Identity management over multiple identity providers
First Claim
Patent Images
1. A method comprising:
- requesting a backend service from multiple backend services by a requesting device;
exposing the requested backend service through a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device; and
providing, via identity services, a credential vault for a user to store a crypographic hash of a password and username that is used in conjunction with a valid identity token to leverage passwords for non-authorized legacy systems that the user may be required to login to retrieve data or leverage services,wherein the gateway service directly calls in and is exposed to the requested backend services using the token and a token template, andwherein the identity services comprise an identity management system which manages identities of plural devices through the use of tokens which are recognized by the backend services when passed by the gateway service.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and processes of advanced identity management over multiple identity providers deployable through mobile applications are provided. The process, e.g., method, includes requesting a backend service from multiple backend services by a requesting device. The method further includes exposing the requested backend service though a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device.
-
Citations
17 Claims
-
1. A method comprising:
-
requesting a backend service from multiple backend services by a requesting device; exposing the requested backend service through a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device; and providing, via identity services, a credential vault for a user to store a crypographic hash of a password and username that is used in conjunction with a valid identity token to leverage passwords for non-authorized legacy systems that the user may be required to login to retrieve data or leverage services, wherein the gateway service directly calls in and is exposed to the requested backend services using the token and a token template, and wherein the identity services comprise an identity management system which manages identities of plural devices through the use of tokens which are recognized by the backend services when passed by the gateway service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, and the program instructions are readable by a computing device to cause the computing device to perform a method comprising:
-
mapping tokens to parameters in a service call to a requested backend service from multiple backend services; making the service call to the requested backend service, from a service provider; exposing the requested backend service only to the service provider; providing a service of the requested backend service to a device, directly from the the service provider while not exposing the backend service to the device; and providing identity services which provide a credentials vault for a user to store a crypographic hash of a password and username that is used in conjunction with a valid identity token to leverage passwords for non-authorized legacy systems that the user may be required to login to retrieve data or leverage services, wherein the identity services request a token and cryptographic hash in a validation transaction to open the credential vault, and wherein the identity services comprise an identity management system which manages identities of plural devices through the use of tokens which are recognized by the backend services when passed by a gateway service.
-
-
12. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, and the program instructions are readable by a computing device to cause the computing device to perform a method comprising:
-
mapping tokens to parameters in a service call to a requested backend service; making the service call to a requested backend service, from a service provider; exposing the requested backend service only to the service provider; providing a service of the requested backend service to a device, directly from the the service provider while not exposing the backend service to the device obtaining identity information from each of the backend services; returning a single token to the device; calling the requested backend service by requesting the service through the service provider; obtaining the mapped token and a service template from an identity management service; and calling the requested backend service directly from the service provider with the service template and the mapped token attached to the call. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification