a public ID based at least in part on the cookie, concatenating, with the one or more processors, the timestamp, the plug-in ID and the public ID to form an intermediate plug-in uniform resource locator (URL), hashing, with the one or more processors, the intermediate plug-in URL using the signing key to form a client-side signed hash, concatenating the timestamp, the plug-in ID, the public ID and the client-side signed hash to form an authenticated plug-in URL that functions as a time-based security token, and loading, with a browser on the client device, the authenticated plug-in URL; and at the trusted server: receiving the time-based security token and a request for information about the client device from the non-trusted server, determining whether the time-based security token expired, and if the time-based security token has not expired, permitting the request for information about the client device to proceed in an authenticated session, otherwise denying the request for information about the client device. |