Authentication through a secret holding proxy
First Claim
Patent Images
1. A computer-implemented method for providing authentication services, comprising:
- under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource;
determining whether to send the instructions to the resource based at least in part on a policy, the policy based at least in part on the outcomes of operations that include;
verifying the signed message is signed with the interim credential; and
determining whether the client has permission to access the resource;
signing the instructions using a recognized credential when the client has permission and the message is signed with the interim credential, the recognized credential being unshared with the client and inaccessible to the client and valid for use to access the resource; and
sending the instructions signed with the recognized credential to the resource when the instructions have been signed with the recognized credential.
1 Assignment
0 Petitions
Accused Products
Abstract
Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
42 Citations
6 Claims
-
1. A computer-implemented method for providing authentication services, comprising:
- under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource;
determining whether to send the instructions to the resource based at least in part on a policy, the policy based at least in part on the outcomes of operations that include;
verifying the signed message is signed with the interim credential; and
determining whether the client has permission to access the resource;
signing the instructions using a recognized credential when the client has permission and the message is signed with the interim credential, the recognized credential being unshared with the client and inaccessible to the client and valid for use to access the resource; and
sending the instructions signed with the recognized credential to the resource when the instructions have been signed with the recognized credential. - View Dependent Claims (2, 3, 4, 5, 6)
- under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAmazon Technologies, Inc. (Amazon.com, Inc.)
-
Original AssigneeAmazon Technologies, Inc. (Amazon.com, Inc.)
-
InventorsRoth, Gregory B., Baer, Graeme D., Fitch, Nathan R., Crahen, Eric D., Brandwine, Eric J.
-
Primary Examiner(s)Ullah, Sharif E
-
Application NumberUS13/332,199Time in Patent Office2,492 DaysField of Search380228-229, 380255, 380277, 713150-151, 713175-176, 713180, 713189-193, 726 2, 726 26US Class CurrentCPC Class CodesH04L 2209/76 Proxy, i.e. using intermedi...H04L 63/123 received data contents, e.g...H04L 63/126 the source of the received ...H04L 9/065 Encryption by serially and ...H04L 9/3247 involving digital signatures
