Authentication through a secret holding proxy
First Claim
Patent Images
1. A computer-implemented method for providing authentication services, comprising:
- under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource;
determining whether to send the instructions to the resource based at least in part on a policy, the policy based at least in part on the outcomes of operations that include;
verifying the signed message is signed with the interim credential; and
determining whether the client has permission to access the resource;
signing the instructions using a recognized credential when the client has permission and the message is signed with the interim credential, the recognized credential being unshared with the client and inaccessible to the client and valid for use to access the resource; and
sending the instructions signed with the recognized credential to the resource when the instructions have been signed with the recognized credential.
1 Assignment
0 Petitions
Accused Products
Abstract
Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
42 Citations
6 Claims
-
1. A computer-implemented method for providing authentication services, comprising:
- under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource;
determining whether to send the instructions to the resource based at least in part on a policy, the policy based at least in part on the outcomes of operations that include;
verifying the signed message is signed with the interim credential; and
determining whether the client has permission to access the resource;
signing the instructions using a recognized credential when the client has permission and the message is signed with the interim credential, the recognized credential being unshared with the client and inaccessible to the client and valid for use to access the resource; and
sending the instructions signed with the recognized credential to the resource when the instructions have been signed with the recognized credential. - View Dependent Claims (2, 3, 4, 5, 6)
- under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource;
Specification